firewalld-1.1.1/0000755000000000000000000000000014217353174013470 5ustar00rootroot00000000000000firewalld-1.1.1/m4/0000755000000000000000000000000014217353174014010 5ustar00rootroot00000000000000firewalld-1.1.1/m4/intltool.m40000644000000000000000000002636112477174752016137 0ustar00rootroot00000000000000## intltool.m4 - Configure intltool for the target system. -*-Shell-script-*- ## Copyright (C) 2001 Eazel, Inc. ## Author: Maciej Stachowiak ## Kenneth Christiansen ## ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by ## the Free Software Foundation; either version 2 of the License, or ## (at your option) any later version. ## ## This program is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with this program; if not, write to the Free Software ## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ## ## As a special exception to the GNU General Public License, if you ## distribute this file as part of a program that contains a ## configuration script generated by Autoconf, you may include it under ## the same distribution terms that you use for the rest of that program. dnl IT_PROG_INTLTOOL([MINIMUM-VERSION], [no-xml]) # serial 42 IT_PROG_INTLTOOL AC_DEFUN([IT_PROG_INTLTOOL], [ AC_PREREQ([2.50])dnl AC_REQUIRE([AM_NLS])dnl case "$am__api_version" in 1.[01234]) AC_MSG_ERROR([Automake 1.5 or newer is required to use intltool]) ;; *) ;; esac INTLTOOL_REQUIRED_VERSION_AS_INT=`echo $1 | awk -F. '{ print $ 1 * 1000 + $ 2 * 100 + $ 3; }'` INTLTOOL_APPLIED_VERSION=`intltool-update --version | head -1 | cut -d" " -f3` INTLTOOL_APPLIED_VERSION_AS_INT=`echo $INTLTOOL_APPLIED_VERSION | awk -F. '{ print $ 1 * 1000 + $ 2 * 100 + $ 3; }'` if test -n "$1"; then AC_MSG_CHECKING([for intltool >= $1]) AC_MSG_RESULT([$INTLTOOL_APPLIED_VERSION found]) test "$INTLTOOL_APPLIED_VERSION_AS_INT" -ge "$INTLTOOL_REQUIRED_VERSION_AS_INT" || AC_MSG_ERROR([Your intltool is too old. You need intltool $1 or later.]) fi AC_PATH_PROG(INTLTOOL_UPDATE, [intltool-update]) AC_PATH_PROG(INTLTOOL_MERGE, [intltool-merge]) AC_PATH_PROG(INTLTOOL_EXTRACT, [intltool-extract]) if test -z "$INTLTOOL_UPDATE" -o -z "$INTLTOOL_MERGE" -o -z "$INTLTOOL_EXTRACT"; then AC_MSG_ERROR([The intltool scripts were not found. Please install intltool.]) fi if test -z "$AM_DEFAULT_VERBOSITY"; then AM_DEFAULT_VERBOSITY=1 fi AC_SUBST([AM_DEFAULT_VERBOSITY]) INTLTOOL_V_MERGE='$(INTLTOOL__v_MERGE_$(V))' INTLTOOL__v_MERGE_='$(INTLTOOL__v_MERGE_$(AM_DEFAULT_VERBOSITY))' INTLTOOL__v_MERGE_0='@echo " ITMRG " [$]@;' AC_SUBST(INTLTOOL_V_MERGE) AC_SUBST(INTLTOOL__v_MERGE_) AC_SUBST(INTLTOOL__v_MERGE_0) INTLTOOL_V_MERGE_OPTIONS='$(intltool__v_merge_options_$(V))' intltool__v_merge_options_='$(intltool__v_merge_options_$(AM_DEFAULT_VERBOSITY))' intltool__v_merge_options_0='-q' AC_SUBST(INTLTOOL_V_MERGE_OPTIONS) AC_SUBST(intltool__v_merge_options_) AC_SUBST(intltool__v_merge_options_0) INTLTOOL_DESKTOP_RULE='%.desktop: %.desktop.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_DIRECTORY_RULE='%.directory: %.directory.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_KEYS_RULE='%.keys: %.keys.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -k -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_PROP_RULE='%.prop: %.prop.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_OAF_RULE='%.oaf: %.oaf.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -o -p $(top_srcdir)/po $< [$]@' INTLTOOL_PONG_RULE='%.pong: %.pong.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_SERVER_RULE='%.server: %.server.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -o -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_SHEET_RULE='%.sheet: %.sheet.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_SOUNDLIST_RULE='%.soundlist: %.soundlist.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_UI_RULE='%.ui: %.ui.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_XML_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' if test "$INTLTOOL_APPLIED_VERSION_AS_INT" -ge 5000; then INTLTOOL_XML_NOMERGE_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u --no-translations $< [$]@' else INTLTOOL_XML_NOMERGE_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) ; $(INTLTOOL_V_MERGE)_it_tmp_dir=tmp.intltool.[$][$]RANDOM && mkdir [$][$]_it_tmp_dir && LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u [$][$]_it_tmp_dir $< [$]@ && rmdir [$][$]_it_tmp_dir' fi INTLTOOL_XAM_RULE='%.xam: %.xml.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_KBD_RULE='%.kbd: %.kbd.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -m -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_CAVES_RULE='%.caves: %.caves.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_SCHEMAS_RULE='%.schemas: %.schemas.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -s -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_THEME_RULE='%.theme: %.theme.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_SERVICE_RULE='%.service: %.service.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' INTLTOOL_POLICY_RULE='%.policy: %.policy.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' _IT_SUBST(INTLTOOL_DESKTOP_RULE) _IT_SUBST(INTLTOOL_DIRECTORY_RULE) _IT_SUBST(INTLTOOL_KEYS_RULE) _IT_SUBST(INTLTOOL_PROP_RULE) _IT_SUBST(INTLTOOL_OAF_RULE) _IT_SUBST(INTLTOOL_PONG_RULE) _IT_SUBST(INTLTOOL_SERVER_RULE) _IT_SUBST(INTLTOOL_SHEET_RULE) _IT_SUBST(INTLTOOL_SOUNDLIST_RULE) _IT_SUBST(INTLTOOL_UI_RULE) _IT_SUBST(INTLTOOL_XAM_RULE) _IT_SUBST(INTLTOOL_KBD_RULE) _IT_SUBST(INTLTOOL_XML_RULE) _IT_SUBST(INTLTOOL_XML_NOMERGE_RULE) _IT_SUBST(INTLTOOL_CAVES_RULE) _IT_SUBST(INTLTOOL_SCHEMAS_RULE) _IT_SUBST(INTLTOOL_THEME_RULE) _IT_SUBST(INTLTOOL_SERVICE_RULE) _IT_SUBST(INTLTOOL_POLICY_RULE) # Check the gettext tools to make sure they are GNU AC_PATH_PROG(XGETTEXT, xgettext) AC_PATH_PROG(MSGMERGE, msgmerge) AC_PATH_PROG(MSGFMT, msgfmt) AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) if test -z "$XGETTEXT" -o -z "$MSGMERGE" -o -z "$MSGFMT"; then AC_MSG_ERROR([GNU gettext tools not found; required for intltool]) fi xgversion="`$XGETTEXT --version|grep '(GNU ' 2> /dev/null`" mmversion="`$MSGMERGE --version|grep '(GNU ' 2> /dev/null`" mfversion="`$MSGFMT --version|grep '(GNU ' 2> /dev/null`" if test -z "$xgversion" -o -z "$mmversion" -o -z "$mfversion"; then AC_MSG_ERROR([GNU gettext tools not found; required for intltool]) fi AC_PATH_PROG(INTLTOOL_PERL, perl) if test -z "$INTLTOOL_PERL"; then AC_MSG_ERROR([perl not found]) fi AC_MSG_CHECKING([for perl >= 5.8.1]) $INTLTOOL_PERL -e "use 5.8.1;" > /dev/null 2>&1 if test $? -ne 0; then AC_MSG_ERROR([perl 5.8.1 is required for intltool]) else IT_PERL_VERSION=`$INTLTOOL_PERL -e "printf '%vd', $^V"` AC_MSG_RESULT([$IT_PERL_VERSION]) fi if test "x$2" != "xno-xml"; then AC_MSG_CHECKING([for XML::Parser]) if `$INTLTOOL_PERL -e "require XML::Parser" 2>/dev/null`; then AC_MSG_RESULT([ok]) else AC_MSG_ERROR([XML::Parser perl module is required for intltool]) fi fi # Substitute ALL_LINGUAS so we can use it in po/Makefile AC_SUBST(ALL_LINGUAS) IT_PO_SUBDIR([po]) ]) # IT_PO_SUBDIR(DIRNAME) # --------------------- # All po subdirs have to be declared with this macro; the subdir "po" is # declared by IT_PROG_INTLTOOL. # AC_DEFUN([IT_PO_SUBDIR], [AC_PREREQ([2.53])dnl We use ac_top_srcdir inside AC_CONFIG_COMMANDS. dnl dnl The following CONFIG_COMMANDS should be executed at the very end dnl of config.status. AC_CONFIG_COMMANDS_PRE([ AC_CONFIG_COMMANDS([$1/stamp-it], [ if [ ! grep "^# INTLTOOL_MAKEFILE$" "$1/Makefile.in" > /dev/null ]; then AC_MSG_ERROR([$1/Makefile.in.in was not created by intltoolize.]) fi rm -f "$1/stamp-it" "$1/stamp-it.tmp" "$1/POTFILES" "$1/Makefile.tmp" >"$1/stamp-it.tmp" [sed '/^#/d s/^[[].*] *// /^[ ]*$/d '"s|^| $ac_top_srcdir/|" \ "$srcdir/$1/POTFILES.in" | sed '$!s/$/ \\/' >"$1/POTFILES" ] [sed '/^POTFILES =/,/[^\\]$/ { /^POTFILES =/!d r $1/POTFILES } ' "$1/Makefile.in" >"$1/Makefile"] rm -f "$1/Makefile.tmp" mv "$1/stamp-it.tmp" "$1/stamp-it" ]) ])dnl ]) # _IT_SUBST(VARIABLE) # ------------------- # Abstract macro to do either _AM_SUBST_NOTMAKE or AC_SUBST # AC_DEFUN([_IT_SUBST], [ AC_SUBST([$1]) m4_ifdef([_AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE([$1])]) ] ) # deprecated macros AU_ALIAS([AC_PROG_INTLTOOL], [IT_PROG_INTLTOOL]) # A hint is needed for aclocal from Automake <= 1.9.4: # AC_DEFUN([AC_PROG_INTLTOOL], ...) firewalld-1.1.1/m4/jh_path_xml_catalog.m40000644000000000000000000000321314217342322020231 0ustar00rootroot00000000000000# Checks the location of the XML Catalog # Usage: # JH_PATH_XML_CATALOG([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # Defines XMLCATALOG and XML_CATALOG_FILE substitutions AC_DEFUN([JH_PATH_XML_CATALOG], [ # check for the presence of the XML catalog AC_ARG_WITH([xml-catalog], AC_HELP_STRING([--with-xml-catalog=CATALOG], [path to xml catalog to use]),, [with_xml_catalog=/etc/xml/catalog]) jh_found_xmlcatalog=true XML_CATALOG_FILE="$with_xml_catalog" AC_SUBST([XML_CATALOG_FILE]) AC_MSG_CHECKING([for XML catalog ($XML_CATALOG_FILE)]) if test -f "$XML_CATALOG_FILE"; then AC_MSG_RESULT([found]) else jh_found_xmlcatalog=false AC_MSG_RESULT([not found]) fi # check for the xmlcatalog program AC_PATH_PROG(XMLCATALOG, xmlcatalog, no) if test "x$XMLCATALOG" = xno; then jh_found_xmlcatalog=false fi if $jh_found_xmlcatalog; then ifelse([$1],,[:],[$1]) else ifelse([$2],,[AC_MSG_ERROR([could not find XML catalog])],[$2]) fi ]) # Checks if the particular URI appears in the XML catalog # Usage: # JH_CHECK_XML_CATALOG(URI, [FRIENDLY-NAME], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) AC_DEFUN([JH_CHECK_XML_CATALOG], [ AC_REQUIRE([JH_PATH_XML_CATALOG],[JH_PATH_XML_CATALOG(,[:])]) AC_MSG_CHECKING([for ifelse([$2],,[$1],[$2]) in XML catalog]) if $jh_found_xmlcatalog && \ AC_RUN_LOG([$XMLCATALOG --noout "$XML_CATALOG_FILE" "$1" >&2]); then AC_MSG_RESULT([found]) ifelse([$3],,,[$3 ]) else AC_MSG_RESULT([not found]) ifelse([$4],, [AC_MSG_ERROR([could not find ifelse([$2],,[$1],[$2]) in XML catalog])], [$4]) fi ]) firewalld-1.1.1/src/0000755000000000000000000000000014217353175014260 5ustar00rootroot00000000000000firewalld-1.1.1/src/firewall/0000755000000000000000000000000014217353175016065 5ustar00rootroot00000000000000firewalld-1.1.1/src/firewall/config/0000755000000000000000000000000014217353174017331 5ustar00rootroot00000000000000firewalld-1.1.1/src/firewall/config/__init__.py.in0000644000000000000000000001122514217342322022041 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2007-2016 Red Hat, Inc. # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # translation import locale try: locale.setlocale(locale.LC_ALL, "") except locale.Error: import os os.environ['LC_ALL'] = 'C' locale.setlocale(locale.LC_ALL, "") DOMAIN = 'firewalld' import gettext gettext.install(domain=DOMAIN) from . import dbus # noqa: F401 # configuration DAEMON_NAME = 'firewalld' CONFIG_NAME = 'firewall-config' APPLET_NAME = 'firewall-applet' DATADIR = '/usr/share/' + DAEMON_NAME CONFIG_GLADE_NAME = CONFIG_NAME + '.glade' COPYRIGHT = '(C) 2010-2017 Red Hat, Inc.' VERSION = '@PACKAGE_VERSION@' AUTHORS = [ "Thomas Woerner ", "Jiri Popelka ", "Eric Garver ", ] LICENSE = gettext.gettext( "This program is free software; you can redistribute it and/or modify " "it under the terms of the GNU General Public License as published by " "the Free Software Foundation; either version 2 of the License, or " "(at your option) any later version.\n" "\n" "This program is distributed in the hope that it will be useful, " "but WITHOUT ANY WARRANTY; without even the implied warranty of " "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the " "GNU General Public License for more details.\n" "\n" "You should have received a copy of the GNU General Public License " "along with this program. If not, see .") WEBSITE = 'http://www.firewalld.org' def set_system_config_paths(path): global ETC_FIREWALLD, FIREWALLD_CONF, ETC_FIREWALLD_ZONES, \ ETC_FIREWALLD_SERVICES, ETC_FIREWALLD_ICMPTYPES, \ ETC_FIREWALLD_IPSETS, ETC_FIREWALLD_HELPERS, \ FIREWALLD_DIRECT, LOCKDOWN_WHITELIST, ETC_FIREWALLD_POLICIES ETC_FIREWALLD = path FIREWALLD_CONF = path + '/firewalld.conf' ETC_FIREWALLD_ZONES = path + '/zones' ETC_FIREWALLD_SERVICES = path + '/services' ETC_FIREWALLD_ICMPTYPES = path + '/icmptypes' ETC_FIREWALLD_IPSETS = path + '/ipsets' ETC_FIREWALLD_HELPERS = path + '/helpers' ETC_FIREWALLD_POLICIES = path + '/policies' FIREWALLD_DIRECT = path + '/direct.xml' LOCKDOWN_WHITELIST = path + '/lockdown-whitelist.xml' set_system_config_paths('/etc/firewalld') def set_default_config_paths(path): global USR_LIB_FIREWALLD, FIREWALLD_ZONES, FIREWALLD_SERVICES, \ FIREWALLD_ICMPTYPES, FIREWALLD_IPSETS, FIREWALLD_HELPERS, \ FIREWALLD_POLICIES USR_LIB_FIREWALLD = path FIREWALLD_ZONES = path + '/zones' FIREWALLD_SERVICES = path + '/services' FIREWALLD_ICMPTYPES = path + '/icmptypes' FIREWALLD_IPSETS = path + '/ipsets' FIREWALLD_HELPERS = path + '/helpers' FIREWALLD_POLICIES = path + '/policies' set_default_config_paths('/usr/lib/firewalld') FIREWALLD_LOGFILE = '/var/log/firewalld' FIREWALLD_PIDFILE = "/var/run/firewalld.pid" FIREWALLD_TEMPDIR = '/run/firewalld' SYSCONFIGDIR = '/etc/sysconfig' IFCFGDIR = "@IFCFGDIR@" SYSCTL_CONFIG = '/etc/sysctl.conf' # commands used by backends COMMANDS = { "ipv4": "@IPTABLES@", "ipv4-restore": "@IPTABLES_RESTORE@", "ipv6": "@IP6TABLES@", "ipv6-restore": "@IP6TABLES_RESTORE@", "eb": "@EBTABLES@", "eb-restore": "@EBTABLES_RESTORE@", "ipset": "@IPSET@", "modprobe": "@MODPROBE@", "rmmod": "@RMMOD@", } LOG_DENIED_VALUES = [ "all", "unicast", "broadcast", "multicast", "off" ] AUTOMATIC_HELPERS_VALUES = [ "yes", "no", "system" ] FIREWALL_BACKEND_VALUES = [ "nftables", "iptables" ] # fallbacks: will be overloaded by firewalld.conf FALLBACK_ZONE = "public" FALLBACK_MINIMAL_MARK = 100 FALLBACK_CLEANUP_ON_EXIT = True FALLBACK_CLEANUP_MODULES_ON_EXIT = False FALLBACK_LOCKDOWN = False FALLBACK_IPV6_RPFILTER = True FALLBACK_INDIVIDUAL_CALLS = False FALLBACK_LOG_DENIED = "off" FALLBACK_AUTOMATIC_HELPERS = "no" FALLBACK_FIREWALL_BACKEND = "nftables" FALLBACK_FLUSH_ALL_ON_RELOAD = True FALLBACK_RFC3964_IPV4 = True FALLBACK_ALLOW_ZONE_DRIFTING = False firewalld-1.1.1/src/firewall/config/dbus.py0000644000000000000000000000502114217342322020627 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011,2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # DBUS_INTERFACE_VERSION = 1 DBUS_INTERFACE_REVISION = 15 DBUS_INTERFACE = "org.fedoraproject.FirewallD%d" % DBUS_INTERFACE_VERSION DBUS_INTERFACE_ZONE = DBUS_INTERFACE+".zone" DBUS_INTERFACE_POLICY = DBUS_INTERFACE+".policy" DBUS_INTERFACE_DIRECT = DBUS_INTERFACE+".direct" DBUS_INTERFACE_POLICIES = DBUS_INTERFACE+".policies" DBUS_INTERFACE_IPSET = DBUS_INTERFACE+".ipset" DBUS_INTERFACE_CONFIG = DBUS_INTERFACE+".config" DBUS_INTERFACE_CONFIG_ZONE = DBUS_INTERFACE_CONFIG+".zone" DBUS_INTERFACE_CONFIG_POLICY = DBUS_INTERFACE_CONFIG+".policy" DBUS_INTERFACE_CONFIG_SERVICE = DBUS_INTERFACE_CONFIG+".service" DBUS_INTERFACE_CONFIG_ICMPTYPE = DBUS_INTERFACE_CONFIG+".icmptype" DBUS_INTERFACE_CONFIG_POLICIES = DBUS_INTERFACE_CONFIG+".policies" DBUS_INTERFACE_CONFIG_DIRECT = DBUS_INTERFACE_CONFIG+".direct" DBUS_INTERFACE_CONFIG_IPSET = DBUS_INTERFACE_CONFIG+".ipset" DBUS_INTERFACE_CONFIG_HELPER = DBUS_INTERFACE_CONFIG+".helper" DBUS_PATH = "/org/fedoraproject/FirewallD%d" % DBUS_INTERFACE_VERSION DBUS_PATH_CONFIG = DBUS_PATH+"/config" DBUS_PATH_CONFIG_ICMPTYPE = DBUS_PATH+"/config/icmptype" DBUS_PATH_CONFIG_SERVICE = DBUS_PATH+"/config/service" DBUS_PATH_CONFIG_ZONE = DBUS_PATH+"/config/zone" DBUS_PATH_CONFIG_POLICY = DBUS_PATH+"/config/policy" DBUS_PATH_CONFIG_IPSET = DBUS_PATH+"/config/ipset" DBUS_PATH_CONFIG_HELPER = DBUS_PATH+"/config/helper" # Polkit actions _PK_ACTION = "org.fedoraproject.FirewallD%d" % DBUS_INTERFACE_VERSION PK_ACTION_POLICIES = _PK_ACTION+".policies" PK_ACTION_POLICIES_INFO = PK_ACTION_POLICIES+".info" PK_ACTION_CONFIG = _PK_ACTION+".config" PK_ACTION_CONFIG_INFO = PK_ACTION_CONFIG+".info" PK_ACTION_DIRECT = _PK_ACTION+".direct" PK_ACTION_DIRECT_INFO = PK_ACTION_DIRECT+".info" PK_ACTION_INFO = _PK_ACTION+".info" PK_ACTION_ALL = _PK_ACTION+".all" # implies all other actions firewalld-1.1.1/src/firewall/config/__init__.py0000644000000000000000000001134514217353157021447 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2007-2016 Red Hat, Inc. # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # translation import locale try: locale.setlocale(locale.LC_ALL, "") except locale.Error: import os os.environ['LC_ALL'] = 'C' locale.setlocale(locale.LC_ALL, "") DOMAIN = 'firewalld' import gettext gettext.install(domain=DOMAIN) from . import dbus # noqa: F401 # configuration DAEMON_NAME = 'firewalld' CONFIG_NAME = 'firewall-config' APPLET_NAME = 'firewall-applet' DATADIR = '/usr/share/' + DAEMON_NAME CONFIG_GLADE_NAME = CONFIG_NAME + '.glade' COPYRIGHT = '(C) 2010-2017 Red Hat, Inc.' VERSION = '1.1.1' AUTHORS = [ "Thomas Woerner ", "Jiri Popelka ", "Eric Garver ", ] LICENSE = gettext.gettext( "This program is free software; you can redistribute it and/or modify " "it under the terms of the GNU General Public License as published by " "the Free Software Foundation; either version 2 of the License, or " "(at your option) any later version.\n" "\n" "This program is distributed in the hope that it will be useful, " "but WITHOUT ANY WARRANTY; without even the implied warranty of " "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the " "GNU General Public License for more details.\n" "\n" "You should have received a copy of the GNU General Public License " "along with this program. If not, see .") WEBSITE = 'http://www.firewalld.org' def set_system_config_paths(path): global ETC_FIREWALLD, FIREWALLD_CONF, ETC_FIREWALLD_ZONES, \ ETC_FIREWALLD_SERVICES, ETC_FIREWALLD_ICMPTYPES, \ ETC_FIREWALLD_IPSETS, ETC_FIREWALLD_HELPERS, \ FIREWALLD_DIRECT, LOCKDOWN_WHITELIST, ETC_FIREWALLD_POLICIES ETC_FIREWALLD = path FIREWALLD_CONF = path + '/firewalld.conf' ETC_FIREWALLD_ZONES = path + '/zones' ETC_FIREWALLD_SERVICES = path + '/services' ETC_FIREWALLD_ICMPTYPES = path + '/icmptypes' ETC_FIREWALLD_IPSETS = path + '/ipsets' ETC_FIREWALLD_HELPERS = path + '/helpers' ETC_FIREWALLD_POLICIES = path + '/policies' FIREWALLD_DIRECT = path + '/direct.xml' LOCKDOWN_WHITELIST = path + '/lockdown-whitelist.xml' set_system_config_paths('/etc/firewalld') def set_default_config_paths(path): global USR_LIB_FIREWALLD, FIREWALLD_ZONES, FIREWALLD_SERVICES, \ FIREWALLD_ICMPTYPES, FIREWALLD_IPSETS, FIREWALLD_HELPERS, \ FIREWALLD_POLICIES USR_LIB_FIREWALLD = path FIREWALLD_ZONES = path + '/zones' FIREWALLD_SERVICES = path + '/services' FIREWALLD_ICMPTYPES = path + '/icmptypes' FIREWALLD_IPSETS = path + '/ipsets' FIREWALLD_HELPERS = path + '/helpers' FIREWALLD_POLICIES = path + '/policies' set_default_config_paths('/usr/lib/firewalld') FIREWALLD_LOGFILE = '/var/log/firewalld' FIREWALLD_PIDFILE = "/var/run/firewalld.pid" FIREWALLD_TEMPDIR = '/run/firewalld' SYSCONFIGDIR = '/etc/sysconfig' IFCFGDIR = "/etc/sysconfig/network-scripts" SYSCTL_CONFIG = '/etc/sysctl.conf' # commands used by backends COMMANDS = { "ipv4": "/usr/sbin/iptables", "ipv4-restore": "/usr/sbin/iptables-restore", "ipv6": "/usr/sbin/ip6tables", "ipv6-restore": "/usr/sbin/ip6tables-restore", "eb": "/usr/sbin/ebtables", "eb-restore": "/usr/sbin/ebtables-restore", "ipset": "/usr/sbin/ipset", "modprobe": "/usr/sbin/modprobe", "rmmod": "/usr/sbin/rmmod", } LOG_DENIED_VALUES = [ "all", "unicast", "broadcast", "multicast", "off" ] AUTOMATIC_HELPERS_VALUES = [ "yes", "no", "system" ] FIREWALL_BACKEND_VALUES = [ "nftables", "iptables" ] # fallbacks: will be overloaded by firewalld.conf FALLBACK_ZONE = "public" FALLBACK_MINIMAL_MARK = 100 FALLBACK_CLEANUP_ON_EXIT = True FALLBACK_CLEANUP_MODULES_ON_EXIT = False FALLBACK_LOCKDOWN = False FALLBACK_IPV6_RPFILTER = True FALLBACK_INDIVIDUAL_CALLS = False FALLBACK_LOG_DENIED = "off" FALLBACK_AUTOMATIC_HELPERS = "no" FALLBACK_FIREWALL_BACKEND = "nftables" FALLBACK_FLUSH_ALL_ON_RELOAD = True FALLBACK_RFC3964_IPV4 = True FALLBACK_ALLOW_ZONE_DRIFTING = False firewalld-1.1.1/src/firewall/core/0000755000000000000000000000000014217353175017015 5ustar00rootroot00000000000000firewalld-1.1.1/src/firewall/core/io/0000755000000000000000000000000014217353175017424 5ustar00rootroot00000000000000firewalld-1.1.1/src/firewall/core/io/direct.py0000644000000000000000000003634014217342322021246 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import xml.sax as sax import os import io import shutil from firewall import config from firewall.fw_types import LastUpdatedOrderedDict from firewall.functions import splitArgs, joinArgs from firewall.core.io.io_object import IO_Object, IO_Object_ContentHandler, \ IO_Object_XMLGenerator from firewall.core.logger import log from firewall.core import ipXtables from firewall.core import ebtables from firewall import errors from firewall.errors import FirewallError class direct_ContentHandler(IO_Object_ContentHandler): def __init__(self, item): IO_Object_ContentHandler.__init__(self, item) self.direct = False def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) self.item.parser_check_element_attrs(name, attrs) if name == "direct": if self.direct: raise FirewallError(errors.PARSE_ERROR, "More than one direct tag.") self.direct = True elif name == "chain": if not self.direct: log.error("Parse Error: chain outside of direct") return ipv = attrs["ipv"] table = attrs["table"] chain = attrs["chain"] self.item.add_chain(ipv, table, chain) elif name == "rule": if not self.direct: log.error("Parse Error: rule outside of direct") return ipv = attrs["ipv"] if ipv not in [ "ipv4", "ipv6", "eb" ]: raise FirewallError(errors.INVALID_IPV, "'%s' not from {'ipv4'|'ipv6'|'eb'}" % ipv) table = attrs["table"] chain = attrs["chain"] try: priority = int(attrs["priority"]) except ValueError: log.error("Parse Error: %s is not a valid priority" % attrs["priority"]) return self._rule = [ ipv, table, chain, priority ] elif name == "passthrough": if not self.direct: log.error("Parse Error: command outside of direct") return ipv = attrs["ipv"] self._passthrough = [ ipv ] else: log.error('Unknown XML element %s' % name) return def endElement(self, name): IO_Object_ContentHandler.endElement(self, name) if name == "rule": if self._element: # add arguments self._rule.append(splitArgs(self._element)) self.item.add_rule(*self._rule) else: log.error("Error: rule does not have any arguments, ignoring.") self._rule = None elif name == "passthrough": if self._element: # add arguments self._passthrough.append(splitArgs(self._element)) self.item.add_passthrough(*self._passthrough) else: log.error("Error: passthrough does not have any arguments, " + "ignoring.") self._passthrough = None class Direct(IO_Object): """ Direct class """ IMPORT_EXPORT_STRUCTURE = ( # chain: [ ipv, table, [ chain ] ] ( "chains", [ ( "", "", "" ), ], ), # a(sss) # rule: [ ipv, table, chain, [ priority, [ arg ] ] ] ( "rules", [ ( "", "", "", 0, [ "" ] ), ], ), # a(sssias) # passthrough: [ ipv, [ [ arg ] ] ] ( "passthroughs", [ ( "", [ "" ]), ], ), # a(sas) ) DBUS_SIGNATURE = '(a(sss)a(sssias)a(sas))' PARSER_REQUIRED_ELEMENT_ATTRS = { "direct": None, "chain": [ "ipv", "table", "chain" ], "rule": [ "ipv", "table", "chain", "priority" ], "passthrough": [ "ipv" ] } PARSER_OPTIONAL_ELEMENT_ATTRS = { } def __init__(self, filename): super(Direct, self).__init__() self.filename = filename self.chains = LastUpdatedOrderedDict() self.rules = LastUpdatedOrderedDict() self.passthroughs = LastUpdatedOrderedDict() def _check_config(self, conf, item, all_conf, all_io_objects): pass # check arg lists def export_config(self): ret = [ ] x = [ ] for key in self.chains: for chain in self.chains[key]: x.append(tuple(list(key) + list([chain]))) ret.append(x) x = [ ] for key in self.rules: for rule in self.rules[key]: x.append(tuple((key[0], key[1], key[2], rule[0], list(rule[1])))) ret.append(x) x = [ ] for key in self.passthroughs: for rule in self.passthroughs[key]: x.append(tuple((key, list(rule)))) ret.append(x) return tuple(ret) def import_config(self, conf, all_io_objects): self.cleanup() self.check_config(conf) for i,(element,dummy) in enumerate(self.IMPORT_EXPORT_STRUCTURE): if element == "chains": for x in conf[i]: self.add_chain(*x) if element == "rules": for x in conf[i]: self.add_rule(*x) if element == "passthroughs": for x in conf[i]: self.add_passthrough(*x) def cleanup(self): self.chains.clear() self.rules.clear() self.passthroughs.clear() def output(self): print("chains") for key in self.chains: print(" (%s, %s): %s" % (key[0], key[1], ",".join(self.chains[key]))) print("rules") for key in self.rules: print(" (%s, %s, %s):" % (key[0], key[1], key[2])) for (priority,args) in self.rules[key]: print(" (%d, ('%s'))" % (priority, "','".join(args))) print("passthroughs") for key in self.passthroughs: print(" %s:" % (key)) for args in self.passthroughs[key]: print(" ('%s')" % ("','".join(args))) def _check_ipv(self, ipv): ipvs = ['ipv4', 'ipv6', 'eb'] if ipv not in ipvs: raise FirewallError(errors.INVALID_IPV, "'%s' not in '%s'" % (ipv, ipvs)) def _check_ipv_table(self, ipv, table): self._check_ipv(ipv) tables = ipXtables.BUILT_IN_CHAINS.keys() if ipv in ['ipv4', 'ipv6'] \ else ebtables.BUILT_IN_CHAINS.keys() if table not in tables: raise FirewallError(errors.INVALID_TABLE, "'%s' not in '%s'" % (table, tables)) # chains def add_chain(self, ipv, table, chain): self._check_ipv_table(ipv, table) key = (ipv, table) if key not in self.chains: self.chains[key] = [ ] if chain not in self.chains[key]: self.chains[key].append(chain) else: log.warning("Chain '%s' for table '%s' with ipv '%s' " % \ (chain, table, ipv) + "already in list, ignoring") def remove_chain(self, ipv, table, chain): self._check_ipv_table(ipv, table) key = (ipv, table) if key in self.chains and chain in self.chains[key]: self.chains[key].remove(chain) if len(self.chains[key]) == 0: del self.chains[key] else: raise ValueError( \ "Chain '%s' with table '%s' with ipv '%s' not in list" % \ (chain, table, ipv)) def query_chain(self, ipv, table, chain): self._check_ipv_table(ipv, table) key = (ipv, table) return (key in self.chains and chain in self.chains[key]) def get_chains(self, ipv, table): self._check_ipv_table(ipv, table) key = (ipv, table) if key in self.chains: return self.chains[key] else: raise ValueError("No chains for table '%s' with ipv '%s'" % \ (table, ipv)) def get_all_chains(self): return self.chains # rules def add_rule(self, ipv, table, chain, priority, args): self._check_ipv_table(ipv, table) key = (ipv, table, chain) if key not in self.rules: self.rules[key] = LastUpdatedOrderedDict() value = (priority, tuple(args)) if value not in self.rules[key]: self.rules[key][value] = priority else: log.warning("Rule '%s' for table '%s' and chain '%s' " % \ ("',".join(args), table, chain) + "with ipv '%s' and priority %d " % (ipv, priority) + "already in list, ignoring") def remove_rule(self, ipv, table, chain, priority, args): self._check_ipv_table(ipv, table) key = (ipv, table, chain) value = (priority, tuple(args)) if key in self.rules and value in self.rules[key]: del self.rules[key][value] if len(self.rules[key]) == 0: del self.rules[key] else: raise ValueError("Rule '%s' for table '%s' and chain '%s' " % \ ("',".join(args), table, chain) + \ "with ipv '%s' and priority %d not in list" % (ipv, priority)) def remove_rules(self, ipv, table, chain): self._check_ipv_table(ipv, table) key = (ipv, table, chain) if key in self.rules: for value in self.rules[key].keys(): del self.rules[key][value] if len(self.rules[key]) == 0: del self.rules[key] def query_rule(self, ipv, table, chain, priority, args): self._check_ipv_table(ipv, table) key = (ipv, table, chain) value = (priority, tuple(args)) return (key in self.rules and value in self.rules[key]) def get_rules(self, ipv, table, chain): self._check_ipv_table(ipv, table) key = (ipv, table, chain) if key in self.rules: return self.rules[key] else: raise ValueError("No rules for table '%s' and chain '%s' " %\ (table, chain) + "with ipv '%s'" % (ipv)) def get_all_rules(self): return self.rules # # passthrough # def add_passthrough(self, ipv, args): self._check_ipv(ipv) if ipv not in self.passthroughs: self.passthroughs[ipv] = [ ] if args not in self.passthroughs[ipv]: self.passthroughs[ipv].append(args) else: log.warning("Passthrough '%s' for ipv '%s'" % \ ("',".join(args), ipv) + "already in list, ignoring") def remove_passthrough(self, ipv, args): self._check_ipv(ipv) if ipv in self.passthroughs and args in self.passthroughs[ipv]: self.passthroughs[ipv].remove(args) if len(self.passthroughs[ipv]) == 0: del self.passthroughs[ipv] else: raise ValueError("Passthrough '%s' for ipv '%s'" % \ ("',".join(args), ipv) + "not in list") def query_passthrough(self, ipv, args): self._check_ipv(ipv) return ipv in self.passthroughs and args in self.passthroughs[ipv] def get_passthroughs(self, ipv): self._check_ipv(ipv) if ipv in self.passthroughs: return self.passthroughs[ipv] else: raise ValueError("No passthroughs for ipv '%s'" % (ipv)) def get_all_passthroughs(self): return self.passthroughs # read def read(self): self.cleanup() if not self.filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "'%s' is missing .xml suffix" % self.filename) handler = direct_ContentHandler(self) parser = sax.make_parser() parser.setContentHandler(handler) with open(self.filename, "rb") as f: source = sax.InputSource(None) source.setByteStream(f) try: parser.parse(source) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_TYPE, "Not a valid file: %s" % \ msg.getException()) def write(self): if os.path.exists(self.filename): try: shutil.copy2(self.filename, "%s.old" % self.filename) except Exception as msg: raise IOError("Backup of '%s' failed: %s" % (self.filename, msg)) if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) f = io.open(self.filename, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start whitelist element handler.startElement("direct", { }) handler.ignorableWhitespace("\n") # chains for key in self.chains: (ipv, table) = key for chain in self.chains[key]: handler.ignorableWhitespace(" ") handler.simpleElement("chain", { "ipv": ipv, "table": table, "chain": chain }) handler.ignorableWhitespace("\n") # rules for key in self.rules: (ipv, table, chain) = key for (priority, args) in self.rules[key]: if len(args) < 1: continue handler.ignorableWhitespace(" ") handler.startElement("rule", { "ipv": ipv, "table": table, "chain": chain, "priority": "%d" % priority }) handler.ignorableWhitespace(sax.saxutils.escape(joinArgs(args))) handler.endElement("rule") handler.ignorableWhitespace("\n") # passthroughs for ipv in self.passthroughs: for args in self.passthroughs[ipv]: if len(args) < 1: continue handler.ignorableWhitespace(" ") handler.startElement("passthrough", { "ipv": ipv }) handler.ignorableWhitespace(sax.saxutils.escape(joinArgs(args))) handler.endElement("passthrough") handler.ignorableWhitespace("\n") # end zone element handler.endElement("direct") handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-1.1.1/src/firewall/core/io/firewalld_conf.py0000644000000000000000000003272514217342322022755 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2012 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import os.path import io import tempfile import shutil from firewall import config from firewall.core.logger import log valid_keys = [ "DefaultZone", "MinimalMark", "CleanupOnExit", "CleanupModulesOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls", "LogDenied", "AutomaticHelpers", "FirewallBackend", "FlushAllOnReload", "RFC3964_IPv4", "AllowZoneDrifting" ] class firewalld_conf(object): def __init__(self, filename): self._config = { } self._deleted = [ ] self.filename = filename self.clear() def clear(self): self._config = { } self._deleted = [ ] def cleanup(self): self._config.clear() self._deleted = [ ] def get(self, key): return self._config.get(key.strip()) def set(self, key, value): _key = key.strip() self._config[_key] = value.strip() if _key in self._deleted: self._deleted.remove(_key) def __str__(self): s = "" for (key,value) in self._config.items(): if s: s += '\n' s += '%s=%s' % (key, value) return s # load self.filename def read(self): self.clear() try: f = open(self.filename, "r") except Exception as msg: log.error("Failed to load '%s': %s", self.filename, msg) self.set("DefaultZone", config.FALLBACK_ZONE) self.set("MinimalMark", str(config.FALLBACK_MINIMAL_MARK)) self.set("CleanupOnExit", "yes" if config.FALLBACK_CLEANUP_ON_EXIT else "no") self.set("CleanupModulesOnExit", "yes" if config.FALLBACK_CLEANUP_MODULES_ON_EXIT else "no") self.set("Lockdown", "yes" if config.FALLBACK_LOCKDOWN else "no") self.set("IPv6_rpfilter","yes" if config.FALLBACK_IPV6_RPFILTER else "no") self.set("IndividualCalls", "yes" if config.FALLBACK_INDIVIDUAL_CALLS else "no") self.set("LogDenied", config.FALLBACK_LOG_DENIED) self.set("AutomaticHelpers", config.FALLBACK_AUTOMATIC_HELPERS) self.set("FirewallBackend", config.FALLBACK_FIREWALL_BACKEND) self.set("FlushAllOnReload", "yes" if config.FALLBACK_FLUSH_ALL_ON_RELOAD else "no") self.set("RFC3964_IPv4", "yes" if config.FALLBACK_RFC3964_IPV4 else "no") self.set("AllowZoneDrifting", "yes" if config.FALLBACK_ALLOW_ZONE_DRIFTING else "no") raise for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] in ['#', ';']: continue # get key/value pair pair = [ x.strip() for x in line.split("=") ] if len(pair) != 2: log.error("Invalid option definition: '%s'", line.strip()) continue elif pair[0] not in valid_keys: log.error("Invalid option: '%s'", line.strip()) continue elif pair[1] == '': log.error("Missing value: '%s'", line.strip()) continue elif self._config.get(pair[0]) is not None: log.error("Duplicate option definition: '%s'", line.strip()) continue self._config[pair[0]] = pair[1] f.close() # check default zone if not self.get("DefaultZone"): log.error("DefaultZone is not set, using default value '%s'", config.FALLBACK_ZONE) self.set("DefaultZone", str(config.FALLBACK_ZONE)) # check minimal mark value = self.get("MinimalMark") try: int(value) except (ValueError, TypeError): if value is not None: log.warning("MinimalMark '%s' is not valid, using default " "value '%d'", value if value else '', config.FALLBACK_MINIMAL_MARK) self.set("MinimalMark", str(config.FALLBACK_MINIMAL_MARK)) # check cleanup on exit value = self.get("CleanupOnExit") if not value or value.lower() not in [ "no", "false", "yes", "true" ]: if value is not None: log.warning("CleanupOnExit '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_CLEANUP_ON_EXIT) self.set("CleanupOnExit", "yes" if config.FALLBACK_CLEANUP_ON_EXIT else "no") # check module cleanup on exit value = self.get("CleanupModulesOnExit") if not value or value.lower() not in [ "no", "false", "yes", "true" ]: if value is not None: log.warning("CleanupModulesOnExit '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_CLEANUP_MODULES_ON_EXIT) self.set("CleanupModulesOnExit", "yes" if config.FALLBACK_CLEANUP_MODULES_ON_EXIT else "no") # check lockdown value = self.get("Lockdown") if not value or value.lower() not in [ "yes", "true", "no", "false" ]: if value is not None: log.warning("Lockdown '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_LOCKDOWN) self.set("Lockdown", "yes" if config.FALLBACK_LOCKDOWN else "no") # check ipv6_rpfilter value = self.get("IPv6_rpfilter") if not value or value.lower() not in [ "yes", "true", "no", "false" ]: if value is not None: log.warning("IPv6_rpfilter '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_IPV6_RPFILTER) self.set("IPv6_rpfilter","yes" if config.FALLBACK_IPV6_RPFILTER else "no") # check individual calls value = self.get("IndividualCalls") if not value or value.lower() not in [ "yes", "true", "no", "false" ]: if value is not None: log.warning("IndividualCalls '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_INDIVIDUAL_CALLS) self.set("IndividualCalls", "yes" if config.FALLBACK_INDIVIDUAL_CALLS else "no") # check log denied value = self.get("LogDenied") if not value or value not in config.LOG_DENIED_VALUES: if value is not None: log.warning("LogDenied '%s' is invalid, using default value '%s'", value, config.FALLBACK_LOG_DENIED) self.set("LogDenied", str(config.FALLBACK_LOG_DENIED)) # check automatic helpers value = self.get("AutomaticHelpers") if not value or value.lower() not in config.AUTOMATIC_HELPERS_VALUES: if value is not None: log.warning("AutomaticHelpers '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_AUTOMATIC_HELPERS) self.set("AutomaticHelpers", str(config.FALLBACK_AUTOMATIC_HELPERS)) value = self.get("FirewallBackend") if not value or value.lower() not in config.FIREWALL_BACKEND_VALUES: if value is not None: log.warning("FirewallBackend '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_FIREWALL_BACKEND) self.set("FirewallBackend", str(config.FALLBACK_FIREWALL_BACKEND)) value = self.get("FlushAllOnReload") if not value or value.lower() not in [ "yes", "true", "no", "false" ]: if value is not None: log.warning("FlushAllOnReload '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_FLUSH_ALL_ON_RELOAD) self.set("FlushAllOnReload", str(config.FALLBACK_FLUSH_ALL_ON_RELOAD)) value = self.get("RFC3964_IPv4") if not value or value.lower() not in [ "yes", "true", "no", "false" ]: if value is not None: log.warning("RFC3964_IPv4 '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_RFC3964_IPV4) self.set("RFC3964_IPv4", str(config.FALLBACK_RFC3964_IPV4)) value = self.get("AllowZoneDrifting") if not value or value.lower() not in [ "yes", "true", "no", "false" ]: if value is not None: log.warning("AllowZoneDrifting '%s' is not valid, using default " "value %s", value if value else '', config.FALLBACK_ALLOW_ZONE_DRIFTING) self.set("AllowZoneDrifting", "yes" if config.FALLBACK_ALLOW_ZONE_DRIFTING else "no") # save to self.filename if there are key/value changes def write(self): if len(self._config) < 1: # no changes: nothing to do return # handled keys done = [ ] if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) try: temp_file = tempfile.NamedTemporaryFile(mode='wt', prefix="%s." % os.path.basename(self.filename), dir=os.path.dirname(self.filename), delete=False) except Exception as msg: log.error("Failed to open temporary file: %s" % msg) raise modified = False empty = False try: f= io.open(self.filename, mode='rt', encoding='UTF-8') except Exception as msg: if os.path.exists(self.filename): log.error("Failed to open '%s': %s" % (self.filename, msg)) raise else: f = None else: for line in f: if not line: break # remove newline line = line.strip("\n") if len(line) < 1: if not empty: temp_file.write(u"\n") empty = True elif line[0] == '#': empty = False temp_file.write(line) temp_file.write(u"\n") else: p = line.split("=") if len(p) != 2: empty = False temp_file.write(line+u"\n") continue key = p[0].strip() value = p[1].strip() # check for modified key/value pairs if key not in done: if (key in self._config and \ self._config[key] != value): empty = False temp_file.write(u'%s=%s\n' % (key, self._config[key])) modified = True elif key in self._deleted: modified = True else: empty = False temp_file.write(line+u"\n") done.append(key) else: modified = True # write remaining key/value pairs if len(self._config) > 0: for (key,value) in self._config.items(): if key in done: continue if key in ["MinimalMark", "AutomaticHelpers", "AllowZoneDrifting"]: # omit deprecated from new config continue if not empty: temp_file.write(u"\n") empty = True temp_file.write(u'%s=%s\n' % (key, value)) modified = True if f: f.close() temp_file.close() if not modified: # not modified: remove tempfile os.remove(temp_file.name) return # make backup if os.path.exists(self.filename): try: shutil.copy2(self.filename, "%s.old" % self.filename) except Exception as msg: os.remove(temp_file.name) raise IOError("Backup of '%s' failed: %s" % (self.filename, msg)) # copy tempfile try: shutil.move(temp_file.name, self.filename) except Exception as msg: os.remove(temp_file.name) raise IOError("Failed to create '%s': %s" % (self.filename, msg)) else: os.chmod(self.filename, 0o600) firewalld-1.1.1/src/firewall/core/io/functions.py0000644000000000000000000001032214217345562022005 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2018 Red Hat, Inc. # # Authors: # Eric Garver # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import os from firewall import config from firewall.errors import FirewallError from firewall.core.fw_config import FirewallConfig from firewall.core.io.zone import zone_reader from firewall.core.io.service import service_reader from firewall.core.io.ipset import ipset_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.helper import helper_reader from firewall.core.io.policy import policy_reader from firewall.core.io.direct import Direct from firewall.core.io.lockdown_whitelist import LockdownWhitelist from firewall.core.io.firewalld_conf import firewalld_conf def check_on_disk_config(fw): fw_config = FirewallConfig(fw) readers = { "ipset": {"reader": ipset_reader, "add": fw_config.add_ipset, "dirs": [config.FIREWALLD_IPSETS, config.ETC_FIREWALLD_IPSETS], }, "helper": {"reader": helper_reader, "add": fw_config.add_helper, "dirs": [config.FIREWALLD_HELPERS, config.ETC_FIREWALLD_HELPERS], }, "icmptype": {"reader": icmptype_reader, "add": fw_config.add_icmptype, "dirs": [config.FIREWALLD_ICMPTYPES, config.ETC_FIREWALLD_ICMPTYPES], }, "service": {"reader": service_reader, "add": fw_config.add_service, "dirs": [config.FIREWALLD_SERVICES, config.ETC_FIREWALLD_SERVICES], }, "zone": {"reader": zone_reader, "add": fw_config.add_zone, "dirs": [config.FIREWALLD_ZONES, config.ETC_FIREWALLD_ZONES], }, "policy": {"reader": policy_reader, "add": fw_config.add_policy_object, "dirs": [config.FIREWALLD_POLICIES, config.ETC_FIREWALLD_POLICIES], }, } for reader in readers.keys(): for _dir in readers[reader]["dirs"]: if not os.path.isdir(_dir): continue for file in sorted(os.listdir(_dir)): if file.endswith(".xml"): obj = readers[reader]["reader"](file, _dir) readers[reader]["add"](obj) fw_config.full_check_config() if os.path.isfile(config.FIREWALLD_DIRECT): try: obj = Direct(config.FIREWALLD_DIRECT) obj.read() obj.check_config(obj.export_config()) except FirewallError as error: raise FirewallError(error.code, "'%s': %s" % (config.FIREWALLD_DIRECT, error.msg)) except Exception as msg: raise Exception("'%s': %s" % (config.FIREWALLD_DIRECT, msg)) if os.path.isfile(config.LOCKDOWN_WHITELIST): try: obj = LockdownWhitelist(config.LOCKDOWN_WHITELIST) obj.read() obj.check_config(obj.export_config()) except FirewallError as error: raise FirewallError(error.code, "'%s': %s" % (config.LOCKDOWN_WHITELIST, error.msg)) except Exception as msg: raise Exception("'%s': %s" % (config.LOCKDOWN_WHITELIST, msg)) if os.path.isfile(config.FIREWALLD_CONF): try: obj = firewalld_conf(config.FIREWALLD_CONF) obj.read() except FirewallError as error: raise FirewallError(error.code, "'%s': %s" % (config.FIREWALLD_CONF, error.msg)) except Exception as msg: raise Exception("'%s': %s" % (config.FIREWALLD_CONF, msg)) firewalld-1.1.1/src/firewall/core/io/helper.py0000644000000000000000000001707614217342322021260 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "Helper", "helper_reader", "helper_writer" ] import xml.sax as sax import os import io import shutil from firewall import config from firewall.core.io.io_object import IO_Object, \ IO_Object_ContentHandler, IO_Object_XMLGenerator, check_port, \ check_tcpudp from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class Helper(IO_Object): IMPORT_EXPORT_STRUCTURE = ( ( "version", "" ), # s ( "short", "" ), # s ( "description", "" ), # s ( "family", "", ), # s ( "module", "", ), # s ( "ports", [ ( "", "" ), ], ), # a(ss) ) DBUS_SIGNATURE = '(sssssa(ss))' ADDITIONAL_ALNUM_CHARS = [ "-", "." ] PARSER_REQUIRED_ELEMENT_ATTRS = { "short": None, "description": None, "helper": [ "module" ], } PARSER_OPTIONAL_ELEMENT_ATTRS = { "helper": [ "name", "version", "family" ], "port": [ "port", "protocol" ], } def __init__(self): super(Helper, self).__init__() self.version = "" self.short = "" self.description = "" self.module = "" self.family = "" self.ports = [ ] def cleanup(self): self.version = "" self.short = "" self.description = "" self.module = "" self.family = "" del self.ports[:] def check_ipv(self, ipv): ipvs = [ 'ipv4', 'ipv6' ] if ipv not in ipvs: raise FirewallError(errors.INVALID_IPV, "'%s' not in '%s'" % (ipv, ipvs)) def _check_config(self, config, item, all_config, all_io_objects): if item == "ports": for port in config: check_port(port[0]) check_tcpudp(port[1]) elif item == "module": if not config.startswith("nf_conntrack_"): raise FirewallError( errors.INVALID_MODULE, "'%s' does not start with 'nf_conntrack_'" % config) if len(config.replace("nf_conntrack_", "")) < 1: raise FirewallError(errors.INVALID_MODULE, "Module name '%s' too short" % config) # PARSER class helper_ContentHandler(IO_Object_ContentHandler): def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) self.item.parser_check_element_attrs(name, attrs) if name == "helper": if "version" in attrs: self.item.version = attrs["version"] if "family" in attrs: self.item.check_ipv(attrs["family"]) self.item.family = attrs["family"] if "module" in attrs: if not attrs["module"].startswith("nf_conntrack_"): raise FirewallError( errors.INVALID_MODULE, "'%s' does not start with 'nf_conntrack_'" % \ attrs["module"]) if len(attrs["module"].replace("nf_conntrack_", "")) < 1: raise FirewallError( errors.INVALID_MODULE, "Module name '%s' too short" % attrs["module"]) self.item.module = attrs["module"] elif name == "short": pass elif name == "description": pass elif name == "port": check_port(attrs["port"]) check_tcpudp(attrs["protocol"]) entry = (attrs["port"], attrs["protocol"]) if entry not in self.item.ports: self.item.ports.append(entry) else: log.warning("Port '%s/%s' already set, ignoring.", attrs["port"], attrs["protocol"]) def helper_reader(filename, path): helper = Helper() if not filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "'%s' is missing .xml suffix" % filename) helper.name = filename[:-4] helper.check_name(helper.name) helper.filename = filename helper.path = path helper.builtin = False if path.startswith(config.ETC_FIREWALLD) else True helper.default = helper.builtin handler = helper_ContentHandler(helper) parser = sax.make_parser() parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "rb") as f: source = sax.InputSource(None) source.setByteStream(f) try: parser.parse(source) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_HELPER, "not a valid helper file: %s" % \ msg.getException()) del handler del parser return helper def helper_writer(helper, path=None): _path = path if path else helper.path if helper.filename: name = "%s/%s" % (_path, helper.filename) else: name = "%s/%s.xml" % (_path, helper.name) if os.path.exists(name): try: shutil.copy2(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) dirpath = os.path.dirname(name) if dirpath.startswith(config.ETC_FIREWALLD) and not os.path.exists(dirpath): if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) os.mkdir(dirpath, 0o750) f = io.open(name, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start helper element attrs = {} attrs["module"] = helper.module if helper.version and helper.version != "": attrs["version"] = helper.version if helper.family and helper.family != "": attrs["family"] = helper.family handler.startElement("helper", attrs) handler.ignorableWhitespace("\n") # short if helper.short and helper.short != "": handler.ignorableWhitespace(" ") handler.startElement("short", { }) handler.characters(helper.short) handler.endElement("short") handler.ignorableWhitespace("\n") # description if helper.description and helper.description != "": handler.ignorableWhitespace(" ") handler.startElement("description", { }) handler.characters(helper.description) handler.endElement("description") handler.ignorableWhitespace("\n") # ports for port in helper.ports: handler.ignorableWhitespace(" ") handler.simpleElement("port", { "port": port[0], "protocol": port[1] }) handler.ignorableWhitespace("\n") # end helper element handler.endElement('helper') handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-1.1.1/src/firewall/core/io/icmptype.py0000644000000000000000000001422514217342322021624 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "IcmpType", "icmptype_reader", "icmptype_writer" ] import xml.sax as sax import os import io import shutil from firewall import config from firewall.core.io.io_object import IO_Object, \ IO_Object_ContentHandler, IO_Object_XMLGenerator from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class IcmpType(IO_Object): IMPORT_EXPORT_STRUCTURE = ( ( "version", "" ), # s ( "short", "" ), # s ( "description", "" ), # s ( "destination", [ "", ], ), # as ) DBUS_SIGNATURE = '(sssas)' ADDITIONAL_ALNUM_CHARS = [ "_", "-" ] PARSER_REQUIRED_ELEMENT_ATTRS = { "short": None, "description": None, "icmptype": None, } PARSER_OPTIONAL_ELEMENT_ATTRS = { "icmptype": [ "name", "version" ], "destination": [ "ipv4", "ipv6" ], } def __init__(self): super(IcmpType, self).__init__() self.version = "" self.short = "" self.description = "" self.destination = [ ] def cleanup(self): self.version = "" self.short = "" self.description = "" del self.destination[:] def _check_config(self, config, item, all_config, all_io_objects): if item == "destination": for destination in config: if destination not in [ "ipv4", "ipv6" ]: raise FirewallError(errors.INVALID_DESTINATION, "'%s' not from {'ipv4'|'ipv6'}" % \ destination) # PARSER class icmptype_ContentHandler(IO_Object_ContentHandler): def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) self.item.parser_check_element_attrs(name, attrs) if name == "icmptype": if "name" in attrs: log.warning("Ignoring deprecated attribute name='%s'" % attrs["name"]) if "version" in attrs: self.item.version = attrs["version"] elif name == "short": pass elif name == "description": pass elif name == "destination": for x in [ "ipv4", "ipv6" ]: if x in attrs and \ attrs[x].lower() in [ "yes", "true" ]: self.item.destination.append(str(x)) def icmptype_reader(filename, path): icmptype = IcmpType() if not filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "%s is missing .xml suffix" % filename) icmptype.name = filename[:-4] icmptype.check_name(icmptype.name) icmptype.filename = filename icmptype.path = path icmptype.builtin = False if path.startswith(config.ETC_FIREWALLD) else True icmptype.default = icmptype.builtin handler = icmptype_ContentHandler(icmptype) parser = sax.make_parser() parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "rb") as f: source = sax.InputSource(None) source.setByteStream(f) try: parser.parse(source) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_ICMPTYPE, "not a valid icmptype file: %s" % \ msg.getException()) del handler del parser return icmptype def icmptype_writer(icmptype, path=None): _path = path if path else icmptype.path if icmptype.filename: name = "%s/%s" % (_path, icmptype.filename) else: name = "%s/%s.xml" % (_path, icmptype.name) if os.path.exists(name): try: shutil.copy2(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) dirpath = os.path.dirname(name) if dirpath.startswith(config.ETC_FIREWALLD) and not os.path.exists(dirpath): if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) os.mkdir(dirpath, 0o750) f = io.open(name, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start icmptype element attrs = {} if icmptype.version and icmptype.version != "": attrs["version"] = icmptype.version handler.startElement("icmptype", attrs) handler.ignorableWhitespace("\n") # short if icmptype.short and icmptype.short != "": handler.ignorableWhitespace(" ") handler.startElement("short", { }) handler.characters(icmptype.short) handler.endElement("short") handler.ignorableWhitespace("\n") # description if icmptype.description and icmptype.description != "": handler.ignorableWhitespace(" ") handler.startElement("description", { }) handler.characters(icmptype.description) handler.endElement("description") handler.ignorableWhitespace("\n") # destination if icmptype.destination: handler.ignorableWhitespace(" ") attrs = { } for x in icmptype.destination: attrs[x] = "yes" handler.simpleElement("destination", attrs) handler.ignorableWhitespace("\n") # end icmptype element handler.endElement('icmptype') handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-1.1.1/src/firewall/core/io/ifcfg.py0000644000000000000000000001423314217342322021047 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """ifcfg file parser""" __all__ = [ "ifcfg" ] import os.path import io import tempfile import shutil from firewall.core.logger import log class ifcfg(object): def __init__(self, filename): self._config = { } self._deleted = [ ] self.filename = filename self.clear() def clear(self): self._config = { } self._deleted = [ ] def cleanup(self): self._config.clear() def get(self, key): return self._config.get(key.strip()) def set(self, key, value): _key = key.strip() self._config[_key] = value.strip() if _key in self._deleted: self._deleted.remove(_key) def __str__(self): s = "" for (key, value) in self._config.items(): if s: s += '\n' s += '%s=%s' % (key, value) return s # load self.filename def read(self): self.clear() try: f = open(self.filename, "r") except Exception as msg: log.error("Failed to load '%s': %s", self.filename, msg) raise for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] in ['#', ';']: continue # get key/value pair pair = [ x.strip() for x in line.split("=", 1) ] if len(pair) != 2: continue if len(pair[1]) >= 2 and \ pair[1].startswith('"') and pair[1].endswith('"'): pair[1] = pair[1][1:-1] if pair[1] == '': continue elif self._config.get(pair[0]) is not None: log.warning("%s: Duplicate option definition: '%s'", self.filename, line.strip()) continue self._config[pair[0]] = pair[1] f.close() def write(self): if len(self._config) < 1: # no changes: nothing to do return # handled keys done = [ ] try: temp_file = tempfile.NamedTemporaryFile( mode='wt', prefix="%s." % os.path.basename(self.filename), dir=os.path.dirname(self.filename), delete=False) except Exception as msg: log.error("Failed to open temporary file: %s" % msg) raise modified = False empty = False try: f = io.open(self.filename, mode='rt', encoding='UTF-8') except Exception as msg: if os.path.exists(self.filename): log.error("Failed to open '%s': %s" % (self.filename, msg)) raise else: f = None else: for line in f: if not line: break # remove newline line = line.strip("\n") if len(line) < 1: if not empty: temp_file.write(u"\n") empty = True elif line[0] == '#': empty = False temp_file.write(line) temp_file.write(u"\n") else: p = line.split("=", 1) if len(p) != 2: empty = False temp_file.write(line+u"\n") continue key = p[0].strip() value = p[1].strip() if len(value) >= 2 and \ value.startswith('"') and value.endswith('"'): value = value[1:-1] # check for modified key/value pairs if key not in done: if key in self._config and self._config[key] != value: empty = False temp_file.write(u'%s=%s\n' % (key, self._config[key])) modified = True elif key in self._deleted: modified = True else: empty = False temp_file.write(line+u"\n") done.append(key) else: modified = True # write remaining key/value pairs if len(self._config) > 0: for (key, value) in self._config.items(): if key in done: continue if not empty: empty = True temp_file.write(u'%s=%s\n' % (key, value)) modified = True if f: f.close() temp_file.close() if not modified: # not modified: remove tempfile os.remove(temp_file.name) return # make backup if os.path.exists(self.filename): try: shutil.copy2(self.filename, "%s.bak" % self.filename) except Exception as msg: os.remove(temp_file.name) raise IOError("Backup of '%s' failed: %s" % (self.filename, msg)) # copy tempfile try: shutil.move(temp_file.name, self.filename) except Exception as msg: os.remove(temp_file.name) raise IOError("Failed to create '%s': %s" % (self.filename, msg)) else: os.chmod(self.filename, 0o600) firewalld-1.1.1/src/firewall/core/io/__init__.py0000644000000000000000000000307414217342322021531 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2012 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # fix xmlplus to be compatible with the python xml sax parser and python 3 # by adding __contains__ to xml.sax.xmlreader.AttributesImpl import xml if "_xmlplus" in xml.__file__: from xml.sax.xmlreader import AttributesImpl if not hasattr(AttributesImpl, "__contains__"): # this is missing: def __AttributesImpl__contains__(self, name): return name in getattr(self, "_attrs") # add it using the name __contains__ setattr(AttributesImpl, "__contains__", __AttributesImpl__contains__) from xml.sax.saxutils import XMLGenerator if not hasattr(XMLGenerator, "_write"): # this is missing: def __XMLGenerator_write(self, text): getattr(self, "_out").write(text) # add it using the name _write setattr(XMLGenerator, "_write", __XMLGenerator_write) firewalld-1.1.1/src/firewall/core/io/io_object.py0000644000000000000000000002674014217342322021734 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """Generic io_object handler, io specific check methods.""" __all__ = [ "IO_Object", "IO_Object_ContentHandler", "IO_Object_XMLGenerator", "check_port", "check_tcpudp", "check_protocol", "check_address" ] import xml.sax as sax import xml.sax.saxutils as saxutils import copy from collections import OrderedDict from firewall import functions from firewall import errors from firewall.errors import FirewallError class IO_Object(object): """ Abstract IO_Object as base for icmptype, service and zone """ IMPORT_EXPORT_STRUCTURE = ( ) DBUS_SIGNATURE = '()' ADDITIONAL_ALNUM_CHARS = [ ] # additional to alnum PARSER_REQUIRED_ELEMENT_ATTRS = { } PARSER_OPTIONAL_ELEMENT_ATTRS = { } def __init__(self): self.filename = "" self.path = "" self.name = "" self.default = False self.builtin = False def export_config(self): ret = [ ] for x in self.IMPORT_EXPORT_STRUCTURE: ret.append(copy.deepcopy(getattr(self, x[0]))) return tuple(ret) def export_config_dict(self): conf = {} type_formats = dict([(x[0], x[1]) for x in self.IMPORT_EXPORT_STRUCTURE]) for key in type_formats: if getattr(self, key) or isinstance(getattr(self, key), bool): conf[key] = copy.deepcopy(getattr(self, key)) return conf def import_config(self, conf, all_io_objects): self.check_config(conf, all_io_objects) for i,(element,dummy) in enumerate(self.IMPORT_EXPORT_STRUCTURE): if isinstance(conf[i], list): # remove duplicates without changing the order _conf = [ ] _set = set() for x in conf[i]: if x not in _set: _conf.append(x) _set.add(x) del _set setattr(self, element, copy.deepcopy(_conf)) else: setattr(self, element, copy.deepcopy(conf[i])) def import_config_dict(self, conf, all_io_objects): self.check_config_dict(conf, all_io_objects) for key in conf: if not hasattr(self, key): raise FirewallError(errors.UNKNOWN_ERROR, "Internal error. '{}' is not a valid attribute".format(key)) if isinstance(conf[key], list): # maintain list order while removing duplicates setattr(self, key, list(OrderedDict.fromkeys(copy.deepcopy(conf[key])))) else: setattr(self, key, copy.deepcopy(conf[key])) def check_name(self, name): if not isinstance(name, str): raise FirewallError(errors.INVALID_TYPE, "'%s' not of type %s, but %s" % (name, type(""), type(name))) if len(name) < 1: raise FirewallError(errors.INVALID_NAME, "name can't be empty") for char in name: if not char.isalnum() and char not in self.ADDITIONAL_ALNUM_CHARS: raise FirewallError( errors.INVALID_NAME, "'%s' is not allowed in '%s'" % ((char, name))) def check_config(self, conf, all_io_objects={}): if len(conf) != len(self.IMPORT_EXPORT_STRUCTURE): raise FirewallError( errors.INVALID_TYPE, "structure size mismatch %d != %d" % \ (len(conf), len(self.IMPORT_EXPORT_STRUCTURE))) conf_dict = {} for i,(x,y) in enumerate(self.IMPORT_EXPORT_STRUCTURE): conf_dict[x] = conf[i] self.check_config_dict(conf_dict, all_io_objects) def check_config_dict(self, conf, all_io_objects): type_formats = dict([(x[0], x[1]) for x in self.IMPORT_EXPORT_STRUCTURE]) for key in conf: if key not in [x for (x,y) in self.IMPORT_EXPORT_STRUCTURE]: raise FirewallError(errors.INVALID_OPTION, "option '{}' is not valid".format(key)) self._check_config_structure(conf[key], type_formats[key]) self._check_config(conf[key], key, conf, all_io_objects) def _check_config(self, dummy1, dummy2, dummy3, dummy4): # to be overloaded by sub classes return def _check_config_structure(self, conf, structure): if not isinstance(conf, type(structure)): raise FirewallError(errors.INVALID_TYPE, "'%s' not of type %s, but %s" % \ (conf, type(structure), type(conf))) if isinstance(structure, list): # same type elements, else struct if len(structure) != 1: raise FirewallError(errors.INVALID_TYPE, "len('%s') != 1" % structure) for x in conf: self._check_config_structure(x, structure[0]) elif isinstance(structure, tuple): if len(structure) != len(conf): raise FirewallError(errors.INVALID_TYPE, "len('%s') != %d" % (conf, len(structure))) for i,value in enumerate(structure): self._check_config_structure(conf[i], value) elif isinstance(structure, dict): # only one key value pair in structure (skey, svalue) = list(structure.items())[0] for (key, value) in conf.items(): if not isinstance(key, type(skey)): raise FirewallError(errors.INVALID_TYPE, "'%s' not of type %s, but %s" % (\ key, type(skey), type(key))) if not isinstance(value, type(svalue)): raise FirewallError(errors.INVALID_TYPE, "'%s' not of type %s, but %s" % (\ value, type(svalue), type(value))) # check required elements and attributes and also optional attributes def parser_check_element_attrs(self, name, attrs): _attrs = attrs.getNames() found = False if name in self.PARSER_REQUIRED_ELEMENT_ATTRS: found = True if self.PARSER_REQUIRED_ELEMENT_ATTRS[name] is not None: for x in self.PARSER_REQUIRED_ELEMENT_ATTRS[name]: if x in _attrs: _attrs.remove(x) else: raise FirewallError( errors.PARSE_ERROR, "Missing attribute %s for %s" % (x, name)) if name in self.PARSER_OPTIONAL_ELEMENT_ATTRS: found = True for x in self.PARSER_OPTIONAL_ELEMENT_ATTRS[name]: if x in _attrs: _attrs.remove(x) if not found: raise FirewallError(errors.PARSE_ERROR, "Unexpected element %s" % name) # raise attributes[0] for x in _attrs: raise FirewallError(errors.PARSE_ERROR, "%s: Unexpected attribute %s" % (name, x)) # PARSER class UnexpectedElementError(Exception): def __init__(self, name): super(UnexpectedElementError, self).__init__() self.name = name def __str__(self): return "Unexpected element '%s'" % (self.name) class MissingAttributeError(Exception): def __init__(self, name, attribute): super(MissingAttributeError, self).__init__() self.name = name self.attribute = attribute def __str__(self): return "Element '%s': missing '%s' attribute" % \ (self.name, self.attribute) class UnexpectedAttributeError(Exception): def __init__(self, name, attribute): super(UnexpectedAttributeError, self).__init__() self.name = name self.attribute = attribute def __str__(self): return "Element '%s': unexpected attribute '%s'" % \ (self.name, self.attribute) class IO_Object_ContentHandler(sax.handler.ContentHandler): def __init__(self, item): self.item = item self._element = "" def startDocument(self): self._element = "" def startElement(self, name, attrs): self._element = "" def endElement(self, name): if name == "short": self.item.short = self._element elif name == "description": self.item.description = self._element def characters(self, content): self._element += content.replace('\n', ' ') class IO_Object_XMLGenerator(saxutils.XMLGenerator): def __init__(self, out): # fix memory leak in saxutils.XMLGenerator.__init__: # out = _gettextwriter(out, encoding) # creates unbound object results in garbage in gc # # saxutils.XMLGenerator.__init__(self, out, "utf-8") # replaced by modified saxutils.XMLGenerator.__init__ code: sax.handler.ContentHandler.__init__(self) self._write = out.write self._flush = out.flush self._ns_contexts = [{}] # contains uri -> prefix dicts self._current_context = self._ns_contexts[-1] self._undeclared_ns_maps = [] self._encoding = "utf-8" self._pending_start_element = False self._short_empty_elements = False def simpleElement(self, name, attrs): """ slightly modified startElement() """ self._write('<' + name) for (name, value) in attrs.items(): self._write(' %s=%s' % (name, saxutils.quoteattr(value))) self._write('/>') def check_port(port): port_range = functions.getPortRange(port) if port_range == -2: raise FirewallError(errors.INVALID_PORT, "port number in '%s' is too big" % port) elif port_range == -1: raise FirewallError(errors.INVALID_PORT, "'%s' is invalid port range" % port) elif port_range is None: raise FirewallError(errors.INVALID_PORT, "port range '%s' is ambiguous" % port) elif len(port_range) == 2 and port_range[0] >= port_range[1]: raise FirewallError(errors.INVALID_PORT, "'%s' is invalid port range" % port) def check_tcpudp(protocol): if protocol not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, "'%s' not from {'tcp'|'udp'|'sctp'|'dccp'}" % \ protocol) def check_protocol(protocol): if not functions.checkProtocol(protocol): raise FirewallError(errors.INVALID_PROTOCOL, protocol) def check_address(ipv, addr): if not functions.check_address(ipv, addr): raise FirewallError(errors.INVALID_ADDR, "'%s' is not valid %s address" % (addr, ipv)) firewalld-1.1.1/src/firewall/core/io/ipset.py0000644000000000000000000005004214217342322021113 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2015-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """ipset io XML handler, reader, writer""" __all__ = [ "IPSet", "ipset_reader", "ipset_writer" ] import xml.sax as sax import os import io import shutil from firewall import config from firewall.functions import checkIP, checkIP6, checkIPnMask, \ checkIP6nMask, check_mac, check_port, checkInterface, \ checkProtocol from firewall.core.io.io_object import IO_Object, \ IO_Object_ContentHandler, IO_Object_XMLGenerator from firewall.core.ipset import IPSET_TYPES, IPSET_CREATE_OPTIONS from firewall.core.icmp import check_icmp_name, check_icmp_type, \ check_icmpv6_name, check_icmpv6_type from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class IPSet(IO_Object): IMPORT_EXPORT_STRUCTURE = ( ( "version", "" ), # s ( "short", "" ), # s ( "description", "" ), # s ( "type", "" ), # s ( "options", { "": "", }, ), # a{ss} ( "entries", [ "" ], ), # as ) DBUS_SIGNATURE = '(ssssa{ss}as)' ADDITIONAL_ALNUM_CHARS = [ "_", "-", ":", "." ] PARSER_REQUIRED_ELEMENT_ATTRS = { "short": None, "description": None, "ipset": [ "type" ], "option": [ "name" ], "entry": None, } PARSER_OPTIONAL_ELEMENT_ATTRS = { "ipset": [ "version" ], "option": [ "value" ], } def __init__(self): super(IPSet, self).__init__() self.version = "" self.short = "" self.description = "" self.type = "" self.entries = [ ] self.options = { } self.applied = False def cleanup(self): self.version = "" self.short = "" self.description = "" self.type = "" del self.entries[:] self.options.clear() self.applied = False @staticmethod def check_entry(entry, options, ipset_type): family = "ipv4" if "family" in options: if options["family"] == "inet6": family = "ipv6" if not ipset_type.startswith("hash:"): raise FirewallError(errors.INVALID_IPSET, "ipset type '%s' not usable" % ipset_type) flags = ipset_type[5:].split(",") items = entry.split(",") if len(flags) != len(items) or len(flags) < 1: raise FirewallError( errors.INVALID_ENTRY, "entry '%s' does not match ipset type '%s'" % \ (entry, ipset_type)) for i in range(len(flags)): flag = flags[i] item = items[i] if flag == "ip": if "-" in item and family == "ipv4": # IP ranges only with plain IPs, no masks if i > 1: raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s'[%d]" % \ (item, entry, i)) splits = item.split("-") if len(splits) != 2: raise FirewallError( errors.INVALID_ENTRY, "invalid address range '%s' in '%s' for %s (%s)" % \ (item, entry, ipset_type, family)) for _split in splits: if (family == "ipv4" and not checkIP(_split)) or \ (family == "ipv6" and not checkIP6(_split)): raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (_split, entry, ipset_type, family)) else: # IPs with mask only allowed in the first # position of the type if family == "ipv4": if item == "0.0.0.0": raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (item, entry, ipset_type, family)) if i == 0: ip_check = checkIPnMask else: ip_check = checkIP else: ip_check = checkIP6 if not ip_check(item): raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (item, entry, ipset_type, family)) elif flag == "net": if "-" in item: # IP ranges only with plain IPs, no masks splits = item.split("-") if len(splits) != 2: raise FirewallError( errors.INVALID_ENTRY, "invalid address range '%s' in '%s' for %s (%s)" % \ (item, entry, ipset_type, family)) # First part can only be a plain IP if (family == "ipv4" and not checkIP(splits[0])) or \ (family == "ipv6" and not checkIP6(splits[0])): raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (splits[0], entry, ipset_type, family)) # Second part can also have a mask if (family == "ipv4" and not checkIPnMask(splits[1])) or \ (family == "ipv6" and not checkIP6nMask(splits[1])): raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (splits[1], entry, ipset_type, family)) else: # IPs with mask allowed in all positions, but no /0 if item.endswith("/0"): if not (family == "ipv6" and i == 0 and ipset_type == "hash:net,iface"): raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (item, entry, ipset_type, family)) if (family == "ipv4" and not checkIPnMask(item)) or \ (family == "ipv6" and not checkIP6nMask(item)): raise FirewallError( errors.INVALID_ENTRY, "invalid address '%s' in '%s' for %s (%s)" % \ (item, entry, ipset_type, family)) elif flag == "mac": # ipset does not allow to add 00:00:00:00:00:00 if not check_mac(item) or item == "00:00:00:00:00:00": raise FirewallError( errors.INVALID_ENTRY, "invalid mac address '%s' in '%s'" % (item, entry)) elif flag == "port": if ":" in item: splits = item.split(":") if len(splits) != 2: raise FirewallError( errors.INVALID_ENTRY, "invalid port '%s'" % (item)) if splits[0] == "icmp": if family != "ipv4": raise FirewallError( errors.INVALID_ENTRY, "invalid protocol for family '%s' in '%s'" % \ (family, entry)) if not check_icmp_name(splits[1]) and not \ check_icmp_type(splits[1]): raise FirewallError( errors.INVALID_ENTRY, "invalid icmp type '%s' in '%s'" % \ (splits[1], entry)) elif splits[0] in [ "icmpv6", "ipv6-icmp" ]: if family != "ipv6": raise FirewallError( errors.INVALID_ENTRY, "invalid protocol for family '%s' in '%s'" % \ (family, entry)) if not check_icmpv6_name(splits[1]) and not \ check_icmpv6_type(splits[1]): raise FirewallError( errors.INVALID_ENTRY, "invalid icmpv6 type '%s' in '%s'" % \ (splits[1], entry)) elif splits[0] not in [ "tcp", "sctp", "udp", "udplite" ] \ and not checkProtocol(splits[0]): raise FirewallError( errors.INVALID_ENTRY, "invalid protocol '%s' in '%s'" % (splits[0], entry)) elif not check_port(splits[1]): raise FirewallError( errors.INVALID_ENTRY, "invalid port '%s'in '%s'" % (splits[1], entry)) else: if not check_port(item): raise FirewallError( errors.INVALID_ENTRY, "invalid port '%s' in '%s'" % (item, entry)) elif flag == "mark": if item.startswith("0x"): try: int_val = int(item, 16) except ValueError: raise FirewallError( errors.INVALID_ENTRY, "invalid mark '%s' in '%s'" % (item, entry)) else: try: int_val = int(item) except ValueError: raise FirewallError( errors.INVALID_ENTRY, "invalid mark '%s' in '%s'" % (item, entry)) if int_val < 0 or int_val > 4294967295: raise FirewallError( errors.INVALID_ENTRY, "invalid mark '%s' in '%s'" % (item, entry)) elif flag == "iface": if not checkInterface(item) or len(item) > 15: raise FirewallError( errors.INVALID_ENTRY, "invalid interface '%s' in '%s'" % (item, entry)) else: raise FirewallError(errors.INVALID_IPSET, "ipset type '%s' not usable" % ipset_type) def _check_config(self, config, item, all_config, all_io_objects): if item == "type": if config not in IPSET_TYPES: raise FirewallError(errors.INVALID_TYPE, "'%s' is not valid ipset type" % config) if item == "options": for key in config.keys(): if key not in IPSET_CREATE_OPTIONS: raise FirewallError(errors.INVALID_IPSET, "ipset invalid option '%s'" % key) if key in [ "timeout", "hashsize", "maxelem" ]: try: int_value = int(config[key]) except ValueError: raise FirewallError( errors.INVALID_VALUE, "Option '%s': Value '%s' is not an integer" % \ (key, config[key])) if int_value < 0: raise FirewallError( errors.INVALID_VALUE, "Option '%s': Value '%s' is negative" % \ (key, config[key])) elif key == "family" and \ config[key] not in [ "inet", "inet6" ]: raise FirewallError(errors.INVALID_FAMILY, config[key]) def import_config(self, config, all_io_objects): if "timeout" in config[4] and config[4]["timeout"] != "0": if len(config[5]) != 0: raise FirewallError(errors.IPSET_WITH_TIMEOUT) for entry in config[5]: IPSet.check_entry(entry, config[4], config[3]) super(IPSet, self).import_config(config, all_io_objects) # PARSER class ipset_ContentHandler(IO_Object_ContentHandler): def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) self.item.parser_check_element_attrs(name, attrs) if name == "ipset": if "type" in attrs: if attrs["type"] not in IPSET_TYPES: raise FirewallError(errors.INVALID_TYPE, "%s" % attrs["type"]) self.item.type = attrs["type"] if "version" in attrs: self.item.version = attrs["version"] elif name == "short": pass elif name == "description": pass elif name == "option": value = "" if "value" in attrs: value = attrs["value"] if attrs["name"] not in \ [ "family", "timeout", "hashsize", "maxelem" ]: raise FirewallError( errors.INVALID_OPTION, "Unknown option '%s'" % attrs["name"]) if self.item.type == "hash:mac" and attrs["name"] in [ "family" ]: raise FirewallError( errors.INVALID_OPTION, "Unsupported option '%s' for type '%s'" % \ (attrs["name"], self.item.type)) if attrs["name"] in [ "family", "timeout", "hashsize", "maxelem" ] \ and not value: raise FirewallError( errors.INVALID_OPTION, "Missing mandatory value of option '%s'" % attrs["name"]) if attrs["name"] in [ "timeout", "hashsize", "maxelem" ]: try: int_value = int(value) except ValueError: raise FirewallError( errors.INVALID_VALUE, "Option '%s': Value '%s' is not an integer" % \ (attrs["name"], value)) if int_value < 0: raise FirewallError( errors.INVALID_VALUE, "Option '%s': Value '%s' is negative" % \ (attrs["name"], value)) if attrs["name"] == "family" and value not in [ "inet", "inet6" ]: raise FirewallError(errors.INVALID_FAMILY, value) if attrs["name"] not in self.item.options: self.item.options[attrs["name"]] = value else: log.warning("Option %s already set, ignoring.", attrs["name"]) # nothing to do for entry and entries here def endElement(self, name): IO_Object_ContentHandler.endElement(self, name) if name == "entry": self.item.entries.append(self._element) def ipset_reader(filename, path): ipset = IPSet() if not filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "'%s' is missing .xml suffix" % filename) ipset.name = filename[:-4] ipset.check_name(ipset.name) ipset.filename = filename ipset.path = path ipset.builtin = False if path.startswith(config.ETC_FIREWALLD) else True ipset.default = ipset.builtin handler = ipset_ContentHandler(ipset) parser = sax.make_parser() parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "rb") as f: source = sax.InputSource(None) source.setByteStream(f) try: parser.parse(source) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_IPSET, "not a valid ipset file: %s" % \ msg.getException()) del handler del parser if "timeout" in ipset.options and ipset.options["timeout"] != "0" and \ len(ipset.entries) > 0: # no entries visible for ipsets with timeout log.warning("ipset '%s': timeout option is set, entries are ignored", ipset.name) del ipset.entries[:] i = 0 entries_set = set() while i < len(ipset.entries): if ipset.entries[i] in entries_set: log.warning("Entry %s already set, ignoring.", ipset.entries[i]) ipset.entries.pop(i) else: try: ipset.check_entry(ipset.entries[i], ipset.options, ipset.type) except FirewallError as e: log.warning("%s, ignoring.", e) ipset.entries.pop(i) else: entries_set.add(ipset.entries[i]) i += 1 del entries_set return ipset def ipset_writer(ipset, path=None): _path = path if path else ipset.path if ipset.filename: name = "%s/%s" % (_path, ipset.filename) else: name = "%s/%s.xml" % (_path, ipset.name) if os.path.exists(name): try: shutil.copy2(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) dirpath = os.path.dirname(name) if dirpath.startswith(config.ETC_FIREWALLD) and not os.path.exists(dirpath): if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) os.mkdir(dirpath, 0o750) f = io.open(name, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start ipset element attrs = { "type": ipset.type } if ipset.version and ipset.version != "": attrs["version"] = ipset.version handler.startElement("ipset", attrs) handler.ignorableWhitespace("\n") # short if ipset.short and ipset.short != "": handler.ignorableWhitespace(" ") handler.startElement("short", { }) handler.characters(ipset.short) handler.endElement("short") handler.ignorableWhitespace("\n") # description if ipset.description and ipset.description != "": handler.ignorableWhitespace(" ") handler.startElement("description", { }) handler.characters(ipset.description) handler.endElement("description") handler.ignorableWhitespace("\n") # options for key,value in ipset.options.items(): handler.ignorableWhitespace(" ") if value != "": handler.simpleElement("option", { "name": key, "value": value }) else: handler.simpleElement("option", { "name": key }) handler.ignorableWhitespace("\n") # entries for entry in ipset.entries: handler.ignorableWhitespace(" ") handler.startElement("entry", { }) handler.characters(entry) handler.endElement("entry") handler.ignorableWhitespace("\n") # end ipset element handler.endElement('ipset') handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-1.1.1/src/firewall/core/io/lockdown_whitelist.py0000644000000000000000000002773614217342322023721 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import xml.sax as sax import os import io import shutil from firewall import config from firewall.core.io.io_object import IO_Object, \ IO_Object_ContentHandler, IO_Object_XMLGenerator from firewall.core.logger import log from firewall.functions import uniqify, checkUser, checkUid, checkCommand, \ checkContext from firewall import errors from firewall.errors import FirewallError class lockdown_whitelist_ContentHandler(IO_Object_ContentHandler): def __init__(self, item): IO_Object_ContentHandler.__init__(self, item) self.whitelist = False def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) self.item.parser_check_element_attrs(name, attrs) if name == "whitelist": if self.whitelist: raise FirewallError(errors.PARSE_ERROR, "More than one whitelist.") self.whitelist = True elif name == "command": if not self.whitelist: log.error("Parse Error: command outside of whitelist") return command = attrs["name"] self.item.add_command(command) elif name == "user": if not self.whitelist: log.error("Parse Error: user outside of whitelist") return if "id" in attrs: try: uid = int(attrs["id"]) except ValueError: log.error("Parse Error: %s is not a valid uid" % attrs["id"]) return self.item.add_uid(uid) elif "name" in attrs: self.item.add_user(attrs["name"]) elif name == "selinux": if not self.whitelist: log.error("Parse Error: selinux outside of whitelist") return if "context" not in attrs: log.error("Parse Error: no context") return self.item.add_context(attrs["context"]) else: log.error('Unknown XML element %s' % name) return class LockdownWhitelist(IO_Object): """ LockdownWhitelist class """ IMPORT_EXPORT_STRUCTURE = ( ( "commands", [ "" ] ), # as ( "contexts", [ "" ] ), # as ( "users", [ "" ] ), # as ( "uids", [ 0 ] ) # ai ) DBUS_SIGNATURE = '(asasasai)' ADDITIONAL_ALNUM_CHARS = [ "_" ] PARSER_REQUIRED_ELEMENT_ATTRS = { "whitelist": None, "command": [ "name" ], "user": None, # "group": None, "selinux": [ "context" ], } PARSER_OPTIONAL_ELEMENT_ATTRS = { "user": [ "id", "name" ], # "group": [ "id", "name" ], } def __init__(self, filename): super(LockdownWhitelist, self).__init__() self.filename = filename self.parser = None self.commands = [ ] self.contexts = [ ] self.users = [ ] self.uids = [ ] # self.gids = [ ] # self.groups = [ ] def _check_config(self, config, item, all_config, all_io_objects): if item in [ "commands", "contexts", "users", "uids" ]: for x in config: self._check_config(x, item[:-1], all_config, all_io_objects) elif item == "command": if not checkCommand(config): raise FirewallError(errors.INVALID_COMMAND, config) elif item == "context": if not checkContext(config): raise FirewallError(errors.INVALID_CONTEXT, config) elif item == "user": if not checkUser(config): raise FirewallError(errors.INVALID_USER, config) elif item == "uid": if not checkUid(config): raise FirewallError(errors.INVALID_UID, config) def cleanup(self): del self.commands[:] del self.contexts[:] del self.users[:] del self.uids[:] # del self.gids[:] # del self.groups[:] # commands def add_command(self, command): if not checkCommand(command): raise FirewallError(errors.INVALID_COMMAND, command) if command not in self.commands: self.commands.append(command) else: raise FirewallError(errors.ALREADY_ENABLED, 'Command "%s" already in whitelist' % command) def remove_command(self, command): if command in self.commands: self.commands.remove(command) else: raise FirewallError(errors.NOT_ENABLED, 'Command "%s" not in whitelist.' % command) def has_command(self, command): return (command in self.commands) def match_command(self, command): for _command in self.commands: if _command.endswith("*"): if command.startswith(_command[:-1]): return True else: if _command == command: return True return False def get_commands(self): return self.commands # user ids def add_uid(self, uid): if not checkUid(uid): raise FirewallError(errors.INVALID_UID, str(uid)) if uid not in self.uids: self.uids.append(uid) else: raise FirewallError(errors.ALREADY_ENABLED, 'Uid "%s" already in whitelist' % uid) def remove_uid(self, uid): if uid in self.uids: self.uids.remove(uid) else: raise FirewallError(errors.NOT_ENABLED, 'Uid "%s" not in whitelist.' % uid) def has_uid(self, uid): return (uid in self.uids) def match_uid(self, uid): return (uid in self.uids) def get_uids(self): return self.uids # users def add_user(self, user): if not checkUser(user): raise FirewallError(errors.INVALID_USER, user) if user not in self.users: self.users.append(user) else: raise FirewallError(errors.ALREADY_ENABLED, 'User "%s" already in whitelist' % user) def remove_user(self, user): if user in self.users: self.users.remove(user) else: raise FirewallError(errors.NOT_ENABLED, 'User "%s" not in whitelist.' % user) def has_user(self, user): return (user in self.users) def match_user(self, user): return (user in self.users) def get_users(self): return self.users # # group ids # # def add_gid(self, gid): # if gid not in self.gids: # self.gids.append(gid) # # def remove_gid(self, gid): # if gid in self.gids: # self.gids.remove(gid) # else: # raise FirewallError(errors.NOT_ENABLED, # 'Gid "%s" not in whitelist.' % gid) # # def has_gid(self, gid): # return (gid in self.gids) # # def match_gid(self, gid): # return (gid in self.gids) # # def get_gids(self): # return self.gids # # groups # # def add_group(self, group): # if group not in self.groups: # self.groups.append(group) # # def remove_group(self, group): # if group in self.groups: # self.groups.remove(group) # else: # raise FirewallError(errors.NOT_ENABLED, # 'Group "%s" not in whitelist.' % group) # # def has_group(self, group): # return (group in self.groups) # # def match_group(self, group): # return (group in self.groups) # # def get_groups(self): # return self.groups # selinux contexts def add_context(self, context): if not checkContext(context): raise FirewallError(errors.INVALID_CONTEXT, context) if context not in self.contexts: self.contexts.append(context) else: raise FirewallError(errors.ALREADY_ENABLED, 'Context "%s" already in whitelist' % context) def remove_context(self, context): if context in self.contexts: self.contexts.remove(context) else: raise FirewallError(errors.NOT_ENABLED, 'Context "%s" not in whitelist.' % context) def has_context(self, context): return (context in self.contexts) def match_context(self, context): return (context in self.contexts) def get_contexts(self): return self.contexts # read and write def read(self): self.cleanup() if not self.filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "'%s' is missing .xml suffix" % self.filename) handler = lockdown_whitelist_ContentHandler(self) parser = sax.make_parser() parser.setContentHandler(handler) try: parser.parse(self.filename) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_TYPE, "Not a valid file: %s" % \ msg.getException()) del handler del parser def write(self): if os.path.exists(self.filename): try: shutil.copy2(self.filename, "%s.old" % self.filename) except Exception as msg: raise IOError("Backup of '%s' failed: %s" % (self.filename, msg)) if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) f = io.open(self.filename, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start whitelist element handler.startElement("whitelist", { }) handler.ignorableWhitespace("\n") # commands for command in uniqify(self.commands): handler.ignorableWhitespace(" ") handler.simpleElement("command", { "name": command }) handler.ignorableWhitespace("\n") for uid in uniqify(self.uids): handler.ignorableWhitespace(" ") handler.simpleElement("user", { "id": str(uid) }) handler.ignorableWhitespace("\n") for user in uniqify(self.users): handler.ignorableWhitespace(" ") handler.simpleElement("user", { "name": user }) handler.ignorableWhitespace("\n") # for gid in uniqify(self.gids): # handler.ignorableWhitespace(" ") # handler.simpleElement("user", { "id": str(gid) }) # handler.ignorableWhitespace("\n") # for group in uniqify(self.groups): # handler.ignorableWhitespace(" ") # handler.simpleElement("group", { "name": group }) # handler.ignorableWhitespace("\n") for context in uniqify(self.contexts): handler.ignorableWhitespace(" ") handler.simpleElement("selinux", { "context": context }) handler.ignorableWhitespace("\n") # end whitelist element handler.endElement("whitelist") handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-1.1.1/src/firewall/core/io/policy.py0000644000000000000000000013725514217342322021302 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # SPDX-License-Identifier: GPL-2.0-or-later __all__ = [ "Policy", "policy_reader", "policy_writer" ] import xml.sax as sax import os import io import shutil from firewall import config from firewall.functions import ( checkIP, checkIP6, checkUINT16, coalescePortRange, max_policy_name_len, portInPortRange, portStr, uniqify, ) from firewall.core.base import DEFAULT_POLICY_TARGET, POLICY_TARGETS, DEFAULT_POLICY_PRIORITY from firewall.core.io.io_object import IO_Object, \ IO_Object_ContentHandler, IO_Object_XMLGenerator, check_port, \ check_tcpudp, check_protocol from firewall.core import rich from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError def common_startElement(obj, name, attrs): if name == "short": pass elif name == "description": pass elif name == "service": if obj._rule: if obj._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(obj._rule)) obj._rule_error = True return True obj._rule.element = rich.Rich_Service(attrs["name"]) return True if attrs["name"] not in obj.item.services: obj.item.services.append(attrs["name"]) else: log.warning("Service '%s' already set, ignoring.", attrs["name"]) elif name == "port": if obj._rule: if obj._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(obj._rule)) obj._rule_error = True return True obj._rule.element = rich.Rich_Port(attrs["port"], attrs["protocol"]) return True check_port(attrs["port"]) check_tcpudp(attrs["protocol"]) # coalesce and warn about overlapping ranges new_port_id = (portStr(attrs["port"], "-"), attrs["protocol"]) existing_port_ids = list(filter(lambda x: x[1] == attrs["protocol"], obj.item.ports)) for port_id in existing_port_ids: if portInPortRange(new_port_id[0], port_id[0]): # the range is wholly contained already, so just warn _name = obj.item.derived_from_zone if isinstance(obj.item, Policy) else obj.item.name log.warning(FirewallError(errors.ALREADY_ENABLED, "'%s:%s' already in '%s'" % (new_port_id[0], attrs["protocol"], _name))) break # for else: # the range can be coalesced into the existing set added_ranges, removed_ranges = coalescePortRange(new_port_id[0], [_port for (_port, _protocol) in existing_port_ids]) for _range in removed_ranges: entry = (portStr(_range, "-"), attrs["protocol"]) obj.item.ports.remove(entry) for _range in added_ranges: entry = (portStr(_range, "-"), attrs["protocol"]) obj.item.ports.append(entry) elif name == "protocol": if obj._rule: if obj._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(obj._rule)) obj._rule_error = True return True obj._rule.element = rich.Rich_Protocol(attrs["value"]) else: check_protocol(attrs["value"]) if attrs["value"] not in obj.item.protocols: obj.item.protocols.append(attrs["value"]) else: log.warning("Protocol '%s' already set, ignoring.", attrs["value"]) elif name == "tcp-mss-clamp": if obj._rule: if obj._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(obj._rule)) obj._rule_error = True return True _value="pmtu" if "value" in attrs: _value = attrs["value"] obj._rule.element = rich.Rich_Tcp_Mss_Clamp(_value) else: log.warning("Invalid rule: tcp-mss-clamp '%s' outside of rule", attrs["value"]) elif name == "icmp-block": if obj._rule: if obj._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(obj._rule)) obj._rule_error = True return True obj._rule.element = rich.Rich_IcmpBlock(attrs["name"]) return True if attrs["name"] not in obj.item.icmp_blocks: obj.item.icmp_blocks.append(attrs["name"]) else: log.warning("icmp-block '%s' already set, ignoring.", attrs["name"]) elif name == "icmp-type": if obj._rule: if obj._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(obj._rule)) obj._rule_error = True return True obj._rule.element = rich.Rich_IcmpType(attrs["name"]) return True else: log.warning("Invalid rule: icmp-block '%s' outside of rule", attrs["name"]) elif name == "masquerade": if obj._rule: if obj._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(obj._rule)) obj._rule_error = True return True obj._rule.element = rich.Rich_Masquerade() else: if obj.item.masquerade: log.warning("Masquerade already set, ignoring.") else: obj.item.masquerade = True elif name == "forward-port": to_port = "" if "to-port" in attrs: to_port = attrs["to-port"] to_addr = "" if "to-addr" in attrs: to_addr = attrs["to-addr"] if obj._rule: if obj._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(obj._rule)) obj._rule_error = True return True obj._rule.element = rich.Rich_ForwardPort(attrs["port"], attrs["protocol"], to_port, to_addr) return True check_port(attrs["port"]) check_tcpudp(attrs["protocol"]) if to_port: check_port(to_port) if to_addr: if not checkIP(to_addr) and not checkIP6(to_addr): raise FirewallError(errors.INVALID_ADDR, "to-addr '%s' is not a valid address" \ % to_addr) entry = (portStr(attrs["port"], "-"), attrs["protocol"], portStr(to_port, "-"), str(to_addr)) if entry not in obj.item.forward_ports: obj.item.forward_ports.append(entry) else: log.warning("Forward port %s/%s%s%s already set, ignoring.", attrs["port"], attrs["protocol"], " >%s" % to_port if to_port else "", " @%s" % to_addr if to_addr else "") elif name == "source-port": if obj._rule: if obj._rule.element: log.warning("Invalid rule: More than one element in rule '%s', ignoring.", str(obj._rule)) obj._rule_error = True return True obj._rule.element = rich.Rich_SourcePort(attrs["port"], attrs["protocol"]) return True check_port(attrs["port"]) check_tcpudp(attrs["protocol"]) # coalesce and warn about overlapping ranges new_port_id = (portStr(attrs["port"], "-"), attrs["protocol"]) existing_port_ids = list(filter(lambda x: x[1] == attrs["protocol"], obj.item.source_ports)) for port_id in existing_port_ids: if portInPortRange(new_port_id[0], port_id[0]): # the range is wholly contained already, so just warn _name = obj.item.derived_from_zone if isinstance(obj.item, Policy) else obj.item.name log.warning(FirewallError(errors.ALREADY_ENABLED, "'%s:%s' already in '%s'" % (new_port_id[0], attrs["protocol"], _name))) break # for else: # the range can be coalesced into the existing set added_ranges, removed_ranges = coalescePortRange(new_port_id[0], [_port for (_port, _protocol) in existing_port_ids]) for _range in removed_ranges: entry = (portStr(_range, "-"), attrs["protocol"]) obj.item.source_ports.remove(entry) for _range in added_ranges: entry = (portStr(_range, "-"), attrs["protocol"]) obj.item.source_ports.append(entry) elif name == "destination": if not obj._rule: log.warning('Invalid rule: Destination outside of rule') obj._rule_error = True return True if obj._rule.destination: log.warning("Invalid rule: More than one destination in rule '%s', ignoring.", str(obj._rule)) return True invert = False address = None if "address" in attrs: address = attrs["address"] ipset = None if "ipset" in attrs: ipset = attrs["ipset"] if "invert" in attrs and \ attrs["invert"].lower() in [ "yes", "true" ]: invert = True obj._rule.destination = rich.Rich_Destination(address, ipset, invert) elif name in [ "accept", "reject", "drop", "mark" ]: if not obj._rule: log.warning('Invalid rule: Action outside of rule') obj._rule_error = True return True if obj._rule.action: log.warning('Invalid rule: More than one action') obj._rule_error = True return True if name == "accept": obj._rule.action = rich.Rich_Accept() elif name == "reject": _type = None if "type" in attrs: _type = attrs["type"] obj._rule.action = rich.Rich_Reject(_type) elif name == "drop": obj._rule.action = rich.Rich_Drop() elif name == "mark": _set = attrs["set"] obj._rule.action = rich.Rich_Mark(_set) obj._limit_ok = obj._rule.action elif name == "log": if not obj._rule: log.warning('Invalid rule: Log outside of rule') return True if obj._rule.log: log.warning('Invalid rule: More than one log') return True level = None if "level" in attrs: level = attrs["level"] if level not in [ "emerg", "alert", "crit", "error", "warning", "notice", "info", "debug" ]: log.warning('Invalid rule: Invalid log level') obj._rule_error = True return True prefix = None if "prefix" in attrs: prefix = attrs["prefix"] if not prefix or len(prefix) > 127: log.warning('Invalid rule: Invalid log prefix') obj._rule_error = True return True obj._rule.log = rich.Rich_Log(prefix, level) obj._limit_ok = obj._rule.log elif name == "nflog": if not obj._rule: log.warning('Invalid rule: Log outside of rule') return True if obj._rule.log: log.warning('Invalid rule: More than one log') return True group = None if "group" in attrs: group = attrs["group"] if not checkUINT16(group): log.warning('Invalid rule: Invalid nflog group value') obj._rule_error = True return True prefix = None if "prefix" in attrs: prefix = attrs["prefix"] if not prefix or len(prefix) > 127: log.warning('Invalid rule: Invalid nflog prefix') obj._rule_error = True return True threshold = None if "queue-size" in attrs: threshold = attrs["queue-size"] if not checkUINT16(threshold): log.warning('Invalid rule: Invalid nflog queue-size') obj._rule_error = True return True obj._rule.log = rich.Rich_NFLog(group, prefix, threshold) obj._limit_ok = obj._rule.log elif name == "audit": if not obj._rule: log.warning('Invalid rule: Audit outside of rule') return True if obj._rule.audit: log.warning("Invalid rule: More than one audit in rule '%s', ignoring.", str(obj._rule)) obj._rule_error = True return True obj._rule.audit = rich.Rich_Audit() obj._limit_ok = obj._rule.audit elif name == "rule": family = None priority = 0 if "family" in attrs: family = attrs["family"] if family not in [ "ipv4", "ipv6" ]: log.warning('Invalid rule: Rule family "%s" invalid', attrs["family"]) obj._rule_error = True return True if "priority" in attrs: priority = int(attrs["priority"]) obj._rule = rich.Rich_Rule(family=family, priority=priority) elif name == "limit": if not obj._limit_ok: log.warning('Invalid rule: Limit outside of action, log and audit') obj._rule_error = True return True if obj._limit_ok.limit: log.warning("Invalid rule: More than one limit in rule '%s', ignoring.", str(obj._rule)) obj._rule_error = True return True value = attrs["value"] obj._limit_ok.limit = rich.Rich_Limit(value) else: return False return True def common_endElement(obj, name): if name == "rule": if not obj._rule_error: try: obj._rule.check() except Exception as e: log.warning("%s: %s", e, str(obj._rule)) else: if str(obj._rule) not in obj.item.rules_str: obj.item.rules.append(obj._rule) obj.item.rules_str.append(str(obj._rule)) else: log.warning("Rule '%s' already set, ignoring.", str(obj._rule)) obj._rule = None obj._rule_error = False elif name in [ "accept", "reject", "drop", "mark", "log", "audit" ]: obj._limit_ok = None def common_check_config(obj, config, item, all_config, all_io_objects): obj_type = "Policy" if isinstance(obj, Policy) else "Zone" if item == "services" and "services" in all_io_objects: existing_services = all_io_objects["services"] for service in config: if service not in existing_services: raise FirewallError(errors.INVALID_SERVICE, "{} '{}': '{}' not among existing services".format( obj_type, obj.name, service)) elif item == "ports": for port in config: check_port(port[0]) check_tcpudp(port[1]) elif item == "protocols": for proto in config: check_protocol(proto) elif item == "icmp_blocks" and "icmptypes" in all_io_objects: existing_icmptypes = all_io_objects["icmptypes"] for icmptype in config: if icmptype not in existing_icmptypes: ex = FirewallError(errors.INVALID_ICMPTYPE, "{} '{}': '{}' not among existing ICMP types".format( obj_type, obj.name, icmptype)) if icmptype in all_io_objects.get("icmptypes_unsupported", {}): log.debug1("{} (unsupported)".format(ex)) else: raise ex elif item == "forward_ports": for fwd_port in config: check_port(fwd_port[0]) check_tcpudp(fwd_port[1]) if not fwd_port[2] and not fwd_port[3]: raise FirewallError(errors.INVALID_FORWARD, "{} '{}': '{}' is missing to-port AND to-addr ".format( obj_type, obj.name, fwd_port)) if fwd_port[2]: check_port(fwd_port[2]) if fwd_port[3]: if not checkIP(fwd_port[3]) and not checkIP6(fwd_port[3]): raise FirewallError(errors.INVALID_ADDR, "{} '{}': to-addr '{}' is not a valid address".format( obj_type, obj.name, fwd_port[3])) elif item == "source_ports": for port in config: check_port(port[0]) check_tcpudp(port[1]) elif item in ["rules_str", "rich_rules"]: for rule in config: obj_rich = rich.Rich_Rule(rule_str=rule) if obj_rich.element and "icmptypes" in all_io_objects and \ (isinstance(obj_rich.element, rich.Rich_IcmpBlock) or isinstance(obj_rich.element, rich.Rich_IcmpType)): existing_icmptypes = all_io_objects["icmptypes"] if obj_rich.element.name not in existing_icmptypes: ex = FirewallError(errors.INVALID_ICMPTYPE, "{} '{}': '{}' not among existing ICMP types".format( obj_type, obj.name, obj_rich.element.name)) if obj_rich.element.name in all_io_objects.get("icmptypes_unsupported", {}): log.debug1("{} (unsupported)".format(ex)) else: raise ex elif obj_rich.family: ict = all_io_objects["icmptypes"][obj_rich.element.name] if ict.destination and obj_rich.family not in ict.destination: ex = FirewallError(errors.INVALID_ICMPTYPE, "{} '{}': rich rule family '{}' conflicts with icmp type '{}'".format( obj_type, obj.name, obj_rich.family, obj_rich.element.name)) ict_unsupported = all_io_objects.get("icmptypes_unsupported", {}).get(obj_rich.element.name) if ict_unsupported and ict_unsupported.destination and \ obj_rich.family in ict_unsupported.destination: log.debug1("{} (unsupported)".format(ex)) else: raise ex def common_writer(obj, handler): # short if obj.short and obj.short != "": handler.ignorableWhitespace(" ") handler.startElement("short", { }) handler.characters(obj.short) handler.endElement("short") handler.ignorableWhitespace("\n") # description if obj.description and obj.description != "": handler.ignorableWhitespace(" ") handler.startElement("description", { }) handler.characters(obj.description) handler.endElement("description") handler.ignorableWhitespace("\n") # services for service in uniqify(obj.services): handler.ignorableWhitespace(" ") handler.simpleElement("service", { "name": service }) handler.ignorableWhitespace("\n") # ports for port in uniqify(obj.ports): handler.ignorableWhitespace(" ") handler.simpleElement("port", { "port": port[0], "protocol": port[1] }) handler.ignorableWhitespace("\n") # protocols for protocol in uniqify(obj.protocols): handler.ignorableWhitespace(" ") handler.simpleElement("protocol", { "value": protocol }) handler.ignorableWhitespace("\n") # icmp-blocks for icmp in uniqify(obj.icmp_blocks): handler.ignorableWhitespace(" ") handler.simpleElement("icmp-block", { "name": icmp }) handler.ignorableWhitespace("\n") # masquerade if obj.masquerade: handler.ignorableWhitespace(" ") handler.simpleElement("masquerade", { }) handler.ignorableWhitespace("\n") # forward-ports for forward in uniqify(obj.forward_ports): handler.ignorableWhitespace(" ") attrs = { "port": forward[0], "protocol": forward[1] } if forward[2] and forward[2] != "" : attrs["to-port"] = forward[2] if forward[3] and forward[3] != "" : attrs["to-addr"] = forward[3] handler.simpleElement("forward-port", attrs) handler.ignorableWhitespace("\n") # source-ports for port in uniqify(obj.source_ports): handler.ignorableWhitespace(" ") handler.simpleElement("source-port", { "port": port[0], "protocol": port[1] }) handler.ignorableWhitespace("\n") # rules for rule in obj.rules: attrs = { } if rule.family: attrs["family"] = rule.family if rule.priority != 0: attrs["priority"] = str(rule.priority) handler.ignorableWhitespace(" ") handler.startElement("rule", attrs) handler.ignorableWhitespace("\n") # source if rule.source: attrs = { } if rule.source.addr: attrs["address"] = rule.source.addr if rule.source.mac: attrs["mac"] = rule.source.mac if rule.source.ipset: attrs["ipset"] = rule.source.ipset if rule.source.invert: attrs["invert"] = "True" handler.ignorableWhitespace(" ") handler.simpleElement("source", attrs) handler.ignorableWhitespace("\n") # destination if rule.destination: attrs = { } if rule.destination.addr: attrs["address"] = rule.destination.addr if rule.destination.ipset: attrs["ipset"] = rule.destination.ipset if rule.destination.invert: attrs["invert"] = "True" handler.ignorableWhitespace(" ") handler.simpleElement("destination", attrs) handler.ignorableWhitespace("\n") # element if rule.element: element = "" attrs = { } if type(rule.element) == rich.Rich_Service: element = "service" attrs["name"] = rule.element.name elif type(rule.element) == rich.Rich_Port: element = "port" attrs["port"] = rule.element.port attrs["protocol"] = rule.element.protocol elif type(rule.element) == rich.Rich_Protocol: element = "protocol" attrs["value"] = rule.element.value elif type(rule.element) == rich.Rich_Tcp_Mss_Clamp: element = "tcp-mss-clamp" attrs["value"] = rule.element.value elif type(rule.element) == rich.Rich_Masquerade: element = "masquerade" elif type(rule.element) == rich.Rich_IcmpBlock: element = "icmp-block" attrs["name"] = rule.element.name elif type(rule.element) == rich.Rich_IcmpType: element = "icmp-type" attrs["name"] = rule.element.name elif type(rule.element) == rich.Rich_ForwardPort: element = "forward-port" attrs["port"] = rule.element.port attrs["protocol"] = rule.element.protocol if rule.element.to_port != "": attrs["to-port"] = rule.element.to_port if rule.element.to_address != "": attrs["to-addr"] = rule.element.to_address elif type(rule.element) == rich.Rich_SourcePort: element = "source-port" attrs["port"] = rule.element.port attrs["protocol"] = rule.element.protocol else: raise FirewallError( errors.INVALID_OBJECT, "Unknown element '%s' in obj_writer" % type(rule.element)) handler.ignorableWhitespace(" ") handler.simpleElement(element, attrs) handler.ignorableWhitespace("\n") # rule.element # log if rule.log: if type(rule.log) == rich.Rich_Log: attrs = { } if rule.log.prefix: attrs["prefix"] = rule.log.prefix if rule.log.level: attrs["level"] = rule.log.level if rule.log.limit: handler.ignorableWhitespace(" ") handler.startElement("log", attrs) handler.ignorableWhitespace("\n ") handler.simpleElement("limit", { "value": rule.log.limit.value }) handler.ignorableWhitespace("\n ") handler.endElement("log") else: handler.ignorableWhitespace(" ") handler.simpleElement("log", attrs) handler.ignorableWhitespace("\n") else: attrs = { } if rule.log.group: attrs["group"] = rule.log.group if rule.log.prefix: attrs["prefix"] = rule.log.prefix if rule.log.threshold: attrs["queue-size"] = rule.log.threshold if rule.log.limit: handler.ignorableWhitespace(" ") handler.startElement("nflog", attrs) handler.ignorableWhitespace("\n ") handler.simpleElement("limit", { "value": rule.log.limit.value }) handler.ignorableWhitespace("\n ") handler.endElement("nflog") else: handler.ignorableWhitespace(" ") handler.simpleElement("nflog", attrs) handler.ignorableWhitespace("\n") # audit if rule.audit: attrs = {} if rule.audit.limit: handler.ignorableWhitespace(" ") handler.startElement("audit", { }) handler.ignorableWhitespace("\n ") handler.simpleElement("limit", { "value": rule.audit.limit.value }) handler.ignorableWhitespace("\n ") handler.endElement("audit") else: handler.ignorableWhitespace(" ") handler.simpleElement("audit", attrs) handler.ignorableWhitespace("\n") # action if rule.action: action = "" attrs = { } if type(rule.action) == rich.Rich_Accept: action = "accept" elif type(rule.action) == rich.Rich_Reject: action = "reject" if rule.action.type: attrs["type"] = rule.action.type elif type(rule.action) == rich.Rich_Drop: action = "drop" elif type(rule.action) == rich.Rich_Mark: action = "mark" attrs["set"] = rule.action.set else: log.warning("Unknown action '%s'", type(rule.action)) if rule.action.limit: handler.ignorableWhitespace(" ") handler.startElement(action, attrs) handler.ignorableWhitespace("\n ") handler.simpleElement("limit", { "value": rule.action.limit.value }) handler.ignorableWhitespace("\n ") handler.endElement(action) else: handler.ignorableWhitespace(" ") handler.simpleElement(action, attrs) handler.ignorableWhitespace("\n") handler.ignorableWhitespace(" ") handler.endElement("rule") handler.ignorableWhitespace("\n") class Policy(IO_Object): priority_min = -32768 priority_max = 32767 priority_default = DEFAULT_POLICY_PRIORITY priority_reserved = [0] IMPORT_EXPORT_STRUCTURE = ( ( "version", "" ), # s ( "short", "" ), # s ( "description", "" ), # s ( "target", "" ), # s ( "services", [ "", ], ), # as ( "ports", [ ( "", "" ), ], ), # a(ss) ( "icmp_blocks", [ "", ], ), # as ( "masquerade", False ), # b ( "forward_ports", [ ( "", "", "", "" ), ], ), # a(ssss) ( "rich_rules", [ "" ] ), # as ( "protocols", [ "", ], ), # as ( "source_ports", [ ( "", "" ), ], ), # a(ss) ( "priority", 0 ), # i ( "ingress_zones", [ "" ] ), # as ( "egress_zones", [ "" ] ), # as ) ADDITIONAL_ALNUM_CHARS = [ "_", "-", "/" ] PARSER_REQUIRED_ELEMENT_ATTRS = { "short": None, "description": None, "policy": ["target"], "service": [ "name" ], "port": [ "port", "protocol" ], "icmp-block": [ "name" ], "icmp-type": [ "name" ], "masquerade": None, "forward-port": [ "port", "protocol" ], "rule": None, "source": None, "destination": None, "protocol": [ "value" ], "source-port": [ "port", "protocol" ], "log": None, "nflog": None, "audit": None, "accept": None, "reject": None, "drop": None, "mark": [ "set" ], "limit": [ "value" ], "ingress-zone": [ "name" ], "egress-zone": [ "name" ], } PARSER_OPTIONAL_ELEMENT_ATTRS = { "policy": [ "version", "priority" ], "forward-port": [ "to-port", "to-addr" ], "rule": [ "family", "priority" ], "source": [ "address", "mac", "invert", "family", "ipset" ], "destination": [ "address", "invert", "ipset" ], "log": [ "prefix", "level" ], "nflog": [ "group", "prefix", "queue-size" ], "reject": [ "type" ], "tcp-mss-clamp": [ "value" ], } def __init__(self): super(Policy, self).__init__() self.version = "" self.short = "" self.description = "" self.target = DEFAULT_POLICY_TARGET self.services = [ ] self.ports = [ ] self.protocols = [ ] self.icmp_blocks = [ ] self.icmp_block_inversion = False # for zones, not written to policy config self.masquerade = False self.forward_ports = [ ] self.source_ports = [ ] self.rules = [ ] self.rules_str = [ ] self.applied = False self.priority = self.priority_default self.derived_from_zone = None self.ingress_zones = [] self.egress_zones = [] def cleanup(self): self.version = "" self.short = "" self.description = "" self.target = DEFAULT_POLICY_TARGET del self.services[:] del self.ports[:] del self.protocols[:] del self.icmp_blocks[:] self.icmp_block_inversion = False self.masquerade = False del self.forward_ports[:] del self.source_ports[:] del self.rules[:] del self.rules_str[:] self.applied = False self.priority = self.priority_default del self.ingress_zones[:] del self.egress_zones[:] def __getattr__(self, name): if name == "rich_rules": return self.rules_str else: return getattr(super(Policy, self), name) def __setattr__(self, name, value): if name == "rich_rules": self.rules = [rich.Rich_Rule(rule_str=s) for s in value] # must convert back to string to get the canonical string. self.rules_str = [str(s) for s in self.rules] else: super(Policy, self).__setattr__(name, value) def _check_config(self, config, item, all_config, all_io_objects): common_check_config(self, config, item, all_config, all_io_objects) if self.name in all_io_objects["zones"]: raise FirewallError(errors.NAME_CONFLICT, "Policy '{}': Can't have the same name as a zone.".format(self.name)) if item == "target": if config not in POLICY_TARGETS: raise FirewallError(errors.INVALID_TARGET, "Policy '{}': '{}' is invalid target".format(self.name, config)) elif item == "priority": if config in self.priority_reserved or \ config > self.priority_max or \ config < self.priority_min: raise FirewallError(errors.INVALID_PRIORITY, "Policy '{}': {} is invalid priority. Must be in range [{}, {}]. The following are reserved: {}".format( self.name, config, self.priority_min, self.priority_max, self.priority_reserved)) elif item in ["ingress_zones", "egress_zones"]: existing_zones = ["ANY", "HOST"] + list(all_io_objects["zones"].keys()) for zone in config: if zone not in existing_zones: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': '{}' not among existing zones".format( self.name, zone)) if ((zone not in ["ANY", "HOST"] and (set(["ANY", "HOST"]) & set(config))) or \ (zone in ["ANY", "HOST"] and (set(config) - set([zone])))): raise FirewallError(errors.INVALID_ZONE, "Policy '{}': '{}' may only contain one of: many regular zones, ANY, or HOST".format( self.name, item)) if zone == "HOST" and \ ((item == "ingress_zones" and "egress_zones" in all_config and "HOST" in all_config["egress_zones"]) or \ (item == "egress_zones" and "ingress_zones" in all_config and "HOST" in all_config["ingress_zones"])): raise FirewallError(errors.INVALID_ZONE, "Policy '{}': 'HOST' can only appear in either ingress or egress zones, but not both".format( self.name)) elif item == "masquerade" and config: if "egress_zones" in all_config and "HOST" in all_config["egress_zones"]: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': 'masquerade' is invalid for egress zone 'HOST'".format( self.name)) elif "ingress_zones" in all_config: if "HOST" in all_config["ingress_zones"]: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': 'masquerade' is invalid for ingress zone 'HOST'".format( self.name)) for zone in all_config["ingress_zones"]: if zone == "ANY": continue if zone not in all_io_objects["zones"]: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': Zone '{}' does not exist.".format(self.name, zone)) if all_io_objects["zones"][zone].interfaces: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': 'masquerade' cannot be used because ingress zone '{}' has assigned interfaces. ".format(self.name, zone)) elif item == "rich_rules": for rule in config: obj = rich.Rich_Rule(rule_str=rule) if obj.element and isinstance(obj.element, rich.Rich_Masquerade): if "egress_zones" in all_config and "HOST" in all_config["egress_zones"]: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': 'masquerade' is invalid for egress zone 'HOST'".format( self.name)) elif "ingress_zones" in all_config: if "HOST" in all_config["ingress_zones"]: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': 'masquerade' is invalid for ingress zone 'HOST'".format( self.name)) for zone in all_config["ingress_zones"]: if zone == "ANY": continue if zone not in all_io_objects["zones"]: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': Zone '{}' does not exist.".format(self.name, zone)) if all_io_objects["zones"][zone].interfaces: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': 'masquerade' cannot be used because ingress zone '{}' has assigned interfaces. ".format(self.name, zone)) elif obj.element and isinstance(obj.element, rich.Rich_ForwardPort): if "egress_zones" in all_config: if "HOST" in all_config["egress_zones"]: if obj.element.to_address: raise FirewallError(errors.INVALID_FORWARD, "Policy '{}': A 'forward-port' with 'to-addr' is invalid for egress zone 'HOST'".format( self.name)) elif all_config["egress_zones"]: if not obj.element.to_address: raise FirewallError(errors.INVALID_FORWARD, "Policy '{}': 'forward-port' requires 'to-addr' if egress zone is 'ANY' or a zone".format( self.name)) if "ANY" not in all_config["egress_zones"]: for zone in all_config["egress_zones"]: if zone not in all_io_objects["zones"]: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': Zone '{}' does not exist.".format(self.name, zone)) if all_io_objects["zones"][zone].interfaces: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': 'forward-port' cannot be used because egress zone '{}' has assigned interfaces".format(self.name, zone)) elif obj.action and isinstance(obj.action, rich.Rich_Mark): if "egress_zones" in all_config: for zone in all_config["egress_zones"]: if zone in ["ANY", "HOST"]: continue if zone not in all_io_objects["zones"]: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': Zone '{}' does not exist.".format(self.name, zone)) if all_io_objects["zones"][zone].interfaces: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': 'mark' action cannot be used because egress zone '{}' has assigned interfaces".format(self.name, zone)) elif item == "forward_ports": for fwd_port in config: if "egress_zones" in all_config: if "HOST" in all_config["egress_zones"]: if fwd_port[3]: raise FirewallError(errors.INVALID_FORWARD, "Policy '{}': A 'forward-port' with 'to-addr' is invalid for egress zone 'HOST'".format( self.name)) elif all_config["egress_zones"]: if not fwd_port[3]: raise FirewallError(errors.INVALID_FORWARD, "Policy '{}': 'forward-port' requires 'to-addr' if egress zone is 'ANY' or a zone".format( self.name)) if "ANY" not in all_config["egress_zones"]: for zone in all_config["egress_zones"]: if zone not in all_io_objects["zones"]: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': Zone '{}' does not exist.".format(self.name, zone)) if all_io_objects["zones"][zone].interfaces: raise FirewallError(errors.INVALID_ZONE, "Policy '{}': 'forward-port' cannot be used because egress zone '{}' has assigned interfaces".format(self.name, zone)) def check_name(self, name): super(Policy, self).check_name(name) if name.startswith('/'): raise FirewallError(errors.INVALID_NAME, "Policy '{}': name can't start with '/'".format(name)) elif name.endswith('/'): raise FirewallError(errors.INVALID_NAME, "Policy '{}': name can't end with '/'".format(name)) elif name.count('/') > 1: raise FirewallError(errors.INVALID_NAME, "Policy '{}': name has more than one '/'".format(name)) else: if "/" in name: checked_name = name[:name.find('/')] else: checked_name = name if len(checked_name) > max_policy_name_len(): raise FirewallError(errors.INVALID_NAME, "Policy '{}': name has {} chars, max is {}".format( name, len(checked_name), max_policy_name_len())) # PARSER class policy_ContentHandler(IO_Object_ContentHandler): def __init__(self, item): IO_Object_ContentHandler.__init__(self, item) self._rule = None self._rule_error = False self._limit_ok = None def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) if self._rule_error: return self.item.parser_check_element_attrs(name, attrs) if common_startElement(self, name, attrs): return elif name == "policy": if "version" in attrs: self.item.version = attrs["version"] if "priority" in attrs: self.item.priority = int(attrs["priority"]) if "target" in attrs: target = attrs["target"] if target not in POLICY_TARGETS: raise FirewallError(errors.INVALID_TARGET, target) if target: self.item.target = target elif name == "ingress-zone": if attrs["name"] not in self.item.ingress_zones: self.item.ingress_zones.append(attrs["name"]) else: log.warning("Ingress zone '%s' already set, ignoring.", attrs["name"]) elif name == "egress-zone": if attrs["name"] not in self.item.egress_zones: self.item.egress_zones.append(attrs["name"]) else: log.warning("Egress zone '%s' already set, ignoring.", attrs["name"]) elif name == "source": if not self._rule: log.warning('Invalid rule: Source outside of rule') self._rule_error = True return if self._rule.source: log.warning("Invalid rule: More than one source in rule '%s', ignoring.", str(self._rule)) self._rule_error = True return invert = False if "invert" in attrs and \ attrs["invert"].lower() in [ "yes", "true" ]: invert = True addr = mac = ipset = None if "address" in attrs: addr = attrs["address"] if "mac" in attrs: mac = attrs["mac"] if "ipset" in attrs: ipset = attrs["ipset"] self._rule.source = rich.Rich_Source(addr, mac, ipset, invert=invert) return else: log.warning("Unknown XML element '%s'", name) return def endElement(self, name): IO_Object_ContentHandler.endElement(self, name) common_endElement(self, name) def policy_reader(filename, path, no_check_name=False): policy = Policy() if not filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "'%s' is missing .xml suffix" % filename) policy.name = filename[:-4] if not no_check_name: policy.check_name(policy.name) policy.filename = filename policy.path = path policy.builtin = False if path.startswith(config.ETC_FIREWALLD) else True policy.default = policy.builtin handler = policy_ContentHandler(policy) parser = sax.make_parser() parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "rb") as f: source = sax.InputSource(None) source.setByteStream(f) try: parser.parse(source) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_POLICY, "not a valid policy file: %s" % \ msg.getException()) del handler del parser return policy def policy_writer(policy, path=None): _path = path if path else policy.path if policy.filename: name = "%s/%s" % (_path, policy.filename) else: name = "%s/%s.xml" % (_path, policy.name) if os.path.exists(name): try: shutil.copy2(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) dirpath = os.path.dirname(name) if dirpath.startswith(config.ETC_FIREWALLD) and not os.path.exists(dirpath): if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) os.mkdir(dirpath, 0o750) f = io.open(name, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start policy element attrs = {} if policy.version and policy.version != "": attrs["version"] = policy.version if policy.priority != policy.priority_default: attrs["priority"] = str(policy.priority) attrs["target"] = policy.target handler.startElement("policy", attrs) handler.ignorableWhitespace("\n") common_writer(policy, handler) # ingress-zones for zone in uniqify(policy.ingress_zones): handler.ignorableWhitespace(" ") handler.simpleElement("ingress-zone", { "name": zone }) handler.ignorableWhitespace("\n") # egress-zones for zone in uniqify(policy.egress_zones): handler.ignorableWhitespace(" ") handler.simpleElement("egress-zone", { "name": zone }) handler.ignorableWhitespace("\n") # end policy element handler.endElement("policy") handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-1.1.1/src/firewall/core/io/service.py0000644000000000000000000002734614217342322021442 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "Service", "service_reader", "service_writer" ] import xml.sax as sax import os import io import shutil from firewall import config from firewall.core.io.io_object import IO_Object, \ IO_Object_ContentHandler, IO_Object_XMLGenerator, check_port, \ check_tcpudp, check_protocol, check_address from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class Service(IO_Object): IMPORT_EXPORT_STRUCTURE = ( ( "version", "" ), ( "short", "" ), ( "description", "" ), ( "ports", [ ( "", "" ), ], ), ( "modules", [ "", ], ), ( "destination", { "": "", }, ), ( "protocols", [ "", ], ), ( "source_ports", [ ( "", "" ), ], ), ( "includes", [ "" ], ), ( "helpers", [ "", ], ), ) ADDITIONAL_ALNUM_CHARS = [ "_", "-" ] PARSER_REQUIRED_ELEMENT_ATTRS = { "short": None, "description": None, "service": None, } PARSER_OPTIONAL_ELEMENT_ATTRS = { "service": [ "name", "version" ], "port": [ "port", "protocol" ], "protocol": [ "value" ], "module": [ "name" ], "destination": [ "ipv4", "ipv6" ], "source-port": [ "port", "protocol" ], "include": [ "service" ], "helper": [ "name" ], } def __init__(self): super(Service, self).__init__() self.version = "" self.short = "" self.description = "" self.ports = [ ] self.protocols = [ ] self.modules = [ ] self.destination = { } self.source_ports = [ ] self.includes = [ ] self.helpers = [ ] def cleanup(self): self.version = "" self.short = "" self.description = "" del self.ports[:] del self.protocols[:] del self.modules[:] self.destination.clear() del self.source_ports[:] del self.includes[:] del self.helpers[:] def _check_config(self, config, item, all_config, all_io_objects): if item == "ports": for port in config: if port[0] != "": check_port(port[0]) check_tcpudp(port[1]) else: # only protocol check_protocol(port[1]) elif item == "protocols": for proto in config: check_protocol(proto) elif item == "source_ports": for port in config: check_port(port[0]) check_tcpudp(port[1]) elif item == "destination": for destination in config: if destination not in [ "ipv4", "ipv6" ]: raise FirewallError(errors.INVALID_DESTINATION, "'%s' not in {'ipv4'|'ipv6'}" % \ destination) check_address(destination, config[destination]) elif item == "modules": for module in config: if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") if len(module) < 2: raise FirewallError(errors.INVALID_MODULE, module) # PARSER class service_ContentHandler(IO_Object_ContentHandler): def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) self.item.parser_check_element_attrs(name, attrs) if name == "service": if "name" in attrs: log.warning("Ignoring deprecated attribute name='%s'", attrs["name"]) if "version" in attrs: self.item.version = attrs["version"] elif name == "short": pass elif name == "description": pass elif name == "port": if attrs["port"] != "": check_port(attrs["port"]) check_tcpudp(attrs["protocol"]) entry = (attrs["port"], attrs["protocol"]) if entry not in self.item.ports: self.item.ports.append(entry) else: log.warning("Port '%s/%s' already set, ignoring.", attrs["port"], attrs["protocol"]) else: check_protocol(attrs["protocol"]) if attrs["protocol"] not in self.item.protocols: self.item.protocols.append(attrs["protocol"]) else: log.warning("Protocol '%s' already set, ignoring.", attrs["protocol"]) elif name == "protocol": check_protocol(attrs["value"]) if attrs["value"] not in self.item.protocols: self.item.protocols.append(attrs["value"]) else: log.warning("Protocol '%s' already set, ignoring.", attrs["value"]) elif name == "source-port": check_port(attrs["port"]) check_tcpudp(attrs["protocol"]) entry = (attrs["port"], attrs["protocol"]) if entry not in self.item.source_ports: self.item.source_ports.append(entry) else: log.warning("SourcePort '%s/%s' already set, ignoring.", attrs["port"], attrs["protocol"]) elif name == "destination": for x in [ "ipv4", "ipv6" ]: if x in attrs: check_address(x, attrs[x]) if x in self.item.destination: log.warning("Destination address for '%s' already set, ignoring", x) else: self.item.destination[x] = attrs[x] elif name == "module": module = attrs["name"] if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") if module not in self.item.modules: self.item.modules.append(module) else: log.warning("Module '%s' already set, ignoring.", module) elif name == "include": if attrs["service"] not in self.item.includes: self.item.includes.append(attrs["service"]) else: log.warning("Include '%s' already set, ignoring.", attrs["service"]) elif name == "helper": if attrs["name"] not in self.item.helpers: self.item.helpers.append(attrs["name"]) else: log.warning("Helper '%s' already set, ignoring.", attrs["name"]) def service_reader(filename, path): service = Service() if not filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "'%s' is missing .xml suffix" % filename) service.name = filename[:-4] service.check_name(service.name) service.filename = filename service.path = path service.builtin = False if path.startswith(config.ETC_FIREWALLD) else True service.default = service.builtin handler = service_ContentHandler(service) parser = sax.make_parser() parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "rb") as f: source = sax.InputSource(None) source.setByteStream(f) try: parser.parse(source) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_SERVICE, "not a valid service file: %s" % \ msg.getException()) del handler del parser return service def service_writer(service, path=None): _path = path if path else service.path if service.filename: name = "%s/%s" % (_path, service.filename) else: name = "%s/%s.xml" % (_path, service.name) if os.path.exists(name): try: shutil.copy2(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) dirpath = os.path.dirname(name) if dirpath.startswith(config.ETC_FIREWALLD) and not os.path.exists(dirpath): if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) os.mkdir(dirpath, 0o750) f = io.open(name, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start service element attrs = {} if service.version and service.version != "": attrs["version"] = service.version handler.startElement("service", attrs) handler.ignorableWhitespace("\n") # short if service.short and service.short != "": handler.ignorableWhitespace(" ") handler.startElement("short", { }) handler.characters(service.short) handler.endElement("short") handler.ignorableWhitespace("\n") # description if service.description and service.description != "": handler.ignorableWhitespace(" ") handler.startElement("description", { }) handler.characters(service.description) handler.endElement("description") handler.ignorableWhitespace("\n") # ports for port in service.ports: handler.ignorableWhitespace(" ") handler.simpleElement("port", { "port": port[0], "protocol": port[1] }) handler.ignorableWhitespace("\n") # protocols for protocol in service.protocols: handler.ignorableWhitespace(" ") handler.simpleElement("protocol", { "value": protocol }) handler.ignorableWhitespace("\n") # source ports for port in service.source_ports: handler.ignorableWhitespace(" ") handler.simpleElement("source-port", { "port": port[0], "protocol": port[1] }) handler.ignorableWhitespace("\n") # modules for module in service.modules: handler.ignorableWhitespace(" ") handler.simpleElement("module", { "name": module }) handler.ignorableWhitespace("\n") # destination if len(service.destination) > 0: handler.ignorableWhitespace(" ") handler.simpleElement("destination", service.destination) handler.ignorableWhitespace("\n") # includes for include in service.includes: handler.ignorableWhitespace(" ") handler.simpleElement("include", { "service": include }) handler.ignorableWhitespace("\n") # helpers for helper in service.helpers: handler.ignorableWhitespace(" ") handler.simpleElement("helper", { "name": helper }) handler.ignorableWhitespace("\n") # end service element handler.endElement('service') handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-1.1.1/src/firewall/core/io/zone.py0000644000000000000000000004500614217342322020746 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "Zone", "zone_reader", "zone_writer" ] import xml.sax as sax import os import io import shutil from firewall import config from firewall.functions import checkIPnMask, checkIP6nMask, checkInterface, uniqify, max_zone_name_len, check_mac from firewall.core.base import DEFAULT_ZONE_TARGET, ZONE_TARGETS from firewall.core.io.io_object import IO_Object, \ IO_Object_ContentHandler, IO_Object_XMLGenerator from firewall.core.io.policy import common_startElement, common_endElement, common_check_config, common_writer from firewall.core import rich from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class Zone(IO_Object): """ Zone class """ IMPORT_EXPORT_STRUCTURE = ( ( "version", "" ), # s ( "short", "" ), # s ( "description", "" ), # s ( "UNUSED", False ), # b ( "target", "" ), # s ( "services", [ "", ], ), # as ( "ports", [ ( "", "" ), ], ), # a(ss) ( "icmp_blocks", [ "", ], ), # as ( "masquerade", False ), # b ( "forward_ports", [ ( "", "", "", "" ), ], ), # a(ssss) ( "interfaces", [ "" ] ), # as ( "sources", [ "" ] ), # as ( "rules_str", [ "" ] ), # as ( "protocols", [ "", ], ), # as ( "source_ports", [ ( "", "" ), ], ), # a(ss) ( "icmp_block_inversion", False ), # b ( "forward", True ), # b ) ADDITIONAL_ALNUM_CHARS = [ "_", "-", "/" ] PARSER_REQUIRED_ELEMENT_ATTRS = { "short": None, "description": None, "zone": None, "service": [ "name" ], "port": [ "port", "protocol" ], "icmp-block": [ "name" ], "icmp-type": [ "name" ], "forward": None, "forward-port": [ "port", "protocol" ], "interface": [ "name" ], "rule": None, "source": None, "destination": None, "protocol": [ "value" ], "source-port": [ "port", "protocol" ], "log": None, "nflog": None, "audit": None, "accept": None, "reject": None, "drop": None, "mark": [ "set" ], "limit": [ "value" ], "icmp-block-inversion": None, } PARSER_OPTIONAL_ELEMENT_ATTRS = { "zone": [ "name", "immutable", "target", "version" ], "masquerade": [ "enabled" ], "forward-port": [ "to-port", "to-addr" ], "rule": [ "family", "priority" ], "source": [ "address", "mac", "invert", "family", "ipset" ], "destination": [ "address", "invert", "ipset" ], "log": [ "prefix", "level" ], "nflog": [ "group", "prefix", "queue-size" ], "reject": [ "type" ], "tcp-mss-clamp": [ "value" ], } @staticmethod def index_of(element): for i, (el, dummy) in enumerate(Zone.IMPORT_EXPORT_STRUCTURE): if el == element: return i raise FirewallError(errors.UNKNOWN_ERROR, "index_of()") def __init__(self): super(Zone, self).__init__() self.version = "" self.short = "" self.description = "" self.UNUSED = False self.target = DEFAULT_ZONE_TARGET self.services = [ ] self.ports = [ ] self.protocols = [ ] self.icmp_blocks = [ ] self.forward = True self.masquerade = False self.forward_ports = [ ] self.source_ports = [ ] self.interfaces = [ ] self.sources = [ ] self.rules = [ ] self.rules_str = [ ] self.icmp_block_inversion = False self.combined = False self.applied = False def cleanup(self): self.version = "" self.short = "" self.description = "" self.UNUSED = False self.target = DEFAULT_ZONE_TARGET del self.services[:] del self.ports[:] del self.protocols[:] del self.icmp_blocks[:] self.forward = True self.masquerade = False del self.forward_ports[:] del self.source_ports[:] del self.interfaces[:] del self.sources[:] del self.rules[:] del self.rules_str[:] self.icmp_block_inversion = False self.combined = False self.applied = False def __setattr__(self, name, value): if name == "rules_str": self.rules = [rich.Rich_Rule(rule_str=s) for s in value] # must convert back to string to get the canonical string. super(Zone, self).__setattr__(name, [str(s) for s in self.rules]) else: super(Zone, self).__setattr__(name, value) def export_config_dict(self): conf = super(Zone, self).export_config_dict() del conf["UNUSED"] return conf def _check_config(self, config, item, all_config, all_io_objects): common_check_config(self, config, item, all_config, all_io_objects) if self.name in all_io_objects["policies"]: raise FirewallError(errors.NAME_CONFLICT, "Zone '{}': Can't have the same name as a policy.".format(self.name)) if item == "target": if config not in ZONE_TARGETS: raise FirewallError(errors.INVALID_TARGET, "Zone '{}': invalid target '{}'".format( self.name, config)) elif item == "interfaces": for interface in config: if not checkInterface(interface): raise FirewallError(errors.INVALID_INTERFACE, "Zone '{}': invalid interface '{}'".format( self.name, interface)) for zone in all_io_objects["zones"]: if zone == self.name: continue if interface in all_io_objects["zones"][zone].interfaces: raise FirewallError(errors.INVALID_INTERFACE, "Zone '{}': interface '{}' already bound to zone '{}'".format( self.name, interface, zone)) elif item == "sources": for source in config: if not checkIPnMask(source) and not checkIP6nMask(source) and \ not check_mac(source) and not source.startswith("ipset:"): raise FirewallError(errors.INVALID_ADDR, "Zone '{}': invalid source '{}'".format( self.name, source)) for zone in all_io_objects["zones"]: if zone == self.name: continue if source in all_io_objects["zones"][zone].sources: raise FirewallError(errors.INVALID_ADDR, "Zone '{}': source '{}' already bound to zone '{}'".format( self.name, source, zone)) def check_name(self, name): super(Zone, self).check_name(name) if name.startswith('/'): raise FirewallError(errors.INVALID_NAME, "Zone '{}': name can't start with '/'".format(name)) elif name.endswith('/'): raise FirewallError(errors.INVALID_NAME, "Zone '{}': name can't end with '/'".format(name)) elif name.count('/') > 1: raise FirewallError(errors.INVALID_NAME, "Zone '{}': name has more than one '/'".format(name)) else: if "/" in name: checked_name = name[:name.find('/')] else: checked_name = name if len(checked_name) > max_zone_name_len(): raise FirewallError(errors.INVALID_NAME, "Zone '{}': name has {} chars, max is {}".format( name, len(checked_name), max_zone_name_len())) def combine(self, zone): self.combined = True self.filename = None self.version = "" self.short = "" self.description = "" for interface in zone.interfaces: if interface not in self.interfaces: self.interfaces.append(interface) for source in zone.sources: if source not in self.sources: self.sources.append(source) for service in zone.services: if service not in self.services: self.services.append(service) for port in zone.ports: if port not in self.ports: self.ports.append(port) for proto in zone.protocols: if proto not in self.protocols: self.protocols.append(proto) for icmp in zone.icmp_blocks: if icmp not in self.icmp_blocks: self.icmp_blocks.append(icmp) if zone.forward: self.forward = True if zone.masquerade: self.masquerade = True for forward in zone.forward_ports: if forward not in self.forward_ports: self.forward_ports.append(forward) for port in zone.source_ports: if port not in self.source_ports: self.source_ports.append(port) for rule in zone.rules: self.rules.append(rule) self.rules_str.append(str(rule)) if zone.icmp_block_inversion: self.icmp_block_inversion = True # PARSER class zone_ContentHandler(IO_Object_ContentHandler): def __init__(self, item): IO_Object_ContentHandler.__init__(self, item) self._rule = None self._rule_error = False self._limit_ok = None def startElement(self, name, attrs): IO_Object_ContentHandler.startElement(self, name, attrs) if self._rule_error: return self.item.parser_check_element_attrs(name, attrs) if common_startElement(self, name, attrs): return elif name == "zone": if "name" in attrs: log.warning("Ignoring deprecated attribute name='%s'", attrs["name"]) if "version" in attrs: self.item.version = attrs["version"] if "immutable" in attrs: log.warning("Ignoring deprecated attribute immutable='%s'", attrs["immutable"]) if "target" in attrs: target = attrs["target"] if target not in ZONE_TARGETS: raise FirewallError(errors.INVALID_TARGET, target) if target != "" and target != DEFAULT_ZONE_TARGET: self.item.target = target elif name == "forward": if self.item.forward: log.warning("Forward already set, ignoring.") else: self.item.forward = True elif name == "interface": if self._rule: log.warning('Invalid rule: interface use in rule.') self._rule_error = True return # zone bound to interface if "name" not in attrs: log.warning('Invalid interface: Name missing.') self._rule_error = True return if attrs["name"] not in self.item.interfaces: self.item.interfaces.append(attrs["name"]) else: log.warning("Interface '%s' already set, ignoring.", attrs["name"]) elif name == "source": if self._rule: if self._rule.source: log.warning("Invalid rule: More than one source in rule '%s', ignoring.", str(self._rule)) self._rule_error = True return invert = False if "invert" in attrs and \ attrs["invert"].lower() in [ "yes", "true" ]: invert = True addr = mac = ipset = None if "address" in attrs: addr = attrs["address"] if "mac" in attrs: mac = attrs["mac"] if "ipset" in attrs: ipset = attrs["ipset"] self._rule.source = rich.Rich_Source(addr, mac, ipset, invert=invert) return # zone bound to source if "address" not in attrs and "ipset" not in attrs: log.warning('Invalid source: No address no ipset.') return if "address" in attrs and "ipset" in attrs: log.warning('Invalid source: Address and ipset.') return if "family" in attrs: log.warning("Ignoring deprecated attribute family='%s'", attrs["family"]) if "invert" in attrs: log.warning('Invalid source: Invertion not allowed here.') return if "address" in attrs: if not checkIPnMask(attrs["address"]) and \ not checkIP6nMask(attrs["address"]) and \ not check_mac(attrs["address"]): raise FirewallError(errors.INVALID_ADDR, attrs["address"]) if "ipset" in attrs: entry = "ipset:%s" % attrs["ipset"] if entry not in self.item.sources: self.item.sources.append(entry) else: log.warning("Source '%s' already set, ignoring.", attrs["address"]) if "address" in attrs: entry = attrs["address"] if entry not in self.item.sources: self.item.sources.append(entry) else: log.warning("Source '%s' already set, ignoring.", attrs["address"]) elif name == "icmp-block-inversion": if self.item.icmp_block_inversion: log.warning("Icmp-Block-Inversion already set, ignoring.") else: self.item.icmp_block_inversion = True else: log.warning("Unknown XML element '%s'", name) return def endElement(self, name): IO_Object_ContentHandler.endElement(self, name) common_endElement(self, name) def zone_reader(filename, path, no_check_name=False): zone = Zone() if not filename.endswith(".xml"): raise FirewallError(errors.INVALID_NAME, "'%s' is missing .xml suffix" % filename) zone.name = filename[:-4] if not no_check_name: zone.check_name(zone.name) zone.filename = filename zone.path = path zone.builtin = False if path.startswith(config.ETC_FIREWALLD) else True zone.default = zone.builtin # new Zone() objects default this to True, but if reading on disk # configuration we have to assume False, because the absence of # element indicates False. Presence indicates True. zone.forward = False handler = zone_ContentHandler(zone) parser = sax.make_parser() parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "rb") as f: source = sax.InputSource(None) source.setByteStream(f) try: parser.parse(source) except sax.SAXParseException as msg: raise FirewallError(errors.INVALID_ZONE, "not a valid zone file: %s" % \ msg.getException()) del handler del parser return zone def zone_writer(zone, path=None): _path = path if path else zone.path if zone.filename: name = "%s/%s" % (_path, zone.filename) else: name = "%s/%s.xml" % (_path, zone.name) if os.path.exists(name): try: shutil.copy2(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) dirpath = os.path.dirname(name) if dirpath.startswith(config.ETC_FIREWALLD) and not os.path.exists(dirpath): if not os.path.exists(config.ETC_FIREWALLD): os.mkdir(config.ETC_FIREWALLD, 0o750) os.mkdir(dirpath, 0o750) f = io.open(name, mode='wt', encoding='UTF-8') handler = IO_Object_XMLGenerator(f) handler.startDocument() # start zone element attrs = {} if zone.version and zone.version != "": attrs["version"] = zone.version if zone.target != DEFAULT_ZONE_TARGET: attrs["target"] = zone.target handler.startElement("zone", attrs) handler.ignorableWhitespace("\n") common_writer(zone, handler) # interfaces for interface in uniqify(zone.interfaces): handler.ignorableWhitespace(" ") handler.simpleElement("interface", { "name": interface }) handler.ignorableWhitespace("\n") # source for source in uniqify(zone.sources): handler.ignorableWhitespace(" ") if "ipset:" in source: handler.simpleElement("source", { "ipset": source[6:] }) else: handler.simpleElement("source", { "address": source }) handler.ignorableWhitespace("\n") # icmp-block-inversion if zone.icmp_block_inversion: handler.ignorableWhitespace(" ") handler.simpleElement("icmp-block-inversion", { }) handler.ignorableWhitespace("\n") # forward if zone.forward: handler.ignorableWhitespace(" ") handler.simpleElement("forward", { }) handler.ignorableWhitespace("\n") # end zone element handler.endElement("zone") handler.ignorableWhitespace("\n") handler.endDocument() f.close() del handler firewalld-1.1.1/src/firewall/core/base.py0000644000000000000000000000402714217342322020274 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """Base firewall settings""" DEFAULT_ZONE_TARGET = "{chain}_{zone}" DEFAULT_POLICY_TARGET = "CONTINUE" DEFAULT_POLICY_PRIORITY = -1 ZONE_TARGETS = [ "ACCEPT", "%%REJECT%%", "DROP", DEFAULT_ZONE_TARGET, "default" ] POLICY_TARGETS = [ "ACCEPT", "REJECT", "DROP", "CONTINUE" ] SHORTCUTS = { "PREROUTING": "PRE", "POSTROUTING": "POST", "INPUT": "IN", "FORWARD": "FWD", "OUTPUT": "OUT", } REJECT_TYPES = { "ipv4": [ "icmp-host-prohibited", "host-prohib", "icmp-net-unreachable", "net-unreach", "icmp-host-unreachable", "host-unreach", "icmp-port-unreachable", "port-unreach", "icmp-proto-unreachable", "proto-unreach", "icmp-net-prohibited", "net-prohib", "tcp-reset", "tcp-rst", "icmp-admin-prohibited", "admin-prohib" ], "ipv6": [ "icmp6-adm-prohibited", "adm-prohibited", "icmp6-no-route", "no-route", "icmp6-addr-unreachable", "addr-unreach", "icmp6-port-unreachable", "port-unreach", "tcp-reset" ] } # ipset types that can be used as a source in zones # The match-set option will be src or src,src according to the # dimension of the ipset. SOURCE_IPSET_TYPES = [ "hash:ip", "hash:ip,port", "hash:ip,mark", "hash:net", "hash:net,port", "hash:net,iface", "hash:mac" ] firewalld-1.1.1/src/firewall/core/ebtables.py0000644000000000000000000002225614217342322021147 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "ebtables" ] import os.path from firewall.core.prog import runProg from firewall.core.logger import log from firewall.functions import tempFile, readfile, splitArgs from firewall.config import COMMANDS from firewall.core import ipXtables # some common stuff lives there from firewall.errors import FirewallError, INVALID_IPV import string BUILT_IN_CHAINS = { "broute": [ "BROUTING" ], "nat": [ "PREROUTING", "POSTROUTING", "OUTPUT" ], "filter": [ "INPUT", "OUTPUT", "FORWARD" ], } DEFAULT_RULES = { } LOG_RULES = { } OUR_CHAINS = {} # chains created by firewalld for table in BUILT_IN_CHAINS.keys(): DEFAULT_RULES[table] = [ ] OUR_CHAINS[table] = set() for chain in BUILT_IN_CHAINS[table]: DEFAULT_RULES[table].append("-N %s_direct" % chain) DEFAULT_RULES[table].append("-I %s 1 -j %s_direct" % (chain, chain)) DEFAULT_RULES[table].append("-I %s_direct 1 -j RETURN" % chain) OUR_CHAINS[table].add("%s_direct" % chain) class ebtables(object): ipv = "eb" name = "ebtables" policies_supported = False # ebtables only supported with direct interface def __init__(self): self._command = COMMANDS[self.ipv] self._restore_command = COMMANDS["%s-restore" % self.ipv] self.restore_noflush_option = self._detect_restore_noflush_option() self.concurrent_option = self._detect_concurrent_option() self.fill_exists() self.available_tables = [] def fill_exists(self): self.command_exists = os.path.exists(self._command) self.restore_command_exists = os.path.exists(self._restore_command) def _detect_concurrent_option(self): # Do not change any rules, just try to use the --concurrent option # with -L concurrent_option = "" ret = runProg(self._command, ["--concurrent", "-L"]) if ret[0] == 0: concurrent_option = "--concurrent" # concurrent for ebtables lock return concurrent_option def _detect_restore_noflush_option(self): # Do not change any rules, just try to use the restore command # with --noflush rules = [ ] try: self.set_rules(rules, "off") except ValueError: return False return True def __run(self, args): # convert to string list _args = [ ] if self.concurrent_option and self.concurrent_option not in args: _args.append(self.concurrent_option) _args += ["%s" % item for item in args] log.debug2("%s: %s %s", self.__class__, self._command, " ".join(_args)) (status, ret) = runProg(self._command, _args) if status != 0: raise ValueError("'%s %s' failed: %s" % (self._command, " ".join(args), ret)) return ret def _rule_validate(self, rule): for str in ["%%REJECT%%", "%%ICMP%%", "%%LOGTYPE%%"]: if str in rule: raise FirewallError(INVALID_IPV, "'%s' invalid for ebtables" % str) def is_chain_builtin(self, ipv, table, chain): return table in BUILT_IN_CHAINS and \ chain in BUILT_IN_CHAINS[table] def build_chain_rules(self, add, table, chain): rules = [] if add: rules.append([ "-t", table, "-N", chain ]) rules.append([ "-t", table, "-I", chain, "1", "-j", "RETURN" ]) else: rules.append([ "-t", table, "-X", chain ]) return rules def build_rule(self, add, table, chain, index, args): rule = [ "-t", table ] if add: rule += [ "-I", chain, str(index) ] else: rule += [ "-D", chain ] rule += args return rule def reverse_rule(self, args): return ipXtables.common_reverse_rule(args) def check_passthrough(self, args): ipXtables.common_check_passthrough(args) def reverse_passthrough(self, args): return ipXtables.common_reverse_passthrough(args) def set_rules(self, rules, log_denied): temp_file = tempFile() table = "filter" table_rules = { } for _rule in rules: rule = _rule[:] self._rule_validate(rule) # get table form rule for opt in [ "-t", "--table" ]: try: i = rule.index(opt) except ValueError: pass else: if len(rule) >= i+1: rule.pop(i) table = rule.pop(i) # we can not use joinArgs here, because it would use "'" instead # of '"' for the start and end of the string, this breaks # iptables-restore for i in range(len(rule)): for c in string.whitespace: if c in rule[i] and not (rule[i].startswith('"') and rule[i].endswith('"')): rule[i] = '"%s"' % rule[i] table_rules.setdefault(table, []).append(rule) for table in table_rules: temp_file.write("*%s\n" % table) for rule in table_rules[table]: temp_file.write(" ".join(rule) + "\n") temp_file.close() stat = os.stat(temp_file.name) log.debug2("%s: %s %s", self.__class__, self._restore_command, "%s: %d" % (temp_file.name, stat.st_size)) args = [ ] args.append("--noflush") (status, ret) = runProg(self._restore_command, args, stdin=temp_file.name) if log.getDebugLogLevel() > 2: lines = readfile(temp_file.name) if lines is not None: i = 1 for line in lines: log.debug3("%8d: %s" % (i, line), nofmt=1, nl=0) if not line.endswith("\n"): log.debug3("", nofmt=1) i += 1 os.unlink(temp_file.name) if status != 0: raise ValueError("'%s %s' failed: %s" % (self._restore_command, " ".join(args), ret)) def set_rule(self, rule, log_denied): self._rule_validate(rule) return self.__run(rule) def get_available_tables(self, table=None): ret = [] tables = [ table ] if table else BUILT_IN_CHAINS.keys() for table in tables: if table in self.available_tables: ret.append(table) else: try: self.__run(["-t", table, "-L"]) self.available_tables.append(table) ret.append(table) except ValueError: log.debug1("ebtables table '%s' does not exist." % table) return ret def get_zone_table_chains(self, table): return {} def build_flush_rules(self): rules = [] for table in BUILT_IN_CHAINS.keys(): if table not in self.get_available_tables(): continue # Flush firewall rules: -F # Delete firewall chains: -X # Set counter to zero: -Z for flag in [ "-F", "-X", "-Z" ]: rules.append(["-t", table, flag]) return rules def build_set_policy_rules(self, policy): rules = [] _policy = "DROP" if policy == "PANIC" else policy for table in BUILT_IN_CHAINS.keys(): if table not in self.get_available_tables(): continue for chain in BUILT_IN_CHAINS[table]: rules.append(["-t", table, "-P", chain, _policy]) return rules def build_default_tables(self): # nothing to do, they always exist return [] def build_default_rules(self, log_denied="off"): default_rules = [] for table in DEFAULT_RULES: if table not in self.get_available_tables(): continue _default_rules = DEFAULT_RULES[table][:] if log_denied != "off" and table in LOG_RULES: _default_rules.extend(LOG_RULES[table]) prefix = [ "-t", table ] for rule in _default_rules: if type(rule) == list: default_rules.append(prefix + rule) else: default_rules.append(prefix + splitArgs(rule)) return default_rules def is_ipv_supported(self, ipv): return ipv == self.ipv firewalld-1.1.1/src/firewall/core/fw_config.py0000644000000000000000000013653514217342322021335 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "FirewallConfig" ] import copy import os import os.path import shutil from typing import Dict, List from firewall import config from firewall.core.logger import log from firewall.core.io.io_object import IO_Object from firewall.core.io.icmptype import IcmpType, icmptype_reader, icmptype_writer from firewall.core.io.service import Service, service_reader, service_writer from firewall.core.io.zone import Zone, zone_reader, zone_writer from firewall.core.io.ipset import IPSet, ipset_reader, ipset_writer from firewall.core.io.helper import Helper, helper_reader, helper_writer from firewall.core.io.policy import Policy, policy_reader, policy_writer from firewall import errors from firewall.errors import FirewallError class FirewallConfig(object): def __init__(self, fw): self._fw = fw self.__init_vars() def __repr__(self): return '%s(%r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r)' % \ (self.__class__, self._ipsets, self._icmptypes, self._services, self._zones, self._helpers, self.policy_objects, self._builtin_ipsets, self._builtin_icmptypes, self._builtin_services, self._builtin_zones, self._builtin_helpers, self._builtin_policy_objects, self._firewalld_conf, self._policies, self._direct) def __init_vars(self): self._ipsets = { } self._icmptypes = { } self._services = { } self._zones = { } self._helpers = { } self._policy_objects = { } self._builtin_ipsets = { } self._builtin_icmptypes = { } self._builtin_services = { } self._builtin_zones = { } self._builtin_helpers = { } self._builtin_policy_objects = { } self._firewalld_conf = None self._policies = None self._direct = None def cleanup(self): for x in list(self._builtin_ipsets.keys()): self._builtin_ipsets[x].cleanup() del self._builtin_ipsets[x] for x in list(self._ipsets.keys()): self._ipsets[x].cleanup() del self._ipsets[x] for x in list(self._builtin_icmptypes.keys()): self._builtin_icmptypes[x].cleanup() del self._builtin_icmptypes[x] for x in list(self._icmptypes.keys()): self._icmptypes[x].cleanup() del self._icmptypes[x] for x in list(self._builtin_services.keys()): self._builtin_services[x].cleanup() del self._builtin_services[x] for x in list(self._services.keys()): self._services[x].cleanup() del self._services[x] for x in list(self._builtin_zones.keys()): self._builtin_zones[x].cleanup() del self._builtin_zones[x] for x in list(self._zones.keys()): self._zones[x].cleanup() del self._zones[x] for x in list(self._builtin_helpers.keys()): self._builtin_helpers[x].cleanup() del self._builtin_helpers[x] for x in list(self._helpers.keys()): self._helpers[x].cleanup() del self._helpers[x] if self._firewalld_conf: self._firewalld_conf.cleanup() del self._firewalld_conf self._firewalld_conf = None if self._policies: self._policies.cleanup() del self._policies self._policies = None if self._direct: self._direct.cleanup() del self._direct self._direct = None self.__init_vars() def get_all_io_objects_dict(self): """ Returns a dict of dicts of all permanent config objects. """ conf_dict = {} conf_dict["ipsets"] = {ipset: self.get_ipset(ipset) for ipset in self.get_ipsets()} conf_dict["helpers"] = {helper: self.get_helper(helper) for helper in self.get_helpers()} conf_dict["icmptypes"] = {icmptype: self.get_icmptype(icmptype) for icmptype in self.get_icmptypes()} conf_dict["services"] = {service: self.get_service(service) for service in self.get_services()} conf_dict["zones"] = {zone: self.get_zone(zone) for zone in self.get_zones()} conf_dict["policies"] = {policy: self.get_policy_object(policy) for policy in self.get_policy_objects()} return conf_dict def full_check_config(self, extra_io_objects: Dict[str, List[IO_Object]] = {}): all_io_objects = self.get_all_io_objects_dict() # mix in the extra objects for type_key in extra_io_objects: for obj in extra_io_objects[type_key]: all_io_objects[type_key][obj.name] = obj # we need to check in a well defined order because some io_objects will # cross-check others order = ["ipsets", "helpers", "icmptypes", "services", "zones", "policies"] for io_obj_type in order: io_objs = all_io_objects[io_obj_type] for (name, io_obj) in io_objs.items(): io_obj.check_config_dict(io_obj.export_config_dict(), all_io_objects) # access check def lockdown_enabled(self): return self._fw.policies.query_lockdown() def access_check(self, key, value): return self._fw.policies.access_check(key, value) # firewalld_conf def set_firewalld_conf(self, conf): self._firewalld_conf = conf def get_firewalld_conf(self): return self._firewalld_conf def update_firewalld_conf(self): if not os.path.exists(config.FIREWALLD_CONF): self._firewalld_conf.clear() else: self._firewalld_conf.read() # policies def set_policies(self, policies): self._policies = policies def get_policies(self): return self._policies def update_lockdown_whitelist(self): if not os.path.exists(config.LOCKDOWN_WHITELIST): self._policies.lockdown_whitelist.cleanup() else: self._policies.lockdown_whitelist.read() # direct def set_direct(self, direct): self._direct = direct def get_direct(self): return self._direct def update_direct(self): if not os.path.exists(config.FIREWALLD_DIRECT): self._direct.cleanup() else: self._direct.read() # ipset def get_ipsets(self): return sorted(set(list(self._ipsets.keys()) + \ list(self._builtin_ipsets.keys()))) def add_ipset(self, obj): if obj.builtin: self._builtin_ipsets[obj.name] = obj else: self._ipsets[obj.name] = obj def get_ipset(self, name): if name in self._ipsets: return self._ipsets[name] elif name in self._builtin_ipsets: return self._builtin_ipsets[name] raise FirewallError(errors.INVALID_IPSET, name) def load_ipset_defaults(self, obj): if obj.name not in self._ipsets: raise FirewallError(errors.NO_DEFAULTS, obj.name) elif self._ipsets[obj.name] != obj: raise FirewallError(errors.NO_DEFAULTS, "self._ipsets[%s] != obj" % obj.name) elif obj.name not in self._builtin_ipsets: raise FirewallError(errors.NO_DEFAULTS, "'%s' not a built-in ipset" % obj.name) self._remove_ipset(obj) return self._builtin_ipsets[obj.name] def get_ipset_config(self, obj): return obj.export_config() def set_ipset_config(self, obj, conf): x = copy.copy(obj) if obj.builtin: x.path = config.ETC_FIREWALLD_IPSETS x.builtin = False if obj.path != x.path: x.default = False x.import_config(conf, self.get_all_io_objects_dict()) self.full_check_config({"ipsets": [x]}) self.add_ipset(x) ipset_writer(x) return x def new_ipset(self, name, conf): if name in self._ipsets or name in self._builtin_ipsets: raise FirewallError(errors.NAME_CONFLICT, "new_ipset(): '%s'" % name) x = IPSet() x.check_name(name) x.name = name x.filename = "%s.xml" % name x.path = config.ETC_FIREWALLD_IPSETS # It is not possible to add a new one with a name of a buitin x.builtin = False x.default = True x.import_config(conf, self.get_all_io_objects_dict()) self.full_check_config({"ipsets": [x]}) self.add_ipset(x) ipset_writer(x) return x def update_ipset_from_path(self, name): filename = os.path.basename(name) path = os.path.dirname(name) if not os.path.exists(name): # removed file if path == config.ETC_FIREWALLD_IPSETS: # removed custom ipset for x in self._ipsets.keys(): obj = self._ipsets[x] if obj.filename == filename: del self._ipsets[x] if obj.name in self._builtin_ipsets: return ("update", self._builtin_ipsets[obj.name]) return ("remove", obj) else: # removed builtin ipset for x in self._builtin_ipsets.keys(): obj = self._builtin_ipsets[x] if obj.filename == filename: del self._builtin_ipsets[x] if obj.name not in self._ipsets: # update dbus ipset return ("remove", obj) else: # builtin hidden, no update needed return (None, None) # ipset not known to firewalld, yet (timeout, ..) return (None, None) # new or updated file log.debug1("Loading ipset file '%s'", name) try: obj = ipset_reader(filename, path) except Exception as msg: log.error("Failed to load ipset file '%s': %s", filename, msg) return (None, None) # new ipset if obj.name not in self._builtin_ipsets and obj.name not in self._ipsets: self.add_ipset(obj) return ("new", obj) # updated ipset if path == config.ETC_FIREWALLD_IPSETS: # custom ipset update if obj.name in self._ipsets: obj.default = self._ipsets[obj.name].default self._ipsets[obj.name] = obj return ("update", obj) else: if obj.name in self._builtin_ipsets: # builtin ipset update del self._builtin_ipsets[obj.name] self._builtin_ipsets[obj.name] = obj if obj.name not in self._ipsets: # update dbus ipset return ("update", obj) else: # builtin hidden, no update needed return (None, None) # ipset not known to firewalld, yet (timeout, ..) return (None, None) def _remove_ipset(self, obj): if obj.name not in self._ipsets: raise FirewallError(errors.INVALID_IPSET, obj.name) if obj.path != config.ETC_FIREWALLD_IPSETS: raise FirewallError(errors.INVALID_DIRECTORY, "'%s' != '%s'" % (obj.path, config.ETC_FIREWALLD_IPSETS)) name = "%s/%s.xml" % (obj.path, obj.name) try: shutil.move(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) os.remove(name) del self._ipsets[obj.name] def check_builtin_ipset(self, obj): if obj.builtin or not obj.default: raise FirewallError(errors.BUILTIN_IPSET, "'%s' is built-in ipset" % obj.name) def remove_ipset(self, obj): self.check_builtin_ipset(obj) self._remove_ipset(obj) def rename_ipset(self, obj, name): self.check_builtin_ipset(obj) new_ipset = self._copy_ipset(obj, name) self._remove_ipset(obj) return new_ipset def _copy_ipset(self, obj, name): return self.new_ipset(name, obj.export_config()) # icmptypes def get_icmptypes(self): return sorted(set(list(self._icmptypes.keys()) + \ list(self._builtin_icmptypes.keys()))) def add_icmptype(self, obj): if obj.builtin: self._builtin_icmptypes[obj.name] = obj else: self._icmptypes[obj.name] = obj def get_icmptype(self, name): if name in self._icmptypes: return self._icmptypes[name] elif name in self._builtin_icmptypes: return self._builtin_icmptypes[name] raise FirewallError(errors.INVALID_ICMPTYPE, name) def load_icmptype_defaults(self, obj): if obj.name not in self._icmptypes: raise FirewallError(errors.NO_DEFAULTS, obj.name) elif self._icmptypes[obj.name] != obj: raise FirewallError(errors.NO_DEFAULTS, "self._icmptypes[%s] != obj" % obj.name) elif obj.name not in self._builtin_icmptypes: raise FirewallError(errors.NO_DEFAULTS, "'%s' not a built-in icmptype" % obj.name) self._remove_icmptype(obj) return self._builtin_icmptypes[obj.name] def get_icmptype_config(self, obj): return obj.export_config() def set_icmptype_config(self, obj, conf): x = copy.copy(obj) if obj.builtin: x.path = config.ETC_FIREWALLD_ICMPTYPES x.builtin = False if obj.path != x.path: x.default = False x.import_config(conf, self.get_all_io_objects_dict()) self.full_check_config({"icmptypes": [x]}) self.add_icmptype(x) icmptype_writer(x) return x def new_icmptype(self, name, conf): if name in self._icmptypes or name in self._builtin_icmptypes: raise FirewallError(errors.NAME_CONFLICT, "new_icmptype(): '%s'" % name) x = IcmpType() x.check_name(name) x.name = name x.filename = "%s.xml" % name x.path = config.ETC_FIREWALLD_ICMPTYPES # It is not possible to add a new one with a name of a buitin x.builtin = False x.default = True x.import_config(conf, self.get_all_io_objects_dict()) self.full_check_config({"icmptypes": [x]}) self.add_icmptype(x) icmptype_writer(x) return x def update_icmptype_from_path(self, name): filename = os.path.basename(name) path = os.path.dirname(name) if not os.path.exists(name): # removed file if path == config.ETC_FIREWALLD_ICMPTYPES: # removed custom icmptype for x in self._icmptypes.keys(): obj = self._icmptypes[x] if obj.filename == filename: del self._icmptypes[x] if obj.name in self._builtin_icmptypes: return ("update", self._builtin_icmptypes[obj.name]) return ("remove", obj) else: # removed builtin icmptype for x in self._builtin_icmptypes.keys(): obj = self._builtin_icmptypes[x] if obj.filename == filename: del self._builtin_icmptypes[x] if obj.name not in self._icmptypes: # update dbus icmptype return ("remove", obj) else: # builtin hidden, no update needed return (None, None) # icmptype not known to firewalld, yet (timeout, ..) return (None, None) # new or updated file log.debug1("Loading icmptype file '%s'", name) try: obj = icmptype_reader(filename, path) except Exception as msg: log.error("Failed to load icmptype file '%s': %s", filename, msg) return (None, None) # new icmptype if obj.name not in self._builtin_icmptypes and obj.name not in self._icmptypes: self.add_icmptype(obj) return ("new", obj) # updated icmptype if path == config.ETC_FIREWALLD_ICMPTYPES: # custom icmptype update if obj.name in self._icmptypes: obj.default = self._icmptypes[obj.name].default self._icmptypes[obj.name] = obj return ("update", obj) else: if obj.name in self._builtin_icmptypes: # builtin icmptype update del self._builtin_icmptypes[obj.name] self._builtin_icmptypes[obj.name] = obj if obj.name not in self._icmptypes: # update dbus icmptype return ("update", obj) else: # builtin hidden, no update needed return (None, None) # icmptype not known to firewalld, yet (timeout, ..) return (None, None) def _remove_icmptype(self, obj): if obj.name not in self._icmptypes: raise FirewallError(errors.INVALID_ICMPTYPE, obj.name) if obj.path != config.ETC_FIREWALLD_ICMPTYPES: raise FirewallError(errors.INVALID_DIRECTORY, "'%s' != '%s'" % \ (obj.path, config.ETC_FIREWALLD_ICMPTYPES)) name = "%s/%s.xml" % (obj.path, obj.name) try: shutil.move(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) os.remove(name) del self._icmptypes[obj.name] def check_builtin_icmptype(self, obj): if obj.builtin or not obj.default: raise FirewallError(errors.BUILTIN_ICMPTYPE, "'%s' is built-in icmp type" % obj.name) def remove_icmptype(self, obj): self.check_builtin_icmptype(obj) self._remove_icmptype(obj) def rename_icmptype(self, obj, name): self.check_builtin_icmptype(obj) new_icmptype = self._copy_icmptype(obj, name) self._remove_icmptype(obj) return new_icmptype def _copy_icmptype(self, obj, name): return self.new_icmptype(name, obj.export_config()) # services def get_services(self): return sorted(set(list(self._services.keys()) + \ list(self._builtin_services.keys()))) def add_service(self, obj): if obj.builtin: self._builtin_services[obj.name] = obj else: self._services[obj.name] = obj def get_service(self, name): if name in self._services: return self._services[name] elif name in self._builtin_services: return self._builtin_services[name] raise FirewallError(errors.INVALID_SERVICE, "get_service(): '%s'" % name) def load_service_defaults(self, obj): if obj.name not in self._services: raise FirewallError(errors.NO_DEFAULTS, obj.name) elif self._services[obj.name] != obj: raise FirewallError(errors.NO_DEFAULTS, "self._services[%s] != obj" % obj.name) elif obj.name not in self._builtin_services: raise FirewallError(errors.NO_DEFAULTS, "'%s' not a built-in service" % obj.name) self._remove_service(obj) return self._builtin_services[obj.name] def get_service_config(self, obj): conf_dict = obj.export_config_dict() conf_list = [] for i in range(8): # tuple based dbus API has 8 elements if obj.IMPORT_EXPORT_STRUCTURE[i][0] not in conf_dict: # old API needs the empty elements as well. Grab it from the # object otherwise we don't know the type. conf_list.append(copy.deepcopy(getattr(obj, obj.IMPORT_EXPORT_STRUCTURE[i][0]))) else: conf_list.append(conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]]) return tuple(conf_list) def get_service_config_dict(self, obj): return obj.export_config_dict() def set_service_config(self, obj, conf): conf_dict = {} for i,value in enumerate(conf): conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]] = value return self.set_service_config_dict(obj, conf_dict) def set_service_config_dict(self, obj, conf): x = copy.copy(obj) if obj.builtin: x.path = config.ETC_FIREWALLD_SERVICES x.builtin = False if obj.path != x.path: x.default = False x.import_config_dict(conf, self.get_all_io_objects_dict()) self.full_check_config({"services": [x]}) self.add_service(x) service_writer(x) return x def new_service(self, name, conf): if name in self._services or name in self._builtin_services: raise FirewallError(errors.NAME_CONFLICT, "new_service(): '%s'" % name) conf_dict = {} for i,value in enumerate(conf): conf_dict[Service.IMPORT_EXPORT_STRUCTURE[i][0]] = value return self.new_service_dict(name, conf_dict) def new_service_dict(self, name, conf): if name in self._services or name in self._builtin_services: raise FirewallError(errors.NAME_CONFLICT, "new_service(): '%s'" % name) x = Service() x.check_name(name) x.name = name x.filename = "%s.xml" % name x.path = config.ETC_FIREWALLD_SERVICES # It is not possible to add a new one with a name of a buitin x.builtin = False x.default = True x.import_config_dict(conf, self.get_all_io_objects_dict()) self.full_check_config({"services": [x]}) self.add_service(x) service_writer(x) return x def update_service_from_path(self, name): filename = os.path.basename(name) path = os.path.dirname(name) if not os.path.exists(name): # removed file if path == config.ETC_FIREWALLD_SERVICES: # removed custom service for x in self._services.keys(): obj = self._services[x] if obj.filename == filename: del self._services[x] if obj.name in self._builtin_services: return ("update", self._builtin_services[obj.name]) return ("remove", obj) else: # removed builtin service for x in self._builtin_services.keys(): obj = self._builtin_services[x] if obj.filename == filename: del self._builtin_services[x] if obj.name not in self._services: # update dbus service return ("remove", obj) else: # builtin hidden, no update needed return (None, None) # service not known to firewalld, yet (timeout, ..) return (None, None) # new or updated file log.debug1("Loading service file '%s'", name) try: obj = service_reader(filename, path) except Exception as msg: log.error("Failed to load service file '%s': %s", filename, msg) return (None, None) # new service if obj.name not in self._builtin_services and obj.name not in self._services: self.add_service(obj) return ("new", obj) # updated service if path == config.ETC_FIREWALLD_SERVICES: # custom service update if obj.name in self._services: obj.default = self._services[obj.name].default self._services[obj.name] = obj return ("update", obj) else: if obj.name in self._builtin_services: # builtin service update del self._builtin_services[obj.name] self._builtin_services[obj.name] = obj if obj.name not in self._services: # update dbus service return ("update", obj) else: # builtin hidden, no update needed return (None, None) # service not known to firewalld, yet (timeout, ..) return (None, None) def _remove_service(self, obj): if obj.name not in self._services: raise FirewallError(errors.INVALID_SERVICE, obj.name) if obj.path != config.ETC_FIREWALLD_SERVICES: raise FirewallError(errors.INVALID_DIRECTORY, "'%s' != '%s'" % \ (obj.path, config.ETC_FIREWALLD_SERVICES)) name = "%s/%s.xml" % (obj.path, obj.name) try: shutil.move(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) os.remove(name) del self._services[obj.name] def check_builtin_service(self, obj): if obj.builtin or not obj.default: raise FirewallError(errors.BUILTIN_SERVICE, "'%s' is built-in service" % obj.name) def remove_service(self, obj): self.check_builtin_service(obj) self._remove_service(obj) def rename_service(self, obj, name): self.check_builtin_service(obj) new_service = self._copy_service(obj, name) self._remove_service(obj) return new_service def _copy_service(self, obj, name): return self.new_service_dict(name, obj.export_config_dict()) # zones def get_zones(self): return sorted(set(list(self._zones.keys()) + \ list(self._builtin_zones.keys()))) def add_zone(self, obj): if obj.builtin: self._builtin_zones[obj.name] = obj else: self._zones[obj.name] = obj def forget_zone(self, name): if name in self._builtin_zones: del self._builtin_zones[name] if name in self._zones: del self._zones[name] def get_zone(self, name): if name in self._zones: return self._zones[name] elif name in self._builtin_zones: return self._builtin_zones[name] raise FirewallError(errors.INVALID_ZONE, "get_zone(): %s" % name) def load_zone_defaults(self, obj): if obj.name not in self._zones: raise FirewallError(errors.NO_DEFAULTS, obj.name) elif self._zones[obj.name] != obj: raise FirewallError(errors.NO_DEFAULTS, "self._zones[%s] != obj" % obj.name) elif obj.name not in self._builtin_zones: raise FirewallError(errors.NO_DEFAULTS, "'%s' not a built-in zone" % obj.name) self._remove_zone(obj) return self._builtin_zones[obj.name] def get_zone_config(self, obj): conf_dict = obj.export_config_dict() conf_list = [] for i in range(16): # tuple based dbus API has 16 elements if obj.IMPORT_EXPORT_STRUCTURE[i][0] not in conf_dict: # old API needs the empty elements as well. Grab it from the # object otherwise we don't know the type. conf_list.append(copy.deepcopy(getattr(obj, obj.IMPORT_EXPORT_STRUCTURE[i][0]))) else: conf_list.append(conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]]) return tuple(conf_list) def get_zone_config_dict(self, obj): return obj.export_config_dict() def set_zone_config(self, obj, conf): conf_dict = {} for i,value in enumerate(conf): conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]] = value return self.set_zone_config_dict(obj, conf_dict) def set_zone_config_dict(self, obj, conf): x = copy.copy(obj) if obj.builtin: x.path = config.ETC_FIREWALLD_ZONES x.builtin = False if obj.path != x.path: x.default = False x.import_config_dict(conf, self.get_all_io_objects_dict()) self.full_check_config({"zones": [x]}) self.add_zone(x) zone_writer(x) return x def new_zone(self, name, conf): if name in self._zones or name in self._builtin_zones: raise FirewallError(errors.NAME_CONFLICT, "new_zone(): '%s'" % name) conf_dict = {} for i,value in enumerate(conf): conf_dict[Zone.IMPORT_EXPORT_STRUCTURE[i][0]] = value return self.new_zone_dict(name, conf_dict) def new_zone_dict(self, name, conf): if name in self._zones or name in self._builtin_zones: raise FirewallError(errors.NAME_CONFLICT, "new_zone(): '%s'" % name) x = Zone() x.check_name(name) x.name = name x.filename = "%s.xml" % name x.path = config.ETC_FIREWALLD_ZONES # It is not possible to add a new one with a name of a buitin x.builtin = False x.default = True x.import_config_dict(conf, self.get_all_io_objects_dict()) self.full_check_config({"zones": [x]}) self.add_zone(x) zone_writer(x) return x def update_zone_from_path(self, name): filename = os.path.basename(name) path = os.path.dirname(name) if not os.path.exists(name): # removed file if path.startswith(config.ETC_FIREWALLD_ZONES): # removed custom zone for x in self._zones.keys(): obj = self._zones[x] if obj.filename == filename: del self._zones[x] if obj.name in self._builtin_zones: return ("update", self._builtin_zones[obj.name]) return ("remove", obj) else: # removed builtin zone for x in self._builtin_zones.keys(): obj = self._builtin_zones[x] if obj.filename == filename: del self._builtin_zones[x] if obj.name not in self._zones: # update dbus zone return ("remove", obj) else: # builtin hidden, no update needed return (None, None) # zone not known to firewalld, yet (timeout, ..) return (None, None) # new or updated file log.debug1("Loading zone file '%s'", name) try: obj = zone_reader(filename, path) except Exception as msg: log.error("Failed to load zone file '%s': %s", filename, msg) return (None, None) if path.startswith(config.ETC_FIREWALLD_ZONES) and \ len(path) > len(config.ETC_FIREWALLD_ZONES): # custom combined zone part obj.name = "%s/%s" % (os.path.basename(path), os.path.basename(filename)[0:-4]) # new zone if obj.name not in self._builtin_zones and obj.name not in self._zones: self.add_zone(obj) return ("new", obj) # updated zone if path.startswith(config.ETC_FIREWALLD_ZONES): # custom zone update if obj.name in self._zones: obj.default = self._zones[obj.name].default self._zones[obj.name] = obj return ("update", obj) else: if obj.name in self._builtin_zones: # builtin zone update del self._builtin_zones[obj.name] self._builtin_zones[obj.name] = obj if obj.name not in self._zones: # update dbus zone return ("update", obj) else: # builtin hidden, no update needed return (None, None) # zone not known to firewalld, yet (timeout, ..) return (None, None) def _remove_zone(self, obj): if obj.name not in self._zones: raise FirewallError(errors.INVALID_ZONE, obj.name) if not obj.path.startswith(config.ETC_FIREWALLD_ZONES): raise FirewallError(errors.INVALID_DIRECTORY, "'%s' doesn't start with '%s'" % \ (obj.path, config.ETC_FIREWALLD_ZONES)) name = "%s/%s.xml" % (obj.path, obj.name) try: shutil.move(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) os.remove(name) del self._zones[obj.name] def check_builtin_zone(self, obj): if obj.builtin or not obj.default: raise FirewallError(errors.BUILTIN_ZONE, "'%s' is built-in zone" % obj.name) def remove_zone(self, obj): self.check_builtin_zone(obj) self._remove_zone(obj) def rename_zone(self, obj, name): self.check_builtin_zone(obj) obj_conf = obj.export_config_dict() self._remove_zone(obj) try: new_zone = self.new_zone_dict(name, obj_conf) except: # re-add original if rename failed self.new_zone_dict(obj.name, obj_conf) raise return new_zone # policy objects def get_policy_objects(self): return sorted(set(list(self._policy_objects.keys()) + \ list(self._builtin_policy_objects.keys()))) def add_policy_object(self, obj): if obj.builtin: self._builtin_policy_objects[obj.name] = obj else: self._policy_objects[obj.name] = obj def get_policy_object(self, name): if name in self._policy_objects: return self._policy_objects[name] elif name in self._builtin_policy_objects: return self._builtin_policy_objects[name] raise FirewallError(errors.INVALID_POLICY, "get_policy_object(): %s" % name) def load_policy_object_defaults(self, obj): if obj.name not in self._policy_objects: raise FirewallError(errors.NO_DEFAULTS, obj.name) elif self._policy_objects[obj.name] != obj: raise FirewallError(errors.NO_DEFAULTS, "self._policy_objects[%s] != obj" % obj.name) elif obj.name not in self._builtin_policy_objects: raise FirewallError(errors.NO_DEFAULTS, "'%s' not a built-in policy" % obj.name) self._remove_policy_object(obj) return self._builtin_policy_objects[obj.name] def get_policy_object_config_dict(self, obj): return obj.export_config_dict() def set_policy_object_config_dict(self, obj, conf): x = copy.copy(obj) if obj.builtin: x.path = config.ETC_FIREWALLD_POLICIES x.builtin = False if obj.path != x.path: x.default = False x.import_config_dict(conf, self.get_all_io_objects_dict()) self.full_check_config({"policies": [x]}) self.add_policy_object(x) policy_writer(x) return x def new_policy_object_dict(self, name, conf): if name in self._policy_objects or name in self._builtin_policy_objects: raise FirewallError(errors.NAME_CONFLICT, "new_policy_object(): '%s'" % name) x = Policy() x.check_name(name) x.name = name x.filename = "%s.xml" % name x.path = config.ETC_FIREWALLD_POLICIES # It is not possible to add a new one with a name of a buitin x.builtin = False x.default = True x.import_config_dict(conf, self.get_all_io_objects_dict()) self.full_check_config({"policies": [x]}) self.add_policy_object(x) policy_writer(x) return x def update_policy_object_from_path(self, name): filename = os.path.basename(name) path = os.path.dirname(name) if not os.path.exists(name): # removed file if path.startswith(config.ETC_FIREWALLD_POLICIES): # removed custom policy_object for x in self._policy_objects.keys(): obj = self._policy_objects[x] if obj.filename == filename: del self._policy_objects[x] if obj.name in self._builtin_policy_objects: return ("update", self._builtin_policy_objects[obj.name]) return ("remove", obj) else: # removed builtin policy_object for x in self._builtin_policy_objects.keys(): obj = self._builtin_policy_objects[x] if obj.filename == filename: del self._builtin_policy_objects[x] if obj.name not in self._policy_objects: # update dbus policy_object return ("remove", obj) else: # builtin hidden, no update needed return (None, None) # policy_object not known to firewalld, yet (timeout, ..) return (None, None) # new or updated file log.debug1("Loading policy file '%s'", name) try: obj = policy_reader(filename, path) except Exception as msg: log.error("Failed to load policy file '%s': %s", filename, msg) return (None, None) if path.startswith(config.ETC_FIREWALLD_POLICIES) and \ len(path) > len(config.ETC_FIREWALLD_POLICIES): # custom combined policy_object part obj.name = "%s/%s" % (os.path.basename(path), os.path.basename(filename)[0:-4]) # new policy_object if obj.name not in self._builtin_policy_objects and obj.name not in self._policy_objects: self.add_policy_object(obj) return ("new", obj) # updated policy_object if path.startswith(config.ETC_FIREWALLD_POLICIES): # custom policy_object update if obj.name in self._policy_objects: obj.default = self._policy_objects[obj.name].default self._policy_objects[obj.name] = obj return ("update", obj) else: if obj.name in self._builtin_policy_objects: # builtin policy_object update del self._builtin_policy_objects[obj.name] self._builtin_policy_objects[obj.name] = obj if obj.name not in self._policy_objects: # update dbus policy_object return ("update", obj) else: # builtin hidden, no update needed return (None, None) # policy_object not known to firewalld, yet (timeout, ..) return (None, None) def _remove_policy_object(self, obj): if obj.name not in self._policy_objects: raise FirewallError(errors.INVALID_POLICY, obj.name) if not obj.path.startswith(config.ETC_FIREWALLD_POLICIES): raise FirewallError(errors.INVALID_DIRECTORY, "'%s' doesn't start with '%s'" % \ (obj.path, config.ETC_FIREWALLD_POLICIES)) name = "%s/%s.xml" % (obj.path, obj.name) try: shutil.move(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) os.remove(name) del self._policy_objects[obj.name] def check_builtin_policy_object(self, obj): if obj.builtin or not obj.default: raise FirewallError(errors.BUILTIN_POLICY, "'%s' is built-in policy" % obj.name) def remove_policy_object(self, obj): self.check_builtin_policy_object(obj) self._remove_policy_object(obj) def rename_policy_object(self, obj, name): self.check_builtin_policy_object(obj) new_policy_object = self._copy_policy_object(obj, name) self._remove_policy_object(obj) return new_policy_object def _copy_policy_object(self, obj, name): return self.new_policy_object_dict(name, obj.export_config_dict()) # helper def get_helpers(self): return sorted(set(list(self._helpers.keys()) + \ list(self._builtin_helpers.keys()))) def add_helper(self, obj): if obj.builtin: self._builtin_helpers[obj.name] = obj else: self._helpers[obj.name] = obj def get_helper(self, name): if name in self._helpers: return self._helpers[name] elif name in self._builtin_helpers: return self._builtin_helpers[name] raise FirewallError(errors.INVALID_HELPER, name) def load_helper_defaults(self, obj): if obj.name not in self._helpers: raise FirewallError(errors.NO_DEFAULTS, obj.name) elif self._helpers[obj.name] != obj: raise FirewallError(errors.NO_DEFAULTS, "self._helpers[%s] != obj" % obj.name) elif obj.name not in self._builtin_helpers: raise FirewallError(errors.NO_DEFAULTS, "'%s' not a built-in helper" % obj.name) self._remove_helper(obj) return self._builtin_helpers[obj.name] def get_helper_config(self, obj): return obj.export_config() def set_helper_config(self, obj, conf): x = copy.copy(obj) if obj.builtin: x.path = config.ETC_FIREWALLD_HELPERS x.builtin = False if obj.path != x.path: x.default = False x.import_config(conf, self.get_all_io_objects_dict()) self.full_check_config({"helpers": [x]}) self.add_helper(x) helper_writer(x) return x def new_helper(self, name, conf): if name in self._helpers or name in self._builtin_helpers: raise FirewallError(errors.NAME_CONFLICT, "new_helper(): '%s'" % name) x = Helper() x.check_name(name) x.name = name x.filename = "%s.xml" % name x.path = config.ETC_FIREWALLD_HELPERS # It is not possible to add a new one with a name of a buitin x.builtin = False x.default = True x.import_config(conf, self.get_all_io_objects_dict()) self.full_check_config({"helpers": [x]}) self.add_helper(x) helper_writer(x) return x def update_helper_from_path(self, name): filename = os.path.basename(name) path = os.path.dirname(name) if not os.path.exists(name): # removed file if path == config.ETC_FIREWALLD_HELPERS: # removed custom helper for x in self._helpers.keys(): obj = self._helpers[x] if obj.filename == filename: del self._helpers[x] if obj.name in self._builtin_helpers: return ("update", self._builtin_helpers[obj.name]) return ("remove", obj) else: # removed builtin helper for x in self._builtin_helpers.keys(): obj = self._builtin_helpers[x] if obj.filename == filename: del self._builtin_helpers[x] if obj.name not in self._helpers: # update dbus helper return ("remove", obj) else: # builtin hidden, no update needed return (None, None) # helper not known to firewalld, yet (timeout, ..) return (None, None) # new or updated file log.debug1("Loading helper file '%s'", name) try: obj = helper_reader(filename, path) except Exception as msg: log.error("Failed to load helper file '%s': %s", filename, msg) return (None, None) # new helper if obj.name not in self._builtin_helpers and obj.name not in self._helpers: self.add_helper(obj) return ("new", obj) # updated helper if path == config.ETC_FIREWALLD_HELPERS: # custom helper update if obj.name in self._helpers: obj.default = self._helpers[obj.name].default self._helpers[obj.name] = obj return ("update", obj) else: if obj.name in self._builtin_helpers: # builtin helper update del self._builtin_helpers[obj.name] self._builtin_helpers[obj.name] = obj if obj.name not in self._helpers: # update dbus helper return ("update", obj) else: # builtin hidden, no update needed return (None, None) # helper not known to firewalld, yet (timeout, ..) return (None, None) def _remove_helper(self, obj): if obj.name not in self._helpers: raise FirewallError(errors.INVALID_HELPER, obj.name) if obj.path != config.ETC_FIREWALLD_HELPERS: raise FirewallError(errors.INVALID_DIRECTORY, "'%s' != '%s'" % (obj.path, config.ETC_FIREWALLD_HELPERS)) name = "%s/%s.xml" % (obj.path, obj.name) try: shutil.move(name, "%s.old" % name) except Exception as msg: log.error("Backup of file '%s' failed: %s", name, msg) os.remove(name) del self._helpers[obj.name] def check_builtin_helper(self, obj): if obj.builtin or not obj.default: raise FirewallError(errors.BUILTIN_HELPER, "'%s' is built-in helper" % obj.name) def remove_helper(self, obj): self.check_builtin_helper(obj) self._remove_helper(obj) def rename_helper(self, obj, name): self.check_builtin_helper(obj) new_helper = self._copy_helper(obj, name) self._remove_helper(obj) return new_helper def _copy_helper(self, obj, name): return self.new_helper(name, obj.export_config()) firewalld-1.1.1/src/firewall/core/fw_direct.py0000644000000000000000000005301514217342322021331 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "FirewallDirect" ] from firewall.fw_types import LastUpdatedOrderedDict from firewall.core import ipXtables from firewall.core import ebtables from firewall.core.fw_transaction import FirewallTransaction from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class Firewall # ############################################################################ class FirewallDirect(object): def __init__(self, fw): self._fw = fw self.__init_vars() def __repr__(self): return '%s(%r, %r, %r)' % (self.__class__, self._chains, self._rules, self._rule_priority_positions) def __init_vars(self): self._chains = { } self._rules = { } self._rule_priority_positions = { } self._passthroughs = { } self._obj = None def cleanup(self): self.__init_vars() # transaction def new_transaction(self): return FirewallTransaction(self._fw) # configuration def set_permanent_config(self, obj): self._obj = obj def has_configuration(self): if len(self._chains) + len(self._rules) + len(self._passthroughs) > 0: return True if len(self._obj.get_all_chains()) + \ len(self._obj.get_all_rules()) + \ len(self._obj.get_all_passthroughs()) > 0: return True return False def apply_direct(self, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction # Apply permanent configuration and save the obj to be able to # remove permanent configuration settings within get_runtime_config # for use in firewalld reload. self.set_config((self._obj.get_all_chains(), self._obj.get_all_rules(), self._obj.get_all_passthroughs()), transaction) if use_transaction is None: transaction.execute(True) def get_runtime_config(self): # Return only runtime changes # Remove all chains, rules and passthroughs that are in self._obj # (permanent config applied in firewalld _start. chains = { } rules = { } passthroughs = { } for table_id in self._chains: (ipv, table) = table_id for chain in self._chains[table_id]: if not self._obj.query_chain(ipv, table, chain): chains.setdefault(table_id, [ ]).append(chain) for chain_id in self._rules: (ipv, table, chain) = chain_id for (priority, args) in self._rules[chain_id]: if not self._obj.query_rule(ipv, table, chain, priority, args): if chain_id not in rules: rules[chain_id] = LastUpdatedOrderedDict() rules[chain_id][(priority, args)] = priority for ipv in self._passthroughs: for args in self._passthroughs[ipv]: if not self._obj.query_passthrough(ipv, args): if ipv not in passthroughs: passthroughs[ipv] = [ ] passthroughs[ipv].append(args) return (chains, rules, passthroughs) def get_config(self): return (self._chains, self._rules, self._passthroughs) def set_config(self, conf, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction (_chains, _rules, _passthroughs) = conf for table_id in _chains: (ipv, table) = table_id for chain in _chains[table_id]: if not self.query_chain(ipv, table, chain): try: self.add_chain(ipv, table, chain, use_transaction=transaction) except FirewallError as error: log.warning(str(error)) for chain_id in _rules: (ipv, table, chain) = chain_id for (priority, args) in _rules[chain_id]: if not self.query_rule(ipv, table, chain, priority, args): try: self.add_rule(ipv, table, chain, priority, args, use_transaction=transaction) except FirewallError as error: log.warning(str(error)) for ipv in _passthroughs: for args in _passthroughs[ipv]: if not self.query_passthrough(ipv, args): try: self.add_passthrough(ipv, args, use_transaction=transaction) except FirewallError as error: log.warning(str(error)) if use_transaction is None: transaction.execute(True) def _check_ipv(self, ipv): ipvs = ['ipv4', 'ipv6', 'eb'] if ipv not in ipvs: raise FirewallError(errors.INVALID_IPV, "'%s' not in '%s'" % (ipv, ipvs)) def _check_ipv_table(self, ipv, table): self._check_ipv(ipv) tables = ipXtables.BUILT_IN_CHAINS.keys() if ipv in [ 'ipv4', 'ipv6' ] \ else ebtables.BUILT_IN_CHAINS.keys() if table not in tables: raise FirewallError(errors.INVALID_TABLE, "'%s' not in '%s'" % (table, tables)) def _check_builtin_chain(self, ipv, table, chain): if ipv in ['ipv4', 'ipv6']: built_in_chains = ipXtables.BUILT_IN_CHAINS[table] if self._fw.nftables_enabled: our_chains = {} else: our_chains = self._fw.get_direct_backend_by_ipv(ipv).our_chains[table] else: built_in_chains = ebtables.BUILT_IN_CHAINS[table] our_chains = ebtables.OUR_CHAINS[table] if chain in built_in_chains: raise FirewallError(errors.BUILTIN_CHAIN, "chain '%s' is built-in chain" % chain) if chain in our_chains: raise FirewallError(errors.BUILTIN_CHAIN, "chain '%s' is reserved" % chain) if ipv in [ "ipv4", "ipv6" ]: if self._fw.zone.zone_from_chain(chain) is not None: raise FirewallError(errors.INVALID_CHAIN, "Chain '%s' is reserved" % chain) def _register_chain(self, table_id, chain, add): if add: self._chains.setdefault(table_id, [ ]).append(chain) else: self._chains[table_id].remove(chain) if len(self._chains[table_id]) == 0: del self._chains[table_id] def add_chain(self, ipv, table, chain, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction #TODO: policy="ACCEPT" self._chain(True, ipv, table, chain, transaction) if use_transaction is None: transaction.execute(True) def remove_chain(self, ipv, table, chain, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self._chain(False, ipv, table, chain, transaction) if use_transaction is None: transaction.execute(True) def query_chain(self, ipv, table, chain): self._check_ipv_table(ipv, table) self._check_builtin_chain(ipv, table, chain) table_id = (ipv, table) return (table_id in self._chains and chain in self._chains[table_id]) def get_chains(self, ipv, table): self._check_ipv_table(ipv, table) table_id = (ipv, table) if table_id in self._chains: return self._chains[table_id] return [ ] def get_all_chains(self): r = [ ] for key in self._chains: (ipv, table) = key for chain in self._chains[key]: r.append((ipv, table, chain)) return r def add_rule(self, ipv, table, chain, priority, args, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self._rule(True, ipv, table, chain, priority, args, transaction) if use_transaction is None: transaction.execute(True) def remove_rule(self, ipv, table, chain, priority, args, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self._rule(False, ipv, table, chain, priority, args, transaction) if use_transaction is None: transaction.execute(True) def query_rule(self, ipv, table, chain, priority, args): self._check_ipv_table(ipv, table) chain_id = (ipv, table, chain) return chain_id in self._rules and \ (priority, args) in self._rules[chain_id] def get_rules(self, ipv, table, chain): self._check_ipv_table(ipv, table) chain_id = (ipv, table, chain) if chain_id in self._rules: return list(self._rules[chain_id].keys()) return [ ] def get_all_rules(self): r = [ ] for key in self._rules: (ipv, table, chain) = key for (priority, args) in self._rules[key]: r.append((ipv, table, chain, priority, list(args))) return r def _register_rule(self, rule_id, chain_id, priority, enable, count): if enable: if chain_id not in self._rules: self._rules[chain_id] = LastUpdatedOrderedDict() self._rules[chain_id][rule_id] = priority if chain_id not in self._rule_priority_positions: self._rule_priority_positions[chain_id] = { } if priority in self._rule_priority_positions[chain_id]: self._rule_priority_positions[chain_id][priority] += count else: self._rule_priority_positions[chain_id][priority] = count else: del self._rules[chain_id][rule_id] if len(self._rules[chain_id]) == 0: del self._rules[chain_id] self._rule_priority_positions[chain_id][priority] -= count # DIRECT PASSTHROUGH (untracked) def passthrough(self, ipv, args): try: return self._fw.rule(self._fw.get_direct_backend_by_ipv(ipv).name, args) except Exception as msg: log.debug2(msg) raise FirewallError(errors.COMMAND_FAILED, msg) def _register_passthrough(self, ipv, args, enable): if enable: if ipv not in self._passthroughs: self._passthroughs[ipv] = [ ] self._passthroughs[ipv].append(args) else: self._passthroughs[ipv].remove(args) if len(self._passthroughs[ipv]) == 0: del self._passthroughs[ipv] def add_passthrough(self, ipv, args, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self._passthrough(True, ipv, list(args), transaction) if use_transaction is None: transaction.execute(True) def remove_passthrough(self, ipv, args, use_transaction=None): if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self._passthrough(False, ipv, list(args), transaction) if use_transaction is None: transaction.execute(True) def query_passthrough(self, ipv, args): return ipv in self._passthroughs and \ tuple(args) in self._passthroughs[ipv] def get_all_passthroughs(self): r = [ ] for ipv in self._passthroughs: for args in self._passthroughs[ipv]: r.append((ipv, list(args))) return r def get_passthroughs(self, ipv): r = [ ] if ipv in self._passthroughs: for args in self._passthroughs[ipv]: r.append(list(args)) return r def split_value(self, rules, opts): """Split values combined with commas for options in opts""" out_rules = [ ] for rule in rules: processed = False for opt in opts: try: i = rule.index(opt) except ValueError: pass else: if len(rule) > i and "," in rule[i+1]: # For all items in the comma separated list in index # i of the rule, a new rule is created with a single # item from this list processed = True items = rule[i+1].split(",") for item in items: _rule = rule[:] _rule[i+1] = item out_rules.append(_rule) if not processed: out_rules.append(rule) return out_rules def _rule(self, enable, ipv, table, chain, priority, args, transaction): self._check_ipv_table(ipv, table) # Do not create zone chains if we're using nftables. Only allow direct # rules in the built in chains. if not self._fw.nftables_enabled \ and ipv in [ "ipv4", "ipv6" ]: self._fw.zone.create_zone_base_by_chain(ipv, table, chain, transaction) _chain = chain backend = self._fw.get_direct_backend_by_ipv(ipv) # if nftables is in use, just put the direct rules in the chain # specified by the user. i.e. don't append _direct. if not self._fw.nftables_enabled \ and backend.is_chain_builtin(ipv, table, chain): _chain = "%s_direct" % (chain) elif self._fw.nftables_enabled and chain[-7:] == "_direct" \ and backend.is_chain_builtin(ipv, table, chain[:-7]): # strip _direct suffix. If we're using nftables we don't bother # creating the *_direct chains for builtin chains. _chain = chain[:-7] chain_id = (ipv, table, chain) rule_id = (priority, args) if enable: if chain_id in self._rules and \ rule_id in self._rules[chain_id]: raise FirewallError(errors.ALREADY_ENABLED, "rule '%s' already is in '%s:%s:%s'" % \ (args, ipv, table, chain)) else: if chain_id not in self._rules or \ rule_id not in self._rules[chain_id]: raise FirewallError(errors.NOT_ENABLED, "rule '%s' is not in '%s:%s:%s'" % \ (args, ipv, table, chain)) # get priority of rule priority = self._rules[chain_id][rule_id] # If a rule gets added, the initial rule index position within the # ipv, table and chain combination (chain_id) is 1. # Tf the chain_id exists in _rule_priority_positions, there are already # other rules for this chain_id. The number of rules for a priority # less or equal to the priority of the new rule will increase the # index of the new rule. The index is the ip*tables -I insert rule # number. # # Example: We have the following rules for chain_id (ipv4, filter, # INPUT) already: # ipv4, filter, INPUT, 1, -i, foo1, -j, ACCEPT # ipv4, filter, INPUT, 2, -i, foo2, -j, ACCEPT # ipv4, filter, INPUT, 2, -i, foo2_1, -j, ACCEPT # ipv4, filter, INPUT, 3, -i, foo3, -j, ACCEPT # This results in the following _rule_priority_positions structure: # _rule_priority_positions[(ipv4,filter,INPUT)][1] = 1 # _rule_priority_positions[(ipv4,filter,INPUT)][2] = 2 # _rule_priority_positions[(ipv4,filter,INPUT)][3] = 1 # The new rule # ipv4, filter, INPUT, 2, -i, foo2_2, -j, ACCEPT # has the same pritority as the second rule before and will be added # right after it. # The initial index is 1 and the chain_id is already in # _rule_priority_positions. Therefore the index will increase for # the number of rules in every rule position in # _rule_priority_positions[(ipv4,filter,INPUT)].keys() # where position is smaller or equal to the entry in keys. # With the example from above: # The priority of the new rule is 2. Therefore for all keys in # _rule_priority_positions[chain_id] where priority is 1 or 2, the # number of the rules will increase the index of the rule. # For _rule_priority_positions[chain_id][1]: index += 1 # _rule_priority_positions[chain_id][2]: index += 2 # index will be 4 in the end and the rule in the table chain # combination will be added at index 4. # If there are no rules in the table chain combination, a new rule # has index 1. index = 1 count = 0 if chain_id in self._rule_priority_positions: positions = sorted(self._rule_priority_positions[chain_id].keys()) j = 0 while j < len(positions) and priority >= positions[j]: index += self._rule_priority_positions[chain_id][positions[j]] j += 1 # split the direct rule in some cases as iptables-restore can't handle # compound args. # args_list = [list(args)] args_list = self.split_value(args_list, [ "-s", "--source" ]) args_list = self.split_value(args_list, [ "-d", "--destination" ]) for _args in args_list: transaction.add_rule(backend, backend.build_rule(enable, table, _chain, index, tuple(_args))) index += 1 count += 1 self._register_rule(rule_id, chain_id, priority, enable, count) transaction.add_fail(self._register_rule, rule_id, chain_id, priority, not enable, count) def _chain(self, add, ipv, table, chain, transaction): self._check_ipv_table(ipv, table) self._check_builtin_chain(ipv, table, chain) table_id = (ipv, table) if add: if table_id in self._chains and \ chain in self._chains[table_id]: raise FirewallError(errors.ALREADY_ENABLED, "chain '%s' already is in '%s:%s'" % \ (chain, ipv, table)) else: if table_id not in self._chains or \ chain not in self._chains[table_id]: raise FirewallError(errors.NOT_ENABLED, "chain '%s' is not in '%s:%s'" % \ (chain, ipv, table)) backend = self._fw.get_direct_backend_by_ipv(ipv) transaction.add_rules(backend, backend.build_chain_rules(add, table, chain)) self._register_chain(table_id, chain, add) transaction.add_fail(self._register_chain, table_id, chain, not add) def _passthrough(self, enable, ipv, args, transaction): self._check_ipv(ipv) tuple_args = tuple(args) if enable: if ipv in self._passthroughs and \ tuple_args in self._passthroughs[ipv]: raise FirewallError(errors.ALREADY_ENABLED, "passthrough '%s', '%s'" % (ipv, args)) else: if ipv not in self._passthroughs or \ tuple_args not in self._passthroughs[ipv]: raise FirewallError(errors.NOT_ENABLED, "passthrough '%s', '%s'" % (ipv, args)) backend = self._fw.get_direct_backend_by_ipv(ipv) if enable: backend.check_passthrough(args) # try to find out if a zone chain should be used if ipv in [ "ipv4", "ipv6" ]: table, chain = backend.passthrough_parse_table_chain(args) if table and chain: self._fw.zone.create_zone_base_by_chain(ipv, table, chain) _args = args else: _args = backend.reverse_passthrough(args) transaction.add_rule(backend, _args) self._register_passthrough(ipv, tuple_args, enable) transaction.add_fail(self._register_passthrough, ipv, tuple_args, not enable) firewalld-1.1.1/src/firewall/core/fw_helper.py0000644000000000000000000000345114217342322021335 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2015-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """helper backend""" __all__ = [ "FirewallHelper" ] from firewall import errors from firewall.errors import FirewallError class FirewallHelper(object): def __init__(self, fw): self._fw = fw self._helpers = { } def __repr__(self): return '%s(%r)' % (self.__class__, self._helpers) # helpers def cleanup(self): self._helpers.clear() def check_helper(self, name): if name not in self.get_helpers(): raise FirewallError(errors.INVALID_HELPER, name) def query_helper(self, name): return name in self.get_helpers() def get_helpers(self): return sorted(self._helpers.keys()) def has_helpers(self): return len(self._helpers) > 0 def get_helper(self, name): self.check_helper(name) return self._helpers[name] def add_helper(self, obj): self._helpers[obj.name] = obj def remove_helper(self, name): if name not in self._helpers: raise FirewallError(errors.INVALID_HELPER, name) del self._helpers[name] firewalld-1.1.1/src/firewall/core/fw_icmptype.py0000644000000000000000000000552214217342322021711 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "FirewallIcmpType" ] import copy from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class FirewallIcmpType(object): def __init__(self, fw): self._fw = fw self._icmptypes = { } def __repr__(self): return '%s(%r)' % (self.__class__, self._icmptypes) def cleanup(self): self._icmptypes.clear() # zones def get_icmptypes(self): return sorted(self._icmptypes.keys()) def check_icmptype(self, icmptype): if icmptype not in self._icmptypes: raise FirewallError(errors.INVALID_ICMPTYPE, icmptype) def get_icmptype(self, icmptype): self.check_icmptype(icmptype) return self._icmptypes[icmptype] def add_icmptype(self, obj): orig_ipvs = obj.destination if len(orig_ipvs) == 0: orig_ipvs = [ "ipv4", "ipv6" ] ipvs = orig_ipvs[:] for ipv in orig_ipvs: if ipv == "ipv4": if not self._fw.ip4tables_enabled and not self._fw.nftables_enabled: continue supported_icmps = self._fw.ipv4_supported_icmp_types elif ipv == "ipv6": if not self._fw.ip6tables_enabled and not self._fw.nftables_enabled: continue supported_icmps = self._fw.ipv6_supported_icmp_types else: supported_icmps = [ ] if obj.name.lower() not in supported_icmps: log.info1("ICMP type '%s' is not supported by the kernel for %s." % (obj.name, ipv)) ipvs.remove(ipv) if len(ipvs) != len(orig_ipvs): if len(ipvs) < 1: raise FirewallError(errors.INVALID_ICMPTYPE, "No supported ICMP type.") new_obj = copy.deepcopy(obj) new_obj.destination = ipvs self._icmptypes[obj.name] = new_obj else: self._icmptypes[obj.name] = obj def remove_icmptype(self, icmptype): self.check_icmptype(icmptype) del self._icmptypes[icmptype] firewalld-1.1.1/src/firewall/core/fw_ifcfg.py0000644000000000000000000000500214217342322021126 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """Functions to search for and change ifcfg files""" __all__ = [ "search_ifcfg_of_interface", "ifcfg_set_zone_of_interface" ] import os import os.path from firewall import config from firewall.core.logger import log from firewall.core.io.ifcfg import ifcfg def search_ifcfg_of_interface(interface): """search ifcfg file for the interface in config.IFCFGDIR""" # Return quickly if config.IFCFGDIR does not exist if not os.path.exists(config.IFCFGDIR): return None for filename in sorted(os.listdir(config.IFCFGDIR)): if not filename.startswith("ifcfg-"): continue for ignored in [ ".bak", ".orig", ".rpmnew", ".rpmorig", ".rpmsave", "-range" ]: if filename.endswith(ignored): continue if "." in filename: continue ifcfg_file = ifcfg("%s/%s" % (config.IFCFGDIR, filename)) ifcfg_file.read() if ifcfg_file.get("DEVICE") == interface: return ifcfg_file # Wasn't found above, so assume filename matches the device we want filename = "%s/ifcfg-%s" % (config.IFCFGDIR, interface) if os.path.exists(filename): ifcfg_file = ifcfg(filename) ifcfg_file.read() return ifcfg_file return None def ifcfg_set_zone_of_interface(zone, interface): """Set zone (ZONE=) in the ifcfg file that uses the interface (DEVICE=)""" if zone is None: zone = "" ifcfg_file = search_ifcfg_of_interface(interface) if ifcfg_file is not None and ifcfg_file.get("ZONE") != zone and not \ (ifcfg_file.get("ZONE") is None and zone == ""): log.debug1("Setting ZONE=%s in '%s'" % (zone, ifcfg_file.filename)) ifcfg_file.set("ZONE", zone) ifcfg_file.write() firewalld-1.1.1/src/firewall/core/fw_ipset.py0000644000000000000000000002271214217342322021203 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2015-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """ipset backend""" __all__ = [ "FirewallIPSet" ] from firewall.core.logger import log from firewall.core.ipset import remove_default_create_options as rm_def_cr_opts, \ normalize_ipset_entry, check_entry_overlaps_existing, \ check_for_overlapping_entries from firewall.core.io.ipset import IPSet from firewall import errors from firewall.errors import FirewallError class FirewallIPSet(object): def __init__(self, fw): self._fw = fw self._ipsets = { } def __repr__(self): return '%s(%r)' % (self.__class__, self._ipsets) # ipsets def cleanup(self): self._ipsets.clear() def check_ipset(self, name): if name not in self.get_ipsets(): raise FirewallError(errors.INVALID_IPSET, name) def query_ipset(self, name): return name in self.get_ipsets() def get_ipsets(self): return sorted(self._ipsets.keys()) def has_ipsets(self): return len(self._ipsets) > 0 def get_ipset(self, name, applied=False): self.check_ipset(name) obj = self._ipsets[name] if applied: self.check_applied_obj(obj) return obj def backends(self): backends = [] if self._fw.nftables_enabled: backends.append(self._fw.nftables_backend) if self._fw.ipset_enabled: backends.append(self._fw.ipset_backend) return backends def add_ipset(self, obj): if obj.type not in self._fw.ipset_supported_types: raise FirewallError(errors.INVALID_TYPE, "'%s' is not supported by ipset." % obj.type) self._ipsets[obj.name] = obj def remove_ipset(self, name, keep=False): obj = self._ipsets[name] if obj.applied and not keep: try: for backend in self.backends(): backend.set_destroy(name) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: log.debug1("Keeping ipset '%s' because of timeout option", name) del self._ipsets[name] def apply_ipset(self, name): obj = self._ipsets[name] for backend in self.backends(): if backend.name == "ipset": active = backend.set_get_active_terse() if name in active and ("timeout" not in obj.options or \ obj.options["timeout"] == "0" or \ obj.type != active[name][0] or \ rm_def_cr_opts(obj.options) != \ active[name][1]): try: backend.set_destroy(name) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) if self._fw._individual_calls: try: backend.set_create(obj.name, obj.type, obj.options) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: obj.applied = True if "timeout" in obj.options and \ obj.options["timeout"] != "0": # no entries visible for ipsets with timeout continue try: backend.set_flush(obj.name) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) for entry in obj.entries: try: backend.set_add(obj.name, entry) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: try: backend.set_restore(obj.name, obj.type, obj.entries, obj.options, None) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: obj.applied = True def apply_ipsets(self): for name in self.get_ipsets(): obj = self._ipsets[name] obj.applied = False log.debug1("Applying ipset '%s'" % name) self.apply_ipset(name) def flush(self): for backend in self.backends(): # nftables sets are part of the normal firewall ruleset. if backend.name == "nftables": continue for ipset in self.get_ipsets(): try: self.check_applied(ipset) backend.set_destroy(ipset) except FirewallError as msg: if msg.code != errors.NOT_APPLIED: raise msg # TYPE def get_type(self, name, applied=True): return self.get_ipset(name, applied=applied).type # DIMENSION def get_dimension(self, name): return len(self.get_ipset(name, applied=True).type.split(",")) def check_applied(self, name): obj = self.get_ipset(name) self.check_applied_obj(obj) def check_applied_obj(self, obj): if not obj.applied: raise FirewallError( errors.NOT_APPLIED, obj.name) # OPTIONS def get_family(self, name, applied=True): obj = self.get_ipset(name, applied=applied) if "family" in obj.options: if obj.options["family"] == "inet6": return "ipv6" return "ipv4" # ENTRIES def add_entry(self, name, entry): obj = self.get_ipset(name, applied=True) entry = normalize_ipset_entry(entry) IPSet.check_entry(entry, obj.options, obj.type) if entry in obj.entries: raise FirewallError(errors.ALREADY_ENABLED, "'%s' already is in '%s'" % (entry, name)) check_entry_overlaps_existing(entry, obj.entries) try: for backend in self.backends(): backend.set_add(obj.name, entry) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: if "timeout" not in obj.options or obj.options["timeout"] == "0": # no entries visible for ipsets with timeout obj.entries.append(entry) def remove_entry(self, name, entry): obj = self.get_ipset(name, applied=True) entry = normalize_ipset_entry(entry) # no entry check for removal if entry not in obj.entries: raise FirewallError(errors.NOT_ENABLED, "'%s' not in '%s'" % (entry, name)) try: for backend in self.backends(): backend.set_delete(obj.name, entry) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: if "timeout" not in obj.options or obj.options["timeout"] == "0": # no entries visible for ipsets with timeout obj.entries.remove(entry) def query_entry(self, name, entry): obj = self.get_ipset(name, applied=True) entry = normalize_ipset_entry(entry) if "timeout" in obj.options and obj.options["timeout"] != "0": # no entries visible for ipsets with timeout raise FirewallError(errors.IPSET_WITH_TIMEOUT, name) return entry in obj.entries def get_entries(self, name): obj = self.get_ipset(name, applied=True) return obj.entries def set_entries(self, name, entries): obj = self.get_ipset(name, applied=True) check_for_overlapping_entries(entries) for entry in entries: IPSet.check_entry(entry, obj.options, obj.type) if "timeout" not in obj.options or obj.options["timeout"] == "0": # no entries visible for ipsets with timeout obj.entries = entries try: for backend in self.backends(): backend.set_flush(obj.name) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: obj.applied = True try: for backend in self.backends(): if self._fw._individual_calls: for entry in obj.entries: backend.set_add(obj.name, entry) else: backend.set_restore(obj.name, obj.type, obj.entries, obj.options, None) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: obj.applied = True return firewalld-1.1.1/src/firewall/core/fw_nm.py0000644000000000000000000001517214217342322020473 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """Functions for NetworkManager interaction""" __all__ = [ "check_nm_imported", "nm_is_imported", "nm_get_zone_of_connection", "nm_set_zone_of_connection", "nm_get_connections", "nm_get_connection_of_interface", "nm_get_bus_name", "nm_get_dbus_interface" ] import gi from gi.repository import GLib try: gi.require_version('NM', '1.0') except ValueError: _nm_imported = False else: try: from gi.repository import NM _nm_imported = True except (ImportError, ValueError, GLib.Error): _nm_imported = False _nm_client = None from firewall import errors from firewall.errors import FirewallError from firewall.core.logger import log import dbus def check_nm_imported(): """Check function to raise a MISSING_IMPORT error if the import of NM failed """ if not _nm_imported: raise FirewallError(errors.MISSING_IMPORT, "gi.repository.NM = 1.0") def nm_is_imported(): """Returns true if NM has been properly imported @return True if import was successful, False otherwirse """ return _nm_imported def nm_get_client(): """Returns the NM client object or None if the import of NM failed @return NM.Client instance if import was successful, None otherwise """ global _nm_client if not _nm_client: _nm_client = NM.Client.new(None) return _nm_client def nm_get_zone_of_connection(connection): """Get zone of connection from NM @param connection name @return zone string setting of connection, empty string if not set, None if connection is unknown """ check_nm_imported() con = nm_get_client().get_connection_by_uuid(connection) if con is None: return None setting_con = con.get_setting_connection() if setting_con is None: return None try: if con.get_flags() & (NM.SettingsConnectionFlags.NM_GENERATED | NM.SettingsConnectionFlags.NM_VOLATILE): return "" except AttributeError: # Prior to NetworkManager 1.12, we can only guess # that a connection was generated/volatile. if con.get_unsaved(): return "" zone = setting_con.get_zone() if zone is None: zone = "" return zone def nm_set_zone_of_connection(zone, connection): """Set the zone for a connection @param zone name @param connection name @return True if zone was set, else False """ check_nm_imported() con = nm_get_client().get_connection_by_uuid(connection) if con is None: return False setting_con = con.get_setting_connection() if setting_con is None: return False if zone == "": zone = None setting_con.set_property("zone", zone) return con.commit_changes(True, None) def nm_get_connections(connections, connections_name): """Get active connections from NM @param connections return dict @param connections_name return dict """ connections.clear() connections_name.clear() check_nm_imported() active_connections = nm_get_client().get_active_connections() for active_con in active_connections: # ignore vpn devices for now if active_con.get_vpn(): continue name = active_con.get_id() uuid = active_con.get_uuid() devices = active_con.get_devices() connections_name[uuid] = name for dev in devices: ip_iface = dev.get_ip_iface() if ip_iface: connections[ip_iface] = uuid def nm_get_interfaces(): """Get active interfaces from NM @returns list of interface names """ check_nm_imported() active_interfaces = [] for active_con in nm_get_client().get_active_connections(): # ignore vpn devices for now if active_con.get_vpn(): continue try: con = active_con.get_connection() if con.get_flags() & (NM.SettingsConnectionFlags.NM_GENERATED | NM.SettingsConnectionFlags.NM_VOLATILE): continue except AttributeError: # Prior to NetworkManager 1.12, we can only guess # that a connection was generated/volatile. if con.get_unsaved(): continue for dev in active_con.get_devices(): ip_iface = dev.get_ip_iface() if ip_iface: active_interfaces.append(ip_iface) return active_interfaces def nm_get_interfaces_in_zone(zone): interfaces = [] for interface in nm_get_interfaces(): conn = nm_get_connection_of_interface(interface) if zone == nm_get_zone_of_connection(conn): interfaces.append(interface) return interfaces def nm_get_connection_of_interface(interface): """Get connection from NM that is using the interface @param interface name @returns connection that is using interface or None """ check_nm_imported() device = nm_get_client().get_device_by_iface(interface) if device is None: return None active_con = device.get_active_connection() if active_con is None: return None try: con = active_con.get_connection() if con.get_flags() & NM.SettingsConnectionFlags.NM_GENERATED: return None except AttributeError: # Prior to NetworkManager 1.12, we can only guess # that a connection was generated. if con.get_unsaved(): return None return active_con.get_uuid() def nm_get_bus_name(): if not _nm_imported: return None try: bus = dbus.SystemBus() obj = bus.get_object(NM.DBUS_INTERFACE, NM.DBUS_PATH) name = obj.bus_name del obj, bus return name except Exception: log.debug2("Failed to get bus name of NetworkManager") return None def nm_get_dbus_interface(): if not _nm_imported: return "" return NM.DBUS_INTERFACE firewalld-1.1.1/src/firewall/core/fw_policies.py0000644000000000000000000000536314217342322021671 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "FirewallPolicies" ] from firewall import config from firewall.core.logger import log from firewall.core.io.lockdown_whitelist import LockdownWhitelist from firewall import errors from firewall.errors import FirewallError class FirewallPolicies(object): def __init__(self): self._lockdown = False self.lockdown_whitelist = LockdownWhitelist(config.LOCKDOWN_WHITELIST) def __repr__(self): return '%s(%r, %r)' % (self.__class__, self._lockdown, self.lockdown_whitelist) def cleanup(self): self._lockdown = False self.lockdown_whitelist.cleanup() # lockdown def access_check(self, key, value): if key == "context": log.debug2('Doing access check for context "%s"' % value) if self.lockdown_whitelist.match_context(value): log.debug3('context matches.') return True elif key == "uid": log.debug2('Doing access check for uid %d' % value) if self.lockdown_whitelist.match_uid(value): log.debug3('uid matches.') return True elif key == "user": log.debug2('Doing access check for user "%s"' % value) if self.lockdown_whitelist.match_user(value): log.debug3('user matches.') return True elif key == "command": log.debug2('Doing access check for command "%s"' % value) if self.lockdown_whitelist.match_command(value): log.debug3('command matches.') return True return False def enable_lockdown(self): if self._lockdown: raise FirewallError(errors.ALREADY_ENABLED, "enable_lockdown()") self._lockdown = True def disable_lockdown(self): if not self._lockdown: raise FirewallError(errors.NOT_ENABLED, "disable_lockdown()") self._lockdown = False def query_lockdown(self): return self._lockdown firewalld-1.1.1/src/firewall/core/fw_policy.py0000644000000000000000000022722514217342322021364 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # SPDX-License-Identifier: GPL-2.0-or-later import copy from firewall.core.logger import log from firewall.functions import portStr, checkIPnMask, checkIP6nMask, \ checkProtocol, enable_ip_forwarding, check_single_address, \ portInPortRange, get_nf_conntrack_short_name, coalescePortRange, breakPortRange, \ checkTcpMssClamp from firewall.core.rich import Rich_Rule, Rich_Accept, \ Rich_Service, Rich_Port, Rich_Protocol, \ Rich_Masquerade, Rich_ForwardPort, Rich_SourcePort, Rich_IcmpBlock, \ Rich_IcmpType, Rich_Tcp_Mss_Clamp from firewall.core.fw_transaction import FirewallTransaction from firewall import errors from firewall.errors import FirewallError from firewall.core.base import SOURCE_IPSET_TYPES class FirewallPolicy(object): def __init__(self, fw): self._fw = fw self._chains = { } self._policies = { } def __repr__(self): return '%s(%r, %r)' % (self.__class__, self._chains, self._policies) def cleanup(self): self._chains.clear() self._policies.clear() # transaction def new_transaction(self): t = FirewallTransaction(self._fw) t.add_pre(self._fw.full_check_config) return t # policies def get_policies(self): return sorted(self._policies.keys()) def get_policies_not_derived_from_zone(self): policies = [] for p in self.get_policies(): p_obj = self.get_policy(p) if not p_obj.derived_from_zone: policies.append(p) return sorted(policies) def get_active_policies_not_derived_from_zone(self): active_policies = [] for policy in self.get_policies_not_derived_from_zone(): p_obj = self.get_policy(policy) if (set(p_obj.ingress_zones) & (set(self._fw.zone.get_active_zones()) | set(["HOST", "ANY"]))) and \ (set(p_obj.egress_zones) & (set(self._fw.zone.get_active_zones()) | set(["HOST", "ANY"]))): active_policies.append(policy) return active_policies def get_policy(self, policy): p = self._fw.check_policy(policy) return self._policies[p] def add_policy(self, obj): self._policies[obj.name] = obj def remove_policy(self, policy): obj = self._policies[policy] if obj.applied: self.unapply_policy_settings(policy) del self._policies[policy] def apply_policies(self, use_transaction=None): for policy in self.get_policies(): p_obj = self._policies[policy] if p_obj.derived_from_zone: continue if policy in self.get_active_policies_not_derived_from_zone(): log.debug1("Applying policy '%s'", policy) self.apply_policy_settings(policy, use_transaction=use_transaction) def set_policy_applied(self, policy, applied): obj = self._policies[policy] obj.applied = applied def _policy_settings(self, enable, policy, use_transaction=None): _policy = self._fw.check_policy(policy) obj = self._policies[_policy] if (enable and obj.applied) or (not enable and not obj.applied): return if enable: obj.applied = True if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if enable: # build the base chain layout of the policy for (table, chain) in self._get_table_chains_for_policy_dispatch(policy) if not obj.derived_from_zone \ else self._get_table_chains_for_zone_dispatch(policy): self.gen_chain_rules(policy, True, table, chain, transaction) if not obj.derived_from_zone: self._ingress_egress_zones(enable, _policy, transaction) for key in ["services", "ports", "masquerade", "forward_ports", "source_ports", "icmp_blocks", "rules_str", "protocols", "icmp_block_inversion", "ingress_zones", "egress_zones"]: args_list = getattr(self.get_policy(policy), key) if isinstance(args_list, bool): if not ((enable and args_list) or (not enable and args_list)): continue args_list = [args_list] for args in args_list: if key == "icmp_blocks": self._icmp_block(enable, _policy, args, transaction) elif key == "icmp_block_inversion": continue elif key == "forward_ports": self._forward_port(enable, _policy, transaction, *args) elif key == "services": self._service(enable, _policy, args, transaction) elif key == "ports": self._port(enable, _policy, args[0], args[1], transaction) elif key == "protocols": self._protocol(enable, _policy, args, transaction) elif key == "source_ports": self._source_port(enable, _policy, args[0], args[1], transaction) elif key == "masquerade": self._masquerade(enable, _policy, transaction) elif key == "rules_str": self.__rule(enable, _policy, Rich_Rule(rule_str=args), transaction) elif key == "ingress_zones": continue elif key == "egress_zones": continue else: log.warning("Policy '%s': Unknown setting '%s:%s', " "unable to apply", policy, key, args) if not enable: for (table, chain) in self._get_table_chains_for_policy_dispatch(policy) if not obj.derived_from_zone \ else self._get_table_chains_for_zone_dispatch(policy): self.gen_chain_rules(policy, False, table, chain, transaction) obj.applied = False if use_transaction is None: transaction.execute(enable) def apply_policy_settings(self, policy, use_transaction=None): self._policy_settings(True, policy, use_transaction=use_transaction) def unapply_policy_settings(self, policy, use_transaction=None): self._policy_settings(False, policy, use_transaction=use_transaction) def get_config_with_settings_dict(self, policy): return self.get_policy(policy).export_config_dict() def set_config_with_settings_dict(self, policy, settings, sender): # stupid wrappers to convert rich rule string to rich rule object from firewall.core.rich import Rich_Rule def add_rule_wrapper(policy, rule_str, timeout=0, sender=None): self.add_rule(policy, Rich_Rule(rule_str=rule_str), timeout=0, sender=sender) def remove_rule_wrapper(policy, rule_str): self.remove_rule(policy, Rich_Rule(rule_str=rule_str)) setting_to_fn = { "services": (self.add_service, self.remove_service), "ports": (self.add_port, self.remove_port), "icmp_blocks": (self.add_icmp_block, self.remove_icmp_block), "masquerade": (self.add_masquerade, self.remove_masquerade), "forward_ports": (self.add_forward_port, self.remove_forward_port), "rich_rules": (add_rule_wrapper, remove_rule_wrapper), "protocols": (self.add_protocol, self.remove_protocol), "source_ports": (self.add_source_port, self.remove_source_port), "ingress_zones": (self.add_ingress_zone, self.remove_ingress_zone), "egress_zones": (self.add_egress_zone, self.remove_egress_zone), } # do a full config check on a temporary object before trying to make # the runtime changes old_obj = self.get_policy(policy) check_obj = copy.copy(old_obj) check_obj.import_config_dict(settings, self._fw.get_all_io_objects_dict()) self._fw.full_check_config({"policies": [check_obj]}) old_settings = self.get_config_with_settings_dict(policy) (add_settings, remove_settings) = self._fw.get_added_and_removed_settings(old_settings, settings) for key in remove_settings: if isinstance(remove_settings[key], list): for args in remove_settings[key]: if isinstance(args, tuple): setting_to_fn[key][1](policy, *args) else: setting_to_fn[key][1](policy, args) else: # bool setting_to_fn[key][1](policy) for key in add_settings: if isinstance(add_settings[key], list): for args in add_settings[key]: if isinstance(args, tuple): setting_to_fn[key][0](policy, *args, timeout=0, sender=sender) else: setting_to_fn[key][0](policy, args, timeout=0, sender=sender) else: # bool setting_to_fn[key][0](policy, timeout=0, sender=sender) # ingress zones def check_ingress_zone(self, zone): if not zone: raise FirewallError(errors.INVALID_ZONE) if zone not in ["HOST", "ANY"]: self._fw.check_zone(zone) def __ingress_zone_id(self, zone): self.check_ingress_zone(zone) return zone def add_ingress_zone(self, policy, zone, timeout=0, sender=None, use_transaction=None, allow_apply=True): _policy = self._fw.check_policy(policy) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._policies[_policy] zone_id = self.__ingress_zone_id(zone) if zone_id in _obj.ingress_zones: raise FirewallError(errors.ALREADY_ENABLED, "'%s' already in '%s'" % (zone, _policy)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if allow_apply: if _obj.applied: self._ingress_egress_zones(False, _policy, transaction) # register early so backends can access updated zone list self.__register_ingress_zone(_obj, zone_id, timeout, sender) transaction.add_fail(self.__unregister_ingress_zone, _obj, zone_id) if not _obj.applied: if _policy in self.get_active_policies_not_derived_from_zone(): self.apply_policy_settings(_policy, use_transaction=transaction) transaction.add_fail(self.set_policy_applied, _policy, False) else: self._ingress_egress_zones(True, _policy, transaction) else: self.__register_ingress_zone(_obj, zone_id, timeout, sender) transaction.add_fail(self.__unregister_ingress_zone, _obj, zone_id) if use_transaction is None: transaction.execute(True) def __register_ingress_zone(self, _obj, zone_id, timeout, sender): _obj.ingress_zones.append(zone_id) def remove_ingress_zone(self, policy, zone, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_panic() _obj = self._policies[_policy] zone_id = self.__ingress_zone_id(zone) if zone_id not in _obj.ingress_zones: raise FirewallError(errors.NOT_ENABLED, "'%s' not in '%s'" % (zone, _policy)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: if len(_obj.ingress_zones) == 1: self.unapply_policy_settings(_policy, transaction) else: self._ingress_egress_zones(False, _policy, transaction) # unregister early so backends have updated zone list self.__unregister_ingress_zone(_obj, zone_id) transaction.add_fail(self.__register_ingress_zone, _obj, zone_id, None, None) if _policy in self.get_active_policies_not_derived_from_zone(): self._ingress_egress_zones(True, _policy, transaction) else: transaction.add_post(self.__unregister_ingress_zone, _obj, zone_id) if use_transaction is None: transaction.execute(True) return _policy def __unregister_ingress_zone(self, _obj, zone_id): if zone_id in _obj.ingress_zones: _obj.ingress_zones.remove(zone_id) def query_ingress_zone(self, policy, zone): return self.__ingress_zone_id(zone) in self.get_policy(policy).ingress_zones def list_ingress_zones(self, policy): return self.get_policy(policy).ingress_zones # egress zones def check_egress_zone(self, zone): if not zone: raise FirewallError(errors.INVALID_ZONE) if zone not in ["HOST", "ANY"]: self._fw.check_zone(zone) def __egress_zone_id(self, zone): self.check_egress_zone(zone) return zone def add_egress_zone(self, policy, zone, timeout=0, sender=None, use_transaction=None, allow_apply=True): _policy = self._fw.check_policy(policy) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._policies[_policy] zone_id = self.__egress_zone_id(zone) if zone_id in _obj.egress_zones: raise FirewallError(errors.ALREADY_ENABLED, "'%s' already in '%s'" % (zone, _policy)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if allow_apply: if _obj.applied: self._ingress_egress_zones(False, _policy, transaction) # register early so backends can access updated zone list self.__register_egress_zone(_obj, zone_id, timeout, sender) transaction.add_fail(self.__unregister_egress_zone, _obj, zone_id) if not _obj.applied: if _policy in self.get_active_policies_not_derived_from_zone(): self.apply_policy_settings(_policy, use_transaction=transaction) transaction.add_fail(self.set_policy_applied, _policy, False) else: self._ingress_egress_zones(True, _policy, transaction) else: self.__register_egress_zone(_obj, zone_id, timeout, sender) transaction.add_fail(self.__unregister_egress_zone, _obj, zone_id) if use_transaction is None: transaction.execute(True) def __register_egress_zone(self, _obj, zone_id, timeout, sender): _obj.egress_zones.append(zone_id) def remove_egress_zone(self, policy, zone, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_panic() _obj = self._policies[_policy] zone_id = self.__egress_zone_id(zone) if zone_id not in _obj.egress_zones: raise FirewallError(errors.NOT_ENABLED, "'%s' not in '%s'" % (zone, _policy)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: if len(_obj.egress_zones) == 1: self.unapply_policy_settings(_policy, transaction) else: self._ingress_egress_zones(False, _policy, transaction) # unregister early so backends have updated zone list self.__unregister_egress_zone(_obj, zone_id) transaction.add_fail(self.__register_egress_zone, _obj, zone_id, None, None) if _policy in self.get_active_policies_not_derived_from_zone(): self._ingress_egress_zones(True, _policy, transaction) else: transaction.add_post(self.__unregister_egress_zone, _obj, zone_id) if use_transaction is None: transaction.execute(True) return _policy def __unregister_egress_zone(self, _obj, zone_id): if zone_id in _obj.egress_zones: _obj.egress_zones.remove(zone_id) def query_egress_zone(self, policy, zone): return self.__egress_zone_id(zone) in self.get_policy(policy).egress_zones def list_egress_zones(self, policy): return self.get_policy(policy).egress_zones # RICH LANGUAGE def check_rule(self, rule): rule.check() def __rule_id(self, rule): self.check_rule(rule) return str(rule) def _rule_source_ipv(self, source): if not source: return None if source.addr: if checkIPnMask(source.addr): return "ipv4" elif checkIP6nMask(source.addr): return "ipv6" elif hasattr(source, "mac") and source.mac: return "" elif hasattr(source, "ipset") and source.ipset: self._check_ipset_type_for_source(source.ipset) self._check_ipset_applied(source.ipset) return self._ipset_family(source.ipset) return None def __rule(self, enable, policy, rule, transaction): self._rule_prepare(enable, policy, rule, transaction) def add_rule(self, policy, rule, timeout=0, sender=None, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._policies[_policy] rule_id = self.__rule_id(rule) if rule_id in _obj.rules_str: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.ALREADY_ENABLED, "'%s' already in '%s'" % (rule, _name)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self.__rule(True, _policy, rule, transaction) self.__register_rule(_obj, rule_id, timeout, sender) transaction.add_fail(self.__unregister_rule, _obj, rule_id) if use_transaction is None: transaction.execute(True) return _policy def __register_rule(self, _obj, rule_id, timeout, sender): _obj.rules_str.append(rule_id) def remove_rule(self, policy, rule, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_panic() _obj = self._policies[_policy] rule_id = self.__rule_id(rule) if rule_id not in _obj.rules_str: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.NOT_ENABLED, "'%s' not in '%s'" % (rule, _name)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self.__rule(False, _policy, rule, transaction) transaction.add_post(self.__unregister_rule, _obj, rule_id) if use_transaction is None: transaction.execute(True) return _policy def __unregister_rule(self, _obj, rule_id): if rule_id in _obj.rules_str: _obj.rules_str.remove(rule_id) def query_rule(self, policy, rule): return self.__rule_id(rule) in self.get_policy(policy).rules_str def list_rules(self, policy): return self.get_policy(policy).rules_str # SERVICES def check_service(self, service): self._fw.check_service(service) def __service_id(self, service): self.check_service(service) return service def add_service(self, policy, service, timeout=0, sender=None, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._policies[_policy] service_id = self.__service_id(service) if service_id in _obj.services: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.ALREADY_ENABLED, "'%s' already in '%s'" % (service, _name)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._service(True, _policy, service, transaction) self.__register_service(_obj, service_id, timeout, sender) transaction.add_fail(self.__unregister_service, _obj, service_id) if use_transaction is None: transaction.execute(True) return _policy def __register_service(self, _obj, service_id, timeout, sender): _obj.services.append(service_id) def remove_service(self, policy, service, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_panic() _obj = self._policies[_policy] service_id = self.__service_id(service) if service_id not in _obj.services: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.NOT_ENABLED, "'%s' not in '%s'" % (service, _name)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._service(False, _policy, service, transaction) transaction.add_post(self.__unregister_service, _obj, service_id) if use_transaction is None: transaction.execute(True) return _policy def __unregister_service(self, _obj, service_id): if service_id in _obj.services: _obj.services.remove(service_id) def query_service(self, policy, service): return self.__service_id(service) in self.get_policy(policy).services def list_services(self, policy): return self.get_policy(policy).services def get_helpers_for_service_helpers(self, helpers): _helpers = [ ] for helper in helpers: try: _helper = self._fw.helper.get_helper(helper) except FirewallError: raise FirewallError(errors.INVALID_HELPER, helper) _helpers.append(_helper) return _helpers def get_helpers_for_service_modules(self, modules, enable): # If automatic helper assignment is turned off, helpers that # do not have ports defined will be replaced by the helpers # that the helper.module defines. _helpers = [ ] for module in modules: try: helper = self._fw.helper.get_helper(module) except FirewallError: raise FirewallError(errors.INVALID_HELPER, module) if len(helper.ports) < 1: _module_short_name = get_nf_conntrack_short_name(helper.module) try: _helper = self._fw.helper.get_helper(_module_short_name) _helpers.append(_helper) except FirewallError: if enable: log.warning("Helper '%s' is not available" % _module_short_name) continue else: _helpers.append(helper) return _helpers # PORTS def check_port(self, port, protocol): self._fw.check_port(port) self._fw.check_tcpudp(protocol) def __port_id(self, port, protocol): self.check_port(port, protocol) return (portStr(port, "-"), protocol) def add_port(self, policy, port, protocol, timeout=0, sender=None, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._policies[_policy] existing_port_ids = list(filter(lambda x: x[1] == protocol, _obj.ports)) for port_id in existing_port_ids: if portInPortRange(port, port_id[0]): _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s' already in '%s'" % (port, protocol, _name)) added_ranges, removed_ranges = coalescePortRange(port, [_port for (_port, _protocol) in existing_port_ids]) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: for range in added_ranges: self._port(True, _policy, portStr(range, "-"), protocol, transaction) for range in removed_ranges: self._port(False, _policy, portStr(range, "-"), protocol, transaction) for range in added_ranges: port_id = self.__port_id(range, protocol) self.__register_port(_obj, port_id, timeout, sender) transaction.add_fail(self.__unregister_port, _obj, port_id) for range in removed_ranges: port_id = self.__port_id(range, protocol) transaction.add_post(self.__unregister_port, _obj, port_id) if use_transaction is None: transaction.execute(True) return _policy def __register_port(self, _obj, port_id, timeout, sender): _obj.ports.append(port_id) def remove_port(self, policy, port, protocol, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_panic() _obj = self._policies[_policy] existing_port_ids = list(filter(lambda x: x[1] == protocol, _obj.ports)) for port_id in existing_port_ids: if portInPortRange(port, port_id[0]): break else: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.NOT_ENABLED, "'%s:%s' not in '%s'" % (port, protocol, _name)) added_ranges, removed_ranges = breakPortRange(port, [_port for (_port, _protocol) in existing_port_ids]) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: for range in added_ranges: self._port(True, _policy, portStr(range, "-"), protocol, transaction) for range in removed_ranges: self._port(False, _policy, portStr(range, "-"), protocol, transaction) for range in added_ranges: port_id = self.__port_id(range, protocol) self.__register_port(_obj, port_id, 0, None) transaction.add_fail(self.__unregister_port, _obj, port_id) for range in removed_ranges: port_id = self.__port_id(range, protocol) transaction.add_post(self.__unregister_port, _obj, port_id) if use_transaction is None: transaction.execute(True) return _policy def __unregister_port(self, _obj, port_id): if port_id in _obj.ports: _obj.ports.remove(port_id) def query_port(self, policy, port, protocol): for (_port, _protocol) in self.get_policy(policy).ports: if portInPortRange(port, _port) and protocol == _protocol: return True return False def list_ports(self, policy): return self.get_policy(policy).ports # PROTOCOLS def check_protocol(self, protocol): if not checkProtocol(protocol): raise FirewallError(errors.INVALID_PROTOCOL, protocol) def check_tcp_mss_clamp(self, tcp_mss_clamp_value): if not checkTcpMssClamp(tcp_mss_clamp_value): raise FirewallError(errors.INVALID_RULE, "tcp-mss-clamp value must be greater than or equal to 536, or the value 'pmtu'. Invalid value '%s'" % (tcp_mss_clamp_value)) def __protocol_id(self, protocol): self.check_protocol(protocol) return protocol def add_protocol(self, policy, protocol, timeout=0, sender=None, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._policies[_policy] protocol_id = self.__protocol_id(protocol) if protocol_id in _obj.protocols: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.ALREADY_ENABLED, "'%s' already in '%s'" % (protocol, _name)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._protocol(True, _policy, protocol, transaction) self.__register_protocol(_obj, protocol_id, timeout, sender) transaction.add_fail(self.__unregister_protocol, _obj, protocol_id) if use_transaction is None: transaction.execute(True) return _policy def __register_protocol(self, _obj, protocol_id, timeout, sender): _obj.protocols.append(protocol_id) def remove_protocol(self, policy, protocol, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_panic() _obj = self._policies[_policy] protocol_id = self.__protocol_id(protocol) if protocol_id not in _obj.protocols: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.NOT_ENABLED, "'%s' not in '%s'" % (protocol, _name)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._protocol(False, _policy, protocol, transaction) transaction.add_post(self.__unregister_protocol, _obj, protocol_id) if use_transaction is None: transaction.execute(True) return _policy def __unregister_protocol(self, _obj, protocol_id): if protocol_id in _obj.protocols: _obj.protocols.remove(protocol_id) def query_protocol(self, policy, protocol): return self.__protocol_id(protocol) in self.get_policy(policy).protocols def list_protocols(self, policy): return self.get_policy(policy).protocols # SOURCE PORTS def __source_port_id(self, port, protocol): self.check_port(port, protocol) return (portStr(port, "-"), protocol) def add_source_port(self, policy, port, protocol, timeout=0, sender=None, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._policies[_policy] existing_port_ids = list(filter(lambda x: x[1] == protocol, _obj.source_ports)) for port_id in existing_port_ids: if portInPortRange(port, port_id[0]): _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s' already in '%s'" % (port, protocol, _name)) added_ranges, removed_ranges = coalescePortRange(port, [_port for (_port, _protocol) in existing_port_ids]) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: for range in added_ranges: self._source_port(True, _policy, portStr(range, "-"), protocol, transaction) for range in removed_ranges: self._source_port(False, _policy, portStr(range, "-"), protocol, transaction) for range in added_ranges: port_id = self.__source_port_id(range, protocol) self.__register_source_port(_obj, port_id, timeout, sender) transaction.add_fail(self.__unregister_source_port, _obj, port_id) for range in removed_ranges: port_id = self.__source_port_id(range, protocol) transaction.add_post(self.__unregister_source_port, _obj, port_id) if use_transaction is None: transaction.execute(True) return _policy def __register_source_port(self, _obj, port_id, timeout, sender): _obj.source_ports.append(port_id) def remove_source_port(self, policy, port, protocol, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_panic() _obj = self._policies[_policy] existing_port_ids = list(filter(lambda x: x[1] == protocol, _obj.source_ports)) for port_id in existing_port_ids: if portInPortRange(port, port_id[0]): break else: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.NOT_ENABLED, "'%s:%s' not in '%s'" % (port, protocol, _name)) added_ranges, removed_ranges = breakPortRange(port, [_port for (_port, _protocol) in existing_port_ids]) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: for range in added_ranges: self._source_port(True, _policy, portStr(range, "-"), protocol, transaction) for range in removed_ranges: self._source_port(False, _policy, portStr(range, "-"), protocol, transaction) for range in added_ranges: port_id = self.__source_port_id(range, protocol) self.__register_source_port(_obj, port_id, 0, None) transaction.add_fail(self.__unregister_source_port, _obj, port_id) for range in removed_ranges: port_id = self.__source_port_id(range, protocol) transaction.add_post(self.__unregister_source_port, _obj, port_id) if use_transaction is None: transaction.execute(True) return _policy def __unregister_source_port(self, _obj, port_id): if port_id in _obj.source_ports: _obj.source_ports.remove(port_id) def query_source_port(self, policy, port, protocol): for (_port, _protocol) in self.get_policy(policy).source_ports: if portInPortRange(port, _port) and protocol == _protocol: return True return False def list_source_ports(self, policy): return self.get_policy(policy).source_ports # MASQUERADE def add_masquerade(self, policy, timeout=0, sender=None, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._policies[_policy] if _obj.masquerade: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.ALREADY_ENABLED, "masquerade already enabled in '%s'" % _name) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._masquerade(True, _policy, transaction) self.__register_masquerade(_obj, timeout, sender) transaction.add_fail(self.__unregister_masquerade, _obj) if use_transaction is None: transaction.execute(True) return _policy def __register_masquerade(self, _obj, timeout, sender): _obj.masquerade = True def remove_masquerade(self, policy, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_panic() _obj = self._policies[_policy] if not _obj.masquerade: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.NOT_ENABLED, "masquerade not enabled in '%s'" % _name) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._masquerade(False, _policy, transaction) transaction.add_post(self.__unregister_masquerade, _obj) if use_transaction is None: transaction.execute(True) return _policy def __unregister_masquerade(self, _obj): _obj.masquerade = False def query_masquerade(self, policy): return self.get_policy(policy).masquerade # PORT FORWARDING def check_forward_port(self, ipv, port, protocol, toport=None, toaddr=None): self._fw.check_port(port) self._fw.check_tcpudp(protocol) if toport: self._fw.check_port(toport) if toaddr: if not check_single_address(ipv, toaddr): raise FirewallError(errors.INVALID_ADDR, toaddr) if not toport and not toaddr: raise FirewallError( errors.INVALID_FORWARD, "port-forwarding is missing to-port AND to-addr") def __forward_port_id(self, port, protocol, toport=None, toaddr=None): if check_single_address("ipv6", toaddr): self.check_forward_port("ipv6", port, protocol, toport, toaddr) else: self.check_forward_port("ipv4", port, protocol, toport, toaddr) return (portStr(port, "-"), protocol, portStr(toport, "-"), str(toaddr)) def add_forward_port(self, policy, port, protocol, toport=None, toaddr=None, timeout=0, sender=None, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._policies[_policy] forward_id = self.__forward_port_id(port, protocol, toport, toaddr) if forward_id in _obj.forward_ports: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s:%s:%s' already in '%s'" % \ (port, protocol, toport, toaddr, _name)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._forward_port(True, _policy, transaction, port, protocol, toport, toaddr) self.__register_forward_port(_obj, forward_id, timeout, sender) transaction.add_fail(self.__unregister_forward_port, _obj, forward_id) if use_transaction is None: transaction.execute(True) return _policy def __register_forward_port(self, _obj, forward_id, timeout, sender): _obj.forward_ports.append(forward_id) def remove_forward_port(self, policy, port, protocol, toport=None, toaddr=None, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_panic() _obj = self._policies[_policy] forward_id = self.__forward_port_id(port, protocol, toport, toaddr) if forward_id not in _obj.forward_ports: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.NOT_ENABLED, "'%s:%s:%s:%s' not in '%s'" % \ (port, protocol, toport, toaddr, _name)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._forward_port(False, _policy, transaction, port, protocol, toport, toaddr) transaction.add_post(self.__unregister_forward_port, _obj, forward_id) if use_transaction is None: transaction.execute(True) return _policy def __unregister_forward_port(self, _obj, forward_id): if forward_id in _obj.forward_ports: _obj.forward_ports.remove(forward_id) def query_forward_port(self, policy, port, protocol, toport=None, toaddr=None): forward_id = self.__forward_port_id(port, protocol, toport, toaddr) return forward_id in self.get_policy(policy).forward_ports def list_forward_ports(self, policy): return self.get_policy(policy).forward_ports # ICMP BLOCK def check_icmp_block(self, icmp): self._fw.check_icmptype(icmp) def __icmp_block_id(self, icmp): self.check_icmp_block(icmp) return icmp def add_icmp_block(self, policy, icmp, timeout=0, sender=None, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._policies[_policy] icmp_id = self.__icmp_block_id(icmp) if icmp_id in _obj.icmp_blocks: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.ALREADY_ENABLED, "'%s' already in '%s'" % (icmp, _name)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._icmp_block(True, _policy, icmp, transaction) self.__register_icmp_block(_obj, icmp_id, timeout, sender) transaction.add_fail(self.__unregister_icmp_block, _obj, icmp_id) if use_transaction is None: transaction.execute(True) return _policy def __register_icmp_block(self, _obj, icmp_id, timeout, sender): _obj.icmp_blocks.append(icmp_id) def remove_icmp_block(self, policy, icmp, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_panic() _obj = self._policies[_policy] icmp_id = self.__icmp_block_id(icmp) if icmp_id not in _obj.icmp_blocks: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError(errors.NOT_ENABLED, "'%s' not in '%s'" % (icmp, _name)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._icmp_block(False, _policy, icmp, transaction) transaction.add_post(self.__unregister_icmp_block, _obj, icmp_id) if use_transaction is None: transaction.execute(True) return _policy def __unregister_icmp_block(self, _obj, icmp_id): if icmp_id in _obj.icmp_blocks: _obj.icmp_blocks.remove(icmp_id) def query_icmp_block(self, policy, icmp): return self.__icmp_block_id(icmp) in self.get_policy(policy).icmp_blocks def list_icmp_blocks(self, policy): return self.get_policy(policy).icmp_blocks # ICMP BLOCK INVERSION def add_icmp_block_inversion(self, policy, sender=None, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_panic() _obj = self._policies[_policy] if _obj.icmp_block_inversion: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError( errors.ALREADY_ENABLED, "icmp-block-inversion already enabled in '%s'" % _name) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: # undo icmp blocks for args in _obj.icmp_blocks: self._icmp_block(False, _policy, args, transaction) self._icmp_block_inversion(False, _policy, transaction) self.__register_icmp_block_inversion(_obj, sender) transaction.add_fail(self.__undo_icmp_block_inversion, _policy, _obj) # redo icmp blocks if _obj.applied: for args in _obj.icmp_blocks: self._icmp_block(True, _policy, args, transaction) self._icmp_block_inversion(True, _policy, transaction) if use_transaction is None: transaction.execute(True) return _policy def __register_icmp_block_inversion(self, _obj, sender): _obj.icmp_block_inversion = True def __undo_icmp_block_inversion(self, _policy, _obj): transaction = self.new_transaction() # undo icmp blocks if _obj.applied: for args in _obj.icmp_blocks: self._icmp_block(False, _policy, args, transaction) _obj.icmp_block_inversion = False # redo icmp blocks if _obj.applied: for args in _obj.icmp_blocks: self._icmp_block(True, _policy, args, transaction) transaction.execute(True) def remove_icmp_block_inversion(self, policy, use_transaction=None): _policy = self._fw.check_policy(policy) self._fw.check_panic() _obj = self._policies[_policy] if not _obj.icmp_block_inversion: _name = _obj.derived_from_zone if _obj.derived_from_zone else _policy raise FirewallError( errors.NOT_ENABLED, "icmp-block-inversion not enabled in '%s'" % _name) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: # undo icmp blocks for args in _obj.icmp_blocks: self._icmp_block(False, _policy, args, transaction) self._icmp_block_inversion(False, _policy, transaction) self.__unregister_icmp_block_inversion(_obj) transaction.add_fail(self.__register_icmp_block_inversion, _obj, None) # redo icmp blocks if _obj.applied: for args in _obj.icmp_blocks: self._icmp_block(True, _policy, args, transaction) self._icmp_block_inversion(True, _policy, transaction) if use_transaction is None: transaction.execute(True) return _policy def __unregister_icmp_block_inversion(self, _obj): _obj.icmp_block_inversion = False def query_icmp_block_inversion(self, policy): return self.get_policy(policy).icmp_block_inversion def gen_chain_rules(self, policy, create, table, chain, transaction): obj = self._fw.policy.get_policy(policy) if obj.derived_from_zone: # For policies derived from zones, use only the first policy in the # list to track chain creation. The chain names are converted to # zone-based names as such they're "global" for all zone derived # policies. tracking_policy = self._fw.zone._zone_policies[obj.derived_from_zone][0] else: tracking_policy = policy if create: if tracking_policy in self._chains and \ (table, chain) in self._chains[tracking_policy]: return else: if tracking_policy not in self._chains or \ (table, chain) not in self._chains[tracking_policy]: return for backend in self._fw.enabled_backends(): if backend.policies_supported and \ table in backend.get_available_tables(): rules = backend.build_policy_chain_rules(create, policy, table, chain) transaction.add_rules(backend, rules) self._register_chains(tracking_policy, create, [(table, chain)]) transaction.add_fail(self._register_chains, tracking_policy, not create, [(table, chain)]) def _register_chains(self, policy, create, tables): for (table, chain) in tables: if create: self._chains.setdefault(policy, []).append((table, chain)) else: self._chains[policy].remove((table, chain)) if len(self._chains[policy]) == 0: del self._chains[policy] # IPSETS def _ipset_family(self, name): if self._fw.ipset.get_type(name) == "hash:mac": return None return self._fw.ipset.get_family(name) def __ipset_type(self, name): return self._fw.ipset.get_type(name) def _ipset_match_flags(self, name, flag): return ",".join([flag] * self._fw.ipset.get_dimension(name)) def _check_ipset_applied(self, name): return self._fw.ipset.check_applied(name) def _check_ipset_type_for_source(self, name): _type = self.__ipset_type(name) if _type not in SOURCE_IPSET_TYPES: raise FirewallError( errors.INVALID_IPSET, "ipset '%s' with type '%s' not usable as source" % \ (name, _type)) def _rule_prepare(self, enable, policy, rule, transaction): ipvs = [] if rule.family: ipvs = [ rule.family ] elif rule.element and (isinstance(rule.element, Rich_IcmpBlock) or isinstance(rule.element, Rich_IcmpType)): ict = self._fw.config.get_icmptype(rule.element.name) if ict.destination: ipvs = [ipv for ipv in ["ipv4", "ipv6"] if ipv in ict.destination] source_ipv = self._rule_source_ipv(rule.source) if source_ipv: if rule.family: # rule family is defined by user, no way to change it if rule.family != source_ipv: raise FirewallError(errors.INVALID_RULE, "Source address family '%s' conflicts with rule family '%s'." % (source_ipv, rule.family)) else: # use the source family as rule family ipvs = [ source_ipv ] if not ipvs: ipvs = ["ipv4", "ipv6"] # clamp ipvs to those that are actually enabled. ipvs = [ipv for ipv in ipvs if self._fw.is_ipv_enabled(ipv)] # add an element to object to allow backends to know what ipvs this applies to rule.ipvs = ipvs for backend in set([self._fw.get_backend_by_ipv(x) for x in ipvs]): # SERVICE if type(rule.element) == Rich_Service: svc = self._fw.service.get_service(rule.element.name) destinations = [] if len(svc.destination) > 0: if rule.destination: # we can not use two destinations at the same time raise FirewallError(errors.INVALID_RULE, "Destination conflict with service.") for ipv in ipvs: if ipv in svc.destination and backend.is_ipv_supported(ipv): destinations.append(svc.destination[ipv]) else: # dummy for the following for loop destinations.append(None) for destination in destinations: if type(rule.action) == Rich_Accept: # only load modules for accept action helpers = self.get_helpers_for_service_modules(svc.modules, enable) helpers += self.get_helpers_for_service_helpers(svc.helpers) helpers = sorted(set(helpers), key=lambda x: x.name) modules = [ ] for helper in helpers: module = helper.module _module_short_name = get_nf_conntrack_short_name(module) nat_module = module.replace("conntrack", "nat") modules.append(nat_module) if helper.family != "" and not backend.is_ipv_supported(helper.family): # no support for family ipv, continue continue if len(helper.ports) < 1: modules.append(module) else: for (port,proto) in helper.ports: rules = backend.build_policy_helper_ports_rules( enable, policy, proto, port, destination, helper.name, _module_short_name) transaction.add_rules(backend, rules) transaction.add_modules(modules) # create rules for (port,proto) in svc.ports: rules = backend.build_policy_ports_rules( enable, policy, proto, port, destination, rule) transaction.add_rules(backend, rules) for proto in svc.protocols: rules = backend.build_policy_protocol_rules( enable, policy, proto, destination, rule) transaction.add_rules(backend, rules) # create rules for (port,proto) in svc.source_ports: rules = backend.build_policy_source_ports_rules( enable, policy, proto, port, destination, rule) transaction.add_rules(backend, rules) # PORT elif type(rule.element) == Rich_Port: port = rule.element.port protocol = rule.element.protocol self.check_port(port, protocol) rules = backend.build_policy_ports_rules( enable, policy, protocol, port, None, rule) transaction.add_rules(backend, rules) # PROTOCOL elif type(rule.element) == Rich_Protocol: protocol = rule.element.value self.check_protocol(protocol) rules = backend.build_policy_protocol_rules( enable, policy, protocol, None, rule) transaction.add_rules(backend, rules) # TCP/MSS CLAMP elif type(rule.element) == Rich_Tcp_Mss_Clamp: tcp_mss_clamp_value = rule.element.value self.check_tcp_mss_clamp(tcp_mss_clamp_value) rules = backend.build_policy_tcp_mss_clamp_rules( enable, policy, tcp_mss_clamp_value, None, rule) transaction.add_rules(backend, rules) # MASQUERADE elif type(rule.element) == Rich_Masquerade: if enable: for ipv in ipvs: if backend.is_ipv_supported(ipv): transaction.add_post(enable_ip_forwarding, ipv) rules = backend.build_policy_masquerade_rules(enable, policy, rule) transaction.add_rules(backend, rules) # FORWARD PORT elif type(rule.element) == Rich_ForwardPort: port = rule.element.port protocol = rule.element.protocol toport = rule.element.to_port toaddr = rule.element.to_address for ipv in ipvs: if backend.is_ipv_supported(ipv): self.check_forward_port(ipv, port, protocol, toport, toaddr) if toaddr and enable: transaction.add_post(enable_ip_forwarding, ipv) rules = backend.build_policy_forward_port_rules( enable, policy, port, protocol, toport, toaddr, rule) transaction.add_rules(backend, rules) # SOURCE PORT elif type(rule.element) == Rich_SourcePort: port = rule.element.port protocol = rule.element.protocol self.check_port(port, protocol) rules = backend.build_policy_source_ports_rules( enable, policy, protocol, port, None, rule) transaction.add_rules(backend, rules) # ICMP BLOCK and ICMP TYPE elif type(rule.element) == Rich_IcmpBlock or \ type(rule.element) == Rich_IcmpType: ict = self._fw.config.get_icmptype(rule.element.name) if rule.family and ict.destination and \ rule.family not in ict.destination: raise FirewallError(errors.INVALID_ICMPTYPE, "rich rule family '%s' conflicts with icmp type '%s'" % \ (rule.family, rule.element.name)) if type(rule.element) == Rich_IcmpBlock and \ rule.action and type(rule.action) == Rich_Accept: # icmp block might have reject or drop action, but not accept raise FirewallError(errors.INVALID_RULE, "IcmpBlock not usable with accept action") rules = backend.build_policy_icmp_block_rules(enable, policy, ict, rule) transaction.add_rules(backend, rules) elif rule.element is None: rules = backend.build_policy_rich_source_destination_rules( enable, policy, rule) transaction.add_rules(backend, rules) # EVERYTHING ELSE else: raise FirewallError(errors.INVALID_RULE, "Unknown element %s" % type(rule.element)) def _service(self, enable, policy, service, transaction, included_services=None): svc = self._fw.service.get_service(service) helpers = self.get_helpers_for_service_modules(svc.modules, enable) helpers += self.get_helpers_for_service_helpers(svc.helpers) helpers = sorted(set(helpers), key=lambda x: x.name) # First apply any services this service may include if included_services is None: included_services = [service] for include in svc.includes: if include in included_services: continue self.check_service(include) included_services.append(include) self._service(enable, policy, include, transaction, included_services=included_services) # build a list of (backend, destination). The destination may be ipv4, # ipv6 or None # backends_ipv = [] for ipv in ["ipv4", "ipv6"]: if not self._fw.is_ipv_enabled(ipv): continue backend = self._fw.get_backend_by_ipv(ipv) if len(svc.destination) > 0: if ipv in svc.destination: backends_ipv.append((backend, svc.destination[ipv])) else: if (backend, None) not in backends_ipv: backends_ipv.append((backend, None)) for (backend,destination) in backends_ipv: for helper in helpers: module = helper.module _module_short_name = get_nf_conntrack_short_name(module) nat_module = helper.module.replace("conntrack", "nat") transaction.add_module(nat_module) if helper.family != "" and not backend.is_ipv_supported(helper.family): # no support for family ipv, continue continue if len(helper.ports) < 1: transaction.add_module(module) else: for (port,proto) in helper.ports: rules = backend.build_policy_helper_ports_rules( enable, policy, proto, port, destination, helper.name, _module_short_name) transaction.add_rules(backend, rules) for (port,proto) in svc.ports: rules = backend.build_policy_ports_rules(enable, policy, proto, port, destination) transaction.add_rules(backend, rules) for protocol in svc.protocols: rules = backend.build_policy_protocol_rules( enable, policy, protocol, destination) transaction.add_rules(backend, rules) for (port,proto) in svc.source_ports: rules = backend.build_policy_source_ports_rules( enable, policy, proto, port, destination) transaction.add_rules(backend, rules) def _port(self, enable, policy, port, protocol, transaction): for backend in self._fw.enabled_backends(): if not backend.policies_supported: continue rules = backend.build_policy_ports_rules(enable, policy, protocol, port) transaction.add_rules(backend, rules) def _protocol(self, enable, policy, protocol, transaction): for backend in self._fw.enabled_backends(): if not backend.policies_supported: continue rules = backend.build_policy_protocol_rules(enable, policy, protocol) transaction.add_rules(backend, rules) def _source_port(self, enable, policy, port, protocol, transaction): for backend in self._fw.enabled_backends(): if not backend.policies_supported: continue rules = backend.build_policy_source_ports_rules(enable, policy, protocol, port) transaction.add_rules(backend, rules) def _masquerade(self, enable, policy, transaction): ipv = "ipv4" transaction.add_post(enable_ip_forwarding, ipv) backend = self._fw.get_backend_by_ipv(ipv) rules = backend.build_policy_masquerade_rules(enable, policy) transaction.add_rules(backend, rules) def _forward_port(self, enable, policy, transaction, port, protocol, toport=None, toaddr=None): if check_single_address("ipv6", toaddr): ipv = "ipv6" else: ipv = "ipv4" if toaddr and enable: transaction.add_post(enable_ip_forwarding, ipv) backend = self._fw.get_backend_by_ipv(ipv) rules = backend.build_policy_forward_port_rules( enable, policy, port, protocol, toport, toaddr) transaction.add_rules(backend, rules) def _icmp_block(self, enable, policy, icmp, transaction): ict = self._fw.config.get_icmptype(icmp) for backend in self._fw.enabled_backends(): if not backend.policies_supported: continue skip_backend = False if ict.destination: for ipv in ["ipv4", "ipv6"]: if ipv in ict.destination: if not backend.is_ipv_supported(ipv): skip_backend = True break if skip_backend: continue rules = backend.build_policy_icmp_block_rules(enable, policy, ict) transaction.add_rules(backend, rules) def _icmp_block_inversion(self, enable, policy, transaction): target = self._policies[policy].target # Do not add general icmp accept rules into a trusted, block or drop # policy. if target in [ "DROP", "%%REJECT%%", "REJECT" ]: return if not self.query_icmp_block_inversion(policy) and target == "ACCEPT": # ibi target and policy target are ACCEPT, no need to add an extra # rule return for backend in self._fw.enabled_backends(): if not backend.policies_supported: continue rules = backend.build_policy_icmp_block_inversion_rules(enable, policy) transaction.add_rules(backend, rules) def check_ingress_egress(self, policy, ingress_zones, egress_zones, ingress_interfaces, egress_interfaces, ingress_sources, egress_sources): for zone in ingress_zones: self.check_ingress_zone(zone) for zone in egress_zones: self.check_egress_zone(zone) if ("ANY" in ingress_zones or "HOST" in ingress_zones) and \ len(ingress_zones) > 1: raise FirewallError(errors.INVALID_ZONE, "'ingress-zones' may only contain one of: many regular zones, ANY, or HOST") if ("ANY" in egress_zones or "HOST" in egress_zones) and \ len(egress_zones) > 1: raise FirewallError(errors.INVALID_ZONE, "'egress-zones' may only contain one of: many regular zones, ANY, or HOST") if (egress_interfaces or egress_sources) and \ not ingress_interfaces and not ingress_sources and \ "HOST" not in ingress_zones and "ANY" not in ingress_zones: raise FirewallError(errors.INVALID_ZONE, "policy \"%s\" has no ingress" % (policy)) if (ingress_interfaces or ingress_sources) and \ not egress_interfaces and not egress_sources and \ "HOST" not in egress_zones and "ANY" not in egress_zones: raise FirewallError(errors.INVALID_ZONE, "policy \"%s\" has no egress" % (policy)) def check_ingress_egress_chain(self, policy, table, chain, ingress_zones, egress_zones, ingress_interfaces, egress_interfaces, ingress_sources, egress_sources): if chain == "PREROUTING": # raw,prerouting is used for conntrack helpers (services), so we # need to allow it if egress-zones contains an actual zone if table != "raw": if egress_interfaces: raise FirewallError(errors.INVALID_ZONE, "policy \"%s\" egress-zones may not include a zone with added interfaces." % (policy)) elif chain == "POSTROUTING": if "HOST" in ingress_zones: raise FirewallError(errors.INVALID_ZONE, "policy \"%s\" ingress-zones may not include HOST." % (policy)) if "HOST" in egress_zones: raise FirewallError(errors.INVALID_ZONE, "policy \"%s\" egress-zones may not include HOST." % (policy)) if ingress_interfaces: raise FirewallError(errors.INVALID_ZONE, "policy \"%s\" ingress-zones may not include a zone with added interfaces." % (policy)) elif chain == "FORWARD": if "HOST" in ingress_zones: raise FirewallError(errors.INVALID_ZONE, "policy \"%s\" ingress-zones may not include HOST." % (policy)) if "HOST" in egress_zones: raise FirewallError(errors.INVALID_ZONE, "policy \"%s\" egress-zones may not include HOST." % (policy)) elif chain == "INPUT": if "HOST" not in egress_zones: raise FirewallError(errors.INVALID_ZONE, "policy \"%s\" egress-zones must include only HOST." % (policy)) elif chain == "OUTPUT": if "HOST" not in ingress_zones: raise FirewallError(errors.INVALID_ZONE, "policy \"%s\" ingress-zones must include only HOST." % (policy)) def _ingress_egress_zones_transaction(self, enable, policy): transaction = FirewallTransaction(self._fw) self._ingress_egress_zones(enable, policy, transaction) transaction.execute(True) def _ingress_egress_zones(self, enable, policy, transaction): obj = self._policies[policy] ingress_zones = obj.ingress_zones egress_zones = obj.egress_zones ingress_interfaces = set() egress_interfaces = set() ingress_sources = set() egress_sources = set() for zone in ingress_zones: if zone in ["ANY", "HOST"]: continue ingress_interfaces |= set(self._fw.zone.list_interfaces(zone)) ingress_sources |= set(self._fw.zone.list_sources(zone)) for zone in egress_zones: if zone in ["ANY", "HOST"]: continue egress_interfaces |= set(self._fw.zone.list_interfaces(zone)) egress_sources |= set(self._fw.zone.list_sources(zone)) self.check_ingress_egress(policy, ingress_zones, egress_zones, ingress_interfaces, egress_interfaces, ingress_sources, egress_sources) for backend in self._fw.enabled_backends(): if not backend.policies_supported: continue for (table, chain) in self._get_table_chains_for_policy_dispatch(policy): self.check_ingress_egress_chain(policy, table, chain, ingress_zones, egress_zones, ingress_interfaces, egress_interfaces, ingress_sources, egress_sources) rules = backend.build_policy_ingress_egress_rules(enable, policy, table, chain, ingress_interfaces, egress_interfaces, ingress_sources, egress_sources) transaction.add_rules(backend, rules) def _get_table_chains_for_policy_dispatch(self, policy): """Create a list of (table, chain) needed for policy dispatch""" obj = self._policies[policy] if "ANY" in obj.ingress_zones and "HOST" in obj.egress_zones: # any --> HOST tc = [("filter", "INPUT"), ("nat", "PREROUTING"), ("mangle", "PREROUTING")] # iptables backend needs to put conntrack helper rules in raw # prerouting. if not self._fw.nftables_enabled: tc.append(("raw", "PREROUTING")) return tc elif "HOST" in obj.egress_zones: # zone --> HOST tc = [("filter", "INPUT")] # iptables backend needs to put conntrack helper rules in raw # prerouting. if not self._fw.nftables_enabled: tc.append(("raw", "PREROUTING")) return tc elif "HOST" in obj.ingress_zones: # HOST --> zone/any return [("filter", "OUTPUT"), ("nat", "OUTPUT")] elif "ANY" in obj.ingress_zones and "ANY" in obj.egress_zones: # any --> any tc = [("filter", "FORWARD"), ("nat", "PREROUTING"), ("nat", "POSTROUTING"), ("mangle", "PREROUTING")] # iptables backend needs to put conntrack helper rules in raw # prerouting. if not self._fw.nftables_enabled: tc.append(("raw", "PREROUTING")) return tc elif "ANY" in obj.egress_zones: # zone --> any tc = [("filter", "FORWARD"), ("nat", "PREROUTING"), ("mangle", "PREROUTING")] # iptables backend needs to put conntrack helper rules in raw # prerouting. if not self._fw.nftables_enabled: tc.append(("raw", "PREROUTING")) for zone in obj.ingress_zones: if self._fw.zone.get_zone(zone).interfaces: break else: tc.append(("nat", "POSTROUTING")) return tc elif "ANY" in obj.ingress_zones: # any --> zone tc = [("filter", "FORWARD"), ("nat", "POSTROUTING")] # iptables backend needs to put conntrack helper rules in raw # prerouting. if not self._fw.nftables_enabled: tc.append(("raw", "PREROUTING")) for zone in obj.egress_zones: if self._fw.zone.get_zone(zone).interfaces: break else: tc.append(("nat", "PREROUTING")) tc.append(("mangle", "PREROUTING")) return tc else: # zone -> zone tc = [("filter", "FORWARD")] # iptables backend needs to put conntrack helper rules in raw # prerouting. if not self._fw.nftables_enabled: tc.append(("raw", "PREROUTING")) for zone in obj.ingress_zones: if self._fw.zone.get_zone(zone).interfaces: break else: tc.append(("nat", "POSTROUTING")) for zone in obj.egress_zones: if self._fw.zone.get_zone(zone).interfaces: break else: tc.append(("nat", "PREROUTING")) tc.append(("mangle", "PREROUTING")) return tc def _get_table_chains_for_zone_dispatch(self, policy): """Create a list of (table, chain) needed for zone dispatch""" obj = self._policies[policy] if "HOST" in obj.egress_zones: # zone --> Host tc = [("filter", "INPUT")] # iptables backend needs to put conntrack helper rules in raw # prerouting. if not self._fw.nftables_enabled: tc.append(("raw", "PREROUTING")) return tc elif "ANY" in obj.egress_zones: # zone --> any return [("filter", "FORWARD"), ("nat", "PREROUTING"), ("mangle", "PREROUTING")] elif "ANY" in obj.ingress_zones: # any --> zone return [("nat", "POSTROUTING")] else: return FirewallError("Invalid policy: %s" % (policy)) def policy_base_chain_name(self, policy, table, policy_prefix, isSNAT=False): obj = self._fw.policy.get_policy(policy) if obj.derived_from_zone: suffix = obj.derived_from_zone else: suffix = policy_prefix + policy if "HOST" in obj.egress_zones: # zone/any --> Host if table == "filter": return "IN_" + suffix if table == "raw": # NOTE: nftables doesn't actually use this. Only iptables return "PRE_" + suffix if not obj.derived_from_zone: if table in ["mangle", "nat"]: return "PRE_" + suffix elif "HOST" in obj.ingress_zones: # HOST --> zone/any if not obj.derived_from_zone: if table in ["filter", "nat"]: return "OUT_" + suffix elif "ANY" in obj.egress_zones: # zone/any --> any if table == "filter": return "FWD_" + suffix elif table == "nat": if isSNAT: return "POST_" + suffix else: return "PRE_" + suffix elif table in ["mangle", "raw"]: return "PRE_" + suffix elif "ANY" in obj.ingress_zones: # any --> zone if table == "filter": return "FWD_" + suffix elif table == "nat": if isSNAT: return "POST_" + suffix else: return "PRE_" + suffix elif table in ["mangle", "raw"]: if not obj.derived_from_zone: return "PRE_" + suffix elif not obj.derived_from_zone: # zone --> zone if table == "filter": return "FWD_" + suffix elif table == "nat": if isSNAT: return "POST_" + suffix else: return "PRE_" + suffix elif table in ["mangle", "raw"]: return "PRE_" + suffix return FirewallError("Can't convert policy to chain name: %s, %s, %s" % (policy, table, isSNAT)) firewalld-1.1.1/src/firewall/core/fw.py0000644000000000000000000014751714217342322020012 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "Firewall" ] import os.path import sys import copy import time import traceback from typing import Dict, List from firewall import config from firewall import functions from firewall.core import ipXtables from firewall.core import ebtables from firewall.core import nftables from firewall.core import ipset from firewall.core import modules from firewall.core.fw_icmptype import FirewallIcmpType from firewall.core.fw_service import FirewallService from firewall.core.fw_zone import FirewallZone from firewall.core.fw_direct import FirewallDirect from firewall.core.fw_config import FirewallConfig from firewall.core.fw_policies import FirewallPolicies from firewall.core.fw_ipset import FirewallIPSet from firewall.core.fw_transaction import FirewallTransaction from firewall.core.fw_helper import FirewallHelper from firewall.core.fw_policy import FirewallPolicy from firewall.core.fw_nm import nm_get_bus_name, nm_get_interfaces_in_zone from firewall.core.logger import log from firewall.core.io.io_object import IO_Object from firewall.core.io.firewalld_conf import firewalld_conf from firewall.core.io.direct import Direct from firewall.core.io.service import service_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.zone import zone_reader, Zone from firewall.core.io.ipset import ipset_reader from firewall.core.ipset import IPSET_TYPES from firewall.core.io.helper import helper_reader from firewall.core.io.policy import policy_reader from firewall.core.rich import Rich_Rule from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class Firewall # ############################################################################ class Firewall(object): def __init__(self, offline=False): self._firewalld_conf = firewalld_conf(config.FIREWALLD_CONF) self._offline = offline if self._offline: self.ip4tables_enabled = False self.ip6tables_enabled = False self.ebtables_enabled = False self.ipset_enabled = False self.ipset_supported_types = IPSET_TYPES self.nftables_enabled = False else: self.ip4tables_backend = ipXtables.ip4tables(self) self.ip4tables_enabled = True self.ipv4_supported_icmp_types = [ ] self.ip6tables_backend = ipXtables.ip6tables(self) self.ip6tables_enabled = True self.ipv6_supported_icmp_types = [ ] self.ebtables_backend = ebtables.ebtables() self.ebtables_enabled = True self.ipset_backend = ipset.ipset() self.ipset_enabled = True self.ipset_supported_types = IPSET_TYPES self.nftables_backend = nftables.nftables(self) self.nftables_enabled = True self.modules_backend = modules.modules() self.icmptype = FirewallIcmpType(self) self.service = FirewallService(self) self.zone = FirewallZone(self) self.direct = FirewallDirect(self) self.config = FirewallConfig(self) self.policies = FirewallPolicies() self.ipset = FirewallIPSet(self) self.helper = FirewallHelper(self) self.policy = FirewallPolicy(self) self.__init_vars() def __repr__(self): return '%s(%r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r)' % \ (self.__class__, self.ip4tables_enabled, self.ip6tables_enabled, self.ebtables_enabled, self._state, self._panic, self._default_zone, self._module_refcount, self._marks, self.cleanup_on_exit, self.cleanup_modules_on_exit, self.ipv6_rpfilter_enabled, self.ipset_enabled, self._individual_calls, self._log_denied) def __init_vars(self): self._state = "INIT" self._panic = False self._default_zone = "" self._default_zone_interfaces = [] self._nm_assigned_interfaces = [] self._module_refcount = { } self._marks = [ ] # fallback settings will be overloaded by firewalld.conf self.cleanup_on_exit = config.FALLBACK_CLEANUP_ON_EXIT self.cleanup_modules_on_exit = config.FALLBACK_CLEANUP_MODULES_ON_EXIT self.ipv6_rpfilter_enabled = config.FALLBACK_IPV6_RPFILTER self._individual_calls = config.FALLBACK_INDIVIDUAL_CALLS self._log_denied = config.FALLBACK_LOG_DENIED self._firewall_backend = config.FALLBACK_FIREWALL_BACKEND self._flush_all_on_reload = config.FALLBACK_FLUSH_ALL_ON_RELOAD self._rfc3964_ipv4 = config.FALLBACK_RFC3964_IPV4 self._allow_zone_drifting = config.FALLBACK_ALLOW_ZONE_DRIFTING def get_all_io_objects_dict(self): """ Returns a dict of dicts of all runtime config objects. """ conf_dict = {} conf_dict["ipsets"] = {_ipset: self.ipset.get_ipset(_ipset) for _ipset in self.ipset.get_ipsets()} conf_dict["helpers"] = {helper: self.helper.get_helper(helper) for helper in self.helper.get_helpers()} conf_dict["icmptypes"] = {icmptype: self.icmptype.get_icmptype(icmptype) for icmptype in self.icmptype.get_icmptypes()} conf_dict["services"] = {service: self.service.get_service(service) for service in self.service.get_services()} conf_dict["zones"] = {zone: self.zone.get_zone(zone) for zone in self.zone.get_zones()} conf_dict["policies"] = {policy: self.policy.get_policy(policy) for policy in self.policy.get_policies_not_derived_from_zone()} # The runtime might not actually support all the defined icmptypes. # This is the case if ipv6 (ip6tables) is disabled. Unfortunately users # disable IPv6 and also expect the IPv6 stuff to be silently ignored. # This is problematic for defaults that include IPv6 stuff, e.g. policy # 'allow-host-ipv6'. Use this to make a better decision about errors vs # warnings. # conf_dict["icmptypes_unsupported"] = {} for icmptype in (set(self.config.get_icmptypes()).difference( set(self.icmptype.get_icmptypes()))): conf_dict["icmptypes_unsupported"][icmptype] = self.config.get_icmptype(icmptype) # Some icmptypes support multiple families. Add those that are missing # support for a subset of families. for icmptype in (set(self.config.get_icmptypes()).intersection( set(self.icmptype.get_icmptypes()))): if icmptype not in self.ipv4_supported_icmp_types or \ icmptype not in self.ipv6_supported_icmp_types: conf_dict["icmptypes_unsupported"][icmptype] = copy.copy(self.config.get_icmptype(icmptype)) conf_dict["icmptypes_unsupported"][icmptype].destination = [] if icmptype not in self.ipv4_supported_icmp_types: conf_dict["icmptypes_unsupported"][icmptype].destination.append("ipv4") if icmptype not in self.ipv6_supported_icmp_types: conf_dict["icmptypes_unsupported"][icmptype].destination.append("ipv6") return conf_dict def full_check_config(self, extra_io_objects: Dict[str, List[IO_Object]] = {}): all_io_objects = self.get_all_io_objects_dict() # mix in the extra objects for type_key in extra_io_objects: for obj in extra_io_objects[type_key]: all_io_objects[type_key][obj.name] = obj # we need to check in a well defined order because some io_objects will # cross-check others order = ["ipsets", "helpers", "icmptypes", "services", "zones", "policies"] for io_obj_type in order: io_objs = all_io_objects[io_obj_type] for (name, io_obj) in io_objs.items(): io_obj.check_config_dict(io_obj.export_config_dict(), all_io_objects) def _check_tables(self): # check if iptables, ip6tables and ebtables are usable, else disable if self.ip4tables_enabled and \ "filter" not in self.ip4tables_backend.get_available_tables(): log.info1("iptables is not usable.") self.ip4tables_enabled = False if self.ip6tables_enabled and \ "filter" not in self.ip6tables_backend.get_available_tables(): log.info1("ip6tables is not usable.") self.ip6tables_enabled = False if self.ebtables_enabled and \ "filter" not in self.ebtables_backend.get_available_tables(): log.info1("ebtables is not usable.") self.ebtables_enabled = False # is there at least support for ipv4 or ipv6 if not self.ip4tables_enabled and not self.ip6tables_enabled \ and not self.nftables_enabled: log.fatal("No IPv4 and IPv6 firewall.") sys.exit(1) def _start_check(self): try: self.ipset_backend.set_list() except ValueError: if self.nftables_enabled: log.info1("ipset not usable, disabling ipset usage in firewall. Other set backends (nftables) remain usable.") else: log.warning("ipset not usable, disabling ipset usage in firewall.") self.ipset_supported_types = [ ] # ipset is not usable self.ipset_enabled = False else: # ipset is usable, get all supported types self.ipset_supported_types = self.ipset_backend.set_supported_types() self.ip4tables_backend.fill_exists() if not self.ip4tables_backend.restore_command_exists: if self.ip4tables_backend.command_exists: log.warning("iptables-restore is missing, using " "individual calls for IPv4 firewall.") else: if self.nftables_enabled: log.info1("iptables-restore and iptables are missing, " "IPv4 direct rules won't be usable.") else: log.warning("iptables-restore and iptables are missing, " "disabling IPv4 firewall.") self.ip4tables_enabled = False if self.nftables_enabled: self.ipv4_supported_icmp_types = self.nftables_backend.supported_icmp_types("ipv4") else: if self.ip4tables_enabled: self.ipv4_supported_icmp_types = self.ip4tables_backend.supported_icmp_types() else: self.ipv4_supported_icmp_types = [ ] self.ip6tables_backend.fill_exists() if not self.ip6tables_backend.restore_command_exists: if self.ip6tables_backend.command_exists: log.warning("ip6tables-restore is missing, using " "individual calls for IPv6 firewall.") else: if self.nftables_enabled: log.info1("ip6tables-restore and ip6tables are missing, " "IPv6 direct rules won't be usable.") else: log.warning("ip6tables-restore and ip6tables are missing, " "disabling IPv6 firewall.") self.ip6tables_enabled = False if self.nftables_enabled: self.ipv6_supported_icmp_types = self.nftables_backend.supported_icmp_types("ipv6") else: if self.ip6tables_enabled: self.ipv6_supported_icmp_types = self.ip6tables_backend.supported_icmp_types() else: self.ipv6_supported_icmp_types = [ ] self.ebtables_backend.fill_exists() if not self.ebtables_backend.restore_command_exists: if self.ebtables_backend.command_exists: log.warning("ebtables-restore is missing, using " "individual calls for bridge firewall.") else: if self.nftables_enabled: log.info1("ebtables-restore and ebtables are missing, " "eb direct rules won't be usable.") else: log.warning("ebtables-restore and ebtables are missing, " "disabling bridge firewall.") self.ebtables_enabled = False if self.ebtables_enabled and not self._individual_calls and \ not self.ebtables_backend.restore_noflush_option: log.debug1("ebtables-restore is not supporting the --noflush " "option, will therefore not be used") def _start(self, reload=False, complete_reload=False): # initialize firewall default_zone = config.FALLBACK_ZONE # load firewalld config log.debug1("Loading firewalld config file '%s'", config.FIREWALLD_CONF) try: self._firewalld_conf.read() except Exception as msg: log.warning(msg) log.warning("Using fallback firewalld configuration settings.") else: if self._firewalld_conf.get("DefaultZone"): default_zone = self._firewalld_conf.get("DefaultZone") if self._firewalld_conf.get("CleanupOnExit"): value = self._firewalld_conf.get("CleanupOnExit") if value is not None and value.lower() in [ "no", "false" ]: self.cleanup_on_exit = False log.debug1("CleanupOnExit is set to '%s'", self.cleanup_on_exit) if self._firewalld_conf.get("CleanupModulesOnExit"): value = self._firewalld_conf.get("CleanupModulesOnExit") if value is not None and value.lower() in [ "yes", "true" ]: self.cleanup_modules_on_exit = True log.debug1("CleanupModulesOnExit is set to '%s'", self.cleanup_modules_on_exit) if self._firewalld_conf.get("Lockdown"): value = self._firewalld_conf.get("Lockdown") if value is not None and value.lower() in [ "yes", "true" ]: log.debug1("Lockdown is enabled") try: self.policies.enable_lockdown() except FirewallError: # already enabled, this is probably reload pass if self._firewalld_conf.get("IPv6_rpfilter"): value = self._firewalld_conf.get("IPv6_rpfilter") if value is not None: if value.lower() in [ "no", "false" ]: self.ipv6_rpfilter_enabled = False if value.lower() in [ "yes", "true" ]: self.ipv6_rpfilter_enabled = True if self.ipv6_rpfilter_enabled: log.debug1("IPv6 rpfilter is enabled") else: log.debug1("IPV6 rpfilter is disabled") if self._firewalld_conf.get("IndividualCalls"): value = self._firewalld_conf.get("IndividualCalls") if value is not None and value.lower() in [ "yes", "true" ]: log.debug1("IndividualCalls is enabled") self._individual_calls = True if self._firewalld_conf.get("LogDenied"): value = self._firewalld_conf.get("LogDenied") if value is None or value.lower() == "no": self._log_denied = "off" else: self._log_denied = value.lower() log.debug1("LogDenied is set to '%s'", self._log_denied) if self._firewalld_conf.get("FirewallBackend"): self._firewall_backend = self._firewalld_conf.get("FirewallBackend") log.debug1("FirewallBackend is set to '%s'", self._firewall_backend) if self._firewalld_conf.get("FlushAllOnReload"): value = self._firewalld_conf.get("FlushAllOnReload") if value.lower() in [ "no", "false" ]: self._flush_all_on_reload = False else: self._flush_all_on_reload = True log.debug1("FlushAllOnReload is set to '%s'", self._flush_all_on_reload) if self._firewalld_conf.get("RFC3964_IPv4"): value = self._firewalld_conf.get("RFC3964_IPv4") if value.lower() in [ "no", "false" ]: self._rfc3964_ipv4 = False else: self._rfc3964_ipv4 = True log.debug1("RFC3964_IPv4 is set to '%s'", self._rfc3964_ipv4) self.config.set_firewalld_conf(copy.deepcopy(self._firewalld_conf)) self._select_firewall_backend(self._firewall_backend) if not self._offline: self._start_check() # load lockdown whitelist log.debug1("Loading lockdown whitelist") try: self.policies.lockdown_whitelist.read() except Exception as msg: if self.policies.query_lockdown(): log.error("Failed to load lockdown whitelist '%s': %s", self.policies.lockdown_whitelist.filename, msg) else: log.debug1("Failed to load lockdown whitelist '%s': %s", self.policies.lockdown_whitelist.filename, msg) # copy policies to config interface self.config.set_policies(copy.deepcopy(self.policies)) # load ipset files self._loader(config.FIREWALLD_IPSETS, "ipset") self._loader(config.ETC_FIREWALLD_IPSETS, "ipset") # load icmptype files self._loader(config.FIREWALLD_ICMPTYPES, "icmptype") self._loader(config.ETC_FIREWALLD_ICMPTYPES, "icmptype") if len(self.icmptype.get_icmptypes()) == 0: log.error("No icmptypes found.") # load helper files self._loader(config.FIREWALLD_HELPERS, "helper") self._loader(config.ETC_FIREWALLD_HELPERS, "helper") # load service files self._loader(config.FIREWALLD_SERVICES, "service") self._loader(config.ETC_FIREWALLD_SERVICES, "service") if len(self.service.get_services()) == 0: log.error("No services found.") # load zone files self._loader(config.FIREWALLD_ZONES, "zone") self._loader(config.ETC_FIREWALLD_ZONES, "zone") if len(self.zone.get_zones()) == 0: log.fatal("No zones found.") sys.exit(1) # load policy files self._loader(config.FIREWALLD_POLICIES, "policy") self._loader(config.ETC_FIREWALLD_POLICIES, "policy") # check minimum required zones error = False for z in [ "block", "drop", "trusted" ]: if z not in self.zone.get_zones(): log.fatal("Zone '%s' is not available.", z) error = True if error: sys.exit(1) # check if default_zone is a valid zone if default_zone not in self.zone.get_zones(): if "public" in self.zone.get_zones(): zone = "public" elif "external" in self.zone.get_zones(): zone = "external" else: zone = "block" # block is a base zone, therefore it has to exist log.error("Default zone '%s' is not valid. Using '%s'.", default_zone, zone) default_zone = zone else: log.debug1("Using default zone '%s'", default_zone) # load direct rules obj = Direct(config.FIREWALLD_DIRECT) if os.path.exists(config.FIREWALLD_DIRECT): log.debug1("Loading direct rules file '%s'" % \ config.FIREWALLD_DIRECT) try: obj.read() except Exception as msg: log.error("Failed to load direct rules file '%s': %s", config.FIREWALLD_DIRECT, msg) self.direct.set_permanent_config(obj) self.config.set_direct(copy.deepcopy(obj)) self._default_zone = self.check_zone(default_zone) if self._offline: return # check if needed tables are there self._check_tables() if log.getDebugLogLevel() > 0: # get time before flushing and applying tm1 = time.time() # Start transaction transaction = FirewallTransaction(self) # flush rules self.flush(use_transaction=transaction) # If modules need to be unloaded in complete reload or if there are # ipsets to get applied, limit the transaction to flush. # # Future optimization for the ipset case in reload: The transaction # only needs to be split here if there are conflicting ipset types in # exsting ipsets and the configuration in firewalld. if (reload and complete_reload) or \ (self.ipset.backends() and self.ipset.has_ipsets()): transaction.execute(True) transaction.clear() # complete reload: unload modules also if reload and complete_reload: log.debug1("Unloading firewall modules") self.modules_backend.unload_firewall_modules() self.apply_default_tables(use_transaction=transaction) transaction.execute(True) transaction.clear() # apply settings for loaded ipsets while reloading here if (self.ipset.backends()) and self.ipset.has_ipsets(): log.debug1("Applying ipsets") self.ipset.apply_ipsets() # Start or continue with transaction # apply default rules log.debug1("Applying default rule set") self.apply_default_rules(use_transaction=transaction) # apply settings for loaded zones log.debug1("Applying used zones") self.zone.apply_zones(use_transaction=transaction) self.zone.change_default_zone(None, self._default_zone, use_transaction=transaction) # apply policies log.debug1("Applying used policies") self.policy.apply_policies(use_transaction=transaction) # Execute transaction transaction.execute(True) # Start new transaction for direct rules transaction.clear() # apply direct chains, rules and passthrough rules if self.direct.has_configuration(): log.debug1("Applying direct chains rules and passthrough rules") self.direct.apply_direct(transaction) # since direct rules are easy to make syntax errors lets highlight # the cause if the transaction fails. try: transaction.execute(True) transaction.clear() except FirewallError as e: raise FirewallError(e.code, "Direct: %s" % (e.msg if e.msg else "")) except Exception: raise del transaction if log.getDebugLogLevel() > 1: # get time after flushing and applying tm2 = time.time() log.debug2("Flushing and applying took %f seconds" % (tm2 - tm1)) def start(self): try: self._start() except Exception: self._state = "FAILED" self.set_policy("ACCEPT") raise else: self._state = "RUNNING" self.set_policy("ACCEPT") def _loader(self, path, reader_type, combine=False): # combine: several zone files are getting combined into one obj if not os.path.isdir(path): return if combine: if path.startswith(config.ETC_FIREWALLD) and reader_type == "zone": combined_zone = Zone() combined_zone.name = os.path.basename(path) combined_zone.check_name(combined_zone.name) combined_zone.path = path combined_zone.default = False else: combine = False for filename in sorted(os.listdir(path)): if not filename.endswith(".xml"): if path.startswith(config.ETC_FIREWALLD) and \ reader_type == "zone" and \ os.path.isdir("%s/%s" % (path, filename)): self._loader("%s/%s" % (path, filename), reader_type, combine=True) continue name = "%s/%s" % (path, filename) log.debug1("Loading %s file '%s'", reader_type, name) try: if reader_type == "icmptype": obj = icmptype_reader(filename, path) if obj.name in self.icmptype.get_icmptypes(): orig_obj = self.icmptype.get_icmptype(obj.name) log.debug1(" Overloads %s '%s' ('%s/%s')", reader_type, orig_obj.name, orig_obj.path, orig_obj.filename) self.icmptype.remove_icmptype(orig_obj.name) elif obj.path.startswith(config.ETC_FIREWALLD): obj.default = True try: self.icmptype.add_icmptype(obj) except FirewallError as error: log.info1("%s: %s, ignoring for run-time." % \ (obj.name, str(error))) # add a deep copy to the configuration interface self.config.add_icmptype(copy.deepcopy(obj)) elif reader_type == "service": obj = service_reader(filename, path) if obj.name in self.service.get_services(): orig_obj = self.service.get_service(obj.name) log.debug1(" Overloads %s '%s' ('%s/%s')", reader_type, orig_obj.name, orig_obj.path, orig_obj.filename) self.service.remove_service(orig_obj.name) elif obj.path.startswith(config.ETC_FIREWALLD): obj.default = True self.service.add_service(obj) # add a deep copy to the configuration interface self.config.add_service(copy.deepcopy(obj)) elif reader_type == "zone": obj = zone_reader(filename, path, no_check_name=combine) if combine: # Change name for permanent configuration obj.name = "%s/%s" % ( os.path.basename(path), os.path.basename(filename)[0:-4]) obj.check_name(obj.name) # Copy object before combine config_obj = copy.deepcopy(obj) if obj.name in self.zone.get_zones(): orig_obj = self.zone.get_zone(obj.name) self.zone.remove_zone(orig_obj.name) if orig_obj.combined: log.debug1(" Combining %s '%s' ('%s/%s')", reader_type, obj.name, path, filename) obj.combine(orig_obj) else: log.debug1(" Overloads %s '%s' ('%s/%s')", reader_type, orig_obj.name, orig_obj.path, orig_obj.filename) elif obj.path.startswith(config.ETC_FIREWALLD): obj.default = True config_obj.default = True self.config.add_zone(config_obj) if combine: log.debug1(" Combining %s '%s' ('%s/%s')", reader_type, combined_zone.name, path, filename) combined_zone.combine(obj) else: self.zone.add_zone(obj) elif reader_type == "ipset": obj = ipset_reader(filename, path) if obj.name in self.ipset.get_ipsets(): orig_obj = self.ipset.get_ipset(obj.name) log.debug1(" Overloads %s '%s' ('%s/%s')", reader_type, orig_obj.name, orig_obj.path, orig_obj.filename) self.ipset.remove_ipset(orig_obj.name) elif obj.path.startswith(config.ETC_FIREWALLD): obj.default = True try: self.ipset.add_ipset(obj) except FirewallError as error: log.warning("%s: %s, ignoring for run-time." % \ (obj.name, str(error))) # add a deep copy to the configuration interface self.config.add_ipset(copy.deepcopy(obj)) elif reader_type == "helper": obj = helper_reader(filename, path) if obj.name in self.helper.get_helpers(): orig_obj = self.helper.get_helper(obj.name) log.debug1(" Overloads %s '%s' ('%s/%s')", reader_type, orig_obj.name, orig_obj.path, orig_obj.filename) self.helper.remove_helper(orig_obj.name) elif obj.path.startswith(config.ETC_FIREWALLD): obj.default = True self.helper.add_helper(obj) # add a deep copy to the configuration interface self.config.add_helper(copy.deepcopy(obj)) elif reader_type == "policy": obj = policy_reader(filename, path) if obj.name in self.policy.get_policies(): orig_obj = self.policy.get_policy(obj.name) log.debug1(" Overloads %s '%s' ('%s/%s')", reader_type, orig_obj.name, orig_obj.path, orig_obj.filename) self.policy.remove_policy(orig_obj.name) elif obj.path.startswith(config.ETC_FIREWALLD): obj.default = True self.policy.add_policy(obj) # add a deep copy to the configuration interface self.config.add_policy_object(copy.deepcopy(obj)) else: log.fatal("Unknown reader type %s", reader_type) except FirewallError as msg: log.error("Failed to load %s file '%s': %s", reader_type, name, msg) except Exception: log.error("Failed to load %s file '%s':", reader_type, name) log.exception() if combine and combined_zone.combined: if combined_zone.name in self.zone.get_zones(): orig_obj = self.zone.get_zone(combined_zone.name) log.debug1(" Overloading and deactivating %s '%s' ('%s/%s')", reader_type, orig_obj.name, orig_obj.path, orig_obj.filename) try: self.zone.remove_zone(combined_zone.name) except Exception: pass self.config.forget_zone(combined_zone.name) self.zone.add_zone(combined_zone) def cleanup(self): self.icmptype.cleanup() self.service.cleanup() self.zone.cleanup() self.ipset.cleanup() self.helper.cleanup() self.config.cleanup() self.direct.cleanup() self.policies.cleanup() self.policy.cleanup() self._firewalld_conf.cleanup() self.__init_vars() def stop(self): if not self._offline: if self.cleanup_on_exit: self.flush() self.ipset.flush() self.set_policy("ACCEPT") if self.cleanup_modules_on_exit: log.debug1('Unloading firewall kernel modules') self.modules_backend.unload_firewall_modules() self.cleanup() # handle modules def handle_modules(self, _modules, enable): num_failed = 0 error_msgs = "" for i,module in enumerate(_modules): if enable: (status, msg) = self.modules_backend.load_module(module) else: if self._module_refcount[module] > 1: status = 0 # module referenced more then one, do not unload else: (status, msg) = self.modules_backend.unload_module(module) if status != 0: num_failed += 1 error_msgs += msg continue if enable: self._module_refcount.setdefault(module, 0) self._module_refcount[module] += 1 else: if module in self._module_refcount: self._module_refcount[module] -= 1 if self._module_refcount[module] == 0: del self._module_refcount[module] return (num_failed, error_msgs) def _select_firewall_backend(self, backend): if backend != "nftables": self.nftables_enabled = False # even if using nftables, the other backends are enabled for use with # the direct interface. nftables is used for the firewalld primitives. def get_backend_by_name(self, name): for backend in self.all_backends(): if backend.name == name: return backend raise FirewallError(errors.UNKNOWN_ERROR, "'%s' backend does not exist" % name) def get_backend_by_ipv(self, ipv): if self.nftables_enabled: return self.nftables_backend if ipv == "ipv4" and self.ip4tables_enabled: return self.ip4tables_backend elif ipv == "ipv6" and self.ip6tables_enabled: return self.ip6tables_backend elif ipv == "eb" and self.ebtables_enabled: return self.ebtables_backend raise FirewallError(errors.INVALID_IPV, "'%s' is not a valid backend or is unavailable" % ipv) def get_direct_backend_by_ipv(self, ipv): if ipv == "ipv4" and self.ip4tables_enabled: return self.ip4tables_backend elif ipv == "ipv6" and self.ip6tables_enabled: return self.ip6tables_backend elif ipv == "eb" and self.ebtables_enabled: return self.ebtables_backend raise FirewallError(errors.INVALID_IPV, "'%s' is not a valid backend or is unavailable" % ipv) def is_backend_enabled(self, name): if name == "ip4tables": return self.ip4tables_enabled elif name == "ip6tables": return self.ip6tables_enabled elif name == "ebtables": return self.ebtables_enabled elif name == "nftables": return self.nftables_enabled return False def is_ipv_enabled(self, ipv): if self.nftables_enabled: return True if ipv == "ipv4": return self.ip4tables_enabled elif ipv == "ipv6": return self.ip6tables_enabled elif ipv == "eb": return self.ebtables_enabled return False def enabled_backends(self): backends = [] if self.nftables_enabled: backends.append(self.nftables_backend) else: if self.ip4tables_enabled: backends.append(self.ip4tables_backend) if self.ip6tables_enabled: backends.append(self.ip6tables_backend) if self.ebtables_enabled: backends.append(self.ebtables_backend) return backends def all_backends(self): backends = [] if self.ip4tables_enabled: backends.append(self.ip4tables_backend) if self.ip6tables_enabled: backends.append(self.ip6tables_backend) if self.ebtables_enabled: backends.append(self.ebtables_backend) if self.nftables_enabled: backends.append(self.nftables_backend) return backends def apply_default_tables(self, use_transaction=None): if use_transaction is None: transaction = FirewallTransaction(self) else: transaction = use_transaction for backend in self.enabled_backends(): transaction.add_rules(backend, backend.build_default_tables()) if use_transaction is None: transaction.execute(True) def apply_default_rules(self, use_transaction=None): if use_transaction is None: transaction = FirewallTransaction(self) else: transaction = use_transaction for backend in self.enabled_backends(): rules = backend.build_default_rules(self._log_denied) transaction.add_rules(backend, rules) if self.is_ipv_enabled("ipv6"): ipv6_backend = self.get_backend_by_ipv("ipv6") if "raw" in ipv6_backend.get_available_tables(): if self.ipv6_rpfilter_enabled: rules = ipv6_backend.build_rpfilter_rules(self._log_denied) transaction.add_rules(ipv6_backend, rules) if self.is_ipv_enabled("ipv6") and self._rfc3964_ipv4: rules = ipv6_backend.build_rfc3964_ipv4_rules() transaction.add_rules(ipv6_backend, rules) if use_transaction is None: transaction.execute(True) # flush and policy def flush(self, use_transaction=None): if use_transaction is None: transaction = FirewallTransaction(self) else: transaction = use_transaction log.debug1("Flushing rule set") for backend in self.all_backends(): rules = backend.build_flush_rules() transaction.add_rules(backend, rules) if use_transaction is None: transaction.execute(True) def set_policy(self, policy, use_transaction=None): if use_transaction is None: transaction = FirewallTransaction(self) else: transaction = use_transaction log.debug1("Setting policy to '%s'", policy) for backend in self.enabled_backends(): rules = backend.build_set_policy_rules(policy) transaction.add_rules(backend, rules) if use_transaction is None: transaction.execute(True) # rule function used in handle_ functions def rule(self, backend_name, rule): if not rule: return "" backend = self.get_backend_by_name(backend_name) if not backend: raise FirewallError(errors.INVALID_IPV, "'%s' is not a valid backend" % backend_name) if not self.is_backend_enabled(backend_name): return "" return backend.set_rule(rule, self._log_denied) def rules(self, backend_name, rules): _rules = list(filter(None, rules)) backend = self.get_backend_by_name(backend_name) if not backend: raise FirewallError(errors.INVALID_IPV, "'%s' is not a valid backend" % backend_name) if not self.is_backend_enabled(backend_name): return if self._individual_calls or \ not backend.restore_command_exists or \ (backend_name == "ebtables" and not self.ebtables_backend.restore_noflush_option): for i,rule in enumerate(_rules): try: backend.set_rule(rule, self._log_denied) except Exception as msg: log.debug1(traceback.format_exc()) log.error(msg) for rule in reversed(_rules[:i]): try: backend.set_rule(backend.reverse_rule(rule), self._log_denied) except Exception: # ignore errors here pass raise msg else: backend.set_rules(_rules, self._log_denied) # check functions def check_panic(self): if self._panic: raise FirewallError(errors.PANIC_MODE) def check_policy(self, policy): _policy = policy if _policy not in self.policy.get_policies(): raise FirewallError(errors.INVALID_POLICY, _policy) return _policy def check_zone(self, zone): _zone = zone if not _zone or _zone == "": _zone = self.get_default_zone() if _zone not in self.zone.get_zones(): raise FirewallError(errors.INVALID_ZONE, _zone) return _zone def check_interface(self, interface): if not functions.checkInterface(interface): raise FirewallError(errors.INVALID_INTERFACE, interface) def check_service(self, service): self.service.check_service(service) def check_port(self, port): if not functions.check_port(port): raise FirewallError(errors.INVALID_PORT, port) def check_tcpudp(self, protocol): if not protocol: raise FirewallError(errors.MISSING_PROTOCOL) if protocol not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \ protocol) def check_ip(self, ip): if not functions.checkIP(ip): raise FirewallError(errors.INVALID_ADDR, ip) def check_address(self, ipv, source): if ipv == "ipv4": if not functions.checkIPnMask(source): raise FirewallError(errors.INVALID_ADDR, source) elif ipv == "ipv6": if not functions.checkIP6nMask(source): raise FirewallError(errors.INVALID_ADDR, source) else: raise FirewallError(errors.INVALID_IPV, "'%s' not in {'ipv4'|'ipv6'}") def check_icmptype(self, icmp): self.icmptype.check_icmptype(icmp) def check_timeout(self, timeout): if not isinstance(timeout, int): raise TypeError("%s is %s, expected int" % (timeout, type(timeout))) if int(timeout) < 0: raise FirewallError(errors.INVALID_VALUE, "timeout '%d' is not positive number" % timeout) # RELOAD def reload(self, stop=False): _panic = self._panic # must stash this. The value may change after _start() flush_all = self._flush_all_on_reload if not flush_all: # save zone interfaces _zone_interfaces = { } for zone in self.zone.get_zones(): _zone_interfaces[zone] = self.zone.get_zone(zone).interfaces # save direct config _direct_config = self.direct.get_runtime_config() _old_dz = self.get_default_zone() _ipset_objs = [] for _name in self.ipset.get_ipsets(): _ipset_objs.append(self.ipset.get_ipset(_name)) if not _panic: self.set_policy("DROP") # stop self.cleanup() start_exception = None try: self._start(reload=True, complete_reload=stop) except Exception as e: # save the exception for later, but continue restoring interfaces, # etc. We'll re-raise it at the end. start_exception = e # destroy ipsets no longer in the permanent configuration if flush_all: for obj in _ipset_objs: if not self.ipset.query_ipset(obj.name): for backend in self.ipset.backends(): # nftables sets are part of the normal firewall ruleset. if backend.name == "nftables": continue backend.set_destroy(obj.name) if not flush_all: # handle interfaces in the default zone and move them to the new # default zone if it changed _new_dz = self.get_default_zone() if _new_dz != _old_dz: # if_new_dz has been introduced with the reload, we need to add it # https://github.com/firewalld/firewalld/issues/53 if _new_dz not in _zone_interfaces: _zone_interfaces[_new_dz] = { } # default zone changed. Move interfaces from old default zone to # the new one. for iface in _zone_interfaces[_old_dz]: if iface in self._default_zone_interfaces: # move only those that were added to default zone # (not those that were added to specific zone same as # default) _zone_interfaces[_new_dz][iface] = \ _zone_interfaces[_old_dz][iface] del _zone_interfaces[_old_dz][iface] # add interfaces to zones again for zone in self.zone.get_zones(): if zone in _zone_interfaces: for interface_id in _zone_interfaces[zone]: self.zone.change_zone_of_interface(zone, interface_id) del _zone_interfaces[zone] else: log.info1("New zone '%s'.", zone) if len(_zone_interfaces) > 0: for zone in list(_zone_interfaces.keys()): log.info1("Lost zone '%s', zone interfaces dropped.", zone) del _zone_interfaces[zone] del _zone_interfaces # restore runtime-only ipsets for obj in _ipset_objs: if self.ipset.query_ipset(obj.name): for entry in obj.entries: try: self.ipset.add_entry(obj.name, entry) except FirewallError as msg: if msg.code != errors.ALREADY_ENABLED: raise msg else: self.ipset.add_ipset(obj) self.ipset.apply_ipset(obj.name) # restore direct config self.direct.set_config(_direct_config) # Restore permanent interfaces from NetworkManager nm_bus_name = nm_get_bus_name() if nm_bus_name: for zone in self.zone.get_zones() + [""]: for interface in nm_get_interfaces_in_zone(zone): self.zone.change_zone_of_interface(zone, interface, sender=nm_bus_name) self._panic = _panic if not self._panic: self.set_policy("ACCEPT") if start_exception: self._state = "FAILED" raise start_exception else: self._state = "RUNNING" # STATE def get_state(self): return self._state # PANIC MODE def enable_panic_mode(self): if self._panic: raise FirewallError(errors.ALREADY_ENABLED, "panic mode already enabled") try: self.set_policy("PANIC") except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) self._panic = True def disable_panic_mode(self): if not self._panic: raise FirewallError(errors.NOT_ENABLED, "panic mode is not enabled") try: self.set_policy("ACCEPT") except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) self._panic = False def query_panic_mode(self): return self._panic # LOG DENIED def get_log_denied(self): return self._log_denied def set_log_denied(self, value): if value not in config.LOG_DENIED_VALUES: raise FirewallError(errors.INVALID_VALUE, "'%s', choose from '%s'" % \ (value, "','".join(config.LOG_DENIED_VALUES))) if value != self.get_log_denied(): self._log_denied = value self._firewalld_conf.set("LogDenied", value) self._firewalld_conf.write() else: raise FirewallError(errors.ALREADY_SET, value) # DEFAULT ZONE def get_default_zone(self): return self._default_zone def set_default_zone(self, zone): _zone = self.check_zone(zone) if _zone != self._default_zone: _old_dz = self._default_zone self._default_zone = _zone self._firewalld_conf.set("DefaultZone", _zone) self._firewalld_conf.write() if self._offline: return # remove old default zone from ZONES and add new default zone self.zone.change_default_zone(_old_dz, _zone) # Move interfaces from old default zone to the new one. for iface in self.zone.get_zone(_old_dz).interfaces: if iface in self._default_zone_interfaces: # move only those that were added to default zone # (not those that were added to specific zone same as default) self.zone.change_zone_of_interface("", iface) else: raise FirewallError(errors.ZONE_ALREADY_SET, _zone) def combine_runtime_with_permanent_settings(self, permanent, runtime): combined = permanent.copy() for key,value in runtime.items(): # omit empty entries if value or isinstance(value, bool): combined[key] = value # make sure to remove values that were in permanent, but no # longer in runtime. elif key in combined: del combined[key] return combined def get_added_and_removed_settings(self, old_settings, new_settings): # normalize rich rules, zones and policies use a different key for rich_key in ["rich_rules", "rules_str"]: if rich_key in new_settings: new_settings[rich_key] = [str(Rich_Rule(rule_str=rule_str)) for rule_str in new_settings[rich_key]] add_settings = {} remove_settings = {} for key in (set(old_settings.keys()) | set(new_settings.keys())): if key in new_settings: if isinstance(new_settings[key], list): old = set(old_settings[key] if key in old_settings else []) add_settings[key] = list(set(new_settings[key]) - old) remove_settings[key] = list((old ^ set(new_settings[key])) & old) # check for bool or int because dbus.Boolean is a subclass of # int (because bool can't be subclassed). elif isinstance(new_settings[key], bool) or isinstance(new_settings[key], int): if not old_settings[key] and new_settings[key]: add_settings[key] = True elif old_settings[key] and not new_settings[key]: remove_settings[key] = False else: raise FirewallError(errors.INVALID_SETTING, "Unhandled setting type {} key {}".format(type(new_settings[key]), key)) return (add_settings, remove_settings) firewalld-1.1.1/src/firewall/core/fw_service.py0000644000000000000000000000314714217342322021520 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "FirewallService" ] from firewall import errors from firewall.errors import FirewallError class FirewallService(object): def __init__(self, fw): self._fw = fw self._services = { } def __repr__(self): return '%s(%r)' % (self.__class__, self._services) def cleanup(self): self._services.clear() # zones def get_services(self): return sorted(self._services.keys()) def check_service(self, service): if service not in self._services: raise FirewallError(errors.INVALID_SERVICE, service) def get_service(self, service): self.check_service(service) return self._services[service] def add_service(self, obj): self._services[obj.name] = obj def remove_service(self, service): self.check_service(service) del self._services[service] firewalld-1.1.1/src/firewall/core/fw_transaction.py0000644000000000000000000001335314217342322022405 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """Transaction classes for firewalld""" __all__ = [ "FirewallTransaction" ] import traceback from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError class FirewallTransaction(object): def __init__(self, fw): self.fw = fw self.rules = { } # [ ( backend.name, [ rule,.. ] ),.. ] self.pre_funcs = [ ] # [ (func, args),.. ] self.post_funcs = [ ] # [ (func, args),.. ] self.fail_funcs = [ ] # [ (func, args),.. ] self.modules = [ ] # [ module,.. ] def clear(self): self.rules.clear() del self.pre_funcs[:] del self.post_funcs[:] del self.fail_funcs[:] def add_rule(self, backend, rule): self.rules.setdefault(backend.name, [ ]).append(rule) def add_rules(self, backend, rules): for rule in rules: self.add_rule(backend, rule) def query_rule(self, backend, rule): return backend.name in self.rules and rule in self.rules[backend.name] def remove_rule(self, backend, rule): if backend.name in self.rules and rule in self.rules[backend.name]: self.rules[backend.name].remove(rule) def add_pre(self, func, *args): self.pre_funcs.append((func, args)) def add_post(self, func, *args): self.post_funcs.append((func, args)) def add_fail(self, func, *args): self.fail_funcs.append((func, args)) def add_module(self, module): if module not in self.modules: self.modules.append(module) def remove_module(self, module): if module in self.modules: self.modules.remove(module) def add_modules(self, modules): for module in modules: self.add_module(module) def remove_modules(self, modules): for module in modules: self.remove_module(module) def prepare(self, enable): log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "...")) rules = { } if not enable: # reverse rule order for cleanup for backend_name in self.rules: for rule in reversed(self.rules[backend_name]): rules.setdefault(backend_name, [ ]).append( self.fw.get_backend_by_name(backend_name).reverse_rule(rule)) else: for backend_name in self.rules: rules.setdefault(backend_name, [ ]).extend(self.rules[backend_name]) return rules, self.modules def execute(self, enable): log.debug4("%s.execute(%s)" % (type(self), enable)) rules, modules = self.prepare(enable) # pre self.pre() # stage 1: apply rules error = False errorMsg = "" done = [ ] for backend_name in rules: try: self.fw.rules(backend_name, rules[backend_name]) except Exception as msg: error = True errorMsg = msg log.debug1(traceback.format_exc()) log.error(msg) else: done.append(backend_name) # stage 2: load modules if not error: module_return = self.fw.handle_modules(modules, enable) if module_return: # Debug log about issues loading modules, but don't error. The # modules may be builtin or CONFIG_MODULES=n, in which case # modprobe will fail. Or we may be running inside a container # that doesn't have sufficient privileges. Unfortunately there # is no way for us to know. (status, msg) = module_return if status: log.debug1(msg) # error case: revert rules if error: undo_rules = { } for backend_name in done: undo_rules[backend_name] = [ ] for rule in reversed(rules[backend_name]): undo_rules[backend_name].append( self.fw.get_backend_by_name(backend_name).reverse_rule(rule)) for backend_name in undo_rules: try: self.fw.rules(backend_name, undo_rules[backend_name]) except Exception as msg: log.debug1(traceback.format_exc()) log.error(msg) # call failure functions for (func, args) in self.fail_funcs: try: func(*args) except Exception as msg: log.debug1(traceback.format_exc()) log.error("Calling fail func %s(%s) failed: %s" % \ (func, args, msg)) raise FirewallError(errors.COMMAND_FAILED, errorMsg) # post self.post() def pre(self): log.debug4("%s.pre()" % type(self)) for (func, args) in self.pre_funcs: func(*args) def post(self): log.debug4("%s.post()" % type(self)) for (func, args) in self.post_funcs: func(*args) firewalld-1.1.1/src/firewall/core/fw_zone.py0000644000000000000000000012471214217342322021035 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import copy from firewall.core.base import SHORTCUTS, DEFAULT_ZONE_TARGET, SOURCE_IPSET_TYPES from firewall.core.fw_transaction import FirewallTransaction from firewall.core.io.policy import Policy from firewall.core.logger import log from firewall.core.rich import ( Rich_ForwardPort, Rich_IcmpBlock, Rich_IcmpType, Rich_Mark, Rich_Masquerade, Rich_Port, Rich_Protocol, Rich_Rule, Rich_Service, Rich_SourcePort, Rich_Tcp_Mss_Clamp ) from firewall.core.fw_nm import nm_get_bus_name from firewall.functions import checkIPnMask, checkIP6nMask, check_mac from firewall import errors from firewall.errors import FirewallError class FirewallZone(object): ZONE_POLICY_PRIORITY = 0 def __init__(self, fw): self._fw = fw self._zones = { } self._zone_policies = { } def __repr__(self): return '%s(%r)' % (self.__class__, self._zones) def cleanup(self): self._zones.clear() self._zone_policies.clear() def new_transaction(self): t = FirewallTransaction(self._fw) t.add_pre(self._fw.full_check_config) return t def policy_name_from_zones(self, fromZone, toZone): return "zone_{fromZone}_{toZone}".format(fromZone=fromZone, toZone=toZone) # zones def get_zones(self): return sorted(self._zones.keys()) def get_active_zones(self): active_zones = [] for zone in self.get_zones(): if self.list_interfaces(zone) or self.list_sources(zone): active_zones.append(zone) return active_zones def get_zone_of_interface(self, interface): interface_id = self.__interface_id(interface) for zone in self._zones: if interface_id in self._zones[zone].interfaces: # an interface can only be part of one zone return zone return None def get_zone_of_source(self, source): source_id = self.__source_id(source) for zone in self._zones: if source_id in self._zones[zone].sources: # a source_id can only be part of one zone return zone return None def get_zone(self, zone): z = self._fw.check_zone(zone) return self._zones[z] def policy_obj_from_zone_obj(self, z_obj, fromZone, toZone): p_obj = Policy() p_obj.derived_from_zone = z_obj.name p_obj.name = self.policy_name_from_zones(fromZone, toZone) p_obj.priority = self.ZONE_POLICY_PRIORITY p_obj.target = z_obj.target p_obj.ingress_zones = [fromZone] p_obj.egress_zones = [toZone] # copy zone permanent config to policy permanent config # WARN: This assumes the same attribute names. # for setting in ["services", "ports", "masquerade", "forward_ports", "source_ports", "icmp_blocks", "icmp_block_inversion", "rules_str", "protocols"]: if fromZone == z_obj.name and toZone == "HOST" and \ setting in ["services", "ports", "source_ports", "icmp_blocks", "icmp_block_inversion", "protocols"]: # zone --> HOST setattr(p_obj, setting, copy.deepcopy(getattr(z_obj, setting))) elif fromZone == "ANY" and toZone == z_obj.name and setting in ["masquerade"]: # any zone --> zone setattr(p_obj, setting, copy.deepcopy(getattr(z_obj, setting))) elif fromZone == z_obj.name and toZone == "ANY" and \ setting in ["forward_ports"]: # zone --> any zone setattr(p_obj, setting, copy.deepcopy(getattr(z_obj, setting))) elif setting in ["rules_str"]: p_obj.rules_str = [] p_obj.rules = [] for rule_str in z_obj.rules_str: current_policy = self.policy_name_from_zones(fromZone, toZone) rule = Rich_Rule(rule_str=rule_str) if current_policy in self._rich_rule_to_policies(z_obj.name, rule): p_obj.rules_str.append(rule_str) p_obj.rules.append(rule) return p_obj def add_zone(self, obj): self._zones[obj.name] = obj self._zone_policies[obj.name] = [] # Create policy objects, will need many: # - (zone --> HOST) - ports, service, etc # - (any zone --> zone) - masquerade # - (zone --> any zone) # - also includes forward-ports because it works on (nat, # PREROUTING) and therefore applies to redirects to the local # host or dnat to a different host. # - also includes rich rule "mark" action for the same reason # for fromZone,toZone in [(obj.name, "HOST"), ("ANY", obj.name), (obj.name, "ANY")]: p_obj = self.policy_obj_from_zone_obj(obj, fromZone, toZone) self._fw.policy.add_policy(p_obj) self._zone_policies[obj.name].append(p_obj.name) def remove_zone(self, zone): obj = self._zones[zone] if obj.applied: self.unapply_zone_settings(zone) del self._zones[zone] del self._zone_policies[zone] def apply_zones(self, use_transaction=None): for zone in self.get_zones(): z_obj = self._zones[zone] if len(z_obj.interfaces) > 0 or len(z_obj.sources) > 0: log.debug1("Applying zone '%s'", zone) self.apply_zone_settings(zone, use_transaction=use_transaction) def set_zone_applied(self, zone, applied): obj = self._zones[zone] obj.applied = applied # zone from chain def zone_from_chain(self, chain): if "_" not in chain: # no zone chain return None splits = chain.split("_") if len(splits) < 2: return None _chain = None for x in SHORTCUTS: if splits[0] == SHORTCUTS[x]: _chain = x if _chain is not None: # next part needs to be zone name if splits[1] not in self.get_zones(): return None if len(splits) == 2 or \ (len(splits) == 3 and splits[2] in [ "pre", "log", "deny", "allow", "post" ]): return (splits[1], _chain) return None def policy_from_chain(self, chain): x = self.zone_from_chain(chain) if x is None: return None (zone, _chain) = x # derived from _get_table_chains_for_zone_dispatch() if _chain in ["PREROUTING", "FORWARD"]: fromZone = zone toZone = "ANY" elif _chain in ["INPUT"]: fromZone = zone toZone = "HOST" elif _chain in ["POSTROUTING"]: fromZone = "ANY" toZone = zone else: raise FirewallError(errors.INVALID_CHAIN, "chain '%s' can't be mapped to a policy" % (chain)) return (self.policy_name_from_zones(fromZone, toZone), _chain) def create_zone_base_by_chain(self, ipv, table, chain, use_transaction=None): # Create zone base chains if the chain is reserved for a zone if ipv in [ "ipv4", "ipv6" ]: x = self.policy_from_chain(chain) if x is not None: (policy, _chain) = self.policy_from_chain(chain) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self._fw.policy.gen_chain_rules(policy, True, table, _chain, transaction) if use_transaction is None: transaction.execute(True) def _zone_settings(self, enable, zone, transaction): for key in ["interfaces", "sources", "forward", "icmp_block_inversion"]: args_list = getattr(self.get_zone(zone), key) if isinstance(args_list, bool): args_list = [args_list] for args in args_list: if key == "interfaces": self._interface(enable, zone, args, transaction) elif key == "sources": ipv = self.check_source(args) self._source(enable, zone, ipv, args, transaction) elif key == "icmp_block_inversion": continue elif key == "forward": # no need to call this when applying the zone as the rules # will be generated when adding the interfaces/sources pass else: log.warning("Zone '%s': Unknown setting '%s:%s', " "unable to apply", zone, key, args) # ICMP-block-inversion is always applied if enable: self._icmp_block_inversion(enable, zone, transaction) def apply_zone_settings(self, zone, use_transaction=None): _zone = self._fw.check_zone(zone) obj = self._zones[_zone] if obj.applied: return obj.applied = True if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction for policy in self._zone_policies[_zone]: log.debug1("Applying policy (%s) derived from zone '%s'", policy, zone) self._fw.policy.apply_policy_settings(policy, use_transaction=transaction) self._zone_settings(True, _zone, transaction) if use_transaction is None: transaction.execute(True) def unapply_zone_settings(self, zone, use_transaction=None): _zone = self._fw.check_zone(zone) obj = self._zones[_zone] if not obj.applied: return if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction for policy in self._zone_policies[_zone]: self._fw.policy.unapply_policy_settings(policy, use_transaction=transaction) self._zone_settings(False, _zone, transaction) if use_transaction is None: transaction.execute(True) def get_config_with_settings(self, zone): """ :return: exported config updated with runtime settings """ obj = self.get_zone(zone) conf_dict = self.get_config_with_settings_dict(zone) conf_list = [] for i in range(16): # tuple based API has 16 elements if obj.IMPORT_EXPORT_STRUCTURE[i][0] not in conf_dict: # old API needs the empty elements as well. Grab it from the # class otherwise we don't know the type. conf_list.append(copy.deepcopy(getattr(obj, obj.IMPORT_EXPORT_STRUCTURE[i][0]))) else: conf_list.append(conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]]) return tuple(conf_list) def get_config_with_settings_dict(self, zone): """ :return: exported config updated with runtime settings """ permanent = self.get_zone(zone).export_config_dict() if permanent["target"] == DEFAULT_ZONE_TARGET: permanent["target"] = "default" runtime = { "services": self.list_services(zone), "ports": self.list_ports(zone), "icmp_blocks": self.list_icmp_blocks(zone), "masquerade": self.query_masquerade(zone), "forward_ports": self.list_forward_ports(zone), "interfaces": self.list_interfaces(zone), "sources": self.list_sources(zone), "rules_str": self.list_rules(zone), "protocols": self.list_protocols(zone), "source_ports": self.list_source_ports(zone), "icmp_block_inversion": self.query_icmp_block_inversion(zone), "forward": self.query_forward(zone), } return self._fw.combine_runtime_with_permanent_settings(permanent, runtime) def set_config_with_settings_dict(self, zone, settings, sender): # stupid wrappers to convert rich rule string to rich rule object def add_rule_wrapper(zone, rule_str, timeout=0, sender=None): self.add_rule(zone, Rich_Rule(rule_str=rule_str), timeout=0, sender=sender) def remove_rule_wrapper(zone, rule_str): self.remove_rule(zone, Rich_Rule(rule_str=rule_str)) setting_to_fn = { "services": (self.add_service, self.remove_service), "ports": (self.add_port, self.remove_port), "icmp_blocks": (self.add_icmp_block, self.remove_icmp_block), "masquerade": (self.add_masquerade, self.remove_masquerade), "forward_ports": (self.add_forward_port, self.remove_forward_port), "interfaces": (self.add_interface, self.remove_interface), "sources": (self.add_source, self.remove_source), "rules_str": (add_rule_wrapper, remove_rule_wrapper), "protocols": (self.add_protocol, self.remove_protocol), "source_ports": (self.add_source_port, self.remove_source_port), "icmp_block_inversion": (self.add_icmp_block_inversion, self.remove_icmp_block_inversion), "forward": (self.add_forward, self.remove_forward), } # do a full config check on a temporary object before trying to make # the runtime changes old_obj = self.get_zone(zone) check_obj = copy.copy(old_obj) check_obj.import_config_dict(settings, self._fw.get_all_io_objects_dict()) self._fw.full_check_config({"zones": [check_obj]}) old_settings = self.get_config_with_settings_dict(zone) (add_settings, remove_settings) = self._fw.get_added_and_removed_settings(old_settings, settings) for key in remove_settings: if isinstance(remove_settings[key], list): for args in remove_settings[key]: if isinstance(args, tuple): setting_to_fn[key][1](zone, *args) else: setting_to_fn[key][1](zone, args) else: # bool setting_to_fn[key][1](zone) for key in add_settings: if isinstance(add_settings[key], list): for args in add_settings[key]: if key in ["interfaces", "sources"]: # no timeout arg setting_to_fn[key][0](zone, args, sender=sender) else: if isinstance(args, tuple): setting_to_fn[key][0](zone, *args, timeout=0, sender=sender) else: setting_to_fn[key][0](zone, args, timeout=0, sender=sender) else: # bool if key in ["icmp_block_inversion"]: # no timeout arg setting_to_fn[key][0](zone, sender=sender) else: setting_to_fn[key][0](zone, timeout=0, sender=sender) # INTERFACES def check_interface(self, interface): self._fw.check_interface(interface) def __interface_id(self, interface): self.check_interface(interface) return interface def add_interface(self, zone, interface, sender=None, use_transaction=None, allow_apply=True): self._fw.check_panic() _zone = self._fw.check_zone(zone) _obj = self._zones[_zone] interface_id = self.__interface_id(interface) if interface_id in _obj.interfaces: raise FirewallError(errors.ZONE_ALREADY_SET, "'%s' already bound to '%s'" % (interface, zone)) zoi = self.get_zone_of_interface(interface) if zoi is not None: raise FirewallError(errors.ZONE_CONFLICT, "'%s' already bound to '%s'" % (interface, zoi)) log.debug1("Setting zone of interface '%s' to '%s'" % (interface, _zone)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if not _obj.applied and allow_apply: self.apply_zone_settings(zone, use_transaction=transaction) transaction.add_fail(self.set_zone_applied, _zone, False) if allow_apply: self._interface(True, _zone, interface, transaction) self.__register_interface(_obj, interface_id, zone, sender) transaction.add_fail(self.__unregister_interface, _obj, interface_id) if use_transaction is None: transaction.execute(True) return _zone def __register_interface(self, _obj, interface_id, zone, sender): _obj.interfaces.append(interface_id) if not zone or zone == "": self._fw._default_zone_interfaces.append(interface_id) if sender == nm_get_bus_name(): self._fw._nm_assigned_interfaces.append(interface_id) def change_zone_of_interface(self, zone, interface, sender=None): self._fw.check_panic() _old_zone = self.get_zone_of_interface(interface) _new_zone = self._fw.check_zone(zone) if _new_zone == _old_zone: return _old_zone if _old_zone is not None: self.remove_interface(_old_zone, interface) _zone = self.add_interface(zone, interface, sender) return _zone def change_default_zone(self, old_zone, new_zone, use_transaction=None): self._fw.check_panic() if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction self.apply_zone_settings(new_zone, transaction) self._interface(True, new_zone, "+", transaction, append=True) if old_zone is not None and old_zone != "": self._interface(False, old_zone, "+", transaction, append=True) if use_transaction is None: transaction.execute(True) def remove_interface(self, zone, interface, use_transaction=None): self._fw.check_panic() zoi = self.get_zone_of_interface(interface) if zoi is None: raise FirewallError(errors.UNKNOWN_INTERFACE, "'%s' is not in any zone" % interface) _zone = zoi if zone == "" else self._fw.check_zone(zone) if zoi != _zone: raise FirewallError(errors.ZONE_CONFLICT, "remove_interface(%s, %s): zoi='%s'" % \ (zone, interface, zoi)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction _obj = self._zones[_zone] interface_id = self.__interface_id(interface) transaction.add_post(self.__unregister_interface, _obj, interface_id) self._interface(False, _zone, interface, transaction) if use_transaction is None: transaction.execute(True) return _zone def __unregister_interface(self, _obj, interface_id): if interface_id in _obj.interfaces: _obj.interfaces.remove(interface_id) if interface_id in self._fw._default_zone_interfaces: self._fw._default_zone_interfaces.remove(interface_id) if interface_id in self._fw._nm_assigned_interfaces: self._fw._nm_assigned_interfaces.remove(interface_id) def query_interface(self, zone, interface): return self.__interface_id(interface) in self.get_zone(zone).interfaces def list_interfaces(self, zone): return self.get_zone(zone).interfaces # SOURCES def check_source(self, source, applied=False): if checkIPnMask(source): return "ipv4" elif checkIP6nMask(source): return "ipv6" elif check_mac(source): return "" elif source.startswith("ipset:"): self._check_ipset_type_for_source(source[6:]) if applied: self._check_ipset_applied(source[6:]) return self._ipset_family(source[6:]) else: raise FirewallError(errors.INVALID_ADDR, source) def __source_id(self, source, applied=False): self.check_source(source, applied=applied) return source def add_source(self, zone, source, sender=None, use_transaction=None, allow_apply=True): self._fw.check_panic() _zone = self._fw.check_zone(zone) _obj = self._zones[_zone] if check_mac(source): source = source.upper() ipv = self.check_source(source, applied=allow_apply) source_id = self.__source_id(source, applied=allow_apply) if source_id in _obj.sources: raise FirewallError(errors.ZONE_ALREADY_SET, "'%s' already bound to '%s'" % (source, _zone)) if self.get_zone_of_source(source) is not None: raise FirewallError(errors.ZONE_CONFLICT, "'%s' already bound to a zone" % source) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if not _obj.applied and allow_apply: self.apply_zone_settings(zone, use_transaction=transaction) transaction.add_fail(self.set_zone_applied, _zone, False) if allow_apply: self._source(True, _zone, ipv, source_id, transaction) self.__register_source(_obj, source_id, zone, sender) transaction.add_fail(self.__unregister_source, _obj, source_id) if use_transaction is None: transaction.execute(True) return _zone def __register_source(self, _obj, source_id, zone, sender): _obj.sources.append(source_id) def change_zone_of_source(self, zone, source, sender=None): self._fw.check_panic() _old_zone = self.get_zone_of_source(source) _new_zone = self._fw.check_zone(zone) if _new_zone == _old_zone: return _old_zone if check_mac(source): source = source.upper() if _old_zone is not None: self.remove_source(_old_zone, source) _zone = self.add_source(zone, source, sender) return _zone def remove_source(self, zone, source, use_transaction=None): self._fw.check_panic() if check_mac(source): source = source.upper() zos = self.get_zone_of_source(source) if zos is None: raise FirewallError(errors.UNKNOWN_SOURCE, "'%s' is not in any zone" % source) _zone = zos if zone == "" else self._fw.check_zone(zone) if zos != _zone: raise FirewallError(errors.ZONE_CONFLICT, "remove_source(%s, %s): zos='%s'" % \ (zone, source, zos)) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction _obj = self._zones[_zone] ipv = self.check_source(source) source_id = self.__source_id(source) transaction.add_post(self.__unregister_source, _obj, source_id) self._source(False, _zone, ipv, source_id, transaction) if use_transaction is None: transaction.execute(True) return _zone def __unregister_source(self, _obj, source_id): if source_id in _obj.sources: _obj.sources.remove(source_id) def query_source(self, zone, source): if check_mac(source): source = source.upper() return self.__source_id(source) in self.get_zone(zone).sources def list_sources(self, zone): return self.get_zone(zone).sources def _interface(self, enable, zone, interface, transaction, append=False): for backend in self._fw.enabled_backends(): if not backend.policies_supported: continue for policy in self._zone_policies[zone]: for (table, chain) in self._fw.policy._get_table_chains_for_zone_dispatch(policy): rules = backend.build_zone_source_interface_rules(enable, zone, policy, interface, table, chain, append) transaction.add_rules(backend, rules) # intra zone forward policy = self.policy_name_from_zones(zone, "ANY") # Skip adding wildcard/catch-all interface (for default # zone). Otherwise it would allow forwarding from interface # in default zone -> interface not in default zone (but in # a different zone). if self.get_zone(zone).forward and interface not in ["+", "*"]: rules = backend.build_zone_forward_rules(enable, zone, policy, "filter", interface=interface) transaction.add_rules(backend, rules) # update policy dispatch for any policy using this zone in ingress # or egress for policy in self._fw.policy.get_policies_not_derived_from_zone(): if zone not in self._fw.policy.list_ingress_zones(policy) and \ zone not in self._fw.policy.list_egress_zones(policy): continue if policy in self._fw.policy.get_active_policies_not_derived_from_zone() and self._fw.policy.get_policy(policy).applied: # first remove the old set of interfaces using the current zone # settings. if not enable and len(self.list_interfaces(zone)) == 1: self._fw.policy.unapply_policy_settings(policy, use_transaction=transaction) else: self._fw.policy._ingress_egress_zones(False, policy, transaction) # after the transaction ends and therefore the interface # has been added to the zone's settings, update the # dependent policies transaction.add_post(lambda p: (p in self._fw.policy.get_active_policies_not_derived_from_zone()) and \ self._fw.policy._ingress_egress_zones_transaction(True, p), policy) elif enable: transaction.add_post(lambda p: (p in self._fw.policy.get_active_policies_not_derived_from_zone()) and \ self._fw.policy.apply_policy_settings(p), policy) # IPSETS def _ipset_family(self, name): if self._ipset_type(name) == "hash:mac": return None return self._fw.ipset.get_family(name, applied=False) def _ipset_type(self, name): return self._fw.ipset.get_type(name, applied=False) def _ipset_match_flags(self, name, flag): return ",".join([flag] * self._fw.ipset.get_dimension(name)) def _check_ipset_applied(self, name): return self._fw.ipset.check_applied(name) def _check_ipset_type_for_source(self, name): _type = self._ipset_type(name) if _type not in SOURCE_IPSET_TYPES: raise FirewallError( errors.INVALID_IPSET, "ipset '%s' with type '%s' not usable as source" % \ (name, _type)) def _source(self, enable, zone, ipv, source, transaction): # For mac source bindings ipv is an empty string, the mac source will # be added for ipv4 and ipv6 for backend in [self._fw.get_backend_by_ipv(ipv)] if ipv else self._fw.enabled_backends(): if not backend.policies_supported: continue for policy in self._zone_policies[zone]: for (table, chain) in self._fw.policy._get_table_chains_for_zone_dispatch(policy): rules = backend.build_zone_source_address_rules(enable, zone, policy, source, table, chain) transaction.add_rules(backend, rules) # intra zone forward policy = self.policy_name_from_zones(zone, "ANY") if self.get_zone(zone).forward: rules = backend.build_zone_forward_rules(enable, zone, policy, "filter", source=source) transaction.add_rules(backend, rules) # update policy dispatch for any policy using this zone in ingress # or egress for policy in self._fw.policy.get_policies_not_derived_from_zone(): if zone not in self._fw.policy.list_ingress_zones(policy) and \ zone not in self._fw.policy.list_egress_zones(policy): continue if policy in self._fw.policy.get_active_policies_not_derived_from_zone() and self._fw.policy.get_policy(policy).applied: # first remove the old set of sources using the current zone # settings. if not enable and len(self.list_sources(zone)) == 1: self._fw.policy.unapply_policy_settings(policy, use_transaction=transaction) else: self._fw.policy._ingress_egress_zones(False, policy, transaction) # after the transaction ends and therefore the sources # has been added to the zone's settings, update the # dependent policies transaction.add_post(lambda p: (p in self._fw.policy.get_active_policies_not_derived_from_zone()) and \ self._fw.policy._ingress_egress_zones_transaction(True, p), policy) elif enable: transaction.add_post(lambda p: (p in self._fw.policy.get_active_policies_not_derived_from_zone()) and \ self._fw.policy.apply_policy_settings(p), policy) def add_service(self, zone, service, timeout=0, sender=None): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") self._fw.policy.add_service(p_name, service, timeout, sender) return zone def remove_service(self, zone, service): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") self._fw.policy.remove_service(p_name, service) return zone def query_service(self, zone, service): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") return self._fw.policy.query_service(p_name, service) def list_services(self, zone): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") return self._fw.policy.list_services(p_name) def add_port(self, zone, port, protocol, timeout=0, sender=None): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") self._fw.policy.add_port(p_name, port, protocol, timeout, sender) return zone def remove_port(self, zone, port, protocol): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") self._fw.policy.remove_port(p_name, port, protocol) return zone def query_port(self, zone, port, protocol): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") return self._fw.policy.query_port(p_name, port, protocol) def list_ports(self, zone): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") return self._fw.policy.list_ports(p_name) def add_source_port(self, zone, source_port, protocol, timeout=0, sender=None): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") self._fw.policy.add_source_port(p_name, source_port, protocol, timeout, sender) return zone def remove_source_port(self, zone, source_port, protocol): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") self._fw.policy.remove_source_port(p_name, source_port, protocol) return zone def query_source_port(self, zone, source_port, protocol): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") return self._fw.policy.query_source_port(p_name, source_port, protocol) def list_source_ports(self, zone): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") return self._fw.policy.list_source_ports(p_name) def _rich_rule_to_policies(self, zone, rule): zone = self._fw.check_zone(zone) if type(rule.action) == Rich_Mark: return [self.policy_name_from_zones(zone, "ANY")] elif type(rule.element) in [Rich_Service, Rich_Port, Rich_Protocol, Rich_SourcePort, Rich_IcmpBlock, Rich_IcmpType]: return [self.policy_name_from_zones(zone, "HOST")] elif type(rule.element) in [Rich_ForwardPort]: return [self.policy_name_from_zones(zone, "ANY")] elif type(rule.element) in [Rich_Masquerade]: return [self.policy_name_from_zones("ANY", zone)] elif type(rule.element) in [Rich_Tcp_Mss_Clamp]: return [self.policy_name_from_zones(zone, "ANY")] elif rule.element is None: return [self.policy_name_from_zones(zone, "HOST")] else: raise FirewallError("Rich rule type (%s) not handled." % (type(rule.element))) def add_rule(self, zone, rule, timeout=0, sender=None): for p_name in self._rich_rule_to_policies(zone, rule): self._fw.policy.add_rule(p_name, rule, timeout, sender) return zone def remove_rule(self, zone, rule): for p_name in self._rich_rule_to_policies(zone, rule): self._fw.policy.remove_rule(p_name, rule) return zone def query_rule(self, zone, rule): ret = True for p_name in self._rich_rule_to_policies(zone, rule): ret = ret and self._fw.policy.query_rule(p_name, rule) return ret def list_rules(self, zone): zone = self._fw.check_zone(zone) ret = set() for p_name in [self.policy_name_from_zones(zone, "ANY"), self.policy_name_from_zones(zone, "HOST"), self.policy_name_from_zones("ANY", zone)]: ret.update(set(self._fw.policy.list_rules(p_name))) return list(ret) def add_protocol(self, zone, protocol, timeout=0, sender=None): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") self._fw.policy.add_protocol(p_name, protocol, timeout, sender) return zone def remove_protocol(self, zone, protocol): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") self._fw.policy.remove_protocol(p_name, protocol) return zone def query_protocol(self, zone, protocol): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") return self._fw.policy.query_protocol(p_name, protocol) def list_protocols(self, zone): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") return self._fw.policy.list_protocols(p_name) def add_masquerade(self, zone, timeout=0, sender=None): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones("ANY", zone) self._fw.policy.add_masquerade(p_name, timeout, sender) return zone def remove_masquerade(self, zone): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones("ANY", zone) self._fw.policy.remove_masquerade(p_name) return zone def query_masquerade(self, zone): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones("ANY", zone) return self._fw.policy.query_masquerade(p_name) def add_forward_port(self, zone, port, protocol, toport=None, toaddr=None, timeout=0, sender=None): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "ANY") self._fw.policy.add_forward_port(p_name, port, protocol, toport, toaddr, timeout, sender) return zone def remove_forward_port(self, zone, port, protocol, toport=None, toaddr=None): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "ANY") self._fw.policy.remove_forward_port(p_name, port, protocol, toport, toaddr) return zone def query_forward_port(self, zone, port, protocol, toport=None, toaddr=None): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "ANY") return self._fw.policy.query_forward_port(p_name, port, protocol, toport, toaddr) def list_forward_ports(self, zone): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "ANY") return self._fw.policy.list_forward_ports(p_name) def add_icmp_block(self, zone, icmp, timeout=0, sender=None): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") self._fw.policy.add_icmp_block(p_name, icmp, timeout, sender) return zone def remove_icmp_block(self, zone, icmp): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") self._fw.policy.remove_icmp_block(p_name, icmp) return zone def query_icmp_block(self, zone, icmp): zone = self._fw.check_zone(zone) p_name_host = self.policy_name_from_zones(zone, "HOST") return self._fw.policy.query_icmp_block(p_name_host, icmp) def list_icmp_blocks(self, zone): zone = self._fw.check_zone(zone) p_name_host = self.policy_name_from_zones(zone, "HOST") return sorted(set(self._fw.policy.list_icmp_blocks(p_name_host))) def add_icmp_block_inversion(self, zone, sender=None): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") self._fw.policy.add_icmp_block_inversion(p_name, sender) return zone def _icmp_block_inversion(self, enable, zone, transaction): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") self._fw.policy._icmp_block_inversion(enable, p_name, transaction) def remove_icmp_block_inversion(self, zone): zone = self._fw.check_zone(zone) p_name = self.policy_name_from_zones(zone, "HOST") self._fw.policy.remove_icmp_block_inversion(p_name) return zone def query_icmp_block_inversion(self, zone): zone = self._fw.check_zone(zone) p_name_host = self.policy_name_from_zones(zone, "HOST") return self._fw.policy.query_icmp_block_inversion(p_name_host) def _forward(self, enable, zone, transaction): p_name = self.policy_name_from_zones(zone, "ANY") for interface in self._zones[zone].interfaces: for backend in self._fw.enabled_backends(): if not backend.policies_supported: continue rules = backend.build_zone_forward_rules(enable, zone, p_name, "filter", interface=interface) transaction.add_rules(backend, rules) for source in self._zones[zone].sources: ipv = self.check_source(source) for backend in [self._fw.get_backend_by_ipv(ipv)] if ipv else self._fw.enabled_backends(): if not backend.policies_supported: continue rules = backend.build_zone_forward_rules(enable, zone, p_name, "filter", source=source) transaction.add_rules(backend, rules) def add_forward(self, zone, timeout=0, sender=None, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_timeout(timeout) self._fw.check_panic() _obj = self._zones[_zone] if _obj.forward: raise FirewallError(errors.ALREADY_ENABLED, "forward already enabled in '%s'" % _zone) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._forward(True, _zone, transaction) self.__register_forward(_obj, timeout, sender) transaction.add_fail(self.__unregister_forward, _obj) if use_transaction is None: transaction.execute(True) return _zone def __register_forward(self, _obj, timeout, sender): _obj.forward = True def remove_forward(self, zone, use_transaction=None): _zone = self._fw.check_zone(zone) self._fw.check_panic() _obj = self._zones[_zone] if not _obj.forward: raise FirewallError(errors.NOT_ENABLED, "forward not enabled in '%s'" % _zone) if use_transaction is None: transaction = self.new_transaction() else: transaction = use_transaction if _obj.applied: self._forward(False, _zone, transaction) transaction.add_post(self.__unregister_forward, _obj) if use_transaction is None: transaction.execute(True) return _zone def __unregister_forward(self, _obj): _obj.forward = False def query_forward(self, zone): return self.get_zone(zone).forward firewalld-1.1.1/src/firewall/core/helper.py0000644000000000000000000000144414217342322020641 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """The helper maxnamelen""" HELPER_MAXNAMELEN = 32 firewalld-1.1.1/src/firewall/core/icmp.py0000644000000000000000000000603514217342322020313 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2017 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "ICMP_TYPES", "ICMPV6_TYPES", "check_icmp_type", "check_icmpv6_type" ] ICMP_TYPES = { "echo-reply": "0/0", "pong": "0/0", "network-unreachable": "3/0", "host-unreachable": "3/1", "protocol-unreachable": "3/2", "port-unreachable": "3/3", "fragmentation-needed": "3/4", "source-route-failed": "3/5", "network-unknown": "3/6", "host-unknown": "3/7", "network-prohibited": "3/9", "host-prohibited": "3/10", "TOS-network-unreachable": "3/11", "TOS-host-unreachable": "3/12", "communication-prohibited": "3/13", "host-precedence-violation": "3/14", "precedence-cutoff": "3/15", "source-quench": "4/0", "network-redirect": "5/0", "host-redirect": "5/1", "TOS-network-redirect": "5/2", "TOS-host-redirect": "5/3", "echo-request": "8/0", "ping": "8/0", "router-advertisement": "9/0", "router-solicitation": "10/0", "ttl-zero-during-transit": "11/0", "ttl-zero-during-reassembly": "11/1", "ip-header-bad": "12/0", "required-option-missing": "12/1", "timestamp-request": "13/0", "timestamp-reply": "14/0", "address-mask-request": "17/0", "address-mask-reply": "18/0", } ICMPV6_TYPES = { "no-route": "1/0", "communication-prohibited": "1/1", "address-unreachable": "1/3", "port-unreachable": "1/4", "packet-too-big": "2/0", "ttl-zero-during-transit": "3/0", "ttl-zero-during-reassembly": "3/1", "bad-header": "4/0", "unknown-header-type": "4/1", "unknown-option": "4/2", "echo-request": "128/0", "ping": "128/0", "echo-reply": "129/0", "pong": "129/0", "router-solicitation": "133/0", "router-advertisement": "134/0", "neighbour-solicitation": "135/0", "neigbour-solicitation": "135/0", "neighbour-advertisement": "136/0", "neigbour-advertisement": "136/0", "redirect": "137/0", } def check_icmp_name(_name): if _name in ICMP_TYPES: return True return False def check_icmp_type(_type): if _type in ICMP_TYPES.values(): return True return False def check_icmpv6_name(_name): if _name in ICMP_TYPES: return True return False def check_icmpv6_type(_type): if _type in ICMPV6_TYPES.values(): return True return False firewalld-1.1.1/src/firewall/core/__init__.py0000644000000000000000000000000014217342322021104 0ustar00rootroot00000000000000firewalld-1.1.1/src/firewall/core/ipset.py0000644000000000000000000003110714217342322020505 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2015-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """The ipset command wrapper""" __all__ = [ "ipset", "check_ipset_name", "remove_default_create_options" ] import os.path import ipaddress from firewall import errors from firewall.errors import FirewallError from firewall.core.prog import runProg from firewall.core.logger import log from firewall.functions import tempFile, readfile from firewall.config import COMMANDS IPSET_MAXNAMELEN = 32 IPSET_TYPES = [ # bitmap and set types are currently not supported # "bitmap:ip", # "bitmap:ip,mac", # "bitmap:port", # "list:set", "hash:ip", "hash:ip,port", "hash:ip,port,ip", "hash:ip,port,net", "hash:ip,mark", "hash:net", "hash:net,net", "hash:net,port", "hash:net,port,net", "hash:net,iface", "hash:mac", ] IPSET_CREATE_OPTIONS = { "family": "inet|inet6", "hashsize": "value", "maxelem": "value", "timeout": "value in secs", #"counters": None, #"comment": None, } IPSET_DEFAULT_CREATE_OPTIONS = { "family": "inet", "hashsize": "1024", "maxelem": "65536", } class ipset(object): """ipset command wrapper class""" def __init__(self): self._command = COMMANDS["ipset"] self.name = "ipset" def __run(self, args): """Call ipset with args""" # convert to string list _args = ["%s" % item for item in args] log.debug2("%s: %s %s", self.__class__, self._command, " ".join(_args)) (status, ret) = runProg(self._command, _args) if status != 0: raise ValueError("'%s %s' failed: %s" % (self._command, " ".join(_args), ret)) return ret def check_name(self, name): """Check ipset name""" if len(name) > IPSET_MAXNAMELEN: raise FirewallError(errors.INVALID_NAME, "ipset name '%s' is not valid" % name) def set_supported_types(self): """Return types that are supported by the ipset command and kernel""" ret = [ ] output = "" try: output = self.__run(["--help"]) except ValueError as ex: log.debug1("ipset error: %s" % ex) lines = output.splitlines() in_types = False for line in lines: #print(line) if in_types: splits = line.strip().split(None, 2) if splits[0] not in ret and splits[0] in IPSET_TYPES: ret.append(splits[0]) if line.startswith("Supported set types:"): in_types = True return ret def check_type(self, type_name): """Check ipset type""" if len(type_name) > IPSET_MAXNAMELEN or type_name not in IPSET_TYPES: raise FirewallError(errors.INVALID_TYPE, "ipset type name '%s' is not valid" % type_name) def set_create(self, set_name, type_name, options=None): """Create an ipset with name, type and options""" self.check_name(set_name) self.check_type(type_name) args = [ "create", set_name, type_name ] if isinstance(options, dict): for key, val in options.items(): args.append(key) if val != "": args.append(val) return self.__run(args) def set_destroy(self, set_name): self.check_name(set_name) return self.__run([ "destroy", set_name ]) def set_add(self, set_name, entry): args = [ "add", set_name, entry ] return self.__run(args) def set_delete(self, set_name, entry): args = [ "del", set_name, entry ] return self.__run(args) def test(self, set_name, entry, options=None): args = [ "test", set_name, entry ] if options: args.append("%s" % " ".join(options)) return self.__run(args) def set_list(self, set_name=None, options=None): args = [ "list" ] if set_name: args.append(set_name) if options: args.extend(options) return self.__run(args).split("\n") def set_get_active_terse(self): """ Get active ipsets (only headers) """ lines = self.set_list(options=["-terse"]) ret = { } _name = _type = None _options = { } for line in lines: if len(line) < 1: continue pair = [ x.strip() for x in line.split(":", 1) ] if len(pair) != 2: continue elif pair[0] == "Name": _name = pair[1] elif pair[0] == "Type": _type = pair[1] elif pair[0] == "Header": splits = pair[1].split() i = 0 while i < len(splits): opt = splits[i] if opt in [ "family", "hashsize", "maxelem", "timeout", "netmask" ]: if len(splits) > i: i += 1 _options[opt] = splits[i] else: log.error("Malformed ipset list -terse output: %s", line) return { } i += 1 if _name and _type: ret[_name] = (_type, remove_default_create_options(_options)) _name = _type = None _options.clear() return ret def save(self, set_name=None): args = [ "save" ] if set_name: args.append(set_name) return self.__run(args) def set_restore(self, set_name, type_name, entries, create_options=None, entry_options=None): self.check_name(set_name) self.check_type(type_name) temp_file = tempFile() if ' ' in set_name: set_name = "'%s'" % set_name args = [ "create", set_name, type_name, "-exist" ] if create_options: for key, val in create_options.items(): args.append(key) if val != "": args.append(val) temp_file.write("%s\n" % " ".join(args)) temp_file.write("flush %s\n" % set_name) for entry in entries: if ' ' in entry: entry = "'%s'" % entry if entry_options: temp_file.write("add %s %s %s\n" % \ (set_name, entry, " ".join(entry_options))) else: temp_file.write("add %s %s\n" % (set_name, entry)) temp_file.close() stat = os.stat(temp_file.name) log.debug2("%s: %s restore %s", self.__class__, self._command, "%s: %d" % (temp_file.name, stat.st_size)) args = [ "restore" ] (status, ret) = runProg(self._command, args, stdin=temp_file.name) if log.getDebugLogLevel() > 2: try: readfile(temp_file.name) except Exception: pass else: i = 1 for line in readfile(temp_file.name): log.debug3("%8d: %s" % (i, line), nofmt=1, nl=0) if not line.endswith("\n"): log.debug3("", nofmt=1) i += 1 os.unlink(temp_file.name) if status != 0: raise ValueError("'%s %s' failed: %s" % (self._command, " ".join(args), ret)) return ret def set_flush(self, set_name): args = [ "flush" ] if set_name: args.append(set_name) return self.__run(args) def rename(self, old_set_name, new_set_name): return self.__run([ "rename", old_set_name, new_set_name ]) def swap(self, set_name_1, set_name_2): return self.__run([ "swap", set_name_1, set_name_2 ]) def version(self): return self.__run([ "version" ]) def check_ipset_name(name): """Return true if ipset name is valid""" if len(name) > IPSET_MAXNAMELEN: return False return True def remove_default_create_options(options): """ Return only non default create options """ _options = options.copy() for opt in IPSET_DEFAULT_CREATE_OPTIONS: if opt in _options and \ IPSET_DEFAULT_CREATE_OPTIONS[opt] == _options[opt]: del _options[opt] return _options def normalize_ipset_entry(entry): """ Normalize IP addresses in entry """ _entry = [] for _part in entry.split(","): try: _part.index("/") _entry.append(str(ipaddress.ip_network(_part, strict=False))) except ValueError: _entry.append(_part) return ",".join(_entry) def check_entry_overlaps_existing(entry, entries): """ Check if entry overlaps any entry in the list of entries """ # Only check simple types if len(entry.split(",")) > 1: return try: entry_network = ipaddress.ip_network(entry, strict=False) except ValueError: # could not parse the new IP address, maybe a MAC return for itr in entries: if entry_network.overlaps(ipaddress.ip_network(itr, strict=False)): raise FirewallError(errors.INVALID_ENTRY, "Entry '{}' overlaps with existing entry '{}'".format(entry, itr)) def check_for_overlapping_entries(entries): """ Check if any entry overlaps any entry in the list of entries """ try: entries = [ipaddress.ip_network(x, strict=False) for x in entries] except ValueError: # at least one entry can not be parsed return # We can take advantage of some facts of IPv4Network/IPv6Network and # how Python sorts the networks to quickly detect overlaps. # # Facts: # # 1. IPv{4,6}Network are normalized to remove host bits, e.g. # 10.1.1.0/16 will become 10.1.0.0/16. # # 2. IPv{4,6}Network objects are sorted by: # a. IP address (network bits) # then # b. netmask (significant bits count) # # Because of the above we have these properties: # # 1. big networks (netA) are sorted before smaller networks (netB) # that overlap the big network (netA) # - e.g. 10.1.128.0/17 (netA) sorts before 10.1.129.0/24 (netB) # 2. same value addresses (network bits) are grouped together even # if the number of network bits vary. e.g. /16 vs /24 # - recall that address are normalized to remove host bits # - e.g. 10.1.128.0/17 (netA) sorts before 10.1.128.0/24 (netC) # 3. non-overlapping networks (netD, netE) are always sorted before or # after networks that overlap (netB, netC) the current one (netA) # - e.g. 10.1.128.0/17 (netA) sorts before 10.2.128.0/16 (netD) # - e.g. 10.1.128.0/17 (netA) sorts after 9.1.128.0/17 (netE) # - e.g. 9.1.128.0/17 (netE) sorts before 10.1.129.0/24 (netB) # # With this we know the sorted list looks like: # # list: [ netE, netA, netB, netC, netD ] # # netE = non-overlapping network # netA = big network # netB = smaller network that overlaps netA (subnet) # netC = smaller network that overlaps netA (subnet) # netD = non-overlapping network # # If networks netB and netC exist in the list, they overlap and are # adjacent to netA. # # Checking for overlaps on a sorted list is thus: # # 1. compare adjacent elements in the list for overlaps # # Recall that we only need to detect a single overlap. We do not need to # detect them all. # entries.sort() prev_network = entries.pop(0) for current_network in entries: if prev_network.overlaps(current_network): raise FirewallError(errors.INVALID_ENTRY, "Entry '{}' overlaps entry '{}'".format(prev_network, current_network)) prev_network = current_network firewalld-1.1.1/src/firewall/core/ipXtables.py0000644000000000000000000017411114217342322021317 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import os.path import copy from firewall.core.prog import runProg from firewall.core.logger import log from firewall.functions import tempFile, readfile, splitArgs, check_mac, portStr, \ check_single_address, check_address, normalizeIP6 from firewall import config from firewall.errors import FirewallError, INVALID_PASSTHROUGH, INVALID_RULE, UNKNOWN_ERROR, INVALID_ADDR from firewall.core.rich import Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark, Rich_NFLog, \ Rich_Masquerade, Rich_ForwardPort, Rich_IcmpBlock, Rich_Tcp_Mss_Clamp from firewall.core.base import DEFAULT_ZONE_TARGET import string POLICY_CHAIN_PREFIX = "" BUILT_IN_CHAINS = { "security": [ "INPUT", "OUTPUT", "FORWARD" ], "raw": [ "PREROUTING", "OUTPUT" ], "mangle": [ "PREROUTING", "POSTROUTING", "INPUT", "OUTPUT", "FORWARD" ], "nat": [ "PREROUTING", "POSTROUTING", "OUTPUT" ], "filter": [ "INPUT", "OUTPUT", "FORWARD" ], } DEFAULT_REJECT_TYPE = { "ipv4": "icmp-host-prohibited", "ipv6": "icmp6-adm-prohibited", } ICMP = { "ipv4": "icmp", "ipv6": "ipv6-icmp", } # ipv ebtables also uses this # def common_reverse_rule(args): """ Inverse valid rule """ replace_args = { # Append "-A": "-D", "--append": "--delete", # Insert "-I": "-D", "--insert": "--delete", # New chain "-N": "-X", "--new-chain": "--delete-chain", } ret_args = args[:] for arg in replace_args: try: idx = ret_args.index(arg) except Exception: continue if arg in [ "-I", "--insert" ]: # With insert rulenum, then remove it if it is a number # Opt at position idx, chain at position idx+1, [rulenum] at # position idx+2 try: int(ret_args[idx+2]) except Exception: pass else: ret_args.pop(idx+2) ret_args[idx] = replace_args[arg] return ret_args def common_reverse_passthrough(args): """ Reverse valid passthough rule """ replace_args = { # Append "-A": "-D", "--append": "--delete", # Insert "-I": "-D", "--insert": "--delete", # New chain "-N": "-X", "--new-chain": "--delete-chain", } ret_args = args[:] for x in replace_args: try: idx = ret_args.index(x) except ValueError: continue if x in [ "-I", "--insert" ]: # With insert rulenum, then remove it if it is a number # Opt at position idx, chain at position idx+1, [rulenum] at # position idx+2 try: int(ret_args[idx+2]) except ValueError: pass else: ret_args.pop(idx+2) ret_args[idx] = replace_args[x] return ret_args raise FirewallError(INVALID_PASSTHROUGH, "no '-A', '-I' or '-N' arg") # ipv ebtables also uses this # def common_check_passthrough(args): """ Check if passthough rule is valid (only add, insert and new chain rules are allowed) """ args = set(args) not_allowed = set(["-C", "--check", # check rule "-D", "--delete", # delete rule "-R", "--replace", # replace rule "-L", "--list", # list rule "-S", "--list-rules", # print rules "-F", "--flush", # flush rules "-Z", "--zero", # zero rules "-X", "--delete-chain", # delete chain "-P", "--policy", # policy "-E", "--rename-chain"]) # rename chain) # intersection of args and not_allowed is not empty, i.e. # something from args is not allowed if len(args & not_allowed) > 0: raise FirewallError(INVALID_PASSTHROUGH, "arg '%s' is not allowed" % list(args & not_allowed)[0]) # args need to contain one of -A, -I, -N needed = set(["-A", "--append", "-I", "--insert", "-N", "--new-chain"]) # empty intersection of args and needed, i.e. # none from args contains any needed command if len(args & needed) == 0: raise FirewallError(INVALID_PASSTHROUGH, "no '-A', '-I' or '-N' arg") class ip4tables(object): ipv = "ipv4" name = "ip4tables" policies_supported = True def __init__(self, fw): self._fw = fw self._command = config.COMMANDS[self.ipv] self._restore_command = config.COMMANDS["%s-restore" % self.ipv] self.wait_option = self._detect_wait_option() self.restore_wait_option = self._detect_restore_wait_option() self.fill_exists() self.available_tables = [] self.rich_rule_priority_counts = {} self.policy_priority_counts = {} self.zone_source_index_cache = [] self.our_chains = {} # chains created by firewalld def fill_exists(self): self.command_exists = os.path.exists(self._command) self.restore_command_exists = os.path.exists(self._restore_command) def __run(self, args): # convert to string list if self.wait_option and self.wait_option not in args: _args = [self.wait_option] + ["%s" % item for item in args] else: _args = ["%s" % item for item in args] log.debug2("%s: %s %s", self.__class__, self._command, " ".join(_args)) (status, ret) = runProg(self._command, _args) if status != 0: raise ValueError("'%s %s' failed: %s" % (self._command, " ".join(_args), ret)) return ret def _rule_replace(self, rule, pattern, replacement): try: i = rule.index(pattern) except ValueError: return False else: rule[i:i+1] = replacement return True def is_chain_builtin(self, ipv, table, chain): return table in BUILT_IN_CHAINS and \ chain in BUILT_IN_CHAINS[table] def build_chain_rules(self, add, table, chain): rule = [ "-t", table ] if add: rule.append("-N") else: rule.append("-X") rule.append(chain) return [rule] def build_rule(self, add, table, chain, index, args): rule = [ "-t", table ] if add: rule += [ "-I", chain, str(index) ] else: rule += [ "-D", chain ] rule += args return rule def reverse_rule(self, args): return common_reverse_rule(args) def check_passthrough(self, args): common_check_passthrough(args) def reverse_passthrough(self, args): return common_reverse_passthrough(args) def passthrough_parse_table_chain(self, args): table = "filter" try: i = args.index("-t") except ValueError: pass else: if len(args) >= i+1: table = args[i+1] chain = None for opt in [ "-A", "--append", "-I", "--insert", "-N", "--new-chain" ]: try: i = args.index(opt) except ValueError: pass else: if len(args) >= i+1: chain = args[i+1] return (table, chain) def _run_replace_zone_source(self, rule, zone_source_index_cache): try: i = rule.index("%%ZONE_SOURCE%%") rule.pop(i) zone = rule.pop(i) if "-m" == rule[4]: # ipset/mac zone_source = (zone, rule[7]) # (zone, address) else: zone_source = (zone, rule[5]) # (zone, address) except ValueError: try: i = rule.index("%%ZONE_INTERFACE%%") rule.pop(i) zone_source = None except ValueError: return rule_add = True if rule[0] in ["-D", "--delete"]: rule_add = False if zone_source and not rule_add: if zone_source in zone_source_index_cache: zone_source_index_cache.remove(zone_source) elif rule_add: if zone_source: # order source based dispatch by zone name if zone_source not in zone_source_index_cache: zone_source_index_cache.append(zone_source) zone_source_index_cache.sort(key=lambda x: x[0]) index = zone_source_index_cache.index(zone_source) else: index = len(zone_source_index_cache) rule[0] = "-I" rule.insert(2, "%d" % (index + 1)) def _set_rule_replace_priority(self, rule, priority_counts, token): """ Change something like -t filter -I public_IN %%RICH_RULE_PRIORITY%% 123 or -t filter -A public_IN %%RICH_RULE_PRIORITY%% 321 into -t filter -I public_IN 4 or -t filter -I public_IN """ try: i = rule.index(token) except ValueError: pass else: rule_add = True insert = False insert_add_index = -1 rule.pop(i) priority = rule.pop(i) if type(priority) != int: raise FirewallError(INVALID_RULE, "priority must be followed by a number") table = "filter" for opt in [ "-t", "--table" ]: try: j = rule.index(opt) except ValueError: pass else: if len(rule) >= j+1: table = rule[j+1] for opt in [ "-A", "--append", "-I", "--insert", "-D", "--delete" ]: try: insert_add_index = rule.index(opt) except ValueError: pass else: if len(rule) >= insert_add_index+1: chain = rule[insert_add_index+1] if opt in [ "-I", "--insert" ]: insert = True if opt in [ "-D", "--delete" ]: rule_add = False chain = (table, chain) # Add the rule to the priority counts. We don't need to store the # rule, just bump the ref count for the priority value. if not rule_add: if chain not in priority_counts or \ priority not in priority_counts[chain] or \ priority_counts[chain][priority] <= 0: raise FirewallError(UNKNOWN_ERROR, "nonexistent or underflow of priority count") priority_counts[chain][priority] -= 1 else: if chain not in priority_counts: priority_counts[chain] = {} if priority not in priority_counts[chain]: priority_counts[chain][priority] = 0 # calculate index of new rule index = 1 for p in sorted(priority_counts[chain].keys()): if p == priority and insert: break index += priority_counts[chain][p] if p == priority: break priority_counts[chain][priority] += 1 rule[insert_add_index] = "-I" rule.insert(insert_add_index+2, "%d" % index) def set_rules(self, rules, log_denied): temp_file = tempFile() table_rules = { } rich_rule_priority_counts = copy.deepcopy(self.rich_rule_priority_counts) policy_priority_counts = copy.deepcopy(self.policy_priority_counts) zone_source_index_cache = copy.deepcopy(self.zone_source_index_cache) for _rule in rules: rule = _rule[:] # replace %%REJECT%% self._rule_replace(rule, "%%REJECT%%", \ ["REJECT", "--reject-with", DEFAULT_REJECT_TYPE[self.ipv]]) # replace %%ICMP%% self._rule_replace(rule, "%%ICMP%%", [ICMP[self.ipv]]) # replace %%LOGTYPE%% try: i = rule.index("%%LOGTYPE%%") except ValueError: pass else: if log_denied == "off": continue if log_denied in [ "unicast", "broadcast", "multicast" ]: rule[i:i+1] = [ "-m", "pkttype", "--pkt-type", log_denied ] else: rule.pop(i) self._set_rule_replace_priority(rule, rich_rule_priority_counts, "%%RICH_RULE_PRIORITY%%") self._set_rule_replace_priority(rule, policy_priority_counts, "%%POLICY_PRIORITY%%") self._run_replace_zone_source(rule, zone_source_index_cache) table = "filter" # get table form rule for opt in [ "-t", "--table" ]: try: i = rule.index(opt) except ValueError: pass else: if len(rule) >= i+1: rule.pop(i) table = rule.pop(i) # we can not use joinArgs here, because it would use "'" instead # of '"' for the start and end of the string, this breaks # iptables-restore for i in range(len(rule)): for c in string.whitespace: if c in rule[i] and not (rule[i].startswith('"') and rule[i].endswith('"')): rule[i] = '"%s"' % rule[i] table_rules.setdefault(table, []).append(rule) for table in table_rules: rules = table_rules[table] temp_file.write("*%s\n" % table) for rule in rules: temp_file.write(" ".join(rule) + "\n") temp_file.write("COMMIT\n") temp_file.close() stat = os.stat(temp_file.name) log.debug2("%s: %s %s", self.__class__, self._restore_command, "%s: %d" % (temp_file.name, stat.st_size)) args = [ ] if self.restore_wait_option: args.append(self.restore_wait_option) args.append("-n") (status, ret) = runProg(self._restore_command, args, stdin=temp_file.name) if log.getDebugLogLevel() > 2: lines = readfile(temp_file.name) if lines is not None: i = 1 for line in lines: log.debug3("%8d: %s" % (i, line), nofmt=1, nl=0) if not line.endswith("\n"): log.debug3("", nofmt=1) i += 1 os.unlink(temp_file.name) if status != 0: raise ValueError("'%s %s' failed: %s" % (self._restore_command, " ".join(args), ret)) self.rich_rule_priority_counts = rich_rule_priority_counts self.policy_priority_counts = policy_priority_counts self.zone_source_index_cache = zone_source_index_cache def set_rule(self, rule, log_denied): # replace %%REJECT%% self._rule_replace(rule, "%%REJECT%%", \ ["REJECT", "--reject-with", DEFAULT_REJECT_TYPE[self.ipv]]) # replace %%ICMP%% self._rule_replace(rule, "%%ICMP%%", [ICMP[self.ipv]]) # replace %%LOGTYPE%% try: i = rule.index("%%LOGTYPE%%") except ValueError: pass else: if log_denied == "off": return "" if log_denied in [ "unicast", "broadcast", "multicast" ]: rule[i:i+1] = [ "-m", "pkttype", "--pkt-type", log_denied ] else: rule.pop(i) rich_rule_priority_counts = copy.deepcopy(self.rich_rule_priority_counts) policy_priority_counts = copy.deepcopy(self.policy_priority_counts) zone_source_index_cache = copy.deepcopy(self.zone_source_index_cache) self._set_rule_replace_priority(rule, rich_rule_priority_counts, "%%RICH_RULE_PRIORITY%%") self._set_rule_replace_priority(rule, policy_priority_counts, "%%POLICY_PRIORITY%%") self._run_replace_zone_source(rule, zone_source_index_cache) output = self.__run(rule) self.rich_rule_priority_counts = rich_rule_priority_counts self.policy_priority_counts = policy_priority_counts self.zone_source_index_cache = zone_source_index_cache return output def get_available_tables(self, table=None): ret = [] tables = [ table ] if table else BUILT_IN_CHAINS.keys() for table in tables: if table in self.available_tables: ret.append(table) else: try: self.__run(["-t", table, "-L", "-n"]) self.available_tables.append(table) ret.append(table) except ValueError: log.debug1("%s table '%s' does not exist (or not enough permission to check)." % (self.ipv, table)) return ret def _detect_wait_option(self): wait_option = "" ret = runProg(self._command, ["-w", "-L", "-n"]) # since iptables-1.4.20 log.debug3("%s: %s: probe for wait option (%s): ret=%u, output=\"%s\"", self.__class__, self._command, "-w", ret[0], ret[1]) if ret[0] == 0: wait_option = "-w" # wait for xtables lock ret = runProg(self._command, ["-w10", "-L", "-n"]) # since iptables > 1.4.21 log.debug3("%s: %s: probe for wait option (%s): ret=%u, output=\"%s\"", self.__class__, self._command, "-w10", ret[0], ret[1]) if ret[0] == 0: wait_option = "-w10" # wait max 10 seconds log.debug2("%s: %s will be using %s option.", self.__class__, self._command, wait_option) return wait_option def _detect_restore_wait_option(self): temp_file = tempFile() temp_file.write("#foo") temp_file.close() wait_option = "" for test_option in ["-w", "--wait=2"]: ret = runProg(self._restore_command, [test_option], stdin=temp_file.name) log.debug3("%s: %s: probe for wait option (%s): ret=%u, output=\"%s\"", self.__class__, self._command, test_option, ret[0], ret[1]) if ret[0] == 0 and "invalid option" not in ret[1] \ and "unrecognized option" not in ret[1]: wait_option = test_option break log.debug2("%s: %s will be using %s option.", self.__class__, self._restore_command, wait_option) os.unlink(temp_file.name) return wait_option def build_flush_rules(self): self.rich_rule_priority_counts = {} self.policy_priority_counts = {} self.zone_source_index_cache = [] rules = [] for table in BUILT_IN_CHAINS.keys(): if not self.get_available_tables(table): continue # Flush firewall rules: -F # Delete firewall chains: -X # Set counter to zero: -Z for flag in [ "-F", "-X", "-Z" ]: rules.append(["-t", table, flag]) return rules def build_set_policy_rules(self, policy): rules = [] _policy = "DROP" if policy == "PANIC" else policy for table in BUILT_IN_CHAINS.keys(): if not self.get_available_tables(table): continue if table == "nat": continue for chain in BUILT_IN_CHAINS[table]: rules.append(["-t", table, "-P", chain, _policy]) return rules def supported_icmp_types(self, ipv=None): """Return ICMP types that are supported by the iptables/ip6tables command and kernel""" ret = [ ] output = "" try: output = self.__run(["-p", "icmp" if self.ipv == "ipv4" else "ipv6-icmp", "--help"]) except ValueError as ex: if self.ipv == "ipv4": log.debug1("iptables error: %s" % ex) else: log.debug1("ip6tables error: %s" % ex) lines = output.splitlines() in_types = False for line in lines: #print(line) if in_types: line = line.strip().lower() splits = line.split() for split in splits: if split.startswith("(") and split.endswith(")"): x = split[1:-1] else: x = split if x not in ret: ret.append(x) if self.ipv == "ipv4" and line.startswith("Valid ICMP Types:") or \ self.ipv == "ipv6" and line.startswith("Valid ICMPv6 Types:"): in_types = True return ret def build_default_tables(self): # nothing to do, they always exist return [] def build_default_rules(self, log_denied="off"): default_rules = {} if self.get_available_tables("security"): default_rules["security"] = [ ] self.our_chains["security"] = set() for chain in BUILT_IN_CHAINS["security"]: default_rules["security"].append("-N %s_direct" % chain) default_rules["security"].append("-A %s -j %s_direct" % (chain, chain)) self.our_chains["security"].add("%s_direct" % chain) if self.get_available_tables("raw"): default_rules["raw"] = [ ] self.our_chains["raw"] = set() for chain in BUILT_IN_CHAINS["raw"]: default_rules["raw"].append("-N %s_direct" % chain) default_rules["raw"].append("-A %s -j %s_direct" % (chain, chain)) self.our_chains["raw"].add("%s_direct" % chain) if chain == "PREROUTING": for dispatch_suffix in ["POLICIES_pre", "ZONES", "POLICIES_post"]: default_rules["raw"].append("-N %s_%s" % (chain, dispatch_suffix)) self.our_chains["raw"].update(set(["%s_%s" % (chain, dispatch_suffix)])) for dispatch_suffix in ["ZONES"]: default_rules["raw"].append("-A %s -j %s_%s" % (chain, chain, dispatch_suffix)) if self.get_available_tables("mangle"): default_rules["mangle"] = [ ] self.our_chains["mangle"] = set() for chain in BUILT_IN_CHAINS["mangle"]: default_rules["mangle"].append("-N %s_direct" % chain) default_rules["mangle"].append("-A %s -j %s_direct" % (chain, chain)) self.our_chains["mangle"].add("%s_direct" % chain) if chain == "PREROUTING": for dispatch_suffix in ["POLICIES_pre", "ZONES", "POLICIES_post"]: default_rules["mangle"].append("-N %s_%s" % (chain, dispatch_suffix)) self.our_chains["mangle"].update(set(["%s_%s" % (chain, dispatch_suffix)])) for dispatch_suffix in ["ZONES"]: default_rules["mangle"].append("-A %s -j %s_%s" % (chain, chain, dispatch_suffix)) if self.get_available_tables("nat"): default_rules["nat"] = [ ] self.our_chains["nat"] = set() for chain in BUILT_IN_CHAINS["nat"]: default_rules["nat"].append("-N %s_direct" % chain) default_rules["nat"].append("-A %s -j %s_direct" % (chain, chain)) self.our_chains["nat"].add("%s_direct" % chain) if chain in ["OUTPUT"]: # nat, output does not have zone dispatch for dispatch_suffix in ["POLICIES_pre", "POLICIES_post"]: default_rules["nat"].append("-N %s_%s" % (chain, dispatch_suffix)) self.our_chains["nat"].update(set(["%s_%s" % (chain, dispatch_suffix)])) default_rules["nat"].append("-A %s -j %s_%s" % (chain, chain, dispatch_suffix)) else: for dispatch_suffix in ["POLICIES_pre", "ZONES", "POLICIES_post"]: default_rules["nat"].append("-N %s_%s" % (chain, dispatch_suffix)) self.our_chains["nat"].update(set(["%s_%s" % (chain, dispatch_suffix)])) for dispatch_suffix in ["ZONES"]: default_rules["nat"].append("-A %s -j %s_%s" % (chain, chain, dispatch_suffix)) default_rules["filter"] = [] self.our_chains["filter"] = set() default_rules["filter"].append("-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT") default_rules["filter"].append("-A INPUT -i lo -j ACCEPT") default_rules["filter"].append("-N INPUT_direct") default_rules["filter"].append("-A INPUT -j INPUT_direct") self.our_chains["filter"].update(set("INPUT_direct")) for dispatch_suffix in ["POLICIES_pre", "ZONES", "POLICIES_post"]: default_rules["filter"].append("-N INPUT_%s" % (dispatch_suffix)) self.our_chains["filter"].update(set("INPUT_%s" % (dispatch_suffix))) for dispatch_suffix in ["ZONES"]: default_rules["filter"].append("-A INPUT -j INPUT_%s" % (dispatch_suffix)) if log_denied != "off": default_rules["filter"].append("-A INPUT -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '") default_rules["filter"].append("-A INPUT -m conntrack --ctstate INVALID -j DROP") if log_denied != "off": default_rules["filter"].append("-A INPUT %%LOGTYPE%% -j LOG --log-prefix 'FINAL_REJECT: '") default_rules["filter"].append("-A INPUT -j %%REJECT%%") default_rules["filter"].append("-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT") default_rules["filter"].append("-A FORWARD -i lo -j ACCEPT") default_rules["filter"].append("-N FORWARD_direct") default_rules["filter"].append("-A FORWARD -j FORWARD_direct") self.our_chains["filter"].update(set("FORWARD_direct")) for dispatch_suffix in ["POLICIES_pre"]: default_rules["filter"].append("-N FORWARD_%s" % (dispatch_suffix)) self.our_chains["filter"].update(set("FORWARD_%s" % (dispatch_suffix))) for dispatch_suffix in ["ZONES"]: default_rules["filter"].append("-N FORWARD_%s" % (dispatch_suffix)) default_rules["filter"].append("-A FORWARD -j FORWARD_%s" % (dispatch_suffix)) self.our_chains["filter"].update(set("FORWARD_%s" % (dispatch_suffix))) for dispatch_suffix in ["POLICIES_post"]: default_rules["filter"].append("-N FORWARD_%s" % (dispatch_suffix)) self.our_chains["filter"].update(set("FORWARD_%s" % (dispatch_suffix))) if log_denied != "off": default_rules["filter"].append("-A FORWARD -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: '") default_rules["filter"].append("-A FORWARD -m conntrack --ctstate INVALID -j DROP") if log_denied != "off": default_rules["filter"].append("-A FORWARD %%LOGTYPE%% -j LOG --log-prefix 'FINAL_REJECT: '") default_rules["filter"].append("-A FORWARD -j %%REJECT%%") default_rules["filter"] += [ "-N OUTPUT_direct", "-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT", "-A OUTPUT -o lo -j ACCEPT", "-A OUTPUT -j OUTPUT_direct", ] self.our_chains["filter"].update(set("OUTPUT_direct")) for dispatch_suffix in ["POLICIES_pre"]: default_rules["filter"].append("-N OUTPUT_%s" % (dispatch_suffix)) default_rules["filter"].append("-A OUTPUT -j OUTPUT_%s" % (dispatch_suffix)) self.our_chains["filter"].update(set("OUTPUT_%s" % (dispatch_suffix))) for dispatch_suffix in ["POLICIES_post"]: default_rules["filter"].append("-N OUTPUT_%s" % (dispatch_suffix)) default_rules["filter"].append("-A OUTPUT -j OUTPUT_%s" % (dispatch_suffix)) self.our_chains["filter"].update(set("OUTPUT_%s" % (dispatch_suffix))) final_default_rules = [] for table in default_rules: if table not in self.get_available_tables(): continue for rule in default_rules[table]: final_default_rules.append(["-t", table] + splitArgs(rule)) return final_default_rules def get_zone_table_chains(self, table): if table == "filter": return { "INPUT", "FORWARD" } if table == "mangle": if "mangle" in self.get_available_tables(): return { "PREROUTING" } if table == "nat": if "nat" in self.get_available_tables(): return { "PREROUTING", "POSTROUTING" } if table == "raw": if "raw" in self.get_available_tables(): return { "PREROUTING" } return {} def build_policy_ingress_egress_rules(self, enable, policy, table, chain, ingress_interfaces, egress_interfaces, ingress_sources, egress_sources): p_obj = self._fw.policy.get_policy(policy) chain_suffix = "pre" if p_obj.priority < 0 else "post" isSNAT = True if (table == "nat" and chain == "POSTROUTING") else False _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX, isSNAT) ingress_fragments = [] egress_fragments = [] for interface in ingress_interfaces: ingress_fragments.append(["-i", interface]) for interface in egress_interfaces: egress_fragments.append(["-o", interface]) for addr in ingress_sources: ipv = self._fw.zone.check_source(addr) if ipv in ["ipv4", "ipv6"] and not self.is_ipv_supported(ipv): continue ingress_fragments.append(self._rule_addr_fragment("-s", addr)) for addr in egress_sources: ipv = self._fw.zone.check_source(addr) if ipv in ["ipv4", "ipv6"] and not self.is_ipv_supported(ipv): continue # iptables can not match destination MAC if check_mac(addr) and chain in ["POSTROUTING", "FORWARD", "OUTPUT"]: continue egress_fragments.append(self._rule_addr_fragment("-d", addr)) def _generate_policy_dispatch_rule(ingress_fragment, egress_fragment): add_del = {True: "-A", False: "-D" }[enable] rule = ["-t", table, add_del, "%s_POLICIES_%s" % (chain, chain_suffix), "%%POLICY_PRIORITY%%", p_obj.priority] if ingress_fragment: rule.extend(ingress_fragment) if egress_fragment: rule.extend(egress_fragment) rule.extend(["-j", _policy]) return rule rules = [] if ingress_fragments: # zone --> [zone, ANY, HOST] for ingress_fragment in ingress_fragments: # zone --> zone if egress_fragments: for egress_fragment in egress_fragments: rules.append(_generate_policy_dispatch_rule(ingress_fragment, egress_fragment)) elif egress_sources: # if the egress source is not for the current family (there # are no egress fragments), then avoid creating an invalid # catch all rule. pass else: rules.append(_generate_policy_dispatch_rule(ingress_fragment, None)) elif ingress_sources: # if the ingress source is not for the current family (there are no # ingress fragments), then avoid creating an invalid catch all # rule. pass else: # [ANY, HOST] --> [zone, ANY, HOST] # [ANY, HOST] --> zone if egress_fragments: for egress_fragment in egress_fragments: rules.append(_generate_policy_dispatch_rule(None, egress_fragment)) elif egress_sources: # if the egress source is not for the current family (there # are no egress fragments), then avoid creating an invalid # catch all rule. pass else: # [ANY, HOST] --> [ANY, HOST] rules.append(_generate_policy_dispatch_rule(None, None)) return rules def build_zone_source_interface_rules(self, enable, zone, policy, interface, table, chain, append=False): isSNAT = True if (table == "nat" and chain == "POSTROUTING") else False _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX, isSNAT=isSNAT) opt = { "PREROUTING": "-i", "POSTROUTING": "-o", "INPUT": "-i", "FORWARD": "-i", "OUTPUT": "-o", }[chain] action = "-g" if enable and not append: rule = [ "-I", "%s_ZONES" % chain, "%%ZONE_INTERFACE%%" ] elif enable: rule = [ "-A", "%s_ZONES" % chain ] else: rule = [ "-D", "%s_ZONES" % chain ] if not append: rule += ["%%ZONE_INTERFACE%%"] rule += [ "-t", table, opt, interface, action, _policy ] return [rule] def _rule_addr_fragment(self, opt, address, invert=False): if address.startswith("ipset:"): name = address[6:] if opt == "-d": opt = "dst" else: opt = "src" flags = ",".join([opt] * self._fw.ipset.get_dimension(name)) return ["-m", "set", "--match-set", name, flags] elif check_mac(address): # outgoing can not be set if opt == "-d": raise FirewallError(INVALID_ADDR, "Can't match a destination MAC.") return ["-m", "mac", "--mac-source", address.upper()] else: if check_single_address("ipv6", address): address = normalizeIP6(address) elif check_address("ipv6", address): addr_split = address.split("/") address = normalizeIP6(addr_split[0]) + "/" + addr_split[1] return [opt, address] def build_zone_source_address_rules(self, enable, zone, policy, address, table, chain): add_del = { True: "-I", False: "-D" }[enable] isSNAT = True if (table == "nat" and chain == "POSTROUTING") else False _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX, isSNAT=isSNAT) opt = { "PREROUTING": "-s", "POSTROUTING": "-d", "INPUT": "-s", "FORWARD": "-s", "OUTPUT": "-d", }[chain] # iptables can not match destination MAC if check_mac(address) and chain in ["POSTROUTING", "FORWARD", "OUTPUT"]: return [] rule = [add_del, "%s_ZONES" % (chain), "%%ZONE_SOURCE%%", zone, "-t", table] rule.extend(self._rule_addr_fragment(opt, address)) rule.extend(["-g", _policy]) return [rule] def build_policy_chain_rules(self, enable, policy, table, chain): add_del_chain = { True: "-N", False: "-X" }[enable] add_del_rule = { True: "-A", False: "-D" }[enable] isSNAT = True if (table == "nat" and chain == "POSTROUTING") else False _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX, isSNAT=isSNAT) p_obj = self._fw.policy.get_policy(policy) self.our_chains[table].update(set([_policy, "%s_log" % _policy, "%s_deny" % _policy, "%s_pre" % _policy, "%s_post" % _policy, "%s_allow" % _policy])) rules = [] rules.append([ add_del_chain, _policy, "-t", table ]) rules.append([ add_del_chain, "%s_pre" % _policy, "-t", table ]) rules.append([ add_del_chain, "%s_log" % _policy, "-t", table ]) rules.append([ add_del_chain, "%s_deny" % _policy, "-t", table ]) rules.append([ add_del_chain, "%s_allow" % _policy, "-t", table ]) rules.append([ add_del_chain, "%s_post" % _policy, "-t", table ]) if p_obj.derived_from_zone: rules.append([ add_del_rule, _policy, "-t", table, "-j", "%s_%s" % (chain, "POLICIES_pre") ]) rules.append([ add_del_rule, _policy, "-t", table, "-j", "%s_pre" % _policy ]) rules.append([ add_del_rule, _policy, "-t", table, "-j", "%s_log" % _policy ]) rules.append([ add_del_rule, _policy, "-t", table, "-j", "%s_deny" % _policy ]) rules.append([ add_del_rule, _policy, "-t", table, "-j", "%s_allow" % _policy ]) rules.append([ add_del_rule, _policy, "-t", table, "-j", "%s_post" % _policy ]) if p_obj.derived_from_zone: rules.append([ add_del_rule, _policy, "-t", table, "-j", "%s_%s" % (chain, "POLICIES_post") ]) target = self._fw.policy._policies[policy].target if self._fw.get_log_denied() != "off": if table == "filter": if target in [DEFAULT_ZONE_TARGET, "REJECT", "%%REJECT%%" ]: rules.append([ add_del_rule, _policy, "-t", table, "%%LOGTYPE%%", "-j", "LOG", "--log-prefix", "\"%s_REJECT: \"" % _policy ]) if target == "DROP": rules.append([ add_del_rule, _policy, "-t", table, "%%LOGTYPE%%", "-j", "LOG", "--log-prefix", "\"%s_DROP: \"" % _policy ]) if table == "filter" and \ target in [DEFAULT_ZONE_TARGET, "ACCEPT", "REJECT", "%%REJECT%%", "DROP" ]: if target in [DEFAULT_ZONE_TARGET]: _target = "REJECT" else: _target = target rules.append([ add_del_rule, _policy, "-t", table, "-j", _target ]) if not enable: rules.reverse() return rules def _rule_limit(self, limit): if limit: return [ "-m", "limit", "--limit", limit.value ] return [] def _rich_rule_chain_suffix(self, rich_rule): if type(rich_rule.element) in [Rich_Masquerade, Rich_ForwardPort, Rich_IcmpBlock, Rich_Tcp_Mss_Clamp]: # These are special and don't have an explicit action pass elif rich_rule.action: if type(rich_rule.action) not in [Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark]: raise FirewallError(INVALID_RULE, "Unknown action %s" % type(rich_rule.action)) else: raise FirewallError(INVALID_RULE, "No rule action specified.") if rich_rule.priority == 0: if type(rich_rule.element) in [Rich_Masquerade, Rich_ForwardPort, Rich_Tcp_Mss_Clamp] or \ type(rich_rule.action) in [Rich_Accept, Rich_Mark]: return "allow" elif type(rich_rule.element) in [Rich_IcmpBlock] or \ type(rich_rule.action) in [Rich_Reject, Rich_Drop]: return "deny" elif rich_rule.priority < 0: return "pre" else: return "post" def _rich_rule_chain_suffix_from_log(self, rich_rule): if not rich_rule.log and not rich_rule.audit: raise FirewallError(INVALID_RULE, "Not log or audit") if rich_rule.priority == 0: return "log" elif rich_rule.priority < 0: return "pre" else: return "post" def _rich_rule_priority_fragment(self, rich_rule): if rich_rule.priority == 0: return [] return ["%%RICH_RULE_PRIORITY%%", rich_rule.priority] def _rich_rule_log(self, policy, rich_rule, enable, table, rule_fragment): if not rich_rule.log: return [] _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) add_del = { True: "-A", False: "-D" }[enable] chain_suffix = self._rich_rule_chain_suffix_from_log(rich_rule) rule = ["-t", table, add_del, "%s_%s" % (_policy, chain_suffix)] rule += self._rich_rule_priority_fragment(rich_rule) if type(rich_rule.log) == Rich_NFLog: rule += rule_fragment + [ "-j", "NFLOG" ] if rich_rule.log.group: rule += [ "--nflog-group", rich_rule.log.group ] if rich_rule.log.prefix: rule += [ "--nflog-prefix", "%s" % rich_rule.log.prefix ] if rich_rule.log.threshold: rule += [ "--nflog-threshold", rich_rule.log.threshold ] else: rule += rule_fragment + [ "-j", "LOG" ] if rich_rule.log.prefix: rule += [ "--log-prefix", "'%s'" % rich_rule.log.prefix ] if rich_rule.log.level: rule += [ "--log-level", "%s" % rich_rule.log.level ] rule += self._rule_limit(rich_rule.log.limit) return rule def _rich_rule_audit(self, policy, rich_rule, enable, table, rule_fragment): if not rich_rule.audit: return [] add_del = { True: "-A", False: "-D" }[enable] _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) chain_suffix = self._rich_rule_chain_suffix_from_log(rich_rule) rule = ["-t", table, add_del, "%s_%s" % (_policy, chain_suffix)] rule += self._rich_rule_priority_fragment(rich_rule) rule += rule_fragment if type(rich_rule.action) == Rich_Accept: _type = "accept" elif type(rich_rule.action) == Rich_Reject: _type = "reject" elif type(rich_rule.action) == Rich_Drop: _type = "drop" else: _type = "unknown" rule += [ "-j", "AUDIT", "--type", _type ] rule += self._rule_limit(rich_rule.audit.limit) return rule def _rich_rule_action(self, policy, rich_rule, enable, table, rule_fragment): if not rich_rule.action: return [] add_del = { True: "-A", False: "-D" }[enable] _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) chain_suffix = self._rich_rule_chain_suffix(rich_rule) chain = "%s_%s" % (_policy, chain_suffix) if type(rich_rule.action) == Rich_Accept: rule_action = [ "-j", "ACCEPT" ] elif type(rich_rule.action) == Rich_Reject: rule_action = [ "-j", "REJECT" ] if rich_rule.action.type: rule_action += [ "--reject-with", rich_rule.action.type ] elif type(rich_rule.action) == Rich_Drop: rule_action = [ "-j", "DROP" ] elif type(rich_rule.action) == Rich_Mark: table = "mangle" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) chain = "%s_%s" % (_policy, chain_suffix) rule_action = [ "-j", "MARK", "--set-xmark", rich_rule.action.set ] else: raise FirewallError(INVALID_RULE, "Unknown action %s" % type(rich_rule.action)) rule = ["-t", table, add_del, chain] rule += self._rich_rule_priority_fragment(rich_rule) rule += rule_fragment + rule_action rule += self._rule_limit(rich_rule.action.limit) return rule def _rich_rule_destination_fragment(self, rich_dest): if not rich_dest: return [] rule_fragment = [] if rich_dest.addr: if rich_dest.invert: rule_fragment.append("!") if check_single_address("ipv6", rich_dest.addr): rule_fragment += [ "-d", normalizeIP6(rich_dest.addr) ] elif check_address("ipv6", rich_dest.addr): addr_split = rich_dest.addr.split("/") rule_fragment += [ "-d", normalizeIP6(addr_split[0]) + "/" + addr_split[1] ] else: rule_fragment += [ "-d", rich_dest.addr ] elif rich_dest.ipset: rule_fragment += [ "-m", "set" ] if rich_dest.invert: rule_fragment.append("!") flags = self._fw.zone._ipset_match_flags(rich_dest.ipset, "dst") rule_fragment += [ "--match-set", rich_dest.ipset, flags ] return rule_fragment def _rich_rule_source_fragment(self, rich_source): if not rich_source: return [] rule_fragment = [] if rich_source.addr: if rich_source.invert: rule_fragment.append("!") if check_single_address("ipv6", rich_source.addr): rule_fragment += [ "-s", normalizeIP6(rich_source.addr) ] elif check_address("ipv6", rich_source.addr): addr_split = rich_source.addr.split("/") rule_fragment += [ "-s", normalizeIP6(addr_split[0]) + "/" + addr_split[1] ] else: rule_fragment += [ "-s", rich_source.addr ] elif hasattr(rich_source, "mac") and rich_source.mac: rule_fragment += [ "-m", "mac" ] if rich_source.invert: rule_fragment.append("!") rule_fragment += [ "--mac-source", rich_source.mac ] elif hasattr(rich_source, "ipset") and rich_source.ipset: rule_fragment += [ "-m", "set" ] if rich_source.invert: rule_fragment.append("!") flags = self._fw.zone._ipset_match_flags(rich_source.ipset, "src") rule_fragment += [ "--match-set", rich_source.ipset, flags ] return rule_fragment def build_policy_ports_rules(self, enable, policy, proto, port, destination=None, rich_rule=None): add_del = { True: "-A", False: "-D" }[enable] table = "filter" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) rule_fragment = [ "-p", proto ] if port: rule_fragment += [ "--dport", "%s" % portStr(port) ] if destination: rule_fragment += [ "-d", destination ] if rich_rule: rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) if not rich_rule or type(rich_rule.action) != Rich_Mark: rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ] rules = [] if rich_rule: rules.append(self._rich_rule_log(policy, rich_rule, enable, table, rule_fragment)) rules.append(self._rich_rule_audit(policy, rich_rule, enable, table, rule_fragment)) rules.append(self._rich_rule_action(policy, rich_rule, enable, table, rule_fragment)) else: rules.append([add_del, "%s_allow" % (_policy), "-t", table] + rule_fragment + [ "-j", "ACCEPT" ]) return rules def build_policy_protocol_rules(self, enable, policy, protocol, destination=None, rich_rule=None): add_del = { True: "-A", False: "-D" }[enable] table = "filter" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) rule_fragment = [ "-p", protocol ] if destination: rule_fragment += [ "-d", destination ] if rich_rule: rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) if not rich_rule or type(rich_rule.action) != Rich_Mark: rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ] rules = [] if rich_rule: rules.append(self._rich_rule_log(policy, rich_rule, enable, table, rule_fragment)) rules.append(self._rich_rule_audit(policy, rich_rule, enable, table, rule_fragment)) rules.append(self._rich_rule_action(policy, rich_rule, enable, table, rule_fragment)) else: rules.append([add_del, "%s_allow" % (_policy), "-t", table] + rule_fragment + [ "-j", "ACCEPT" ]) return rules def build_policy_tcp_mss_clamp_rules(self, enable, policy, tcp_mss_clamp_value, destination=None, rich_rule=None): table = "filter" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) add_del = { True: "-A", False: "-D" }[enable] rule_fragment = [] if rich_rule: chain_suffix = self._rich_rule_chain_suffix(rich_rule) rule_fragment += self._rich_rule_priority_fragment(rich_rule) rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) rules = [] rule_fragment = ["-p", "tcp"] if tcp_mss_clamp_value == "pmtu" or tcp_mss_clamp_value is None: rule_fragment += ["--tcp-flags", "SYN,RST", "SYN","-j", "TCPMSS", "--clamp-mss-to-pmtu"] else: rule_fragment += ["--tcp-flags", "SYN,RST", "SYN", "-j", "TCPMSS", "--set-mss", tcp_mss_clamp_value] if rich_rule: chain_suffix = self._rich_rule_chain_suffix(rich_rule) rule_fragment += self._rich_rule_priority_fragment(rich_rule) rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) rules.append(["-t", "filter", add_del, "%s_%s" % (_policy, chain_suffix)] + rule_fragment) return rules def build_policy_source_ports_rules(self, enable, policy, proto, port, destination=None, rich_rule=None): add_del = { True: "-A", False: "-D" }[enable] table = "filter" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) rule_fragment = [ "-p", proto ] if port: rule_fragment += [ "--sport", "%s" % portStr(port) ] if destination: rule_fragment += [ "-d", destination ] if rich_rule: rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) if not rich_rule or type(rich_rule.action) != Rich_Mark: rule_fragment += [ "-m", "conntrack", "--ctstate", "NEW,UNTRACKED" ] rules = [] if rich_rule: rules.append(self._rich_rule_log(policy, rich_rule, enable, table, rule_fragment)) rules.append(self._rich_rule_audit(policy, rich_rule, enable, table, rule_fragment)) rules.append(self._rich_rule_action(policy, rich_rule, enable, table, rule_fragment)) else: rules.append([add_del, "%s_allow" % (_policy), "-t", table] + rule_fragment + [ "-j", "ACCEPT" ]) return rules def build_policy_helper_ports_rules(self, enable, policy, proto, port, destination, helper_name, module_short_name): table = "raw" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) add_del = { True: "-A", False: "-D" }[enable] rule = [ add_del, "%s_allow" % (_policy), "-t", "raw", "-p", proto ] if port: rule += [ "--dport", "%s" % portStr(port) ] if destination: rule += [ "-d", destination ] rule += [ "-j", "CT", "--helper", module_short_name ] return [rule] def build_zone_forward_rules(self, enable, zone, policy, table, interface=None, source=None): add_del = { True: "-A", False: "-D" }[enable] _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) rules = [] if interface: rules.append(["-t", "filter", add_del, "%s_allow" % _policy, "-o", interface, "-j", "ACCEPT"]) else: # source # iptables can not match destination MAC if check_mac(source): return [] rules.append(["-t", "filter", add_del, "%s_allow" % _policy] + self._rule_addr_fragment("-d", source) + ["-j", "ACCEPT"]) return rules def build_policy_masquerade_rules(self, enable, policy, rich_rule=None): table = "nat" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX, isSNAT=True) add_del = { True: "-A", False: "-D" }[enable] rule_fragment = [] if rich_rule: chain_suffix = self._rich_rule_chain_suffix(rich_rule) rule_fragment += self._rich_rule_priority_fragment(rich_rule) rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) else: chain_suffix = "allow" rules = [] rules.append(["-t", "nat", add_del, "%s_%s" % (_policy, chain_suffix)] + rule_fragment + [ "!", "-o", "lo", "-j", "MASQUERADE" ]) return rules def build_policy_forward_port_rules(self, enable, policy, port, protocol, toport, toaddr, rich_rule=None): table = "nat" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) add_del = { True: "-A", False: "-D" }[enable] to = "" if toaddr: if check_single_address("ipv6", toaddr): to += "[%s]" % normalizeIP6(toaddr) else: to += toaddr if toport and toport != "": to += ":%s" % portStr(toport, "-") rule_fragment = [] if rich_rule: chain_suffix = self._rich_rule_chain_suffix(rich_rule) rule_fragment = self._rich_rule_priority_fragment(rich_rule) rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) else: chain_suffix = "allow" rules = [] if rich_rule: rules.append(self._rich_rule_log(policy, rich_rule, enable, "nat", rule_fragment)) rules.append(["-t", "nat", add_del, "%s_%s" % (_policy, chain_suffix)] + rule_fragment + ["-p", protocol, "--dport", portStr(port), "-j", "DNAT", "--to-destination", to]) return rules def build_policy_icmp_block_rules(self, enable, policy, ict, rich_rule=None): table = "filter" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) add_del = { True: "-A", False: "-D" }[enable] if self.ipv == "ipv4": proto = [ "-p", "icmp" ] match = [ "-m", "icmp", "--icmp-type", ict.name ] else: proto = [ "-p", "ipv6-icmp" ] match = [ "-m", "icmp6", "--icmpv6-type", ict.name ] rules = [] if self._fw.policy.query_icmp_block_inversion(policy): final_chain = "%s_allow" % (_policy) final_target = "ACCEPT" else: final_chain = "%s_deny" % (_policy) final_target = "%%REJECT%%" rule_fragment = [] if rich_rule: rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) rule_fragment += proto + match if rich_rule: rules.append(self._rich_rule_log(policy, rich_rule, enable, table, rule_fragment)) rules.append(self._rich_rule_audit(policy, rich_rule, enable, table, rule_fragment)) if rich_rule.action: rules.append(self._rich_rule_action(policy, rich_rule, enable, table, rule_fragment)) else: chain_suffix = self._rich_rule_chain_suffix(rich_rule) rules.append(["-t", table, add_del, "%s_%s" % (_policy, chain_suffix)] + self._rich_rule_priority_fragment(rich_rule) + rule_fragment + [ "-j", "%%REJECT%%" ]) else: if self._fw.get_log_denied() != "off" and final_target != "ACCEPT": rules.append([ add_del, final_chain, "-t", table ] + rule_fragment + [ "%%LOGTYPE%%", "-j", "LOG", "--log-prefix", "\"%s_ICMP_BLOCK: \"" % policy ]) rules.append([ add_del, final_chain, "-t", table ] + rule_fragment + [ "-j", final_target ]) return rules def build_policy_icmp_block_inversion_rules(self, enable, policy): table = "filter" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) rules = [] rule_idx = 8 if self._fw.policy.query_icmp_block_inversion(policy): ibi_target = "%%REJECT%%" if self._fw.get_log_denied() != "off": if enable: rule = [ "-I", _policy, str(rule_idx) ] else: rule = [ "-D", _policy ] rule = rule + [ "-t", table, "-p", "%%ICMP%%", "%%LOGTYPE%%", "-j", "LOG", "--log-prefix", "\"%s_ICMP_BLOCK: \"" % _policy ] rules.append(rule) rule_idx += 1 else: ibi_target = "ACCEPT" if enable: rule = [ "-I", _policy, str(rule_idx) ] else: rule = [ "-D", _policy ] rule = rule + [ "-t", table, "-p", "%%ICMP%%", "-j", ibi_target ] rules.append(rule) return rules def build_policy_rich_source_destination_rules(self, enable, policy, rich_rule): table = "filter" rule_fragment = [] rule_fragment += self._rich_rule_destination_fragment(rich_rule.destination) rule_fragment += self._rich_rule_source_fragment(rich_rule.source) rules = [] rules.append(self._rich_rule_log(policy, rich_rule, enable, table, rule_fragment)) rules.append(self._rich_rule_audit(policy, rich_rule, enable, table, rule_fragment)) rules.append(self._rich_rule_action(policy, rich_rule, enable, table, rule_fragment)) return rules def is_ipv_supported(self, ipv): return ipv == self.ipv class ip6tables(ip4tables): ipv = "ipv6" name = "ip6tables" def build_rpfilter_rules(self, log_denied=False): rules = [] rules.append([ "-I", "PREROUTING", "-t", "mangle", "-m", "rpfilter", "--invert", "--validmark", "-j", "DROP" ]) if log_denied != "off": rules.append([ "-I", "PREROUTING", "-t", "mangle", "-m", "rpfilter", "--invert", "--validmark", "-j", "LOG", "--log-prefix", "rpfilter_DROP: " ]) rules.append([ "-I", "PREROUTING", "-t", "mangle", "-p", "ipv6-icmp", "--icmpv6-type=neighbour-solicitation", "-j", "ACCEPT" ]) # RHBZ#1575431, kernel bug in 4.16-4.17 rules.append([ "-I", "PREROUTING", "-t", "mangle", "-p", "ipv6-icmp", "--icmpv6-type=router-advertisement", "-j", "ACCEPT" ]) # RHBZ#1058505 return rules def build_rfc3964_ipv4_rules(self): daddr_list = [ "::0.0.0.0/96", # IPv4 compatible "::ffff:0.0.0.0/96", # IPv4 mapped "2002:0000::/24", # 0.0.0.0/8 (the system has no address assigned yet) "2002:0a00::/24", # 10.0.0.0/8 (private) "2002:7f00::/24", # 127.0.0.0/8 (loopback) "2002:ac10::/28", # 172.16.0.0/12 (private) "2002:c0a8::/32", # 192.168.0.0/16 (private) "2002:a9fe::/32", # 169.254.0.0/16 (IANA Assigned DHCP link-local) "2002:e000::/19", # 224.0.0.0/4 (multicast), 240.0.0.0/4 (reserved and broadcast) ] chain_name = "RFC3964_IPv4" self.our_chains["filter"].add(chain_name) rules = [] rules.append(["-t", "filter", "-N", chain_name]) for daddr in daddr_list: rules.append(["-t", "filter", "-I", chain_name, "-d", daddr, "-j", "REJECT", "--reject-with", "addr-unreach"]) if self._fw._log_denied in ["unicast", "all"]: rules.append(["-t", "filter", "-I", chain_name, "-d", daddr, "-j", "LOG", "--log-prefix", "\"RFC3964_IPv4_REJECT: \""]) # Inject into FORWARD and OUTPUT chains rules.append(["-t", "filter", "-I", "OUTPUT", "4", "-j", chain_name]) rules.append(["-t", "filter", "-I", "FORWARD", "4", "-j", chain_name]) return rules firewalld-1.1.1/src/firewall/core/logger.py0000644000000000000000000007447614217342322020660 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2005-2007,2012 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "LogTarget", "FileLog", "Logger", "log" ] import sys import types import time import inspect import fnmatch import syslog import traceback import fcntl import os.path import os # --------------------------------------------------------------------------- # abstract class for logging targets class LogTarget(object): """ Abstract class for logging targets. """ def __init__(self): self.fd = None def write(self, data, level, logger, is_debug=0): raise NotImplementedError("LogTarget.write is an abstract method") def flush(self): raise NotImplementedError("LogTarget.flush is an abstract method") def close(self): raise NotImplementedError("LogTarget.close is an abstract method") # --------------------------------------------------------------------------- # private class for stdout class _StdoutLog(LogTarget): def __init__(self): LogTarget.__init__(self) self.fd = sys.stdout def write(self, data, level, logger, is_debug=0): # ignore level self.fd.write(data) self.flush() def close(self): self.flush() def flush(self): self.fd.flush() # --------------------------------------------------------------------------- # private class for stderr class _StderrLog(_StdoutLog): def __init__(self): _StdoutLog.__init__(self) self.fd = sys.stderr # --------------------------------------------------------------------------- # private class for syslog class _SyslogLog(LogTarget): def __init__(self): # Only initialize LogTarget here as fs should be None LogTarget.__init__(self) # # Derived from: https://github.com/canvon/firewalld/commit/af0edfee1cc1891b7b13f302ca5911b24e9b0f13 # # Work around Python issue 27875, "Syslogs /usr/sbin/foo as /foo # instead of as foo" # (but using openlog explicitly might be better anyway) # # Set ident to basename, log PID as well, and log to facility "daemon". syslog.openlog(os.path.basename(sys.argv[0]), syslog.LOG_PID, syslog.LOG_DAEMON) def write(self, data, level, logger, is_debug=0): priority = None if is_debug: priority = syslog.LOG_DEBUG else: if level >= logger.INFO1: priority = syslog.LOG_INFO elif level == logger.WARNING: priority = syslog.LOG_WARNING elif level == logger.ERROR: priority = syslog.LOG_ERR elif level == logger.FATAL: priority = syslog.LOG_CRIT if data.endswith("\n"): data = data[:len(data)-1] if len(data) > 0: if priority is None: syslog.syslog(data) else: syslog.syslog(priority, data) def close(self): syslog.closelog() def flush(self): pass # --------------------------------------------------------------------------- class FileLog(LogTarget): """ FileLog class. File will be opened on the first write. """ def __init__(self, filename, mode="w"): LogTarget.__init__(self) self.filename = filename self.mode = mode def open(self): if self.fd: return flags = os.O_CREAT | os.O_WRONLY if self.mode.startswith('a'): flags |= os.O_APPEND self.fd = os.open(self.filename, flags, 0o640) # Make sure that existing file has correct perms os.fchmod(self.fd, 0o640) # Make it an object self.fd = os.fdopen(self.fd, self.mode) fcntl.fcntl(self.fd, fcntl.F_SETFD, fcntl.FD_CLOEXEC) def write(self, data, level, logger, is_debug=0): if not self.fd: self.open() self.fd.write(data) self.fd.flush() def close(self): if not self.fd: return self.fd.close() self.fd = None def flush(self): if not self.fd: return self.fd.flush() # --------------------------------------------------------------------------- class Logger(object): r""" Format string: %(class)s Calling class the function belongs to, else empty %(date)s Date using Logger.date_format, see time module %(domain)s Full Domain: %(module)s.%(class)s.%(function)s %(file)s Filename of the module %(function)s Function name, empty in __main__ %(label)s Label according to log function call from Logger.label %(level)d Internal logging level %(line)d Line number in module %(module)s Module name %(message)s Log message Standard levels: FATAL Fatal error messages ERROR Error messages WARNING Warning messages INFOx, x in [1..5] Information DEBUGy, y in [1..10] Debug messages NO_INFO No info output NO_DEBUG No debug output INFO_MAX Maximum info level DEBUG_MAX Maximum debug level x and y depend on info_max and debug_max from Logger class initialization. See __init__ function. Default logging targets: stdout Logs to stdout stderr Logs to stderr syslog Logs to syslog Additional arguments for logging functions (fatal, error, warning, info and debug): nl Disable newline at the end with nl=0, default is nl=1. fmt Format string for this logging entry, overloads global format string. Example: fmt="%(file)s:%(line)d %(message)s" nofmt Only output message with nofmt=1. The nofmt argument wins over the fmt argument. Example: from logger import log log.setInfoLogLevel(log.INFO1) log.setDebugLogLevel(log.DEBUG1) for i in range(1, log.INFO_MAX+1): log.setInfoLogLabel(i, "INFO%d: " % i) log.setFormat("%(date)s %(module)s:%(line)d [%(domain)s] %(label)s: " "%(level)d %(message)s") log.setDateFormat("%Y-%m-%d %H:%M:%S") fl = FileLog("/tmp/log", "a") log.addInfoLogging("*", fl) log.addDebugLogging("*", fl) log.addInfoLogging("*", log.syslog, fmt="%(label)s%(message)s") log.debug3("debug3") log.debug2("debug2") log.debug1("debug1") log.info2("info2") log.info1("info1") log.warning("warning\n", nl=0) log.error("error\n", nl=0) log.fatal("fatal") log.info(log.INFO1, "nofmt info", nofmt=1) """ ALL = -5 NOTHING = -4 FATAL = -3 TRACEBACK = -2 ERROR = -1 WARNING = 0 # Additional levels are generated in class initilization stdout = _StdoutLog() stderr = _StderrLog() syslog = _SyslogLog() def __init__(self, info_max=5, debug_max=10): """ Logger class initialization """ self._level = { } self._debug_level = { } self._format = "" self._date_format = "" self._label = { } self._debug_label = { } self._logging = { } self._debug_logging = { } self._domains = { } self._debug_domains = { } # INFO1 is required for standard log level if info_max < 1: raise ValueError("Logger: info_max %d is too low" % info_max) if debug_max < 0: raise ValueError("Logger: debug_max %d is too low" % debug_max) self.NO_INFO = self.WARNING # = 0 self.INFO_MAX = info_max self.NO_DEBUG = 0 self.DEBUG_MAX = debug_max self.setInfoLogLabel(self.FATAL, "FATAL ERROR: ") self.setInfoLogLabel(self.TRACEBACK, "") self.setInfoLogLabel(self.ERROR, "ERROR: ") self.setInfoLogLabel(self.WARNING, "WARNING: ") # generate info levels and infox functions for _level in range(1, self.INFO_MAX+1): setattr(self, "INFO%d" % _level, _level) self.setInfoLogLabel(_level, "") setattr(self, "info%d" % (_level), (lambda self, x: lambda message, *args, **kwargs: self.info(x, message, *args, **kwargs))(self, _level)) # pylint: disable=E0602 # generate debug levels and debugx functions for _level in range(1, self.DEBUG_MAX+1): setattr(self, "DEBUG%d" % _level, _level) self.setDebugLogLabel(_level, "DEBUG%d: " % _level) setattr(self, "debug%d" % (_level), (lambda self, x: lambda message, *args, **kwargs: self.debug(x, message, *args, **kwargs))(self, _level)) # pylint: disable=E0602 # set initial log levels, formats and targets self.setInfoLogLevel(self.INFO1) self.setDebugLogLevel(self.NO_DEBUG) self.setFormat("%(label)s%(message)s") self.setDateFormat("%d %b %Y %H:%M:%S") self.setInfoLogging("*", self.stderr, [ self.FATAL, self.ERROR, self.WARNING ]) self.setInfoLogging("*", self.stdout, [ i for i in range(self.INFO1, self.INFO_MAX+1) ]) self.setDebugLogging("*", self.stdout, [ i for i in range(1, self.DEBUG_MAX+1) ]) def close(self): """ Close all logging targets """ for level in range(self.FATAL, self.DEBUG_MAX+1): if level not in self._logging: continue for (dummy, target, dummy) in self._logging[level]: target.close() def getInfoLogLevel(self, domain="*"): """ Get info log level. """ self._checkDomain(domain) if domain in self._level: return self._level[domain] return self.NOTHING def setInfoLogLevel(self, level, domain="*"): """ Set log level [NOTHING .. INFO_MAX] """ self._checkDomain(domain) if level < self.NOTHING: level = self.NOTHING if level > self.INFO_MAX: level = self.INFO_MAX self._level[domain] = level def getDebugLogLevel(self, domain="*"): """ Get debug log level. """ self._checkDomain(domain) if domain in self._debug_level: return self._debug_level[domain] + self.NO_DEBUG return self.NO_DEBUG def setDebugLogLevel(self, level, domain="*"): """ Set debug log level [NO_DEBUG .. DEBUG_MAX] """ self._checkDomain(domain) if level < 0: level = 0 if level > self.DEBUG_MAX: level = self.DEBUG_MAX self._debug_level[domain] = level - self.NO_DEBUG def getFormat(self): return self._format def setFormat(self, _format): self._format = _format def getDateFormat(self): return self._date_format def setDateFormat(self, _format): self._date_format = _format def setInfoLogLabel(self, level, label): """ Set log label for level. Level can be a single level or an array of levels. """ levels = self._getLevels(level) for level in levels: self._checkLogLevel(level, min_level=self.FATAL, max_level=self.INFO_MAX) self._label[level] = label def setDebugLogLabel(self, level, label): """ Set log label for level. Level can be a single level or an array of levels. """ levels = self._getLevels(level, is_debug=1) for level in levels: self._checkLogLevel(level, min_level=self.INFO1, max_level=self.DEBUG_MAX) self._debug_label[level] = label def setInfoLogging(self, domain, target, level=ALL, fmt=None): """ Set info log target for domain and level. Level can be a single level or an array of levels. Use level ALL to set for all levels. If no format is specified, the default format will be used. """ self._setLogging(domain, target, level, fmt, is_debug=0) def setDebugLogging(self, domain, target, level=ALL, fmt=None): """ Set debug log target for domain and level. Level can be a single level or an array of levels. Use level ALL to set for all levels. If no format is specified, the default format will be used. """ self._setLogging(domain, target, level, fmt, is_debug=1) def addInfoLogging(self, domain, target, level=ALL, fmt=None): """ Add info log target for domain and level. Level can be a single level or an array of levels. Use level ALL to set for all levels. If no format is specified, the default format will be used. """ self._addLogging(domain, target, level, fmt, is_debug=0) def addDebugLogging(self, domain, target, level=ALL, fmt=None): """ Add debg log target for domain and level. Level can be a single level or an array of levels. Use level ALL to set for all levels. If no format is specified, the default format will be used. """ self._addLogging(domain, target, level, fmt, is_debug=1) def delInfoLogging(self, domain, target, level=ALL, fmt=None): """ Delete info log target for domain and level. Level can be a single level or an array of levels. Use level ALL to set for all levels. If no format is specified, the default format will be used. """ self._delLogging(domain, target, level, fmt, is_debug=0) def delDebugLogging(self, domain, target, level=ALL, fmt=None): """ Delete debug log target for domain and level. Level can be a single level or an array of levels. Use level ALL to set for all levels. If no format is specified, the default format will be used. """ self._delLogging(domain, target, level, fmt, is_debug=1) def isInfoLoggingHere(self, level): """ Is there currently any info logging for this log level (and domain)? """ return self._isLoggingHere(level, is_debug=0) def isDebugLoggingHere(self, level): """ Is there currently any debug logging for this log level (and domain)? """ return self._isLoggingHere(level, is_debug=1) ### log functions def fatal(self, _format, *args, **kwargs): """ Fatal error log. """ self._checkKWargs(kwargs) kwargs["is_debug"] = 0 self._log(self.FATAL, _format, *args, **kwargs) def error(self, _format, *args, **kwargs): """ Error log. """ self._checkKWargs(kwargs) kwargs["is_debug"] = 0 self._log(self.ERROR, _format, *args, **kwargs) def warning(self, _format, *args, **kwargs): """ Warning log. """ self._checkKWargs(kwargs) kwargs["is_debug"] = 0 self._log(self.WARNING, _format, *args, **kwargs) def info(self, level, _format, *args, **kwargs): """ Information log using info level [1..info_max]. There are additional infox functions according to info_max from __init__""" self._checkLogLevel(level, min_level=1, max_level=self.INFO_MAX) self._checkKWargs(kwargs) kwargs["is_debug"] = 0 self._log(level+self.NO_INFO, _format, *args, **kwargs) def debug(self, level, _format, *args, **kwargs): """ Debug log using debug level [1..debug_max]. There are additional debugx functions according to debug_max from __init__""" self._checkLogLevel(level, min_level=1, max_level=self.DEBUG_MAX) self._checkKWargs(kwargs) kwargs["is_debug"] = 1 self._log(level, _format, *args, **kwargs) def exception(self): self._log(self.TRACEBACK, traceback.format_exc(), args=[], kwargs={}) ### internal functions def _checkLogLevel(self, level, min_level, max_level): if level < min_level or level > max_level: raise ValueError("Level %d out of range, should be [%d..%d]." % \ (level, min_level, max_level)) def _checkKWargs(self, kwargs): if not kwargs: return for key in kwargs.keys(): if key not in [ "nl", "fmt", "nofmt" ]: raise ValueError("Key '%s' is not allowed as argument for logging." % key) def _checkDomain(self, domain): if not domain or domain == "": raise ValueError("Domain '%s' is not valid." % domain) def _getLevels(self, level, is_debug=0): """ Generate log level array. """ if level != self.ALL: if isinstance(level, list) or isinstance(level, tuple): levels = level else: levels = [ level ] for level in levels: if is_debug: self._checkLogLevel(level, min_level=1, max_level=self.DEBUG_MAX) else: self._checkLogLevel(level, min_level=self.FATAL, max_level=self.INFO_MAX) else: if is_debug: levels = [ i for i in range(self.DEBUG1, self.DEBUG_MAX) ] else: levels = [ i for i in range(self.FATAL, self.INFO_MAX) ] return levels def _getTargets(self, target): """ Generate target array. """ if isinstance(target, list) or isinstance(target, tuple): targets = target else: targets = [ target ] for _target in targets: if not issubclass(_target.__class__, LogTarget): raise ValueError("'%s' is no valid logging target." % \ _target.__class__.__name__) return targets def _genDomains(self, is_debug=0): # private method for self._domains array creation, speeds up """ Generate dict with domain by level. """ if is_debug: _domains = self._debug_domains _logging = self._debug_logging _range = ( 1, self.DEBUG_MAX+1 ) else: _domains = self._domains _logging = self._logging _range = ( self.FATAL, self.INFO_MAX+1 ) if len(_domains) > 0: _domains.clear() for level in range(_range[0], _range[1]): if level not in _logging: continue for (domain, dummy, dummy) in _logging[level]: if domain not in _domains: _domains.setdefault(level, [ ]).append(domain) def _setLogging(self, domain, target, level=ALL, fmt=None, is_debug=0): self._checkDomain(domain) levels = self._getLevels(level, is_debug) targets = self._getTargets(target) if is_debug: _logging = self._debug_logging else: _logging = self._logging for level in levels: for target in targets: _logging[level] = [ (domain, target, fmt) ] self._genDomains(is_debug) def _addLogging(self, domain, target, level=ALL, fmt=None, is_debug=0): self._checkDomain(domain) levels = self._getLevels(level, is_debug) targets = self._getTargets(target) if is_debug: _logging = self._debug_logging else: _logging = self._logging for level in levels: for target in targets: _logging.setdefault(level, [ ]).append((domain, target, fmt)) self._genDomains(is_debug) def _delLogging(self, domain, target, level=ALL, fmt=None, is_debug=0): self._checkDomain(domain) levels = self._getLevels(level, is_debug) targets = self._getTargets(target) if is_debug: _logging = self._debug_logging else: _logging = self._logging for _level in levels: for target in targets: if _level not in _logging: continue if (domain, target, fmt) in _logging[_level]: _logging[_level].remove( (domain, target, fmt) ) if len(_logging[_level]) == 0: del _logging[_level] continue if level != self.ALL: raise ValueError("No mathing logging for " \ "level %d, domain %s, target %s and format %s." % \ (_level, domain, target.__class__.__name__, fmt)) self._genDomains(is_debug) def _isLoggingHere(self, level, is_debug=0): _dict = self._genDict(level, is_debug) if not _dict: return False point_domain = _dict["domain"] + "." if is_debug: _logging = self._debug_logging else: _logging = self._logging # do we need to log? for (domain, dummy, dummy) in _logging[level]: if domain == "*" or \ point_domain.startswith(domain) or \ fnmatch.fnmatchcase(_dict["domain"], domain): return True return False def _getClass(self, frame): """ Function to get calling class. Returns class or None. """ # get class by first function argument, if there are any if frame.f_code.co_argcount > 0: selfname = frame.f_code.co_varnames[0] if selfname in frame.f_locals: _self = frame.f_locals[selfname] obj = self._getClass2(_self.__class__, frame.f_code) if obj: return obj module = inspect.getmodule(frame.f_code) code = frame.f_code # function in module? if code.co_name in module.__dict__: if hasattr(module.__dict__[code.co_name], "func_code") and \ module.__dict__[code.co_name].__code__ == code: return None # class in module for (dummy, obj) in module.__dict__.items(): if isinstance(obj, types.ClassType): if hasattr(obj, code.co_name): value = getattr(obj, code.co_name) if isinstance(value, types.FunctionType): if value.__code__ == code: return obj # nothing found return None def _getClass2(self, obj, code): """ Internal function to get calling class. Returns class or None. """ for value in obj.__dict__.values(): if isinstance(value, types.FunctionType): if value.__code__ == code: return obj for base in obj.__bases__: _obj = self._getClass2(base, code) if _obj: return _obj return None # internal log class def _log(self, level, _format, *args, **kwargs): is_debug = 0 if "is_debug" in kwargs: is_debug = kwargs["is_debug"] nl = 1 if "nl" in kwargs: nl = kwargs["nl"] nofmt = 0 if "nofmt" in kwargs: nofmt = kwargs["nofmt"] _dict = self._genDict(level, is_debug) if not _dict: return if len(args) > 1: _dict['message'] = _format % args elif len(args) == 1: # needed for _format % _dict _dict['message'] = _format % args[0] else: _dict['message'] = _format point_domain = _dict["domain"] + "." if is_debug: _logging = self._debug_logging else: _logging = self._logging used_targets = [ ] # log to target(s) for (domain, target, _format) in _logging[level]: if target in used_targets: continue if domain == "*" \ or point_domain.startswith(domain+".") \ or fnmatch.fnmatchcase(_dict["domain"], domain): if not _format: _format = self._format if "fmt" in kwargs: _format = kwargs["fmt"] if nofmt: target.write(_dict["message"], level, self, is_debug) else: target.write(_format % _dict, level, self, is_debug) if nl: # newline target.write("\n", level, self, is_debug) used_targets.append(target) # internal function to generate the dict, needed for logging def _genDict(self, level, is_debug=0): """ Internal function. """ check_domains = [ ] simple_match = False if is_debug: _dict = self._debug_level _domains = self._debug_domains _label = self._debug_label else: _dict = self._level _domains = self._domains _label = self._label # no debug for domain in _dict: if domain == "*": # '*' matches everything: simple match if _dict[domain] >= level: simple_match = True if len(check_domains) > 0: check_domains = [ ] break else: if _dict[domain] >= level: check_domains.append(domain) if not simple_match and len(check_domains) < 1: return None if level not in _domains: return None f = inspect.currentframe() # go outside of logger module as long as there is a lower frame while f and f.f_back and f.f_globals["__name__"] == self.__module__: f = f.f_back if not f: raise ValueError("Frame information not available.") # get module name module_name = f.f_globals["__name__"] # simple module match test for all entries of check_domain point_module = module_name + "." for domain in check_domains: if point_module.startswith(domain): # found domain in module name check_domains = [ ] break # get code co = f.f_code # optimization: bail out early if domain can not match at all _len = len(module_name) for domain in _domains[level]: i = domain.find("*") if i == 0: continue elif i > 0: d = domain[:i] else: d = domain if _len >= len(d): if not module_name.startswith(d): return None else: if not d.startswith(module_name): return None # generate _dict for format output level_str = "" if level in _label: level_str = _label[level] _dict = { 'file': co.co_filename, 'line': f.f_lineno, 'module': module_name, 'class': '', 'function': co.co_name, 'domain': '', 'label' : level_str, 'level' : level, 'date' : time.strftime(self._date_format, time.localtime()) } if _dict["function"] == "?": _dict["function"] = "" # domain match needed? domain_needed = False for domain in _domains[level]: # standard domain, matches everything if domain == "*": continue # domain is needed domain_needed = True break # do we need to get the class object? if self._format.find("%(domain)") >= 0 or \ self._format.find("%(class)") >= 0 or \ domain_needed or \ len(check_domains) > 0: obj = self._getClass(f) if obj: _dict["class"] = obj.__name__ # build domain string _dict["domain"] = "" + _dict["module"] if _dict["class"] != "": _dict["domain"] += "." + _dict["class"] if _dict["function"] != "": _dict["domain"] += "." + _dict["function"] if len(check_domains) < 1: return _dict point_domain = _dict["domain"] + "." for domain in check_domains: if point_domain.startswith(domain) or \ fnmatch.fnmatchcase(_dict["domain"], domain): return _dict return None # --------------------------------------------------------------------------- # Global logging object. log = Logger() # --------------------------------------------------------------------------- """ # Example if __name__ == '__main__': log.setInfoLogLevel(log.INFO2) log.setDebugLogLevel(log.DEBUG5) for i in range(log.INFO1, log.INFO_MAX+1): log.setInfoLogLabel(i, "INFO%d: " % i) for i in range(log.DEBUG1, log.DEBUG_MAX+1): log.setDebugLogLabel(i, "DEBUG%d: " % i) log.setFormat("%(date)s %(module)s:%(line)d %(label)s" "%(message)s") log.setDateFormat("%Y-%m-%d %H:%M:%S") fl = FileLog("/tmp/log", "a") log.addInfoLogging("*", fl) log.delDebugLogging("*", log.stdout) log.setDebugLogging("*", log.stdout, [ log.DEBUG1, log.DEBUG2 ] ) log.addDebugLogging("*", fl) # log.addInfoLogging("*", log.syslog, fmt="%(label)s%(message)s") # log.addDebugLogging("*", log.syslog, fmt="%(label)s%(message)s") log.debug10("debug10") log.debug9("debug9") log.debug8("debug8") log.debug7("debug7") log.debug6("debug6") log.debug5("debug5") log.debug4("debug4") log.debug3("debug3") log.debug2("debug2", fmt="%(file)s:%(line)d %(message)s") log.debug1("debug1", nofmt=1) log.info5("info5") log.info4("info4") log.info3("info3") log.info2("info2") log.info1("info1") log.warning("warning\n", nl=0) log.error("error ", nl=0) log.error("error", nofmt=1) log.fatal("fatal") log.info(log.INFO1, "nofmt info", nofmt=1) log.info(log.INFO2, "info2 fmt", fmt="%(file)s:%(line)d %(message)s") try: a = b except Exception as e: log.exception() """ # vim:ts=4:sw=4:showmatch:expandtab firewalld-1.1.1/src/firewall/core/modules.py0000644000000000000000000000720214217342322021030 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """modules backend""" __all__ = [ "modules" ] from firewall.core.prog import runProg from firewall.core.logger import log from firewall.config import COMMANDS class modules(object): def __init__(self): self._load_command = COMMANDS["modprobe"] # Use rmmod instead of modprobe -r (RHBZ#1031102) self._unload_command = COMMANDS["rmmod"] def __repr__(self): return '%s' % (self.__class__) def loaded_modules(self): """ get all loaded kernel modules and their dependencies """ mods = [ ] deps = { } with open("/proc/modules", "r") as f: for line in f: if not line: break line = line.strip() splits = line.split() mods.append(splits[0]) if splits[3] != "-": deps[splits[0]] = splits[3].split(",")[:-1] else: deps[splits[0]] = [ ] return mods, deps # [loaded modules], {module:[dependants]} def load_module(self, module): log.debug2("%s: %s %s", self.__class__, self._load_command, module) return runProg(self._load_command, [ module ]) def unload_module(self, module): log.debug2("%s: %s %s", self.__class__, self._unload_command, module) return runProg(self._unload_command, [ module ]) def get_deps(self, module, deps, ret): """ get all dependants of a module """ if module not in deps: return for mod in deps[module]: self.get_deps(mod, deps, ret) if mod not in ret: ret.append(mod) if module not in ret: ret.append(module) def get_firewall_modules(self): """ get all loaded firewall-related modules """ mods = [ ] (mods2, deps) = self.loaded_modules() self.get_deps("nf_conntrack", deps, mods) # these modules don't have dependants listed in /proc/modules for bad_bad_module in ["nf_conntrack_ipv4", "nf_conntrack_ipv6"]: if bad_bad_module in mods: # move them to end of list, so we'll remove them later mods.remove(bad_bad_module) mods.insert(-1, bad_bad_module) for mod in mods2: if mod in [ "ip_tables", "ip6_tables", "ebtables" ] or \ mod.startswith("iptable_") or mod.startswith("ip6table_") or \ mod.startswith("nf_") or mod.startswith("xt_") or \ mod.startswith("ipt_") or mod.startswith("ip6t_") : self.get_deps(mod, deps, mods) return mods def unload_firewall_modules(self): """ unload all firewall-related modules """ for module in self.get_firewall_modules(): (status, ret) = self.unload_module(module) if status != 0: log.debug1("Failed to unload module '%s': %s" %(module, ret)) firewalld-1.1.1/src/firewall/core/nftables.py0000644000000000000000000027224214217342322021166 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2018 Red Hat, Inc. # # Authors: # Eric Garver # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import copy import json import ipaddress from firewall.core.logger import log from firewall.functions import check_mac, getPortRange, normalizeIP6, \ check_single_address, check_address from firewall.errors import FirewallError, UNKNOWN_ERROR, INVALID_RULE, \ INVALID_ICMPTYPE, INVALID_TYPE, INVALID_ENTRY, \ INVALID_PORT from firewall.core.rich import Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark, \ Rich_Masquerade, Rich_ForwardPort, Rich_IcmpBlock, \ Rich_Tcp_Mss_Clamp, Rich_NFLog from firewall.core.base import DEFAULT_ZONE_TARGET from nftables.nftables import Nftables TABLE_NAME = "firewalld" TABLE_NAME_POLICY = TABLE_NAME + "_" + "policy_drop" POLICY_CHAIN_PREFIX = "policy_" # Map iptables (table, chain) to hooks and priorities. # These are well defined by NF_IP_PRI_* defines in netfilter. # # This is analogous to ipXtables.BUILT_IN_CHAINS, but we omit the chains that # are only used for direct rules. # # Note: All hooks use their standard position + NFT_HOOK_OFFSET. This means # iptables will have DROP precedence. It also means that even if iptables # ACCEPTs a packet it may still be dropped later by firewalld's rules. # NFT_HOOK_OFFSET = 10 IPTABLES_TO_NFT_HOOK = { #"security": { # "INPUT": ("input", 50 + NFT_HOOK_OFFSET), # "OUTPUT": ("output", 50 + NFT_HOOK_OFFSET), # "FORWARD": ("forward", 50 + NFT_HOOK_OFFSET), #}, "raw": { # "PREROUTING": ("prerouting", -300 + NFT_HOOK_OFFSET), # "OUTPUT": ("output", -300 + NFT_HOOK_OFFSET), }, "mangle": { "PREROUTING": ("prerouting", -150 + NFT_HOOK_OFFSET), # "POSTROUTING": ("postrouting", -150 + NFT_HOOK_OFFSET), # "INPUT": ("input", -150 + NFT_HOOK_OFFSET), # "OUTPUT": ("output", -150 + NFT_HOOK_OFFSET), # "FORWARD": ("forward", -150 + NFT_HOOK_OFFSET), }, "nat": { "PREROUTING": ("prerouting", -100 + NFT_HOOK_OFFSET), "POSTROUTING": ("postrouting", 100 + NFT_HOOK_OFFSET), # "INPUT": ("input", 100 + NFT_HOOK_OFFSET), "OUTPUT": ("output", -100 + NFT_HOOK_OFFSET), }, "filter": { "PREROUTING": ("prerouting", 0 + NFT_HOOK_OFFSET), "INPUT": ("input", 0 + NFT_HOOK_OFFSET), "FORWARD": ("forward", 0 + NFT_HOOK_OFFSET), "OUTPUT": ("output", 0 + NFT_HOOK_OFFSET), }, } def _icmp_types_fragments(protocol, type, code=None): fragments = [{"match": {"left": {"payload": {"protocol": protocol, "field": "type"}}, "op": "==", "right": type}}] if code is not None: fragments.append({"match": {"left": {"payload": {"protocol": protocol, "field": "code"}}, "op": "==", "right": code}}) return fragments # Most ICMP types are provided by nft, but for the codes we have to use numeric # values. # ICMP_TYPES_FRAGMENTS = { "ipv4": { "communication-prohibited": _icmp_types_fragments("icmp", "destination-unreachable", 13), "destination-unreachable": _icmp_types_fragments("icmp", "destination-unreachable"), "echo-reply": _icmp_types_fragments("icmp", "echo-reply"), "echo-request": _icmp_types_fragments("icmp", "echo-request"), "fragmentation-needed": _icmp_types_fragments("icmp", "destination-unreachable", 4), "host-precedence-violation": _icmp_types_fragments("icmp", "destination-unreachable", 14), "host-prohibited": _icmp_types_fragments("icmp", "destination-unreachable", 10), "host-redirect": _icmp_types_fragments("icmp", "redirect", 1), "host-unknown": _icmp_types_fragments("icmp", "destination-unreachable", 7), "host-unreachable": _icmp_types_fragments("icmp", "destination-unreachable", 1), "ip-header-bad": _icmp_types_fragments("icmp", "parameter-problem", 1), "network-prohibited": _icmp_types_fragments("icmp", "destination-unreachable", 8), "network-redirect": _icmp_types_fragments("icmp", "redirect", 0), "network-unknown": _icmp_types_fragments("icmp", "destination-unreachable", 6), "network-unreachable": _icmp_types_fragments("icmp", "destination-unreachable", 0), "parameter-problem": _icmp_types_fragments("icmp", "parameter-problem"), "port-unreachable": _icmp_types_fragments("icmp", "destination-unreachable", 3), "precedence-cutoff": _icmp_types_fragments("icmp", "destination-unreachable", 15), "protocol-unreachable": _icmp_types_fragments("icmp", "destination-unreachable", 2), "redirect": _icmp_types_fragments("icmp", "redirect"), "required-option-missing": _icmp_types_fragments("icmp", "parameter-problem", 1), "router-advertisement": _icmp_types_fragments("icmp", "router-advertisement"), "router-solicitation": _icmp_types_fragments("icmp", "router-solicitation"), "source-quench": _icmp_types_fragments("icmp", "source-quench"), "source-route-failed": _icmp_types_fragments("icmp", "destination-unreachable", 5), "time-exceeded": _icmp_types_fragments("icmp", "time-exceeded"), "timestamp-reply": _icmp_types_fragments("icmp", "timestamp-reply"), "timestamp-request": _icmp_types_fragments("icmp", "timestamp-request"), "tos-host-redirect": _icmp_types_fragments("icmp", "redirect", 3), "tos-host-unreachable": _icmp_types_fragments("icmp", "destination-unreachable", 12), "tos-network-redirect": _icmp_types_fragments("icmp", "redirect", 2), "tos-network-unreachable": _icmp_types_fragments("icmp", "destination-unreachable", 11), "ttl-zero-during-reassembly": _icmp_types_fragments("icmp", "time-exceeded", 1), "ttl-zero-during-transit": _icmp_types_fragments("icmp", "time-exceeded", 0), }, "ipv6": { "address-unreachable": _icmp_types_fragments("icmpv6", "destination-unreachable", 3), "bad-header": _icmp_types_fragments("icmpv6", "parameter-problem", 0), "beyond-scope": _icmp_types_fragments("icmpv6", "destination-unreachable", 2), "communication-prohibited": _icmp_types_fragments("icmpv6", "destination-unreachable", 1), "destination-unreachable": _icmp_types_fragments("icmpv6", "destination-unreachable"), "echo-reply": _icmp_types_fragments("icmpv6", "echo-reply"), "echo-request": _icmp_types_fragments("icmpv6", "echo-request"), "failed-policy": _icmp_types_fragments("icmpv6", "destination-unreachable", 5), "neighbour-advertisement": _icmp_types_fragments("icmpv6", "nd-neighbor-advert"), "neighbour-solicitation": _icmp_types_fragments("icmpv6", "nd-neighbor-solicit"), "no-route": _icmp_types_fragments("icmpv6", "destination-unreachable", 0), "packet-too-big": _icmp_types_fragments("icmpv6", "packet-too-big"), "parameter-problem": _icmp_types_fragments("icmpv6", "parameter-problem"), "port-unreachable": _icmp_types_fragments("icmpv6", "destination-unreachable", 4), "redirect": _icmp_types_fragments("icmpv6", "nd-redirect"), "reject-route": _icmp_types_fragments("icmpv6", "destination-unreachable", 6), "router-advertisement": _icmp_types_fragments("icmpv6", "nd-router-advert"), "router-solicitation": _icmp_types_fragments("icmpv6", "nd-router-solicit"), "time-exceeded": _icmp_types_fragments("icmpv6", "time-exceeded"), "ttl-zero-during-reassembly": _icmp_types_fragments("icmpv6", "time-exceeded", 1), "ttl-zero-during-transit": _icmp_types_fragments("icmpv6", "time-exceeded", 0), "unknown-header-type": _icmp_types_fragments("icmpv6", "parameter-problem", 1), "unknown-option": _icmp_types_fragments("icmpv6", "parameter-problem", 2), } } class nftables(object): name = "nftables" policies_supported = True def __init__(self, fw): self._fw = fw self.restore_command_exists = True self.available_tables = [] self.rule_to_handle = {} self.rule_ref_count = {} self.rich_rule_priority_counts = {} self.policy_priority_counts = {} self.zone_source_index_cache = {} self.created_tables = {"inet": []} self.nftables = Nftables() self.nftables.set_echo_output(True) self.nftables.set_handle_output(True) def _run_replace_zone_source(self, rule, zone_source_index_cache): for verb in ["add", "insert", "delete"]: if verb in rule: break if "%%ZONE_SOURCE%%" in rule[verb]["rule"]: zone_source = (rule[verb]["rule"]["%%ZONE_SOURCE%%"]["zone"], rule[verb]["rule"]["%%ZONE_SOURCE%%"]["address"]) del rule[verb]["rule"]["%%ZONE_SOURCE%%"] elif "%%ZONE_INTERFACE%%" in rule[verb]["rule"]: zone_source = None del rule[verb]["rule"]["%%ZONE_INTERFACE%%"] else: return family = rule[verb]["rule"]["family"] if zone_source and verb == "delete": if family in zone_source_index_cache and \ zone_source in zone_source_index_cache[family]: zone_source_index_cache[family].remove(zone_source) elif verb != "delete": if family not in zone_source_index_cache: zone_source_index_cache[family] = [] if zone_source: # order source based dispatch by zone name if zone_source not in zone_source_index_cache[family]: zone_source_index_cache[family].append(zone_source) zone_source_index_cache[family].sort(key=lambda x: x[0]) index = zone_source_index_cache[family].index(zone_source) else: index = len(zone_source_index_cache[family]) _verb_snippet = rule[verb] del rule[verb] if index == 0: rule["insert"] = _verb_snippet else: index -= 1 # point to the rule before insertion point rule["add"] = _verb_snippet rule["add"]["rule"]["index"] = index def reverse_rule(self, dict): if "insert" in dict: return {"delete": copy.deepcopy(dict["insert"])} elif "add" in dict: return {"delete": copy.deepcopy(dict["add"])} else: raise FirewallError(UNKNOWN_ERROR, "Failed to reverse rule") def _set_rule_replace_priority(self, rule, priority_counts, token): for verb in ["add", "insert", "delete"]: if verb in rule: break if token in rule[verb]["rule"]: priority = rule[verb]["rule"][token] del rule[verb]["rule"][token] if type(priority) != int: raise FirewallError(INVALID_RULE, "priority must be followed by a number") chain = (rule[verb]["rule"]["family"], rule[verb]["rule"]["chain"]) # family, chain # Add the rule to the priority counts. We don't need to store the # rule, just bump the ref count for the priority value. if verb == "delete": if chain not in priority_counts or \ priority not in priority_counts[chain] or \ priority_counts[chain][priority] <= 0: raise FirewallError(UNKNOWN_ERROR, "nonexistent or underflow of priority count") priority_counts[chain][priority] -= 1 else: if chain not in priority_counts: priority_counts[chain] = {} if priority not in priority_counts[chain]: priority_counts[chain][priority] = 0 # calculate index of new rule index = 0 for p in sorted(priority_counts[chain].keys()): if p == priority and verb == "insert": break index += priority_counts[chain][p] if p == priority and verb == "add": break priority_counts[chain][priority] += 1 _verb_snippet = rule[verb] del rule[verb] if index == 0: rule["insert"] = _verb_snippet else: index -= 1 # point to the rule before insertion point rule["add"] = _verb_snippet rule["add"]["rule"]["index"] = index def _get_rule_key(self, rule): for verb in ["add", "insert", "delete"]: if verb in rule and "rule" in rule[verb]: rule_key = copy.deepcopy(rule[verb]["rule"]) for non_key in ["index", "handle", "position"]: if non_key in rule_key: del rule_key[non_key] # str(rule_key) is insufficient because dictionary order is # not stable.. so abuse the JSON library rule_key = json.dumps(rule_key, sort_keys=True) return rule_key # Not a rule (it's a table, chain, etc) return None def set_rules(self, rules, log_denied): _valid_verbs = ["add", "insert", "delete", "flush", "replace"] _valid_add_verbs = ["add", "insert", "replace"] _deduplicated_rules = [] _executed_rules = [] rich_rule_priority_counts = copy.deepcopy(self.rich_rule_priority_counts) policy_priority_counts = copy.deepcopy(self.policy_priority_counts) zone_source_index_cache = copy.deepcopy(self.zone_source_index_cache) rule_ref_count = self.rule_ref_count.copy() for rule in rules: if type(rule) != dict: raise FirewallError(UNKNOWN_ERROR, "rule must be a dictionary, rule: %s" % (rule)) for verb in _valid_verbs: if verb in rule: break if verb not in rule: raise FirewallError(INVALID_RULE, "no valid verb found, rule: %s" % (rule)) rule_key = self._get_rule_key(rule) # rule deduplication if rule_key in rule_ref_count: log.debug2("%s: prev rule ref cnt %d, %s", self.__class__, rule_ref_count[rule_key], rule_key) if verb != "delete": rule_ref_count[rule_key] += 1 continue elif rule_ref_count[rule_key] > 1: rule_ref_count[rule_key] -= 1 continue elif rule_ref_count[rule_key] == 1: rule_ref_count[rule_key] -= 1 else: raise FirewallError(UNKNOWN_ERROR, "rule ref count bug: rule_key '%s', cnt %d" % (rule_key, rule_ref_count[rule_key])) elif rule_key and verb != "delete": rule_ref_count[rule_key] = 1 _deduplicated_rules.append(rule) _rule = copy.deepcopy(rule) if rule_key: # filter empty rule expressions. Rich rules add quite a bit of # them, but it makes the rest of the code simpler. libnftables # does not tolerate them. _rule[verb]["rule"]["expr"] = list(filter(None, _rule[verb]["rule"]["expr"])) self._set_rule_replace_priority(_rule, rich_rule_priority_counts, "%%RICH_RULE_PRIORITY%%") self._set_rule_replace_priority(_rule, policy_priority_counts, "%%POLICY_PRIORITY%%") self._run_replace_zone_source(_rule, zone_source_index_cache) # delete using rule handle if verb == "delete": _rule = {"delete": {"rule": {"family": _rule["delete"]["rule"]["family"], "table": _rule["delete"]["rule"]["table"], "chain": _rule["delete"]["rule"]["chain"], "handle": self.rule_to_handle[rule_key]}}} _executed_rules.append(_rule) json_blob = {"nftables": [{"metainfo": {"json_schema_version": 1}}] + _executed_rules} if log.getDebugLogLevel() >= 3: # guarded with if statement because json.dumps() is expensive. log.debug3("%s: calling python-nftables with JSON blob: %s", self.__class__, json.dumps(json_blob)) rc, output, error = self.nftables.json_cmd(json_blob) if rc != 0: raise ValueError("'%s' failed: %s\nJSON blob:\n%s" % ("python-nftables", error, json.dumps(json_blob))) self.rich_rule_priority_counts = rich_rule_priority_counts self.policy_priority_counts = policy_priority_counts self.zone_source_index_cache = zone_source_index_cache self.rule_ref_count = rule_ref_count index = 0 for rule in _deduplicated_rules: index += 1 # +1 due to metainfo rule_key = self._get_rule_key(rule) if not rule_key: continue if "delete" in rule: del self.rule_to_handle[rule_key] del self.rule_ref_count[rule_key] continue for verb in _valid_add_verbs: if verb in output["nftables"][index]: break if verb not in output["nftables"][index]: continue self.rule_to_handle[rule_key] = output["nftables"][index][verb]["rule"]["handle"] def set_rule(self, rule, log_denied): self.set_rules([rule], log_denied) return "" def get_available_tables(self, table=None): # Tables always exist in nftables return [table] if table else IPTABLES_TO_NFT_HOOK.keys() def build_flush_rules(self): # Policy is stashed in a separate table that we're _not_ going to # flush. As such, we retain the policy rule handles and ref counts. saved_rule_to_handle = {} saved_rule_ref_count = {} for rule in self._build_set_policy_rules_ct_rules(True): policy_key = self._get_rule_key(rule) if policy_key in self.rule_to_handle: saved_rule_to_handle[policy_key] = self.rule_to_handle[policy_key] saved_rule_ref_count[policy_key] = self.rule_ref_count[policy_key] self.rule_to_handle = saved_rule_to_handle self.rule_ref_count = saved_rule_ref_count self.rich_rule_priority_counts = {} self.policy_priority_counts = {} self.zone_source_index_cache = {} rules = [] if TABLE_NAME in self.created_tables["inet"]: rules.append({"delete": {"table": {"family": "inet", "name": TABLE_NAME}}}) self.created_tables["inet"].remove(TABLE_NAME) return rules def _build_set_policy_rules_ct_rules(self, enable): add_del = { True: "add", False: "delete" }[enable] rules = [] for hook in ["input", "forward", "output"]: rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME_POLICY, "chain": "%s_%s" % ("filter", hook), "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": None}]}}}) return rules def build_set_policy_rules(self, policy): # Policy is not exposed to the user. It's only to make sure we DROP # packets while reloading and for panic mode. As such, using hooks with # a higher priority than our base chains is sufficient. rules = [] if policy == "PANIC": rules.append({"add": {"table": {"family": "inet", "name": TABLE_NAME_POLICY}}}) self.created_tables["inet"].append(TABLE_NAME_POLICY) # Use "raw" priority for panic mode. This occurs before # conntrack, mangle, nat, etc for hook in ["prerouting", "output"]: rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME_POLICY, "name": "%s_%s" % ("raw", hook), "type": "filter", "hook": hook, "prio": -300 + NFT_HOOK_OFFSET - 1, "policy": "drop"}}}) if policy == "DROP": rules.append({"add": {"table": {"family": "inet", "name": TABLE_NAME_POLICY}}}) self.created_tables["inet"].append(TABLE_NAME_POLICY) # To drop everything except existing connections we use # "filter" because it occurs _after_ conntrack. for hook in ["input", "forward", "output"]: rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME_POLICY, "name": "%s_%s" % ("filter", hook), "type": "filter", "hook": hook, "prio": 0 + NFT_HOOK_OFFSET - 1, "policy": "drop"}}}) rules += self._build_set_policy_rules_ct_rules(True) elif policy == "ACCEPT": for rule in self._build_set_policy_rules_ct_rules(False): policy_key = self._get_rule_key(rule) if policy_key in self.rule_to_handle: rules.append(rule) if TABLE_NAME_POLICY in self.created_tables["inet"]: rules.append({"delete": {"table": {"family": "inet", "name": TABLE_NAME_POLICY}}}) self.created_tables["inet"].remove(TABLE_NAME_POLICY) else: FirewallError(UNKNOWN_ERROR, "not implemented") return rules def supported_icmp_types(self, ipv=None): # nftables supports any icmp_type via arbitrary type/code matching. # We just need a translation for it in ICMP_TYPES_FRAGMENTS. supported = set() for _ipv in [ipv] if ipv else ICMP_TYPES_FRAGMENTS.keys(): supported.update(ICMP_TYPES_FRAGMENTS[_ipv].keys()) return list(supported) def build_default_tables(self): default_tables = [] default_tables.append({"add": {"table": {"family": "inet", "name": TABLE_NAME}}}) self.created_tables["inet"].append(TABLE_NAME) return default_tables def build_default_rules(self, log_denied="off"): default_rules = [] for chain in IPTABLES_TO_NFT_HOOK["mangle"].keys(): default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "mangle_%s" % chain, "type": "filter", "hook": "%s" % IPTABLES_TO_NFT_HOOK["mangle"][chain][0], "prio": IPTABLES_TO_NFT_HOOK["mangle"][chain][1]}}}) for dispatch_suffix in ["POLICIES_pre", "ZONES", "POLICIES_post"]: default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "mangle_%s_%s" % (chain, dispatch_suffix)}}}) for dispatch_suffix in ["ZONES"]: default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "mangle_%s" % chain, "expr": [{"jump": {"target": "mangle_%s_%s" % (chain, dispatch_suffix)}}]}}}) for chain in IPTABLES_TO_NFT_HOOK["nat"].keys(): default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "nat_%s" % chain, "type": "nat", "hook": "%s" % IPTABLES_TO_NFT_HOOK["nat"][chain][0], "prio": IPTABLES_TO_NFT_HOOK["nat"][chain][1]}}}) if chain in ["OUTPUT"]: # nat, output does not have zone dispatch for dispatch_suffix in ["POLICIES_pre", "POLICIES_post"]: default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "nat_%s_%s" % (chain, dispatch_suffix)}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "nat_%s" % chain, "expr": [{"jump": {"target": "nat_%s_%s" % (chain, dispatch_suffix)}}]}}}) else: for dispatch_suffix in ["POLICIES_pre", "ZONES", "POLICIES_post"]: default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "nat_%s_%s" % (chain, dispatch_suffix)}}}) for dispatch_suffix in ["ZONES"]: default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "nat_%s" % chain, "expr": [{"jump": {"target": "nat_%s_%s" % (chain, dispatch_suffix)}}]}}}) for chain in IPTABLES_TO_NFT_HOOK["filter"].keys(): default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "filter_%s" % chain, "type": "filter", "hook": "%s" % IPTABLES_TO_NFT_HOOK["filter"][chain][0], "prio": IPTABLES_TO_NFT_HOOK["filter"][chain][1]}}}) # filter, INPUT default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": None}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": None}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": None}]}}}) for dispatch_suffix in ["POLICIES_pre", "ZONES", "POLICIES_post"]: default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "filter_%s_%s" % ("INPUT", dispatch_suffix)}}}) for dispatch_suffix in ["ZONES"]: default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"jump": {"target": "filter_%s_%s" % ("INPUT", dispatch_suffix)}}]}}}) if log_denied != "off": default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, self._pkttype_match_fragment(log_denied), {"log": {"prefix": "STATE_INVALID_DROP: "}}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": None}]}}}) if log_denied != "off": default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [self._pkttype_match_fragment(log_denied), {"log": {"prefix": "FINAL_REJECT: "}}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "INPUT", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}) # filter, FORWARD default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": None}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": None}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": None}]}}}) for dispatch_suffix in ["POLICIES_pre"]: default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "filter_%s_%s" % ("FORWARD", dispatch_suffix)}}}) for dispatch_suffix in ["ZONES"]: default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "filter_%s_%s" % ("FORWARD", dispatch_suffix)}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"jump": {"target": "filter_%s_%s" % ("FORWARD", dispatch_suffix)}}]}}}) for dispatch_suffix in ["POLICIES_post"]: default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "filter_%s_%s" % ("FORWARD", dispatch_suffix)}}}) if log_denied != "off": default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, self._pkttype_match_fragment(log_denied), {"log": {"prefix": "STATE_INVALID_DROP: "}}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": None}]}}}) if log_denied != "off": default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [self._pkttype_match_fragment(log_denied), {"log": {"prefix": "FINAL_REJECT: "}}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "FORWARD", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}) # filter, OUTPUT default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "OUTPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": None}]}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_OUTPUT", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "lo"}}, {"accept": None}]}}}) for dispatch_suffix in ["POLICIES_pre"]: default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "filter_%s_%s" % ("OUTPUT", dispatch_suffix)}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "OUTPUT", "expr": [{"jump": {"target": "filter_%s_%s" % ("OUTPUT", dispatch_suffix)}}]}}}) for dispatch_suffix in ["POLICIES_post"]: default_rules.append({"add": {"chain": {"family": "inet", "table": TABLE_NAME, "name": "filter_%s_%s" % ("OUTPUT", dispatch_suffix)}}}) default_rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s" % "OUTPUT", "expr": [{"jump": {"target": "filter_%s_%s" % ("OUTPUT", dispatch_suffix)}}]}}}) return default_rules def get_zone_table_chains(self, table): if table == "filter": return ["INPUT", "FORWARD"] if table == "mangle": return ["PREROUTING"] if table == "nat": return ["PREROUTING", "POSTROUTING"] return [] def build_policy_ingress_egress_rules(self, enable, policy, table, chain, ingress_interfaces, egress_interfaces, ingress_sources, egress_sources): p_obj = self._fw.policy.get_policy(policy) chain_suffix = "pre" if p_obj.priority < 0 else "post" isSNAT = True if (table == "nat" and chain == "POSTROUTING") else False _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX, isSNAT) ingress_fragments = [] egress_fragments = [] if ingress_interfaces: ingress_fragments.append({"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": {"set": list(ingress_interfaces)}}}) if egress_interfaces: egress_fragments.append({"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": {"set": list(egress_interfaces)}}}) if ingress_sources: for src in ingress_sources: ingress_fragments.append(self._rule_addr_fragment("saddr", src)) if egress_sources: for dst in egress_sources: egress_fragments.append(self._rule_addr_fragment("daddr", dst)) def _generate_policy_dispatch_rule(ingress_fragment, egress_fragment): expr_fragments = [] if ingress_fragment: expr_fragments.append(ingress_fragment) if egress_fragment: expr_fragments.append(egress_fragment) expr_fragments.append({"jump": {"target": "%s_%s" % (table, _policy)}}) rule = {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_POLICIES_%s" % (table, chain, chain_suffix), "expr": expr_fragments} rule.update(self._policy_priority_fragment(p_obj)) if enable: return {"add": {"rule": rule}} else: return {"delete": {"rule": rule}} rules = [] if ingress_fragments: # zone --> [zone, ANY, HOST] for ingress_fragment in ingress_fragments: if egress_fragments: # zone --> zone for egress_fragment in egress_fragments: rules.append(_generate_policy_dispatch_rule(ingress_fragment, egress_fragment)) else: # zone --> [ANY, HOST] rules.append(_generate_policy_dispatch_rule(ingress_fragment, None)) else: # [ANY, HOST] --> [zone, ANY, HOST] if egress_fragments: # [ANY, HOST] --> zone for egress_fragment in egress_fragments: rules.append(_generate_policy_dispatch_rule(None, egress_fragment)) else: # [ANY, HOST] --> [ANY, HOST] rules.append(_generate_policy_dispatch_rule(None, None)) return rules def build_zone_source_interface_rules(self, enable, zone, policy, interface, table, chain, append=False): isSNAT = True if (table == "nat" and chain == "POSTROUTING") else False _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX, isSNAT=isSNAT) opt = { "PREROUTING": "iifname", "POSTROUTING": "oifname", "INPUT": "iifname", "FORWARD": "iifname", "OUTPUT": "oifname", }[chain] if interface[len(interface)-1] == "+": interface = interface[:len(interface)-1] + "*" action = "goto" if interface == "*": expr_fragments = [{action: {"target": "%s_%s" % (table, _policy)}}] else: expr_fragments = [{"match": {"left": {"meta": {"key": opt}}, "op": "==", "right": interface}}, {action: {"target": "%s_%s" % (table, _policy)}}] if enable and not append: verb = "insert" rule = {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_ZONES" % (table, chain), "expr": expr_fragments} rule.update(self._zone_interface_fragment()) elif enable: verb = "add" rule = {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_ZONES" % (table, chain), "expr": expr_fragments} else: verb = "delete" rule = {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_ZONES" % (table, chain), "expr": expr_fragments} if not append: rule.update(self._zone_interface_fragment()) return [{verb: {"rule": rule}}] def build_zone_source_address_rules(self, enable, zone, policy, address, table, chain): isSNAT = True if (table == "nat" and chain == "POSTROUTING") else False _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX, isSNAT=isSNAT) add_del = { True: "insert", False: "delete" }[enable] opt = { "PREROUTING": "saddr", "POSTROUTING": "daddr", "INPUT": "saddr", "FORWARD": "saddr", "OUTPUT": "daddr", }[chain] action = "goto" rule = {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_ZONES" % (table, chain), "expr": [self._rule_addr_fragment(opt, address), {action: {"target": "%s_%s" % (table, _policy)}}]} rule.update(self._zone_source_fragment(zone, address)) return [{add_del: {"rule": rule}}] def build_policy_chain_rules(self, enable, policy, table, chain): add_del = { True: "add", False: "delete" }[enable] isSNAT = True if (table == "nat" and chain == "POSTROUTING") else False _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX, isSNAT=isSNAT) p_obj = self._fw.policy.get_policy(policy) rules = [] rules.append({add_del: {"chain": {"family": "inet", "table": TABLE_NAME, "name": "%s_%s" % (table, _policy)}}}) for chain_suffix in ["pre", "log", "deny", "allow", "post"]: rules.append({add_del: {"chain": {"family": "inet", "table": TABLE_NAME, "name": "%s_%s_%s" % (table, _policy, chain_suffix)}}}) # policy dispatch if p_obj.derived_from_zone: rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s" % (table, _policy), "expr": [{"jump": {"target": "%s_%s_%s" % (table, chain, "POLICIES_pre")}}]}}}) for chain_suffix in ["pre", "log", "deny", "allow", "post"]: rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s" % (table, _policy), "expr": [{"jump": {"target": "%s_%s_%s" % (table, _policy, chain_suffix)}}]}}}) # since zones are always terminal we need to jump to the policy # dispatch just before the catch-all accept/drop if p_obj.derived_from_zone: rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s" % (table, _policy), "expr": [{"jump": {"target": "%s_%s_%s" % (table, chain, "POLICIES_post")}}]}}}) target = self._fw.policy._policies[policy].target if self._fw.get_log_denied() != "off": if table == "filter": if target in [DEFAULT_ZONE_TARGET, "REJECT", "%%REJECT%%", "DROP"]: log_suffix = target if target in [DEFAULT_ZONE_TARGET, "%%REJECT%%"]: log_suffix = "REJECT" rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s" % (table, _policy), "expr": [self._pkttype_match_fragment(self._fw.get_log_denied()), {"log": {"prefix": "\"filter_%s_%s: \"" % (_policy, log_suffix)}}]}}}) if table == "filter" and \ target in [DEFAULT_ZONE_TARGET, "ACCEPT", "REJECT", "%%REJECT%%", "DROP"]: if target in [DEFAULT_ZONE_TARGET, "%%REJECT%%", "REJECT"]: target_fragment = self._reject_fragment() else: target_fragment = {target.lower(): None} rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s" % (table, _policy), "expr": [target_fragment]}}}) if not enable: rules.reverse() return rules def _pkttype_match_fragment(self, pkttype): if pkttype == "all": return {} elif pkttype in ["unicast", "broadcast", "multicast"]: return {"match": {"left": {"meta": {"key": "pkttype"}}, "op": "==", "right": pkttype}} raise FirewallError(INVALID_RULE, "Invalid pkttype \"%s\"", pkttype) def _reject_types_fragment(self, reject_type): frags = { # REJECT_TYPES : "icmp-host-prohibited" : {"reject": {"type": "icmp", "expr": "host-prohibited"}}, "host-prohib" : {"reject": {"type": "icmp", "expr": "host-prohibited"}}, "icmp-net-prohibited" : {"reject": {"type": "icmp", "expr": "net-prohibited"}}, "net-prohib" : {"reject": {"type": "icmp", "expr": "net-prohibited"}}, "icmp-admin-prohibited" : {"reject": {"type": "icmp", "expr": "admin-prohibited"}}, "admin-prohib" : {"reject": {"type": "icmp", "expr": "admin-prohibited"}}, "icmp6-adm-prohibited" : {"reject": {"type": "icmpv6", "expr": "admin-prohibited"}}, "adm-prohibited" : {"reject": {"type": "icmpv6", "expr": "admin-prohibited"}}, "icmp-net-unreachable" : {"reject": {"type": "icmp", "expr": "net-unreachable"}}, "net-unreach" : {"reject": {"type": "icmp", "expr": "net-unreachable"}}, "icmp-host-unreachable" : {"reject": {"type": "icmp", "expr": "host-unreachable"}}, "host-unreach" : {"reject": {"type": "icmp", "expr": "host-unreachable"}}, "icmp-port-unreachable" : {"reject": {"type": "icmp", "expr": "port-unreachable"}}, "icmp6-port-unreachable" : {"reject": {"type": "icmpv6", "expr": "port-unreachable"}}, "port-unreach" : {"reject": {"type": "icmpx", "expr": "port-unreachable"}}, "icmp-proto-unreachable" : {"reject": {"type": "icmp", "expr": "prot-unreachable"}}, "proto-unreach" : {"reject": {"type": "icmp", "expr": "prot-unreachable"}}, "icmp6-addr-unreachable" : {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}, "addr-unreach" : {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}, "icmp6-no-route" : {"reject": {"type": "icmpv6", "expr": "no-route"}}, "no-route" : {"reject": {"type": "icmpv6", "expr": "no-route"}}, "tcp-reset" : {"reject": {"type": "tcp reset"}}, "tcp-rst" : {"reject": {"type": "tcp reset"}}, } return frags[reject_type] def _reject_fragment(self): return {"reject": {"type": "icmpx", "expr": "admin-prohibited"}} def _icmp_match_fragment(self): return {"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}} def _rich_rule_limit_fragment(self, limit): if not limit: return {} rich_to_nft = { "s" : "second", "m" : "minute", "h" : "hour", "d" : "day", } try: i = limit.value.index("/") except ValueError: raise FirewallError(INVALID_RULE, "Expected '/' in limit") return {"limit": {"rate": int(limit.value[0:i]), "per": rich_to_nft[limit.value[i+1]]}} def _rich_rule_chain_suffix(self, rich_rule): if type(rich_rule.element) in [Rich_Masquerade, Rich_ForwardPort, Rich_IcmpBlock, Rich_Tcp_Mss_Clamp]: # These are special and don't have an explicit action pass elif rich_rule.action: if type(rich_rule.action) not in [Rich_Accept, Rich_Reject, Rich_Drop, Rich_Mark]: raise FirewallError(INVALID_RULE, "Unknown action %s" % type(rich_rule.action)) else: raise FirewallError(INVALID_RULE, "No rule action specified.") if rich_rule.priority == 0: if type(rich_rule.element) in [Rich_Masquerade, Rich_ForwardPort, Rich_Tcp_Mss_Clamp] or \ type(rich_rule.action) in [Rich_Accept, Rich_Mark]: return "allow" elif type(rich_rule.element) in [Rich_IcmpBlock] or \ type(rich_rule.action) in [Rich_Reject, Rich_Drop]: return "deny" elif rich_rule.priority < 0: return "pre" else: return "post" def _rich_rule_chain_suffix_from_log(self, rich_rule): if not rich_rule.log and not rich_rule.audit: raise FirewallError(INVALID_RULE, "Not log or audit") if rich_rule.priority == 0: return "log" elif rich_rule.priority < 0: return "pre" else: return "post" def _zone_interface_fragment(self): return {"%%ZONE_INTERFACE%%": None} def _zone_source_fragment(self, zone, address): if check_single_address("ipv6", address): address = normalizeIP6(address) elif check_address("ipv6", address): addr_split = address.split("/") address = normalizeIP6(addr_split[0]) + "/" + addr_split[1] return {"%%ZONE_SOURCE%%": {"zone": zone, "address": address}} def _policy_priority_fragment(self, policy): return {"%%POLICY_PRIORITY%%": policy.priority} def _rich_rule_priority_fragment(self, rich_rule): if not rich_rule or rich_rule.priority == 0: return {} return {"%%RICH_RULE_PRIORITY%%": rich_rule.priority} def _rich_rule_log(self, policy, rich_rule, enable, table, expr_fragments): if not rich_rule.log: return {} _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) add_del = { True: "add", False: "delete" }[enable] chain_suffix = self._rich_rule_chain_suffix_from_log(rich_rule) log_options = {} if type(rich_rule.log) == Rich_NFLog: log_options["group"] = int(rich_rule.log.group) if rich_rule.log.group else 0 if rich_rule.log.threshold: log_options["queue-threshold"] = int(rich_rule.log.threshold) else: if rich_rule.log.level: level = "warn" if "warning" == rich_rule.log.level else rich_rule.log.level log_options["level"] = "%s" % level if rich_rule.log.prefix: log_options["prefix"] = "%s" % rich_rule.log.prefix rule = {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_%s" % (table, _policy, chain_suffix), "expr": expr_fragments + [{"log": log_options}, self._rich_rule_limit_fragment(rich_rule.log.limit)]} rule.update(self._rich_rule_priority_fragment(rich_rule)) return {add_del: {"rule": rule}} def _rich_rule_audit(self, policy, rich_rule, enable, table, expr_fragments): if not rich_rule.audit: return {} _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) add_del = { True: "add", False: "delete" }[enable] chain_suffix = self._rich_rule_chain_suffix_from_log(rich_rule) rule = {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_%s" % (table, _policy, chain_suffix), "expr": expr_fragments + [{"log": {"level": "audit"}}, self._rich_rule_limit_fragment(rich_rule.audit.limit)]} rule.update(self._rich_rule_priority_fragment(rich_rule)) return {add_del: {"rule": rule}} def _rich_rule_action(self, policy, rich_rule, enable, table, expr_fragments): if not rich_rule.action: return {} _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) add_del = { True: "add", False: "delete" }[enable] chain_suffix = self._rich_rule_chain_suffix(rich_rule) chain = "%s_%s_%s" % (table, _policy, chain_suffix) if type(rich_rule.action) == Rich_Accept: rule_action = {"accept": None} elif type(rich_rule.action) == Rich_Reject: if rich_rule.action.type: rule_action = self._reject_types_fragment(rich_rule.action.type) else: rule_action = {"reject": None} elif type(rich_rule.action) == Rich_Drop: rule_action = {"drop": None} elif type(rich_rule.action) == Rich_Mark: table = "mangle" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) chain = "%s_%s_%s" % (table, _policy, chain_suffix) value = rich_rule.action.set.split("/") if len(value) > 1: rule_action = {"mangle": {"key": {"meta": {"key": "mark"}}, "value": {"^": [{"&": [{"meta": {"key": "mark"}}, value[1]]}, value[0]]}}} else: rule_action = {"mangle": {"key": {"meta": {"key": "mark"}}, "value": value[0]}} else: raise FirewallError(INVALID_RULE, "Unknown action %s" % type(rich_rule.action)) rule = {"family": "inet", "table": TABLE_NAME, "chain": chain, "expr": expr_fragments + [self._rich_rule_limit_fragment(rich_rule.action.limit), rule_action]} rule.update(self._rich_rule_priority_fragment(rich_rule)) return {add_del: {"rule": rule}} def _rule_addr_fragment(self, addr_field, address, invert=False): if address.startswith("ipset:"): return self._set_match_fragment(address[len("ipset:"):], True if "daddr" == addr_field else False, invert) else: if check_mac(address): family = "ether" elif check_single_address("ipv4", address): family = "ip" elif check_address("ipv4", address): family = "ip" normalized_address = ipaddress.IPv4Network(address, strict=False) address = {"prefix": {"addr": normalized_address.network_address.compressed, "len": normalized_address.prefixlen}} elif check_single_address("ipv6", address): family = "ip6" address = normalizeIP6(address) else: family = "ip6" addr_len = address.split("/") address = {"prefix": {"addr": normalizeIP6(addr_len[0]), "len": int(addr_len[1])}} return {"match": {"left": {"payload": {"protocol": family, "field": addr_field}}, "op": "!=" if invert else "==", "right": address}} def _rich_rule_family_fragment(self, rich_family): if not rich_family: return {} if rich_family not in ["ipv4", "ipv6"]: raise FirewallError(INVALID_RULE, "Invalid family" % rich_family) return {"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": rich_family}} def _rich_rule_destination_fragment(self, rich_dest): if not rich_dest: return {} if rich_dest.addr: address = rich_dest.addr elif rich_dest.ipset: address = "ipset:" + rich_dest.ipset return self._rule_addr_fragment("daddr", address, invert=rich_dest.invert) def _rich_rule_source_fragment(self, rich_source): if not rich_source: return {} if rich_source.addr: address = rich_source.addr elif hasattr(rich_source, "mac") and rich_source.mac: address = rich_source.mac elif hasattr(rich_source, "ipset") and rich_source.ipset: address = "ipset:" + rich_source.ipset return self._rule_addr_fragment("saddr", address, invert=rich_source.invert) def _port_fragment(self, port): range = getPortRange(port) if isinstance(range, int) and range < 0: raise FirewallError(INVALID_PORT) elif len(range) == 1: return range[0] else: return {"range": [range[0], range[1]]} def build_policy_ports_rules(self, enable, policy, proto, port, destination=None, rich_rule=None): add_del = { True: "add", False: "delete" }[enable] table = "filter" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_family_fragment(rich_rule.family)) if destination: expr_fragments.append(self._rule_addr_fragment("daddr", destination)) if rich_rule: expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) expr_fragments.append({"match": {"left": {"payload": {"protocol": proto, "field": "dport"}}, "op": "==", "right": self._port_fragment(port)}}) if not rich_rule or type(rich_rule.action) != Rich_Mark: expr_fragments.append({"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}) rules = [] if rich_rule: rules.append(self._rich_rule_log(policy, rich_rule, enable, table, expr_fragments)) rules.append(self._rich_rule_audit(policy, rich_rule, enable, table, expr_fragments)) rules.append(self._rich_rule_action(policy, rich_rule, enable, table, expr_fragments)) else: rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_allow" % (table, _policy), "expr": expr_fragments + [{"accept": None}]}}}) return rules def build_policy_protocol_rules(self, enable, policy, protocol, destination=None, rich_rule=None): add_del = { True: "add", False: "delete" }[enable] table = "filter" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_family_fragment(rich_rule.family)) if destination: expr_fragments.append(self._rule_addr_fragment("daddr", destination)) if rich_rule: expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) expr_fragments.append({"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": protocol}}) if not rich_rule or type(rich_rule.action) != Rich_Mark: expr_fragments.append({"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}) rules = [] if rich_rule: rules.append(self._rich_rule_log(policy, rich_rule, enable, table, expr_fragments)) rules.append(self._rich_rule_audit(policy, rich_rule, enable, table, expr_fragments)) rules.append(self._rich_rule_action(policy, rich_rule, enable, table, expr_fragments)) else: rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_allow" % (table, _policy), "expr": expr_fragments + [{"accept": None}]}}}) return rules def build_policy_tcp_mss_clamp_rules(self, enable, policy, tcp_mss_clamp_value, destination=None, rich_rule=None): table = "filter" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) add_del = { True: "add", False: "delete" }[enable] expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) chain_suffix = self._rich_rule_chain_suffix(rich_rule) expr_fragments.append({"match": {"op": "in", "left": {"payload": {"protocol": "tcp","field": "flags"}}, "right": "syn"}}) if tcp_mss_clamp_value == "pmtu" or tcp_mss_clamp_value is None: expr_fragments.append({"mangle": {"key": {"tcp option": {"name": "maxseg","field": "size"}}, "value": {"rt": {"key": "mtu" }}}}) else: expr_fragments.append({"mangle": {"key": {"tcp option": {"name": "maxseg","field": "size"}}, "value": tcp_mss_clamp_value}}) rules = [] rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s_%s" % (_policy, chain_suffix), "expr": expr_fragments}}}) return rules def build_policy_source_ports_rules(self, enable, policy, proto, port, destination=None, rich_rule=None): add_del = { True: "add", False: "delete" }[enable] table = "filter" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_family_fragment(rich_rule.family)) if destination: expr_fragments.append(self._rule_addr_fragment("daddr", destination)) if rich_rule: expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) expr_fragments.append({"match": {"left": {"payload": {"protocol": proto, "field": "sport"}}, "op": "==", "right": self._port_fragment(port)}}) if not rich_rule or type(rich_rule.action) != Rich_Mark: expr_fragments.append({"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}) rules = [] if rich_rule: rules.append(self._rich_rule_log(policy, rich_rule, enable, table, expr_fragments)) rules.append(self._rich_rule_audit(policy, rich_rule, enable, table, expr_fragments)) rules.append(self._rich_rule_action(policy, rich_rule, enable, table, expr_fragments)) else: rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_allow" % (table, _policy), "expr": expr_fragments + [{"accept": None}]}}}) return rules def build_policy_helper_ports_rules(self, enable, policy, proto, port, destination, helper_name, module_short_name): table = "filter" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) add_del = { True: "add", False: "delete" }[enable] rules = [] if enable: rules.append({"add": {"ct helper": {"family": "inet", "table": TABLE_NAME, "name": "helper-%s-%s" % (helper_name, proto), "type": module_short_name, "protocol": proto}}}) expr_fragments = [] if destination: expr_fragments.append(self._rule_addr_fragment("daddr", destination)) expr_fragments.append({"match": {"left": {"payload": {"protocol": proto, "field": "dport"}}, "op": "==", "right": self._port_fragment(port)}}) expr_fragments.append({"ct helper": "helper-%s-%s" % (helper_name, proto)}) rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s_allow" % (_policy), "expr": expr_fragments}}}) return rules def build_zone_forward_rules(self, enable, zone, policy, table, interface=None, source=None): add_del = { True: "add", False: "delete" }[enable] _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) rules = [] if interface: if interface[len(interface)-1] == "+": interface = interface[:len(interface)-1] + "*" expr = [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": interface}}, {"accept": None}] else: # source expr = [self._rule_addr_fragment("daddr", source), {"accept": None}] rule = {"family": "inet", "table": TABLE_NAME, "chain": "filter_%s_allow" % (_policy), "expr": expr} rules.append({add_del: {"rule": rule}}) return rules def build_policy_masquerade_rules(self, enable, policy, rich_rule=None): add_del = { True: "add", False: "delete" }[enable] rules = [] expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_family_fragment(rich_rule.family)) expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) chain_suffix = self._rich_rule_chain_suffix(rich_rule) else: expr_fragments.append({"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv4"}}) chain_suffix = "allow" table = "nat" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX, isSNAT=True) rule = {"family": "inet", "table": TABLE_NAME, "chain": "nat_%s_%s" % (_policy, chain_suffix), "expr": expr_fragments + [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "!=", "right": "lo"}}, {"masquerade": None}]} rule.update(self._rich_rule_priority_fragment(rich_rule)) rules.append({add_del: {"rule": rule}}) return rules def build_policy_forward_port_rules(self, enable, policy, port, protocol, toport, toaddr, rich_rule=None): table = "nat" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) add_del = { True: "add", False: "delete" }[enable] expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_family_fragment(rich_rule.family)) expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) chain_suffix = self._rich_rule_chain_suffix(rich_rule) else: nfproto = "ipv4" if toaddr and check_single_address("ipv6", toaddr): nfproto = "ipv6" expr_fragments.append({"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": nfproto}}) chain_suffix = "allow" expr_fragments.append({"match": {"left": {"payload": {"protocol": protocol, "field": "dport"}}, "op": "==", "right": self._port_fragment(port)}}) if toaddr: if check_single_address("ipv6", toaddr): toaddr = normalizeIP6(toaddr) if toport and toport != "": expr_fragments.append({"dnat": {"addr": toaddr, "port": self._port_fragment(toport)}}) else: expr_fragments.append({"dnat": {"addr": toaddr}}) else: expr_fragments.append({"redirect": {"port": self._port_fragment(toport)}}) rule = {"family": "inet", "table": TABLE_NAME, "chain": "nat_%s_%s" % (_policy, chain_suffix), "expr": expr_fragments} rule.update(self._rich_rule_priority_fragment(rich_rule)) return [{add_del: {"rule": rule}}] def _icmp_types_to_nft_fragments(self, ipv, icmp_type): if icmp_type in ICMP_TYPES_FRAGMENTS[ipv]: return ICMP_TYPES_FRAGMENTS[ipv][icmp_type] else: raise FirewallError(INVALID_ICMPTYPE, "ICMP type '%s' not supported by %s for %s" % (icmp_type, self.name, ipv)) def build_policy_icmp_block_rules(self, enable, policy, ict, rich_rule=None): table = "filter" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) add_del = { True: "add", False: "delete" }[enable] if rich_rule and rich_rule.ipvs: ipvs = rich_rule.ipvs elif ict.destination: ipvs = [] if "ipv4" in ict.destination: ipvs.append("ipv4") if "ipv6" in ict.destination: ipvs.append("ipv6") else: ipvs = ["ipv4", "ipv6"] rules = [] for ipv in ipvs: if self._fw.policy.query_icmp_block_inversion(policy): final_chain = "%s_%s_allow" % (table, _policy) target_fragment = {"accept": None} else: final_chain = "%s_%s_deny" % (table, _policy) target_fragment = self._reject_fragment() expr_fragments = [] if rich_rule: expr_fragments.append(self._rich_rule_family_fragment(rich_rule.family)) expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) expr_fragments.extend(self._icmp_types_to_nft_fragments(ipv, ict.name)) if rich_rule: rules.append(self._rich_rule_log(policy, rich_rule, enable, table, expr_fragments)) rules.append(self._rich_rule_audit(policy, rich_rule, enable, table, expr_fragments)) if rich_rule.action: rules.append(self._rich_rule_action(policy, rich_rule, enable, table, expr_fragments)) else: chain_suffix = self._rich_rule_chain_suffix(rich_rule) rule = {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s_%s" % (table, _policy, chain_suffix), "expr": expr_fragments + [self._reject_fragment()]} rule.update(self._rich_rule_priority_fragment(rich_rule)) rules.append({add_del: {"rule": rule}}) else: if self._fw.get_log_denied() != "off" and not self._fw.policy.query_icmp_block_inversion(policy): rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": final_chain, "expr": (expr_fragments + [self._pkttype_match_fragment(self._fw.get_log_denied()), {"log": {"prefix": "\"%s_%s_ICMP_BLOCK: \"" % (table, policy)}}])}}}) rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": final_chain, "expr": expr_fragments + [target_fragment]}}}) return rules def build_policy_icmp_block_inversion_rules(self, enable, policy): table = "filter" _policy = self._fw.policy.policy_base_chain_name(policy, table, POLICY_CHAIN_PREFIX) rules = [] add_del = { True: "add", False: "delete" }[enable] if self._fw.policy.query_icmp_block_inversion(policy): target_fragment = self._reject_fragment() else: target_fragment = {"accept": None} # WARN: The "index" used here must be kept in sync with # build_policy_chain_rules() # rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s" % (table, _policy), "index": 6, "expr": [self._icmp_match_fragment(), target_fragment]}}}) if self._fw.get_log_denied() != "off" and self._fw.policy.query_icmp_block_inversion(policy): rules.append({add_del: {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "%s_%s" % (table, _policy), "index": 6, "expr": [self._icmp_match_fragment(), self._pkttype_match_fragment(self._fw.get_log_denied()), {"log": {"prefix": "%s_%s_ICMP_BLOCK: " % (table, policy)}}]}}}) return rules def build_rpfilter_rules(self, log_denied=False): rules = [] expr_fragments = [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"fib": {"flags": ["saddr", "iif", "mark"], "result": "oif"}}, "op": "==", "right": False}}] if log_denied != "off": expr_fragments.append({"log": {"prefix": "rpfilter_DROP: "}}) expr_fragments.append({"drop": None}) rules.append({"insert": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_PREROUTING", "expr": expr_fragments}}}) # RHBZ#1058505, RHBZ#1575431 (bug in kernel 4.16-4.17) rules.append({"insert": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_PREROUTING", "expr": [{"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": {"set": ["nd-router-advert", "nd-neighbor-solicit"]}}}, {"accept": None}]}}}) return rules def build_rfc3964_ipv4_rules(self): daddr_set = ["::0.0.0.0/96", # IPv4 compatible "::ffff:0.0.0.0/96", # IPv4 mapped "2002:0000::/24", # 0.0.0.0/8 (the system has no address assigned yet) "2002:0a00::/24", # 10.0.0.0/8 (private) "2002:7f00::/24", # 127.0.0.0/8 (loopback) "2002:ac10::/28", # 172.16.0.0/12 (private) "2002:c0a8::/32", # 192.168.0.0/16 (private) "2002:a9fe::/32", # 169.254.0.0/16 (IANA Assigned DHCP link-local) "2002:e000::/19", # 224.0.0.0/4 (multicast), 240.0.0.0/4 (reserved and broadcast) ] daddr_set = [{"prefix": {"addr": x.split("/")[0], "len": int(x.split("/")[1])}} for x in daddr_set] expr_fragments = [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": daddr_set}}}] if self._fw._log_denied in ["unicast", "all"]: expr_fragments.append({"log": {"prefix": "RFC3964_IPv4_REJECT: "}}) expr_fragments.append(self._reject_types_fragment("addr-unreach")) rules = [] # WARN: index must be kept in sync with build_default_rules() rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_OUTPUT", "index": 1, "expr": expr_fragments}}}) rules.append({"add": {"rule": {"family": "inet", "table": TABLE_NAME, "chain": "filter_FORWARD", "index": 2, "expr": expr_fragments}}}) return rules def build_policy_rich_source_destination_rules(self, enable, policy, rich_rule): table = "filter" expr_fragments = [] expr_fragments.append(self._rich_rule_family_fragment(rich_rule.family)) expr_fragments.append(self._rich_rule_destination_fragment(rich_rule.destination)) expr_fragments.append(self._rich_rule_source_fragment(rich_rule.source)) rules = [] rules.append(self._rich_rule_log(policy, rich_rule, enable, table, expr_fragments)) rules.append(self._rich_rule_audit(policy, rich_rule, enable, table, expr_fragments)) rules.append(self._rich_rule_action(policy, rich_rule, enable, table, expr_fragments)) return rules def is_ipv_supported(self, ipv): if ipv in ["ipv4", "ipv6", "eb"]: return True return False def _set_type_list(self, ipv, type): ipv_addr = { "ipv4" : "ipv4_addr", "ipv6" : "ipv6_addr", } types = { "hash:ip" : ipv_addr[ipv], "hash:ip,port" : [ipv_addr[ipv], "inet_proto", "inet_service"], "hash:ip,port,ip" : [ipv_addr[ipv], "inet_proto", "inet_service", ipv_addr[ipv]], "hash:ip,port,net" : [ipv_addr[ipv], "inet_proto", "inet_service", ipv_addr[ipv]], "hash:ip,mark" : [ipv_addr[ipv], "mark"], "hash:net" : ipv_addr[ipv], "hash:net,net" : [ipv_addr[ipv], ipv_addr[ipv]], "hash:net,port" : [ipv_addr[ipv], "inet_proto", "inet_service"], "hash:net,port,net" : [ipv_addr[ipv], "inet_proto", "inet_service", ipv_addr[ipv]], "hash:net,iface" : [ipv_addr[ipv], "ifname"], "hash:mac" : "ether_addr", } if type in types: return types[type] else: raise FirewallError(INVALID_TYPE, "ipset type name '%s' is not valid" % type) def build_set_create_rules(self, name, type, options=None): if options and "family" in options and options["family"] == "inet6": ipv = "ipv6" else: ipv = "ipv4" set_dict = {"family": "inet", "table": TABLE_NAME, "name": name, "type": self._set_type_list(ipv, type)} # Some types need the interval flag for t in type.split(":")[1].split(","): if t in ["ip", "net", "port"]: set_dict["flags"] = ["interval"] break if options: if "timeout" in options: set_dict["timeout"] = options["timeout"] if "maxelem" in options: set_dict["size"] = options["maxelem"] return [{"add": {"set": set_dict}}] def set_create(self, name, type, options=None): rules = self.build_set_create_rules(name, type, options) self.set_rules(rules, self._fw.get_log_denied()) def set_destroy(self, name): rule = {"delete": {"set": {"family": "inet", "table": TABLE_NAME, "name": name}}} self.set_rule(rule, self._fw.get_log_denied()) def _set_match_fragment(self, name, match_dest, invert=False): type_format = self._fw.ipset.get_ipset(name).type.split(":")[1].split(",") fragments = [] for i in range(len(type_format)): if type_format[i] == "port": fragments.append({"meta": {"key": "l4proto"}}) fragments.append({"payload": {"protocol": "th", "field": "dport" if match_dest else "sport"}}) elif type_format[i] in ["ip", "net", "mac"]: fragments.append({"payload": {"protocol": self._set_get_family(name), "field": "daddr" if match_dest else "saddr"}}) elif type_format[i] == "iface": fragments.append({"meta": {"key": "iifname" if match_dest else "oifname"}}) elif type_format[i] == "mark": fragments.append({"meta": {"key": "mark"}}) else: raise FirewallError("Unsupported ipset type for match fragment: %s" % (type_format[i])) return {"match": {"left": {"concat": fragments} if len(type_format) > 1 else fragments[0], "op": "!=" if invert else "==", "right": "@" + name}} def _set_entry_fragment(self, name, entry): # convert something like # 1.2.3.4,sctp:8080 (type hash:ip,port) # to # ["1.2.3.4", "sctp", "8080"] obj = self._fw.ipset.get_ipset(name) type_format = obj.type.split(":")[1].split(",") entry_tokens = entry.split(",") if len(type_format) != len(entry_tokens): raise FirewallError(INVALID_ENTRY, "Number of values does not match ipset type.") fragment = [] for i in range(len(type_format)): if type_format[i] == "port": try: index = entry_tokens[i].index(":") except ValueError: # no protocol means default tcp fragment.append("tcp") port_str = entry_tokens[i] else: fragment.append(entry_tokens[i][:index]) port_str = entry_tokens[i][index+1:] try: index = port_str.index("-") except ValueError: fragment.append(port_str) else: fragment.append({"range": [port_str[:index], port_str[index+1:]]}) elif type_format[i] in ["ip", "net"]: try: index = entry_tokens[i].index("/") except ValueError: addr = entry_tokens[i] if "family" in obj.options and obj.options["family"] == "inet6": addr = normalizeIP6(addr) fragment.append(addr) else: addr = entry_tokens[i][:index] if "family" in obj.options and obj.options["family"] == "inet6": addr = normalizeIP6(addr) fragment.append({"prefix": {"addr": addr, "len": int(entry_tokens[i][index+1:])}}) else: fragment.append(entry_tokens[i]) return [{"concat": fragment}] if len(type_format) > 1 else fragment def build_set_add_rules(self, name, entry): rules = [] element = self._set_entry_fragment(name, entry) rules.append({"add": {"element": {"family": "inet", "table": TABLE_NAME, "name": name, "elem": element}}}) return rules def set_add(self, name, entry): rules = self.build_set_add_rules(name, entry) self.set_rules(rules, self._fw.get_log_denied()) def set_delete(self, name, entry): element = self._set_entry_fragment(name, entry) rule = {"delete": {"element": {"family": "inet", "table": TABLE_NAME, "name": name, "elem": element}}} self.set_rule(rule, self._fw.get_log_denied()) def build_set_flush_rules(self, name): return [{"flush": {"set": {"family": "inet", "table": TABLE_NAME, "name": name}}}] def set_flush(self, name): rules = self.build_set_flush_rules(name) self.set_rules(rules, self._fw.get_log_denied()) def _set_get_family(self, name): ipset = self._fw.ipset.get_ipset(name) if ipset.type == "hash:mac": family = "ether" elif ipset.options and "family" in ipset.options \ and ipset.options["family"] == "inet6": family = "ip6" else: family = "ip" return family def set_restore(self, set_name, type_name, entries, create_options=None, entry_options=None): rules = [] rules.extend(self.build_set_create_rules(set_name, type_name, create_options)) rules.extend(self.build_set_flush_rules(set_name)) for entry in entries: rules.extend(self.build_set_add_rules(set_name, entry)) self.set_rules(rules, self._fw.get_log_denied()) firewalld-1.1.1/src/firewall/core/prog.py0000644000000000000000000000274614217342322020337 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import subprocess __all__ = ["runProg"] def runProg(prog, argv=None, stdin=None): if argv is None: argv = [] args = [prog] + argv input_string = None if stdin: with open(stdin, 'r') as handle: input_string = handle.read().encode() env = {'LANG': 'C'} try: process = subprocess.Popen(args, stdin=subprocess.PIPE, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, close_fds=True, env=env) except OSError: return (255, '') (output, err_output) = process.communicate(input_string) output = output.decode('utf-8', 'replace') return (process.returncode, output) firewalld-1.1.1/src/firewall/core/rich.py0000644000000000000000000010445414217342322020314 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2013-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "Rich_Source", "Rich_Destination", "Rich_Service", "Rich_Port", "Rich_Protocol", "Rich_Masquerade", "Rich_IcmpBlock", "Rich_IcmpType", "Rich_SourcePort", "Rich_ForwardPort", "Rich_Log", "Rich_NFLog", "Rich_Accept", "Rich_Reject", "Rich_Drop", "Rich_Mark", "Rich_Audit", "Rich_Limit", "Rich_Rule", "Rich_Tcp_Mss_Clamp" ] from firewall import functions from firewall.core.ipset import check_ipset_name from firewall.core.base import REJECT_TYPES from firewall import errors from firewall.errors import FirewallError class Rich_Source(object): def __init__(self, addr, mac, ipset, invert=False): self.addr = addr if self.addr == "": self.addr = None self.mac = mac if self.mac == "" or self.mac is None: self.mac = None elif self.mac is not None: self.mac = self.mac.upper() self.ipset = ipset if self.ipset == "": self.ipset = None self.invert = invert if self.addr is None and self.mac is None and self.ipset is None: raise FirewallError(errors.INVALID_RULE, "no address, mac and ipset") def __str__(self): ret = 'source%s ' % (" NOT" if self.invert else "") if self.addr is not None: return ret + 'address="%s"' % self.addr elif self.mac is not None: return ret + 'mac="%s"' % self.mac elif self.ipset is not None: return ret + 'ipset="%s"' % self.ipset else: raise FirewallError(errors.INVALID_RULE, "no address, mac and ipset") class Rich_Destination(object): def __init__(self, addr, ipset, invert=False): self.addr = addr if self.addr == "": self.addr = None self.ipset = ipset if self.ipset == "": self.ipset = None self.invert = invert if self.addr is None and self.ipset is None: raise FirewallError(errors.INVALID_RULE, "no address and ipset") def __str__(self): ret = 'destination%s ' % (" NOT" if self.invert else "") if self.addr is not None: return ret + 'address="%s"' % self.addr elif self.ipset is not None: return ret + 'ipset="%s"' % self.ipset else: raise FirewallError(errors.INVALID_RULE, "no address and ipset") class Rich_Service(object): def __init__(self, name): self.name = name def __str__(self): return 'service name="%s"' % (self.name) class Rich_Port(object): def __init__(self, port, protocol): self.port = port self.protocol = protocol def __str__(self): return 'port port="%s" protocol="%s"' % (self.port, self.protocol) class Rich_SourcePort(Rich_Port): def __str__(self): return 'source-port port="%s" protocol="%s"' % (self.port, self.protocol) class Rich_Protocol(object): def __init__(self, value): self.value = value def __str__(self): return 'protocol value="%s"' % (self.value) class Rich_Masquerade(object): def __init__(self): pass def __str__(self): return 'masquerade' class Rich_IcmpBlock(object): def __init__(self, name): self.name = name def __str__(self): return 'icmp-block name="%s"' % (self.name) class Rich_IcmpType(object): def __init__(self, name): self.name = name def __str__(self): return 'icmp-type name="%s"' % (self.name) class Rich_Tcp_Mss_Clamp(object): def __init__(self, value): self.value = value def __str__(self): return 'tcp-mss-clamp value="%s"' % (self.value) class Rich_ForwardPort(object): def __init__(self, port, protocol, to_port, to_address): self.port = port self.protocol = protocol self.to_port = to_port self.to_address = to_address # replace None with "" in to_port and/or to_address if self.to_port is None: self.to_port = "" if self.to_address is None: self.to_address = "" def __str__(self): return 'forward-port port="%s" protocol="%s"%s%s' % \ (self.port, self.protocol, ' to-port="%s"' % self.to_port if self.to_port != "" else '', ' to-addr="%s"' % self.to_address if self.to_address != "" else '') class Rich_Log(object): def __init__(self, prefix=None, level=None, limit=None): #TODO check default level in iptables self.prefix = prefix self.level = level self.limit = limit def __str__(self): return 'log%s%s%s' % \ (' prefix="%s"' % (self.prefix) if self.prefix else "", ' level="%s"' % (self.level) if self.level else "", " %s" % self.limit if self.limit else "") def check(self): if self.prefix and len(self.prefix) > 127: raise FirewallError(errors.INVALID_LOG_PREFIX, "maximum accepted length of 'prefix' is 127.") if self.level and \ self.level not in [ "emerg", "alert", "crit", "error", "warning", "notice", "info", "debug" ]: raise FirewallError(errors.INVALID_LOG_LEVEL, self.level) if self.limit is not None: self.limit.check() class Rich_NFLog(object): def __init__(self, group=None, prefix=None, queue_size=None, limit=None): self.group = group self.prefix = prefix self.threshold = queue_size self.limit = limit def __str__(self): return 'nflog%s%s%s%s' % \ (' group="%s"' % (self.group) if self.group else "", ' prefix="%s"' % (self.prefix) if self.prefix else "", ' queue-size="%s"' % (self.threshold) if self.threshold else "", " %s" % self.limit if self.limit else "") def check(self): if self.group and not functions.checkUINT16(self.group): raise FirewallError(errors.INVALID_NFLOG_GROUP, "nflog 'group' must be an integer between 0 and 65535.") if self.prefix and len(self.prefix) > 127: raise FirewallError(errors.INVALID_LOG_PREFIX, "maximum accepted length of 'prefix' is 127.") if self.threshold and not functions.checkUINT16(self.threshold): raise FirewallError(errors.INVALID_NFLOG_QUEUE, "nflog 'queue-size' must be an integer between 0 and 65535.") if self.limit is not None: self.limit.check() class Rich_Audit(object): def __init__(self, limit=None): #TODO check default level in iptables self.limit = limit def __str__(self): return 'audit%s' % (" %s" % self.limit if self.limit else "") class Rich_Accept(object): def __init__(self, limit=None): self.limit = limit def __str__(self): return "accept%s" % (" %s" % self.limit if self.limit else "") class Rich_Reject(object): def __init__(self, _type=None, limit=None): self.type = _type self.limit = limit def __str__(self): return "reject%s%s" % (' type="%s"' % self.type if self.type else "", " %s" % self.limit if self.limit else "") def check(self, family): if self.type: if not family: raise FirewallError(errors.INVALID_RULE, "When using reject type you must specify also rule family.") if family in ['ipv4', 'ipv6'] and \ self.type not in REJECT_TYPES[family]: valid_types = ", ".join(REJECT_TYPES[family]) raise FirewallError(errors.INVALID_RULE, "Wrong reject type %s.\nUse one of: %s." % (self.type, valid_types)) class Rich_Drop(Rich_Accept): def __str__(self): return "drop%s" % (" %s" % self.limit if self.limit else "") class Rich_Mark(object): def __init__(self, _set, limit=None): self.set = _set self.limit = limit def __str__(self): return "mark set=%s%s" % (self.set, " %s" % self.limit if self.limit else "") def check(self): if self.set is not None: x = self.set else: raise FirewallError(errors.INVALID_MARK, "no value set") if "/" in x: splits = x.split("/") if len(splits) != 2: raise FirewallError(errors.INVALID_MARK, x) if not functions.checkUINT32(splits[0]) or \ not functions.checkUINT32(splits[1]): # value and mask are uint32 raise FirewallError(errors.INVALID_MARK, x) else: if not functions.checkUINT32(x): # value is uint32 raise FirewallError(errors.INVALID_MARK, x) class Rich_Limit(object): def __init__(self, value): self.value = value if "/" in self.value: splits = self.value.split("/") if len(splits) == 2 and \ splits[1] in [ "second", "minute", "hour", "day" ]: self.value = "%s/%s" % (splits[0], splits[1][:1]) def check(self): splits = None if "/" in self.value: splits = self.value.split("/") if not splits or len(splits) != 2: raise FirewallError(errors.INVALID_LIMIT, self.value) (rate, duration) = splits try: rate = int(rate) except: raise FirewallError(errors.INVALID_LIMIT, self.value) if rate < 1 or duration not in [ "s", "m", "h", "d" ]: raise FirewallError(errors.INVALID_LIMIT, self.value) mult = 1 if duration == "s": mult = 1 elif duration == "m": mult = 60 elif duration == "h": mult = 60*60 elif duration == "d": mult = 24*60*60 if 10000 * mult / rate == 0: raise FirewallError(errors.INVALID_LIMIT, "%s too fast" % self.value) if rate == 1 and duration == "d": # iptables (v1.4.21) doesn't accept 1/d raise FirewallError(errors.INVALID_LIMIT, "%s too slow" % self.value) def __str__(self): return 'limit value="%s"' % (self.value) def command(self): return '' class Rich_Rule(object): priority_min = -32768 priority_max = 32767 def __init__(self, family=None, rule_str=None, priority=0): if family is not None: self.family = str(family) else: self.family = None self.priority = priority self.source = None self.destination = None self.element = None self.log = None self.audit = None self.action = None if rule_str: self._import_from_string(rule_str) def _lexer(self, rule_str): """ Lexical analysis """ tokens = [] for r in functions.splitArgs(rule_str): if "=" in r: attr = r.split('=') if len(attr) != 2 or not attr[0] or not attr[1]: raise FirewallError(errors.INVALID_RULE, 'internal error in _lexer(): %s' % r) tokens.append({'attr_name':attr[0], 'attr_value':attr[1]}) else: tokens.append({'element':r}) tokens.append({'element':'EOL'}) return tokens def _import_from_string(self, rule_str): if not rule_str: raise FirewallError(errors.INVALID_RULE, 'empty rule') rule_str = functions.stripNonPrintableCharacters(rule_str) self.priority = 0 self.family = None self.source = None self.destination = None self.element = None self.log = None self.audit = None self.action = None tokens = self._lexer(rule_str) if tokens and tokens[0].get('element') == 'EOL': raise FirewallError(errors.INVALID_RULE, 'empty rule') attrs = {} # attributes of elements in_elements = [] # stack with elements we are in index = 0 # index into tokens while not (tokens[index].get('element') == 'EOL' and in_elements == ['rule']): element = tokens[index].get('element') attr_name = tokens[index].get('attr_name') attr_value = tokens[index].get('attr_value') #print ("in_elements: ", in_elements) #print ("index: %s, element: %s, attribute: %s=%s" % (index, element, attr_name, attr_value)) if attr_name: # attribute if attr_name not in ['priority', 'family', 'address', 'mac', 'ipset', 'invert', 'value', 'port', 'protocol', 'to-port', 'to-addr', 'name', 'group', 'prefix', 'level', 'queue-size', 'type', 'set']: raise FirewallError(errors.INVALID_RULE, "bad attribute '%s'" % attr_name) else: # element if element in ['rule', 'source', 'destination', 'protocol', 'service', 'port', 'icmp-block', 'icmp-type', 'masquerade', 'forward-port', 'source-port', 'log', 'nflog', 'audit', 'accept', 'drop', 'reject', 'mark', 'limit', 'not', 'NOT', 'EOL', 'tcp-mss-clamp']: if element == 'source' and self.source: raise FirewallError(errors.INVALID_RULE, "more than one 'source' element") elif element == 'destination' and self.destination: raise FirewallError(errors.INVALID_RULE, "more than one 'destination' element") elif element in ['protocol', 'service', 'port', 'icmp-block', 'icmp-type', 'masquerade', 'forward-port', 'source-port'] and self.element: raise FirewallError(errors.INVALID_RULE, "more than one element. There cannot be both '%s' and '%s' in one rule." % (element, self.element)) elif element in ['log', 'nflog'] and self.log: raise FirewallError(errors.INVALID_RULE, "more than one logging element") elif element == 'audit' and self.audit: raise FirewallError(errors.INVALID_RULE, "more than one 'audit' element") elif element in ['accept', 'drop', 'reject', 'mark'] and self.action: raise FirewallError(errors.INVALID_RULE, "more than one 'action' element. There cannot be both '%s' and '%s' in one rule." % (element, self.action)) else: raise FirewallError(errors.INVALID_RULE, "unknown element %s" % element) in_element = in_elements[len(in_elements)-1] if len(in_elements) > 0 else '' if in_element == '': if not element and attr_name: if attr_name == 'family': raise FirewallError(errors.INVALID_RULE, "'family' outside of rule. Use 'rule family=...'.") elif attr_name == 'priority': raise FirewallError(errors.INVALID_RULE, "'priority' outside of rule. Use 'rule priority=...'.") else: raise FirewallError(errors.INVALID_RULE, "'%s' outside of any element. Use 'rule %s= ...'." % (attr_name, attr_name)) elif 'rule' not in element: raise FirewallError(errors.INVALID_RULE, "'%s' outside of rule. Use 'rule ... %s ...'." % (element, element)) else: in_elements.append('rule') # push into stack elif in_element == 'rule': if attr_name == 'family': if attr_value not in ['ipv4', 'ipv6']: raise FirewallError(errors.INVALID_RULE, "'family' attribute cannot have '%s' value. Use 'ipv4' or 'ipv6' instead." % attr_value) self.family = attr_value elif attr_name == 'priority': try: self.priority = int(attr_value) except ValueError: raise FirewallError(errors.INVALID_PRIORITY, "invalid 'priority' attribute value '%s'." % attr_value) elif attr_name: if attr_name == 'protocol': err_msg = "wrong 'protocol' usage. Use either 'rule protocol value=...' or 'rule [forward-]port protocol=...'." else: err_msg = "attribute '%s' outside of any element. Use 'rule %s= ...'." % (attr_name, attr_name) raise FirewallError(errors.INVALID_RULE, err_msg) else: in_elements.append(element) # push into stack elif in_element == 'source': if attr_name in ['address', 'mac', 'ipset', 'invert']: attrs[attr_name] = attr_value elif element in ['not', 'NOT']: attrs['invert'] = True else: self.source = Rich_Source(attrs.get('address'), attrs.get('mac'), attrs.get('ipset'), attrs.get('invert', False)) in_elements.pop() # source attrs.clear() index = index -1 # return token to input elif in_element == 'destination': if attr_name in ['address', 'ipset', 'invert']: attrs[attr_name] = attr_value elif element in ['not', 'NOT']: attrs['invert'] = True else: self.destination = Rich_Destination(attrs.get('address'), attrs.get('ipset'), attrs.get('invert', False)) in_elements.pop() # destination attrs.clear() index = index -1 # return token to input elif in_element == 'protocol': if attr_name == 'value': self.element = Rich_Protocol(attr_value) in_elements.pop() # protocol else: raise FirewallError(errors.INVALID_RULE, "invalid 'protocol' element") elif in_element == 'tcp-mss-clamp': if attr_name == 'value': attrs[attr_name] = attr_value else: self.element = Rich_Tcp_Mss_Clamp(attrs.get('value')) in_elements.pop() attrs.clear() index = index -1 elif in_element == 'service': if attr_name == 'name': self.element = Rich_Service(attr_value) in_elements.pop() # service else: raise FirewallError(errors.INVALID_RULE, "invalid 'service' element") elif in_element == 'port': if attr_name in ['port', 'protocol']: attrs[attr_name] = attr_value else: self.element = Rich_Port(attrs.get('port'), attrs.get('protocol')) in_elements.pop() # port attrs.clear() index = index -1 # return token to input elif in_element == 'icmp-block': if attr_name == 'name': self.element = Rich_IcmpBlock(attr_value) in_elements.pop() # icmp-block else: raise FirewallError(errors.INVALID_RULE, "invalid 'icmp-block' element") elif in_element == 'icmp-type': if attr_name == 'name': self.element = Rich_IcmpType(attr_value) in_elements.pop() # icmp-type else: raise FirewallError(errors.INVALID_RULE, "invalid 'icmp-type' element") elif in_element == 'masquerade': self.element = Rich_Masquerade() in_elements.pop() attrs.clear() index = index -1 # return token to input elif in_element == 'forward-port': if attr_name in ['port', 'protocol', 'to-port', 'to-addr']: attrs[attr_name] = attr_value else: self.element = Rich_ForwardPort(attrs.get('port'), attrs.get('protocol'), attrs.get('to-port'), attrs.get('to-addr')) in_elements.pop() # forward-port attrs.clear() index = index -1 # return token to input elif in_element == 'source-port': if attr_name in ['port', 'protocol']: attrs[attr_name] = attr_value else: self.element = Rich_SourcePort(attrs.get('port'), attrs.get('protocol')) in_elements.pop() # source-port attrs.clear() index = index -1 # return token to input elif in_element == 'log': if attr_name in ['prefix', 'level']: attrs[attr_name] = attr_value elif element == 'limit': in_elements.append('limit') else: self.log = Rich_Log(attrs.get('prefix'), attrs.get('level'), attrs.get('limit')) in_elements.pop() # log attrs.clear() index = index -1 # return token to input elif in_element == 'nflog': if attr_name in ['group', 'prefix', 'queue-size']: attrs[attr_name] = attr_value elif element == 'limit': in_elements.append('limit') else: self.log = Rich_NFLog(attrs.get('group'), attrs.get('prefix'), attrs.get('queue-size'), attrs.get('limit')) in_elements.pop() # nflog attrs.clear() index = index -1 # return token to input elif in_element == 'audit': if element == 'limit': in_elements.append('limit') else: self.audit = Rich_Audit(attrs.get('limit')) in_elements.pop() # audit attrs.clear() index = index -1 # return token to input elif in_element == 'accept': if element == 'limit': in_elements.append('limit') else: self.action = Rich_Accept(attrs.get('limit')) in_elements.pop() # accept attrs.clear() index = index -1 # return token to input elif in_element == 'drop': if element == 'limit': in_elements.append('limit') else: self.action = Rich_Drop(attrs.get('limit')) in_elements.pop() # drop attrs.clear() index = index -1 # return token to input elif in_element == 'reject': if attr_name == 'type': attrs[attr_name] = attr_value elif element == 'limit': in_elements.append('limit') else: self.action = Rich_Reject(attrs.get('type'), attrs.get('limit')) in_elements.pop() # accept attrs.clear() index = index -1 # return token to input elif in_element == 'mark': if attr_name == 'set': attrs[attr_name] = attr_value elif element == 'limit': in_elements.append('limit') else: self.action = Rich_Mark(attrs.get('set'), attrs.get('limit')) in_elements.pop() # accept attrs.clear() index = index -1 # return token to input elif in_element == 'limit': if attr_name == 'value': attrs['limit'] = Rich_Limit(attr_value) in_elements.pop() # limit else: raise FirewallError(errors.INVALID_RULE, "invalid 'limit' element") index = index + 1 self.check() def check(self): if self.family is not None and self.family not in [ "ipv4", "ipv6" ]: raise FirewallError(errors.INVALID_FAMILY, self.family) if self.family is None: if (self.source is not None and self.source.addr is not None) or \ self.destination is not None: raise FirewallError(errors.MISSING_FAMILY) if type(self.element) == Rich_ForwardPort: raise FirewallError(errors.MISSING_FAMILY) if self.priority < self.priority_min or self.priority > self.priority_max: raise FirewallError(errors.INVALID_PRIORITY, "'priority' attribute must be between %d and %d." \ % (self.priority_min, self.priority_max)) if self.element is None and \ (self.log is None or (self.log is not None and self.priority == 0)): if self.action is None: raise FirewallError(errors.INVALID_RULE, "no element, no action") if self.source is None and self.destination is None and self.priority == 0: raise FirewallError(errors.INVALID_RULE, "no element, no source, no destination") if type(self.element) not in [ Rich_IcmpBlock, Rich_ForwardPort, Rich_Masquerade, Rich_Tcp_Mss_Clamp ]: if self.log is None and self.audit is None and \ self.action is None: raise FirewallError(errors.INVALID_RULE, "no action, no log, no audit") # source if self.source is not None: if self.source.addr is not None: if self.family is None: raise FirewallError(errors.INVALID_FAMILY) if self.source.mac is not None: raise FirewallError(errors.INVALID_RULE, "address and mac") if self.source.ipset is not None: raise FirewallError(errors.INVALID_RULE, "address and ipset") if not functions.check_address(self.family, self.source.addr): raise FirewallError(errors.INVALID_ADDR, str(self.source.addr)) elif self.source.mac is not None: if self.source.ipset is not None: raise FirewallError(errors.INVALID_RULE, "mac and ipset") if not functions.check_mac(self.source.mac): raise FirewallError(errors.INVALID_MAC, str(self.source.mac)) elif self.source.ipset is not None: if not check_ipset_name(self.source.ipset): raise FirewallError(errors.INVALID_IPSET, str(self.source.ipset)) else: raise FirewallError(errors.INVALID_RULE, "invalid source") # destination if self.destination is not None: if self.destination.addr is not None: if self.family is None: raise FirewallError(errors.INVALID_FAMILY) if self.destination.ipset is not None: raise FirewallError(errors.INVALID_DESTINATION, "address and ipset") if not functions.check_address(self.family, self.destination.addr): raise FirewallError(errors.INVALID_ADDR, str(self.destination.addr)) elif self.destination.ipset is not None: if not check_ipset_name(self.destination.ipset): raise FirewallError(errors.INVALID_IPSET, str(self.destination.ipset)) else: raise FirewallError(errors.INVALID_RULE, "invalid destination") # service if type(self.element) == Rich_Service: # service availability needs to be checked in Firewall, here is no # knowledge about this, therefore only simple check if self.element.name is None or len(self.element.name) < 1: raise FirewallError(errors.INVALID_SERVICE, str(self.element.name)) # port elif type(self.element) == Rich_Port: if not functions.check_port(self.element.port): raise FirewallError(errors.INVALID_PORT, self.element.port) if self.element.protocol not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, self.element.protocol) # protocol elif type(self.element) == Rich_Protocol: if not functions.checkProtocol(self.element.value): raise FirewallError(errors.INVALID_PROTOCOL, self.element.value) # masquerade elif type(self.element) == Rich_Masquerade: if self.action is not None: raise FirewallError(errors.INVALID_RULE, "masquerade and action") if self.source is not None and self.source.mac is not None: raise FirewallError(errors.INVALID_RULE, "masquerade and mac source") # icmp-block elif type(self.element) == Rich_IcmpBlock: # icmp type availability needs to be checked in Firewall, here is no # knowledge about this, therefore only simple check if self.element.name is None or len(self.element.name) < 1: raise FirewallError(errors.INVALID_ICMPTYPE, str(self.element.name)) if self.action: raise FirewallError(errors.INVALID_RULE, "icmp-block and action") # icmp-type elif type(self.element) == Rich_IcmpType: # icmp type availability needs to be checked in Firewall, here is no # knowledge about this, therefore only simple check if self.element.name is None or len(self.element.name) < 1: raise FirewallError(errors.INVALID_ICMPTYPE, str(self.element.name)) # forward-port elif type(self.element) == Rich_ForwardPort: if not functions.check_port(self.element.port): raise FirewallError(errors.INVALID_PORT, self.element.port) if self.element.protocol not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, self.element.protocol) if self.element.to_port == "" and self.element.to_address == "": raise FirewallError(errors.INVALID_PORT, self.element.to_port) if self.element.to_port != "" and \ not functions.check_port(self.element.to_port): raise FirewallError(errors.INVALID_PORT, self.element.to_port) if self.element.to_address != "" and \ not functions.check_single_address(self.family, self.element.to_address): raise FirewallError(errors.INVALID_ADDR, self.element.to_address) if self.family is None: raise FirewallError(errors.INVALID_FAMILY) if self.action is not None: raise FirewallError(errors.INVALID_RULE, "forward-port and action") # source-port elif type(self.element) == Rich_SourcePort: if not functions.check_port(self.element.port): raise FirewallError(errors.INVALID_PORT, self.element.port) if self.element.protocol not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, self.element.protocol) # tcp-mss-clamp elif type(self.element) == Rich_Tcp_Mss_Clamp: if self.action is not None: raise FirewallError(errors.INVALID_RULE, "tcp-mss-clamp and %s are mutually exclusive" % self.action) if self.element.value: if not functions.checkTcpMssClamp(self.element.value): raise FirewallError(errors.INVALID_RULE, self.element.value) # other element and not empty? elif self.element is not None: raise FirewallError(errors.INVALID_RULE, "Unknown element %s" % type(self.element)) # log if self.log is not None: self.log.check() # audit if self.audit is not None: if type(self.action) not in [ Rich_Accept, Rich_Reject, Rich_Drop ]: raise FirewallError(errors.INVALID_AUDIT_TYPE, type(self.action)) if self.audit.limit is not None: self.audit.limit.check() # action if self.action is not None: if type(self.action) == Rich_Reject: self.action.check(self.family) elif type(self.action) == Rich_Mark: self.action.check() if self.action.limit is not None: self.action.limit.check() def __str__(self): ret = 'rule' if self.priority: ret += ' priority="%d"' % self.priority if self.family: ret += ' family="%s"' % self.family if self.source: ret += " %s" % self.source if self.destination: ret += " %s" % self.destination if self.element: ret += " %s" % self.element if self.log: ret += " %s" % self.log if self.audit: ret += " %s" % self.audit if self.action: ret += " %s" % self.action return ret #class Rich_RawRule(object): #class Rich_RuleSet(object): #class Rich_AddressList(object): firewalld-1.1.1/src/firewall/core/watcher.py0000644000000000000000000000623414217342322021021 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2012-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "Watcher" ] from gi.repository import Gio, GLib class Watcher(object): def __init__(self, callback, timeout): self._callback = callback self._timeout = timeout self._monitors = { } self._timeouts = { } self._blocked = [ ] def add_watch_dir(self, directory): gfile = Gio.File.new_for_path(directory) self._monitors[directory] = gfile.monitor_directory(\ Gio.FileMonitorFlags.NONE, None) self._monitors[directory].connect("changed", self._file_changed_cb) def add_watch_file(self, filename): gfile = Gio.File.new_for_path(filename) self._monitors[filename] = gfile.monitor_file(\ Gio.FileMonitorFlags.NONE, None) self._monitors[filename].connect("changed", self._file_changed_cb) def get_watches(self): return self._monitors.keys() def has_watch(self, filename): return filename in self._monitors def remove_watch(self, filename): del self._monitors[filename] def block_source(self, filename): if filename not in self._blocked: self._blocked.append(filename) def unblock_source(self, filename): if filename in self._blocked: self._blocked.remove(filename) def clear_timeouts(self): for filename in list(self._timeouts.keys()): GLib.source_remove(self._timeouts[filename]) del self._timeouts[filename] def _call_callback(self, filename): if filename not in self._blocked: self._callback(filename) del self._timeouts[filename] def _file_changed_cb(self, monitor, gio_file, gio_other_file, event): filename = gio_file.get_parse_name() if filename in self._blocked: if filename in self._timeouts: GLib.source_remove(self._timeouts[filename]) del self._timeouts[filename] return if event == Gio.FileMonitorEvent.CHANGED or \ event == Gio.FileMonitorEvent.CREATED or \ event == Gio.FileMonitorEvent.DELETED or \ event == Gio.FileMonitorEvent.ATTRIBUTE_CHANGED: if filename in self._timeouts: GLib.source_remove(self._timeouts[filename]) del self._timeouts[filename] self._timeouts[filename] = GLib.timeout_add_seconds(\ self._timeout, self._call_callback, filename) firewalld-1.1.1/src/firewall/server/0000755000000000000000000000000014217353175017373 5ustar00rootroot00000000000000firewalld-1.1.1/src/firewall/server/config_helper.py0000644000000000000000000004205214217342322022544 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . import dbus import dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.io.helper import Helper from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_polkit_require_auth from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfig # ############################################################################ class FirewallDConfigHelper(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, helper, item_id, *args, **kwargs): super(FirewallDConfigHelper, self).__init__(*args, **kwargs) self.parent = parent self.config = conf self.obj = helper self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.helper.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_HELPER) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_HELPER: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_HELPER: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_HELPER: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigHelper, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_HELPER) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature=Helper.DBUS_SIGNATURE) @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for helper """ log.debug1("%s.getSettings()", self._log_prefix) return self.config.get_helper_config(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature=Helper.DBUS_SIGNATURE) @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for helper """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_helper_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin helper """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_helper_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER) @dbus_handle_exceptions def remove(self, sender=None): """remove helper """ log.debug1("%s.removeHelper()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_helper(self.obj) self.parent.removeHelper(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename helper """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_helper(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # family @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getFamily(self, sender=None): log.debug1("%s.getFamily()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) return settings[3] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setFamily(self, ipv, sender=None): ipv = dbus_to_python(ipv, str) log.debug1("%s.setFamily('%s')", self._log_prefix, ipv) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[3] == ipv: raise FirewallError(errors.ALREADY_ENABLED, "'%s'" % ipv) settings[3] = ipv self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryFamily(self, ipv, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv, str) log.debug1("%s.queryFamily('%s')", self._log_prefix, ipv) settings = self.getSettings() return (settings[3] == ipv) # module @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='s') @dbus_handle_exceptions def getModule(self, sender=None): log.debug1("%s.getModule()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) return settings[4] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s') @dbus_handle_exceptions def setModule(self, module, sender=None): module = dbus_to_python(module, str) log.debug1("%s.setModule('%s')", self._log_prefix, module) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[4] == module: raise FirewallError(errors.ALREADY_ENABLED, "'%s'" % module) settings[4] = module self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryModule(self, module, sender=None): # pylint: disable=W0613 module = dbus_to_python(module, str) log.debug1("%s.queryModule('%s')", self._log_prefix, module) settings = self.getSettings() return (settings[4] == module) # port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, out_signature='a(ss)') @dbus_handle_exceptions def getPorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getPorts()", self._log_prefix) return self.getSettings()[5] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='a(ss)') @dbus_handle_exceptions def setPorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setPorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[5] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='ss') @dbus_handle_exceptions def addPort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addPort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) in settings[5]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) settings[5].append((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='ss') @dbus_handle_exceptions def removePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) not in settings[5]: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) settings[5].remove((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryPort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.queryPort('%s', '%s')", self._log_prefix, port, protocol) return (port,protocol) in self.getSettings()[5] firewalld-1.1.1/src/firewall/server/config_icmptype.py0000644000000000000000000003476314217342322023131 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . import dbus import dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.io.icmptype import IcmpType from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_polkit_require_auth from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfigIcmpType # ############################################################################ class FirewallDConfigIcmpType(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, icmptype, item_id, *args, **kwargs): super(FirewallDConfigIcmpType, self).__init__(*args, **kwargs) self.parent = parent self.config = conf self.obj = icmptype self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.icmptype.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigIcmpType, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature=IcmpType.DBUS_SIGNATURE) @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for icmptype """ log.debug1("%s.getSettings()", self._log_prefix) return self.config.get_icmptype_config(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature=IcmpType.DBUS_SIGNATURE) @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for icmptype """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_icmptype_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin icmptype """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_icmptype_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) @dbus_handle_exceptions def remove(self, sender=None): """remove icmptype """ log.debug1("%s.removeIcmpType()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_icmptype(self.obj) self.parent.removeIcmpType(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename icmptype """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_icmptype(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # destination @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='as') @dbus_handle_exceptions def getDestinations(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDestinations()", self._log_prefix) return sorted(self.getSettings()[3]) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='as') @dbus_handle_exceptions def setDestinations(self, destinations, sender=None): destinations = dbus_to_python(destinations, list) log.debug1("%s.setDestinations('[%s]')", self._log_prefix, ",".join(destinations)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[3] = destinations self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def addDestination(self, destination, sender=None): destination = dbus_to_python(destination, str) log.debug1("%s.addDestination('%s')", self._log_prefix, destination) self.parent.accessCheck(sender) settings = list(self.getSettings()) if destination in settings[3]: raise FirewallError(errors.ALREADY_ENABLED, destination) settings[3].append(destination) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') @dbus_handle_exceptions def removeDestination(self, destination, sender=None): destination = dbus_to_python(destination, str) log.debug1("%s.removeDestination('%s')", self._log_prefix, destination) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[3]: if destination not in settings[3]: raise FirewallError(errors.NOT_ENABLED, destination) else: settings[3].remove(destination) else: # empty means all settings[3] = list(set(['ipv4', 'ipv6']) - set([destination])) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryDestination(self, destination, sender=None): # pylint: disable=W0613 destination = dbus_to_python(destination, str) log.debug1("%s.queryDestination('%s')", self._log_prefix, destination) settings = self.getSettings() # empty means all return (not settings[3] or destination in settings[3]) firewalld-1.1.1/src/firewall/server/config_ipset.py0000644000000000000000000004443214217342322022415 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2015-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . import dbus import dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.io.ipset import IPSet from firewall.core.ipset import IPSET_TYPES, normalize_ipset_entry, \ check_entry_overlaps_existing, \ check_for_overlapping_entries from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_polkit_require_auth from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfigIPSet # ############################################################################ class FirewallDConfigIPSet(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, ipset, item_id, *args, **kwargs): super(FirewallDConfigIPSet, self).__init__(*args, **kwargs) self.parent = parent self.config = conf self.obj = ipset self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.ipset.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_IPSET) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_IPSET: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_IPSET: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_IPSET: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigIPSet, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_IPSET) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature=IPSet.DBUS_SIGNATURE) @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for ipset """ log.debug1("%s.getSettings()", self._log_prefix) return self.config.get_ipset_config(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature=IPSet.DBUS_SIGNATURE) @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for ipset """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_ipset_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin ipset """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_ipset_defaults(self.obj) self.Updated(self.obj.name) #self.PropertiesChanged(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, # { "default": True }, [ ]) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET) @dbus_handle_exceptions def remove(self, sender=None): """remove ipset """ log.debug1("%s.remove()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_ipset(self.obj) self.parent.removeIPSet(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename ipset """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_ipset(self.obj, name) self.Renamed(name) #self.PropertiesChanged(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, # { "name": name }, [ ]) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # type @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='s') @dbus_handle_exceptions def getType(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getType()", self._log_prefix) return self.getSettings()[3] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def setType(self, ipset_type, sender=None): ipset_type = dbus_to_python(ipset_type, str) log.debug1("%s.setType('%s')", self._log_prefix, ipset_type) self.parent.accessCheck(sender) if ipset_type not in IPSET_TYPES: raise FirewallError(errors.INVALID_TYPE, ipset_type) settings = list(self.getSettings()) settings[3] = ipset_type self.update(settings) # options @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='a{ss}') @dbus_handle_exceptions def getOptions(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getOptions()", self._log_prefix) return self.getSettings()[4] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='a{ss}') @dbus_handle_exceptions def setOptions(self, options, sender=None): options = dbus_to_python(options, dict) log.debug1("%s.setOptions('[%s]')", self._log_prefix, repr(options)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[4] = options self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='ss') @dbus_handle_exceptions def addOption(self, key, value, sender=None): key = dbus_to_python(key, str) value = dbus_to_python(value, str) log.debug1("%s.addOption('%s', '%s')", self._log_prefix, key, value) self.parent.accessCheck(sender) settings = list(self.getSettings()) if key in settings[4] and settings[4][key] == value: raise FirewallError(errors.ALREADY_ENABLED, "'%s': '%s'" % (key, value)) settings[4][key] = value self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def removeOption(self, key, sender=None): key = dbus_to_python(key, str) log.debug1("%s.removeOption('%s')", self._log_prefix, key) self.parent.accessCheck(sender) settings = list(self.getSettings()) if key not in settings[4]: raise FirewallError(errors.NOT_ENABLED, key) del settings[4][key] self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryOption(self, key, value, sender=None): # pylint: disable=W0613 key = dbus_to_python(key, str) value = dbus_to_python(value, str) log.debug1("%s.queryOption('%s', '%s')", self._log_prefix, key, value) settings = list(self.getSettings()) return (key in settings[4] and settings[4][key] == value) # entries @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, out_signature='as') @dbus_handle_exceptions def getEntries(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getEntries()", self._log_prefix) return self.getSettings()[5] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='as') @dbus_handle_exceptions def setEntries(self, entries, sender=None): entries = dbus_to_python(entries, list) check_for_overlapping_entries(entries) log.debug1("%s.setEntries('[%s]')", self._log_prefix, ",".join(entries)) self.parent.accessCheck(sender) settings = list(self.getSettings()) if "timeout" in settings[4] and settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) settings[5] = entries self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def addEntry(self, entry, sender=None): entry = dbus_to_python(entry, str) entry = normalize_ipset_entry(entry) log.debug1("%s.addEntry('%s')", self._log_prefix, entry) self.parent.accessCheck(sender) settings = list(self.getSettings()) if "timeout" in settings[4] and settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) if entry in settings[5]: raise FirewallError(errors.ALREADY_ENABLED, entry) check_entry_overlaps_existing(entry, settings[5]) settings[5].append(entry) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s') @dbus_handle_exceptions def removeEntry(self, entry, sender=None): entry = dbus_to_python(entry, str) entry = normalize_ipset_entry(entry) log.debug1("%s.removeEntry('%s')", self._log_prefix, entry) self.parent.accessCheck(sender) settings = list(self.getSettings()) if "timeout" in settings[4] and settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) if entry not in settings[5]: raise FirewallError(errors.NOT_ENABLED, entry) settings[5].remove(entry) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryEntry(self, entry, sender=None): # pylint: disable=W0613 entry = dbus_to_python(entry, str) entry = normalize_ipset_entry(entry) log.debug1("%s.queryEntry('%s')", self._log_prefix, entry) settings = list(self.getSettings()) if "timeout" in settings[4] and settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) return entry in settings[5] firewalld-1.1.1/src/firewall/server/config.py0000644000000000000000000021404214217342322021205 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . import os import dbus import dbus.service from firewall import config from firewall.core.base import DEFAULT_ZONE_TARGET from firewall.core.watcher import Watcher from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_service_method_deprecated, dbus_service_signal_deprecated, \ dbus_polkit_require_auth from firewall.server.config_icmptype import FirewallDConfigIcmpType from firewall.server.config_service import FirewallDConfigService from firewall.server.config_zone import FirewallDConfigZone from firewall.server.config_policy import FirewallDConfigPolicy from firewall.server.config_ipset import FirewallDConfigIPSet from firewall.server.config_helper import FirewallDConfigHelper from firewall.core.io.icmptype import IcmpType from firewall.core.io.ipset import IPSet from firewall.core.io.helper import Helper from firewall.core.io.lockdown_whitelist import LockdownWhitelist from firewall.core.io.direct import Direct from firewall.dbus_utils import dbus_to_python, \ command_of_sender, context_of_sender, uid_of_sender, user_of_uid, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties, \ dbus_introspection_add_deprecated from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfig # ############################################################################ class FirewallDConfig(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use config.dbus.PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, conf, *args, **kwargs): super(FirewallDConfig, self).__init__(*args, **kwargs) self.config = conf self.busname = args[0] self.path = args[1] self._init_vars() self.watcher = Watcher(self.watch_updater, 5) self.watcher.add_watch_dir(config.FIREWALLD_IPSETS) self.watcher.add_watch_dir(config.ETC_FIREWALLD_IPSETS) self.watcher.add_watch_dir(config.FIREWALLD_ICMPTYPES) self.watcher.add_watch_dir(config.ETC_FIREWALLD_ICMPTYPES) self.watcher.add_watch_dir(config.FIREWALLD_HELPERS) self.watcher.add_watch_dir(config.ETC_FIREWALLD_HELPERS) self.watcher.add_watch_dir(config.FIREWALLD_SERVICES) self.watcher.add_watch_dir(config.ETC_FIREWALLD_SERVICES) self.watcher.add_watch_dir(config.FIREWALLD_ZONES) self.watcher.add_watch_dir(config.ETC_FIREWALLD_ZONES) self.watcher.add_watch_dir(config.FIREWALLD_POLICIES) self.watcher.add_watch_dir(config.ETC_FIREWALLD_POLICIES) # Add watches for combined zone directories if os.path.exists(config.ETC_FIREWALLD_ZONES): for filename in sorted(os.listdir(config.ETC_FIREWALLD_ZONES)): path = "%s/%s" % (config.ETC_FIREWALLD_ZONES, filename) if os.path.isdir(path): self.watcher.add_watch_dir(path) self.watcher.add_watch_file(config.LOCKDOWN_WHITELIST) self.watcher.add_watch_file(config.FIREWALLD_DIRECT) self.watcher.add_watch_file(config.FIREWALLD_CONF) dbus_introspection_prepare_properties(self, config.dbus.DBUS_INTERFACE_CONFIG, { "CleanupOnExit": "readwrite", "CleanupModulesOnExit": "readwrite", "IPv6_rpfilter": "readwrite", "Lockdown": "readwrite", "MinimalMark": "readwrite", "IndividualCalls": "readwrite", "LogDenied": "readwrite", "AutomaticHelpers": "readwrite", "FirewallBackend": "readwrite", "FlushAllOnReload": "readwrite", "RFC3964_IPv4": "readwrite", "AllowZoneDrifting": "readwrite", }) @handle_exceptions def _init_vars(self): self.ipsets = [ ] self.ipset_idx = 0 self.icmptypes = [ ] self.icmptype_idx = 0 self.services = [ ] self.service_idx = 0 self.zones = [ ] self.zone_idx = 0 self.helpers = [ ] self.helper_idx = 0 self.policy_objects = [ ] self.policy_object_idx = 0 for ipset in self.config.get_ipsets(): self._addIPSet(self.config.get_ipset(ipset)) for icmptype in self.config.get_icmptypes(): self._addIcmpType(self.config.get_icmptype(icmptype)) for service in self.config.get_services(): self._addService(self.config.get_service(service)) for zone in self.config.get_zones(): self._addZone(self.config.get_zone(zone)) for helper in self.config.get_helpers(): self._addHelper(self.config.get_helper(helper)) for policy in self.config.get_policy_objects(): self._addPolicy(self.config.get_policy_object(policy)) @handle_exceptions def __del__(self): pass @handle_exceptions def reload(self): while len(self.ipsets) > 0: item = self.ipsets.pop() item.unregister() del item while len(self.icmptypes) > 0: item = self.icmptypes.pop() item.unregister() del item while len(self.services) > 0: item = self.services.pop() item.unregister() del item while len(self.zones) > 0: item = self.zones.pop() item.unregister() del item while len(self.helpers) > 0: item = self.helpers.pop() item.unregister() del item while len(self.policy_objects) > 0: item = self.policy_objects.pop() item.unregister() del item self._init_vars() @handle_exceptions def watch_updater(self, name): if name == config.FIREWALLD_CONF: old_props = self.GetAll(config.dbus.DBUS_INTERFACE_CONFIG) log.debug1("config: Reloading firewalld config file '%s'", config.FIREWALLD_CONF) try: self.config.update_firewalld_conf() except Exception as msg: log.error("Failed to load firewalld.conf file '%s': %s" % \ (name, msg)) return props = self.GetAll(config.dbus.DBUS_INTERFACE_CONFIG).copy() for key in list(props.keys()): if key in old_props and old_props[key] == props[key]: del props[key] if len(props) > 0: self.PropertiesChanged(config.dbus.DBUS_INTERFACE_CONFIG, props, []) return if (name.startswith(config.FIREWALLD_ICMPTYPES) or \ name.startswith(config.ETC_FIREWALLD_ICMPTYPES)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_icmptype_from_path(name) except Exception as msg: log.error("Failed to load icmptype file '%s': %s" % (name, msg)) return if what == "new": self._addIcmpType(obj) elif what == "remove": self.removeIcmpType(obj) elif what == "update": self._updateIcmpType(obj) elif (name.startswith(config.FIREWALLD_SERVICES) or \ name.startswith(config.ETC_FIREWALLD_SERVICES)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_service_from_path(name) except Exception as msg: log.error("Failed to load service file '%s': %s" % (name, msg)) return if what == "new": self._addService(obj) elif what == "remove": self.removeService(obj) elif what == "update": self._updateService(obj) elif name.startswith(config.FIREWALLD_ZONES) or \ name.startswith(config.ETC_FIREWALLD_ZONES): if name.endswith(".xml"): try: (what, obj) = self.config.update_zone_from_path(name) except Exception as msg: log.error("Failed to load zone file '%s': %s" % (name, msg)) return if what == "new": self._addZone(obj) elif what == "remove": self.removeZone(obj) elif what == "update": self._updateZone(obj) elif name.startswith(config.ETC_FIREWALLD_ZONES): # possible combined zone base directory _name = name.replace(config.ETC_FIREWALLD_ZONES, "").strip("/") if len(_name) < 1 or "/" in _name: # if there is a / in x, then it is a sub sub directory # ignore it return if os.path.isdir(name): if not self.watcher.has_watch(name): self.watcher.add_watch_dir(name) elif self.watcher.has_watch(name): self.watcher.remove_watch(name) elif (name.startswith(config.FIREWALLD_IPSETS) or \ name.startswith(config.ETC_FIREWALLD_IPSETS)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_ipset_from_path(name) except Exception as msg: log.error("Failed to load ipset file '%s': %s" % (name, msg)) return if what == "new": self._addIPSet(obj) elif what == "remove": self.removeIPSet(obj) elif what == "update": self._updateIPSet(obj) elif (name.startswith(config.FIREWALLD_HELPERS) or \ name.startswith(config.ETC_FIREWALLD_HELPERS)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_helper_from_path(name) except Exception as msg: log.error("Failed to load helper file '%s': %s" % (name, msg)) return if what == "new": self._addHelper(obj) elif what == "remove": self.removeHelper(obj) elif what == "update": self._updateHelper(obj) elif name == config.LOCKDOWN_WHITELIST: try: self.config.update_lockdown_whitelist() except Exception as msg: log.error("Failed to load lockdown whitelist file '%s': %s" % \ (name, msg)) return self.LockdownWhitelistUpdated() elif name == config.FIREWALLD_DIRECT: try: self.config.update_direct() except Exception as msg: log.error("Failed to load direct rules file '%s': %s" % (name, msg)) return self.Updated() elif (name.startswith(config.FIREWALLD_POLICIES) or \ name.startswith(config.ETC_FIREWALLD_POLICIES)) and \ name.endswith(".xml"): try: (what, obj) = self.config.update_policy_object_from_path(name) except Exception as msg: log.error("Failed to load policy file '%s': %s" % (name, msg)) return if what == "new": self._addPolicy(obj) elif what == "remove": self.removePolicy(obj) elif what == "update": self._updatePolicy(obj) @handle_exceptions def _addIcmpType(self, obj): # TODO: check for idx overflow config_icmptype = FirewallDConfigIcmpType( self, self.config, obj, self.icmptype_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_ICMPTYPE, self.icmptype_idx)) self.icmptypes.append(config_icmptype) self.icmptype_idx += 1 self.IcmpTypeAdded(obj.name) return config_icmptype @handle_exceptions def _updateIcmpType(self, obj): for icmptype in self.icmptypes: if icmptype.obj.name == obj.name and \ icmptype.obj.path == obj.path and \ icmptype.obj.filename == obj.filename: icmptype.obj = obj icmptype.Updated(obj.name) @handle_exceptions def removeIcmpType(self, obj): index = 7 # see IMPORT_EXPORT_STRUCTURE in class Zone(IO_Object) for zone in self.zones: settings = zone.getSettings() # if this IcmpType is used in a zone remove it from that zone first if obj.name in settings[index]: settings[index].remove(obj.name) zone.obj = self.config.set_zone_config(zone.obj, settings) zone.Updated(zone.obj.name) for policy in self.policy_objects: settings = policy.getSettings() # if this IcmpType is used in a policy remove it from that policy first if "icmp_blocks" in settings and obj.name in settings["icmp_blocks"]: settings["icmp_blocks"].remove(obj.name) policy.obj = self.config.set_policy_object_config_dict(policy.obj, settings) policy.Updated(policy.obj.name) for icmptype in self.icmptypes: if icmptype.obj == obj: icmptype.Removed(obj.name) icmptype.unregister() self.icmptypes.remove(icmptype) del icmptype @handle_exceptions def _addService(self, obj): # TODO: check for idx overflow config_service = FirewallDConfigService( self, self.config, obj, self.service_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_SERVICE, self.service_idx)) self.services.append(config_service) self.service_idx += 1 self.ServiceAdded(obj.name) return config_service @handle_exceptions def _updateService(self, obj): for service in self.services: if service.obj.name == obj.name and \ service.obj.path == obj.path and \ service.obj.filename == obj.filename: service.obj = obj service.Updated(obj.name) @handle_exceptions def removeService(self, obj): index = 5 # see IMPORT_EXPORT_STRUCTURE in class Zone(IO_Object) for zone in self.zones: settings = zone.getSettings() # if this Service is used in a zone remove it from that zone first if obj.name in settings[index]: settings[index].remove(obj.name) zone.obj = self.config.set_zone_config(zone.obj, settings) zone.Updated(zone.obj.name) for policy in self.policy_objects: settings = policy.getSettings() # if this Service is used in a policy remove it from that policy first if "services" in settings and obj.name in settings["services"]: settings["services"].remove(obj.name) policy.obj = self.config.set_policy_object_config_dict(policy.obj, settings) policy.Updated(policy.obj.name) for service in self.services: if service.obj == obj: service.Removed(obj.name) service.unregister() self.services.remove(service) del service @handle_exceptions def _addZone(self, obj): # TODO: check for idx overflow config_zone = FirewallDConfigZone( self, self.config, obj, self.zone_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_ZONE, self.zone_idx)) self.zones.append(config_zone) self.zone_idx += 1 self.ZoneAdded(obj.name) return config_zone @handle_exceptions def _updateZone(self, obj): for zone in self.zones: if zone.obj.name == obj.name and zone.obj.path == obj.path and \ zone.obj.filename == obj.filename: zone.obj = obj zone.Updated(obj.name) @handle_exceptions def removeZone(self, obj): for zone in self.zones: if zone.obj == obj: zone.Removed(obj.name) zone.unregister() self.zones.remove(zone) del zone @handle_exceptions def _addPolicy(self, obj): # TODO: check for idx overflow config_policy = FirewallDConfigPolicy( self, self.config, obj, self.policy_object_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_POLICY, self.policy_object_idx)) self.policy_objects.append(config_policy) self.policy_object_idx += 1 self.PolicyAdded(obj.name) return config_policy @handle_exceptions def _updatePolicy(self, obj): for policy in self.policy_objects: if policy.obj.name == obj.name and policy.obj.path == obj.path and \ policy.obj.filename == obj.filename: policy.obj = obj policy.Updated(obj.name) @handle_exceptions def removePolicy(self, obj): for policy in self.policy_objects: if policy.obj == obj: policy.Removed(obj.name) policy.unregister() self.policy_objects.remove(policy) del policy @handle_exceptions def _addIPSet(self, obj): # TODO: check for idx overflow config_ipset = FirewallDConfigIPSet( self, self.config, obj, self.ipset_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_IPSET, self.ipset_idx)) self.ipsets.append(config_ipset) self.ipset_idx += 1 self.IPSetAdded(obj.name) return config_ipset @handle_exceptions def _updateIPSet(self, obj): for ipset in self.ipsets: if ipset.obj.name == obj.name and ipset.obj.path == obj.path and \ ipset.obj.filename == obj.filename: ipset.obj = obj ipset.Updated(obj.name) @handle_exceptions def removeIPSet(self, obj): for ipset in self.ipsets: if ipset.obj == obj: ipset.Removed(obj.name) ipset.unregister() self.ipsets.remove(ipset) del ipset # access check @handle_exceptions def _addHelper(self, obj): # TODO: check for idx overflow config_helper = FirewallDConfigHelper( self, self.config, obj, self.helper_idx, self.busname, "%s/%d" % (config.dbus.DBUS_PATH_CONFIG_HELPER, self.helper_idx)) self.helpers.append(config_helper) self.helper_idx += 1 self.HelperAdded(obj.name) return config_helper @handle_exceptions def _updateHelper(self, obj): for helper in self.helpers: if helper.obj.name == obj.name and helper.obj.path == obj.path and \ helper.obj.filename == obj.filename: helper.obj = obj helper.Updated(obj.name) @handle_exceptions def removeHelper(self, obj): for helper in self.helpers: if helper.obj == obj: helper.Removed(obj.name) helper.unregister() self.helpers.remove(helper) del helper # access check @dbus_handle_exceptions def accessCheck(self, sender): if self.config.lockdown_enabled(): if sender is None: log.error("Lockdown not possible, sender not set.") return bus = dbus.SystemBus() context = context_of_sender(bus, sender) if self.config.access_check("context", context): return uid = uid_of_sender(bus, sender) if self.config.access_check("uid", uid): return user = user_of_uid(uid) if self.config.access_check("user", user): return command = command_of_sender(bus, sender) if self.config.access_check("command", command): return raise FirewallError(errors.ACCESS_DENIED, "lockdown is enabled") # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, prop): if prop not in [ "DefaultZone", "MinimalMark", "CleanupOnExit", "CleanupModulesOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls", "LogDenied", "AutomaticHelpers", "FirewallBackend", "FlushAllOnReload", "RFC3964_IPv4", "AllowZoneDrifting" ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % prop) value = self.config.get_firewalld_conf().get(prop) if prop == "DefaultZone": if value is None: value = config.FALLBACK_ZONE return dbus.String(value) elif prop == "MinimalMark": if value is None: value = config.FALLBACK_MINIMAL_MARK else: value = int(value) return dbus.Int32(value) elif prop == "CleanupOnExit": if value is None: value = "yes" if config.FALLBACK_CLEANUP_ON_EXIT else "no" return dbus.String(value) elif prop == "CleanupModulesOnExit": if value is None: value = "yes" if config.FALLBACK_CLEANUP_MODULES_ON_EXIT else "no" return dbus.String(value) elif prop == "Lockdown": if value is None: value = "yes" if config.FALLBACK_LOCKDOWN else "no" return dbus.String(value) elif prop == "IPv6_rpfilter": if value is None: value = "yes" if config.FALLBACK_IPV6_RPFILTER else "no" return dbus.String(value) elif prop == "IndividualCalls": if value is None: value = "yes" if config.FALLBACK_INDIVIDUAL_CALLS else "no" return dbus.String(value) elif prop == "LogDenied": if value is None: value = config.FALLBACK_LOG_DENIED return dbus.String(value) elif prop == "AutomaticHelpers": if value is None: value = config.FALLBACK_AUTOMATIC_HELPERS return dbus.String(value) elif prop == "FirewallBackend": if value is None: value = config.FALLBACK_FIREWALL_BACKEND return dbus.String(value) elif prop == "FlushAllOnReload": if value is None: value = "yes" if config.FALLBACK_FLUSH_ALL_ON_RELOAD else "no" return dbus.String(value) elif prop == "RFC3964_IPv4": if value is None: value = "yes" if config.FALLBACK_RFC3964_IPV4 else "no" return dbus.String(value) elif prop == "AllowZoneDrifting": if value is None: value = "yes" if config.FALLBACK_ALLOW_ZONE_DRIFTING else "no" return dbus.String(value) @dbus_handle_exceptions def _get_dbus_property(self, prop): if prop == "DefaultZone": return dbus.String(self._get_property(prop)) elif prop == "MinimalMark": return dbus.Int32(self._get_property(prop)) elif prop == "CleanupOnExit": return dbus.String(self._get_property(prop)) elif prop == "CleanupModulesOnExit": return dbus.String(self._get_property(prop)) elif prop == "Lockdown": return dbus.String(self._get_property(prop)) elif prop == "IPv6_rpfilter": return dbus.String(self._get_property(prop)) elif prop == "IndividualCalls": return dbus.String(self._get_property(prop)) elif prop == "LogDenied": return dbus.String(self._get_property(prop)) elif prop == "AutomaticHelpers": return dbus.String(self._get_property(prop)) elif prop == "FirewallBackend": return dbus.String(self._get_property(prop)) elif prop == "FlushAllOnReload": return dbus.String(self._get_property(prop)) elif prop == "RFC3964_IPv4": return dbus.String(self._get_property(prop)) elif prop == "AllowZoneDrifting": return dbus.String(self._get_property(prop)) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % prop) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("config.Get('%s', '%s')", interface_name, property_name) if interface_name == config.dbus.DBUS_INTERFACE_CONFIG: return self._get_dbus_property(property_name) elif interface_name in [ config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, config.dbus.DBUS_INTERFACE_CONFIG_POLICIES ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("config.GetAll('%s')", interface_name) ret = { } if interface_name == config.dbus.DBUS_INTERFACE_CONFIG: for x in [ "DefaultZone", "MinimalMark", "CleanupOnExit", "CleanupModulesOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls", "LogDenied", "AutomaticHelpers", "FirewallBackend", "FlushAllOnReload", "RFC3964_IPv4", "AllowZoneDrifting" ]: ret[x] = self._get_property(x) elif interface_name in [ config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, config.dbus.DBUS_INTERFACE_CONFIG_POLICIES ]: pass else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("config.Set('%s', '%s', '%s')", interface_name, property_name, new_value) self.accessCheck(sender) if interface_name == config.dbus.DBUS_INTERFACE_CONFIG: if property_name in [ "CleanupOnExit", "CleanupModulesOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls", "LogDenied", "FirewallBackend", "FlushAllOnReload", "RFC3964_IPv4"]: if property_name in [ "CleanupOnExit", "CleanupModulesOnExit", "Lockdown", "IPv6_rpfilter", "IndividualCalls", "FlushAllOnReload", "RFC3964_IPv4"]: if new_value.lower() not in [ "yes", "no", "true", "false" ]: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) elif property_name == "LogDenied": if new_value not in config.LOG_DENIED_VALUES: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) elif property_name == "FirewallBackend": if new_value not in config.FIREWALL_BACKEND_VALUES: raise FirewallError(errors.INVALID_VALUE, "'%s' for %s" % \ (new_value, property_name)) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) self.config.get_firewalld_conf().set(property_name, new_value) self.config.get_firewalld_conf().write() self.PropertiesChanged(interface_name, { property_name: new_value }, [ ]) elif property_name in ["MinimalMark", "AutomaticHelpers", "AllowZoneDrifting"]: # deprecated fields. Ignore setting them. pass else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) elif interface_name in [ config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, config.dbus.DBUS_INTERFACE_CONFIG_POLICIES ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("config.PropertiesChanged('%s', '%s', '%s')", interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("config.Introspect()") data = super(FirewallDConfig, self).Introspect(self.path, self.busname.get_bus()) data = dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG) for interface in [config.dbus.DBUS_INTERFACE_CONFIG_DIRECT]: data = dbus_introspection_add_deprecated( self, data, interface, dbus_service_method_deprecated().deprecated, dbus_service_signal_deprecated().deprecated) return data # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # policies @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature=LockdownWhitelist.DBUS_SIGNATURE) @dbus_handle_exceptions def getLockdownWhitelist(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelist()") return self.config.get_policies().lockdown_whitelist.export_config() @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature=LockdownWhitelist.DBUS_SIGNATURE) @dbus_handle_exceptions def setLockdownWhitelist(self, settings, sender=None): # pylint: disable=W0613 log.debug1("config.policies.setLockdownWhitelist(...)") settings = dbus_to_python(settings) self.config.get_policies().lockdown_whitelist.import_config(settings, {}) self.config.get_policies().lockdown_whitelist.write() self.LockdownWhitelistUpdated() @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES) @dbus_handle_exceptions def LockdownWhitelistUpdated(self): log.debug1("config.policies.LockdownWhitelistUpdated()") # command @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def addLockdownWhitelistCommand(self, command, sender=None): command = dbus_to_python(command) log.debug1("config.policies.addLockdownWhitelistCommand('%s')", command) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if command in settings[0]: raise FirewallError(errors.ALREADY_ENABLED, command) settings[0].append(command) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def removeLockdownWhitelistCommand(self, command, sender=None): command = dbus_to_python(command) log.debug1("config.policies.removeLockdownWhitelistCommand('%s')", command) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if command not in settings[0]: raise FirewallError(errors.NOT_ENABLED, command) settings[0].remove(command) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistCommand(self, command, sender=None): # pylint: disable=W0613 command = dbus_to_python(command) log.debug1("config.policies.queryLockdownWhitelistCommand('%s')", command) return command in self.getLockdownWhitelist()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistCommands(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelistCommands()") return self.getLockdownWhitelist()[0] # context @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def addLockdownWhitelistContext(self, context, sender=None): context = dbus_to_python(context) log.debug1("config.policies.addLockdownWhitelistContext('%s')", context) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if context in settings[1]: raise FirewallError(errors.ALREADY_ENABLED, context) settings[1].append(context) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def removeLockdownWhitelistContext(self, context, sender=None): context = dbus_to_python(context) log.debug1("config.policies.removeLockdownWhitelistContext('%s')", context) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if context not in settings[1]: raise FirewallError(errors.NOT_ENABLED, context) settings[1].remove(context) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistContext(self, context, sender=None): # pylint: disable=W0613 context = dbus_to_python(context) log.debug1("config.policies.queryLockdownWhitelistContext('%s')", context) return context in self.getLockdownWhitelist()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistContexts(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelistContexts()") return self.getLockdownWhitelist()[1] # user @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def addLockdownWhitelistUser(self, user, sender=None): user = dbus_to_python(user) log.debug1("config.policies.addLockdownWhitelistUser('%s')", user) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if user in settings[2]: raise FirewallError(errors.ALREADY_ENABLED, user) settings[2].append(user) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') @dbus_handle_exceptions def removeLockdownWhitelistUser(self, user, sender=None): user = dbus_to_python(user) log.debug1("config.policies.removeLockdownWhitelistUser('%s')", user) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if user not in settings[2]: raise FirewallError(errors.NOT_ENABLED, user) settings[2].remove(user) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistUser(self, user, sender=None): # pylint: disable=W0613 user = dbus_to_python(user) log.debug1("config.policies.queryLockdownWhitelistUser('%s')", user) return user in self.getLockdownWhitelist()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistUsers(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelistUsers()") return self.getLockdownWhitelist()[2] # uid @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i') @dbus_handle_exceptions def addLockdownWhitelistUid(self, uid, sender=None): uid = dbus_to_python(uid) log.debug1("config.policies.addLockdownWhitelistUid(%d)", uid) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if uid in settings[3]: raise FirewallError(errors.ALREADY_ENABLED, uid) settings[3].append(uid) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i') @dbus_handle_exceptions def removeLockdownWhitelistUid(self, uid, sender=None): uid = dbus_to_python(uid) log.debug1("config.policies.removeLockdownWhitelistUid(%d)", uid) self.accessCheck(sender) settings = list(self.getLockdownWhitelist()) if uid not in settings[3]: raise FirewallError(errors.NOT_ENABLED, uid) settings[3].remove(uid) self.setLockdownWhitelist(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistUid(self, uid, sender=None): # pylint: disable=W0613 uid = dbus_to_python(uid) log.debug1("config.policies.queryLockdownWhitelistUid(%d)", uid) return uid in self.getLockdownWhitelist()[3] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICIES, out_signature='ai') @dbus_handle_exceptions def getLockdownWhitelistUids(self, sender=None): # pylint: disable=W0613 log.debug1("config.policies.getLockdownWhitelistUids()") return self.getLockdownWhitelist()[3] # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # I P S E T S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listIPSets(self, sender=None): # pylint: disable=W0613 """list ipsets objects paths """ log.debug1("config.listIPSets()") return self.ipsets @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getIPSetNames(self, sender=None): # pylint: disable=W0613 """get ipset names """ log.debug1("config.getIPSetNames()") ipsets = [ ] for obj in self.ipsets: ipsets.append(obj.obj.name) return sorted(ipsets) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getIPSetByName(self, ipset, sender=None): # pylint: disable=W0613 """object path of ipset with given name """ ipset = dbus_to_python(ipset, str) log.debug1("config.getIPSetByName('%s')", ipset) for obj in self.ipsets: if obj.obj.name == ipset: return obj raise FirewallError(errors.INVALID_IPSET, ipset) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s'+IPSet.DBUS_SIGNATURE, out_signature='o') @dbus_handle_exceptions def addIPSet(self, ipset, settings, sender=None): """add ipset with given name and settings """ ipset = dbus_to_python(ipset, str) settings = dbus_to_python(settings) log.debug1("config.addIPSet('%s')", ipset) self.accessCheck(sender) obj = self.config.new_ipset(ipset, settings) config_ipset = self._addIPSet(obj) return config_ipset @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def IPSetAdded(self, ipset): ipset = dbus_to_python(ipset, str) log.debug1("config.IPSetAdded('%s')" % (ipset)) # I C M P T Y P E S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listIcmpTypes(self, sender=None): # pylint: disable=W0613 """list icmptypes objects paths """ log.debug1("config.listIcmpTypes()") return self.icmptypes @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getIcmpTypeNames(self, sender=None): # pylint: disable=W0613 """get icmptype names """ log.debug1("config.getIcmpTypeNames()") icmptypes = [ ] for obj in self.icmptypes: icmptypes.append(obj.obj.name) return sorted(icmptypes) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getIcmpTypeByName(self, icmptype, sender=None): # pylint: disable=W0613 """object path of icmptype with given name """ icmptype = dbus_to_python(icmptype, str) log.debug1("config.getIcmpTypeByName('%s')", icmptype) for obj in self.icmptypes: if obj.obj.name == icmptype: return obj raise FirewallError(errors.INVALID_ICMPTYPE, icmptype) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s'+IcmpType.DBUS_SIGNATURE, out_signature='o') @dbus_handle_exceptions def addIcmpType(self, icmptype, settings, sender=None): """add icmptype with given name and settings """ icmptype = dbus_to_python(icmptype, str) settings = dbus_to_python(settings) log.debug1("config.addIcmpType('%s')", icmptype) self.accessCheck(sender) obj = self.config.new_icmptype(icmptype, settings) config_icmptype = self._addIcmpType(obj) return config_icmptype @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def IcmpTypeAdded(self, icmptype): log.debug1("config.IcmpTypeAdded('%s')" % (icmptype)) # S E R V I C E S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listServices(self, sender=None): # pylint: disable=W0613 """list services objects paths """ log.debug1("config.listServices()") return self.services @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getServiceNames(self, sender=None): # pylint: disable=W0613 """get service names """ log.debug1("config.getServiceNames()") services = [ ] for obj in self.services: services.append(obj.obj.name) return sorted(services) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getServiceByName(self, service, sender=None): # pylint: disable=W0613 """object path of service with given name """ service = dbus_to_python(service, str) log.debug1("config.getServiceByName('%s')", service) for obj in self.services: if obj.obj.name == service: return obj raise FirewallError(errors.INVALID_SERVICE, service) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s(sssa(ss)asa{ss}asa(ss))', out_signature='o') @dbus_handle_exceptions def addService(self, service, settings, sender=None): """add service with given name and settings """ service = dbus_to_python(service, str) settings = dbus_to_python(settings) log.debug1("config.addService('%s')", service) self.accessCheck(sender) obj = self.config.new_service(service, settings) config_service = self._addService(obj) return config_service @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='sa{sv}', out_signature='o') @dbus_handle_exceptions def addService2(self, service, settings, sender=None): """add service with given name and settings """ service = dbus_to_python(service, str) settings = dbus_to_python(settings) log.debug1("config.addService2('%s')", service) self.accessCheck(sender) obj = self.config.new_service_dict(service, settings) config_service = self._addService(obj) return config_service @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def ServiceAdded(self, service): log.debug1("config.ServiceAdded('%s')" % (service)) # Z O N E S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listZones(self, sender=None): # pylint: disable=W0613 """list zones objects paths """ log.debug1("config.listZones()") return self.zones @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getZoneNames(self, sender=None): # pylint: disable=W0613 """get zone names """ log.debug1("config.getZoneNames()") zones = [ ] for obj in self.zones: zones.append(obj.obj.name) return sorted(zones) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getZoneByName(self, zone, sender=None): # pylint: disable=W0613 """object path of zone with given name """ zone = dbus_to_python(zone, str) log.debug1("config.getZoneByName('%s')", zone) for obj in self.zones: if obj.obj.name == zone: return obj raise FirewallError(errors.INVALID_ZONE, zone) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='s') @dbus_handle_exceptions def getZoneOfInterface(self, iface, sender=None): # pylint: disable=W0613 """name of zone the given interface belongs to """ iface = dbus_to_python(iface, str) log.debug1("config.getZoneOfInterface('%s')", iface) ret = [] for obj in self.zones: if iface in obj.obj.interfaces: ret.append(obj.obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same interface is in several zone XML files return " ".join(ret) + \ " (ERROR: interface '%s' is in %s zone XML files, can be only in one)" % \ (iface, len(ret)) return ret[0] if ret else "" @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='s') @dbus_handle_exceptions def getZoneOfSource(self, source, sender=None): # pylint: disable=W0613 """name of zone the given source belongs to """ source = dbus_to_python(source, str) log.debug1("config.getZoneOfSource('%s')", source) ret = [] for obj in self.zones: if source in obj.obj.sources: ret.append(obj.obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same source is in several zone XML files return " ".join(ret) + \ " (ERROR: source '%s' is in %s zone XML files, can be only in one)" % \ (source, len(ret)) return ret[0] if ret else "" @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature="s(sssbsasa(ss)asba(ssss)asasasasa(ss)b)", out_signature='o') @dbus_handle_exceptions def addZone(self, zone, settings, sender=None): """add zone with given name and settings """ zone = dbus_to_python(zone, str) settings = dbus_to_python(settings) log.debug1("config.addZone('%s')", zone) self.accessCheck(sender) if settings[4] == "default": # convert to list, fix target, convert back to tuple _settings = list(settings) _settings[4] = DEFAULT_ZONE_TARGET settings = tuple(_settings) obj = self.config.new_zone(zone, settings) config_zone = self._addZone(obj) return config_zone @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature="sa{sv}", out_signature='o') @dbus_handle_exceptions def addZone2(self, zone, settings, sender=None): """add zone with given name and settings """ zone = dbus_to_python(zone, str) settings = dbus_to_python(settings) log.debug1("config.addZone('%s')", zone) self.accessCheck(sender) if "target" in settings and settings["target"] == "default": settings["target"] = DEFAULT_ZONE_TARGET obj = self.config.new_zone_dict(zone, settings) config_zone = self._addZone(obj) return config_zone @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def ZoneAdded(self, zone): log.debug1("config.ZoneAdded('%s')" % (zone)) # policies @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listPolicies(self, sender=None): """list policies objects paths """ log.debug1("config.listPolicies()") return self.policy_objects @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getPolicyNames(self, sender=None): """get policy names """ log.debug1("config.getPolicyNames()") policies = [ ] for obj in self.policy_objects: policies.append(obj.obj.name) return sorted(policies) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getPolicyByName(self, policy, sender=None): """object path of policy with given name """ policy = dbus_to_python(policy, str) log.debug1("config.getPolicyByName('%s')", policy) for obj in self.policy_objects: if obj.obj.name == policy: return obj raise FirewallError(errors.INVALID_POLICY, policy) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature="sa{sv}", out_signature='o') @dbus_handle_exceptions def addPolicy(self, policy, settings, sender=None): """add policy with given name and settings """ policy = dbus_to_python(policy, str) settings = dbus_to_python(settings) log.debug1("config.addPolicy('%s')", policy) self.accessCheck(sender) obj = self.config.new_policy_object_dict(policy, settings) config_policy = self._addPolicy(obj) return config_policy @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def PolicyAdded(self, policy): log.debug1("config.PolicyAdded('%s')" % (policy)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # H E L P E R S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='ao') @dbus_handle_exceptions def listHelpers(self, sender=None): # pylint: disable=W0613 """list helpers objects paths """ log.debug1("config.listHelpers()") return self.helpers @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, out_signature='as') @dbus_handle_exceptions def getHelperNames(self, sender=None): # pylint: disable=W0613 """get helper names """ log.debug1("config.getHelperNames()") helpers = [ ] for obj in self.helpers: helpers.append(obj.obj.name) return sorted(helpers) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s', out_signature='o') @dbus_handle_exceptions def getHelperByName(self, helper, sender=None): # pylint: disable=W0613 """object path of helper with given name """ helper = dbus_to_python(helper, str) log.debug1("config.getHelperByName('%s')", helper) for obj in self.helpers: if obj.obj.name == helper: return obj raise FirewallError(errors.INVALID_HELPER, helper) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG, in_signature='s'+Helper.DBUS_SIGNATURE, out_signature='o') @dbus_handle_exceptions def addHelper(self, helper, settings, sender=None): """add helper with given name and settings """ helper = dbus_to_python(helper, str) settings = dbus_to_python(settings) log.debug1("config.addHelper('%s')", helper) self.accessCheck(sender) obj = self.config.new_helper(helper, settings) config_helper = self._addHelper(obj) return config_helper @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG, signature='s') @dbus_handle_exceptions def HelperAdded(self, helper): helper = dbus_to_python(helper, str) log.debug1("config.HelperAdded('%s')" % (helper)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, out_signature=Direct.DBUS_SIGNATURE) @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 # returns list ipv, table, list of chains log.debug1("config.direct.getSettings()") return self.config.get_direct().export_config() @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature=Direct.DBUS_SIGNATURE) @dbus_handle_exceptions def update(self, settings, sender=None): # pylint: disable=W0613 # returns list ipv, table, list of chains log.debug1("config.direct.update()") settings = dbus_to_python(settings) self.config.get_direct().import_config(settings, {}) self.config.get_direct().write() self.Updated() @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_handle_exceptions def Updated(self): log.debug1("config.direct.Updated()") # chain @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss') @dbus_handle_exceptions def addChain(self, ipv, table, chain, sender=None): ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.addChain('%s', '%s', '%s')" % \ (ipv, table, chain)) self.accessCheck(sender) idx = tuple((ipv, table, chain)) settings = list(self.getSettings()) if idx in settings[0]: raise FirewallError(errors.ALREADY_ENABLED, "chain '%s' already is in '%s:%s'" % \ (chain, ipv, table)) settings[0].append(idx) self.update(settings) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss') @dbus_handle_exceptions def removeChain(self, ipv, table, chain, sender=None): ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.removeChain('%s', '%s', '%s')" % \ (ipv, table, chain)) self.accessCheck(sender) idx = tuple((ipv, table, chain)) settings = list(self.getSettings()) if idx not in settings[0]: raise FirewallError(errors.NOT_ENABLED, "chain '%s' is not in '%s:%s'" % (chain, ipv, table)) settings[0].remove(idx) self.update(settings) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss', out_signature='b') @dbus_handle_exceptions def queryChain(self, ipv, table, chain, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.queryChain('%s', '%s', '%s')" % \ (ipv, table, chain)) idx = tuple((ipv, table, chain)) return idx in self.getSettings()[0] @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='ss', out_signature='as') @dbus_handle_exceptions def getChains(self, ipv, table, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) table = dbus_to_python(table) log.debug1("config.direct.getChains('%s', '%s')" % (ipv, table)) ret = [ ] for idx in self.getSettings()[0]: if idx[0] == ipv and idx[1] == table: ret.append(idx[2]) return ret @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='', out_signature='a(sss)') @dbus_handle_exceptions def getAllChains(self, sender=None): # pylint: disable=W0613 log.debug1("config.direct.getAllChains()") return self.getSettings()[0] # rule @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias') @dbus_handle_exceptions def addRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=R0913 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) priority = dbus_to_python(priority) args = dbus_to_python(args) log.debug1("config.direct.addRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) self.accessCheck(sender) idx = (ipv, table, chain, priority, args) settings = list(self.getSettings()) if idx in settings[1]: raise FirewallError(errors.ALREADY_ENABLED, "rule '%s' already is in '%s:%s:%s'" % \ (args, ipv, table, chain)) settings[1].append(idx) self.update(tuple(settings)) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias') @dbus_handle_exceptions def removeRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=R0913 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) priority = dbus_to_python(priority) args = dbus_to_python(args) log.debug1("config.direct.removeRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) self.accessCheck(sender) idx = (ipv, table, chain, priority, args) settings = list(self.getSettings()) if idx not in settings[1]: raise FirewallError(errors.NOT_ENABLED, "rule '%s' is not in '%s:%s:%s'" % \ (args, ipv, table, chain)) settings[1].remove(idx) self.update(tuple(settings)) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias', out_signature='b') @dbus_handle_exceptions def queryRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=W0613,R0913 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) priority = dbus_to_python(priority) args = dbus_to_python(args) log.debug1("config.direct.queryRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) idx = (ipv, table, chain, priority, args) return idx in self.getSettings()[1] @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss') @dbus_handle_exceptions def removeRules(self, ipv, table, chain, sender=None): ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.removeRules('%s', '%s', '%s')" % \ (ipv, table, chain, )) self.accessCheck(sender) settings = list(self.getSettings()) for rule in settings[1][:]: if (ipv, table, chain) == (rule[0], rule[1], rule[2]): settings[1].remove(rule) self.update(tuple(settings)) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss', out_signature='a(ias)') @dbus_handle_exceptions def getRules(self, ipv, table, chain, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) table = dbus_to_python(table) chain = dbus_to_python(chain) log.debug1("config.direct.getRules('%s', '%s', '%s')" % \ (ipv, table, chain)) ret = [ ] for idx in self.getSettings()[1]: if idx[0] == ipv and idx[1] == table and idx[2] == chain: ret.append((idx[3], idx[4])) return ret @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='', out_signature='a(sssias)') @dbus_handle_exceptions def getAllRules(self, sender=None): # pylint: disable=W0613 log.debug1("config.direct.getAllRules()") return self.getSettings()[1] # passthrough @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas') @dbus_handle_exceptions def addPassthrough(self, ipv, args, sender=None): ipv = dbus_to_python(ipv) args = dbus_to_python(args) log.debug1("config.direct.addPassthrough('%s', '%s')" % \ (ipv, "','".join(args))) self.accessCheck(sender) idx = (ipv, args) settings = list(self.getSettings()) if idx in settings[2]: raise FirewallError(errors.ALREADY_ENABLED, "passthrough '%s', '%s'" % (ipv, args)) settings[2].append(idx) self.update(settings) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas') @dbus_handle_exceptions def removePassthrough(self, ipv, args, sender=None): ipv = dbus_to_python(ipv) args = dbus_to_python(args) log.debug1("config.direct.removePassthrough('%s', '%s')" % \ (ipv, "','".join(args))) self.accessCheck(sender) idx = (ipv, args) settings = list(self.getSettings()) if idx not in settings[2]: raise FirewallError(errors.NOT_ENABLED, "passthrough '%s', '%s'" % (ipv, args)) settings[2].remove(idx) self.update(settings) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas', out_signature='b') @dbus_handle_exceptions def queryPassthrough(self, ipv, args, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) args = dbus_to_python(args) log.debug1("config.direct.queryPassthrough('%s', '%s')" % \ (ipv, "','".join(args))) idx = (ipv, args) return idx in self.getSettings()[2] @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getPassthroughs(self, ipv, sender=None): # pylint: disable=W0613 ipv = dbus_to_python(ipv) log.debug1("config.direct.getPassthroughs('%s')" % (ipv)) ret = [ ] for idx in self.getSettings()[2]: if idx[0] == ipv: ret.append(idx[1]) return ret @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, out_signature='a(sas)') @dbus_handle_exceptions def getAllPassthroughs(self, sender=None): # pylint: disable=W0613 log.debug1("config.direct.getAllPassthroughs()") return self.getSettings()[2] firewalld-1.1.1/src/firewall/server/config_service.py0000644000000000000000000007253714217342322022740 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . import dbus import dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_polkit_require_auth from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallDConfig # ############################################################################ class FirewallDConfigService(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, service, item_id, *args, **kwargs): super(FirewallDConfigService, self).__init__(*args, **kwargs) self.parent = parent self.config = conf self.obj = service self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.service.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_SERVICE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_SERVICE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_SERVICE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigService, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='(sssa(ss)asa{ss}asa(ss))') @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for service """ log.debug1("%s.getSettings()", self._log_prefix) return self.config.get_service_config(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a{sv}') @dbus_handle_exceptions def getSettings2(self, sender=None): """get settings for service """ log.debug1("%s.getSettings2()", self._log_prefix) return self.config.get_service_config_dict(self.obj) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='(sssa(ss)asa{ss}asa(ss))') @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for service """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_service_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a{sv}') @dbus_handle_exceptions def update2(self, settings, sender=None): settings = dbus_to_python(settings) log.debug1("%s.update2('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_service_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin service """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_service_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) @dbus_handle_exceptions def remove(self, sender=None): """remove service """ log.debug1("%s.removeService()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_service(self.obj) self.parent.removeService(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename service """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_service(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a(ss)') @dbus_handle_exceptions def getPorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getPorts()", self._log_prefix) return self.getSettings()[3] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a(ss)') @dbus_handle_exceptions def setPorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setPorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[3] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def addPort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addPort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) in settings[3]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) settings[3].append((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def removePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) not in settings[3]: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) settings[3].remove((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryPort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.queryPort('%s', '%s')", self._log_prefix, port, protocol) return (port,protocol) in self.getSettings()[3] # protocol @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='as') @dbus_handle_exceptions def getProtocols(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getProtocols()", self._log_prefix) return self.getSettings()[6] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='as') @dbus_handle_exceptions def setProtocols(self, protocols, sender=None): protocols = dbus_to_python(protocols, list) log.debug1("%s.setProtocols('[%s]')", self._log_prefix, ",".join(protocols)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[6] = protocols self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def addProtocol(self, protocol, sender=None): protocol = dbus_to_python(protocol, str) log.debug1("%s.addProtocol('%s')", self._log_prefix, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if protocol in settings[6]: raise FirewallError(errors.ALREADY_ENABLED, protocol) settings[6].append(protocol) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def removeProtocol(self, protocol, sender=None): protocol = dbus_to_python(protocol, str) log.debug1("%s.removeProtocol('%s')", self._log_prefix, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if protocol not in settings[6]: raise FirewallError(errors.NOT_ENABLED, protocol) settings[6].remove(protocol) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryProtocol(self, protocol, sender=None): # pylint: disable=W0613 protocol = dbus_to_python(protocol, str) log.debug1("%s.queryProtocol(%s')", self._log_prefix, protocol) return protocol in self.getSettings()[6] # source port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a(ss)') @dbus_handle_exceptions def getSourcePorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getSourcePorts()", self._log_prefix) return self.getSettings()[7] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a(ss)') @dbus_handle_exceptions def setSourcePorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setSourcePorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[7] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def addSourcePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addSourcePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) in settings[7]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) settings[7].append((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def removeSourcePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removeSourcePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if (port,protocol) not in settings[7]: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) settings[7].remove((port,protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def querySourcePort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.querySourcePort('%s', '%s')", self._log_prefix, port, protocol) return (port,protocol) in self.getSettings()[7] # module @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='as') @dbus_handle_exceptions def getModules(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getModules()", self._log_prefix) return self.getSettings()[4] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='as') @dbus_handle_exceptions def setModules(self, modules, sender=None): modules = dbus_to_python(modules, list) _modules = [ ] for module in modules: if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") _modules.append(module) modules = _modules log.debug1("%s.setModules('[%s]')", self._log_prefix, ",".join(modules)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[4] = modules self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def addModule(self, module, sender=None): module = dbus_to_python(module, str) if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") log.debug1("%s.addModule('%s')", self._log_prefix, module) self.parent.accessCheck(sender) settings = list(self.getSettings()) if module in settings[4]: raise FirewallError(errors.ALREADY_ENABLED, module) settings[4].append(module) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def removeModule(self, module, sender=None): module = dbus_to_python(module, str) if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") log.debug1("%s.removeModule('%s')", self._log_prefix, module) self.parent.accessCheck(sender) settings = list(self.getSettings()) if module not in settings[4]: raise FirewallError(errors.NOT_ENABLED, module) settings[4].remove(module) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryModule(self, module, sender=None): # pylint: disable=W0613 module = dbus_to_python(module, str) if module.startswith("nf_conntrack_"): module = module.replace("nf_conntrack_", "") if "_" in module: module = module.replace("_", "-") log.debug1("%s.queryModule('%s')", self._log_prefix, module) return module in self.getSettings()[4] # destination @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a{ss}') @dbus_handle_exceptions def getDestinations(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDestinations()", self._log_prefix) return self.getSettings()[5] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a{ss}') @dbus_handle_exceptions def setDestinations(self, destinations, sender=None): destinations = dbus_to_python(destinations, dict) log.debug1("%s.setDestinations({ipv4:'%s', ipv6:'%s'})", self._log_prefix, destinations.get('ipv4'), destinations.get('ipv6')) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[5] = destinations self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', out_signature='s') @dbus_handle_exceptions def getDestination(self, family, sender=None): family = dbus_to_python(family, str) log.debug1("%s.getDestination('%s')", self._log_prefix, family) self.parent.accessCheck(sender) settings = list(self.getSettings()) if family not in settings[5]: raise FirewallError(errors.NOT_ENABLED, family) return settings[5][family] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') @dbus_handle_exceptions def setDestination(self, family, address, sender=None): family = dbus_to_python(family, str) address = dbus_to_python(address, str) log.debug1("%s.setDestination('%s', '%s')", self._log_prefix, family, address) self.parent.accessCheck(sender) settings = list(self.getSettings()) if family in settings[5] and settings[5][family] == address: raise FirewallError(errors.ALREADY_ENABLED, "'%s': '%s'" % (family, address)) settings[5][family] = address self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def removeDestination(self, family, sender=None): family = dbus_to_python(family, str) log.debug1("%s.removeDestination('%s')", self._log_prefix, family) self.parent.accessCheck(sender) settings = list(self.getSettings()) if family not in settings[5]: raise FirewallError(errors.NOT_ENABLED, family) del settings[5][family] self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryDestination(self, family, address, sender=None): # pylint: disable=W0613 family = dbus_to_python(family, str) address = dbus_to_python(address, str) log.debug1("%s.queryDestination('%s', '%s')", self._log_prefix, family, address) settings = self.getSettings() return (family in settings[5] and address == settings[5][family]) # includes @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, out_signature='as') @dbus_handle_exceptions def getIncludes(self, sender=None): log.debug1("%s.getIncludes()", self._log_prefix) self.parent.accessCheck(sender) settings = self.config.get_service_config_dict(self.obj) return settings["includes"] if "includes" in settings else [] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='as') @dbus_handle_exceptions def setIncludes(self, includes, sender=None): includes = dbus_to_python(includes, list) log.debug1("%s.setIncludes('%s')", self._log_prefix, includes) self.parent.accessCheck(sender) settings = {"includes": includes[:]} self.obj = self.config.set_service_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def addInclude(self, include, sender=None): include = dbus_to_python(include, str) log.debug1("%s.addInclude('%s')", self._log_prefix, include) self.parent.accessCheck(sender) settings = self.config.get_service_config_dict(self.obj) settings.setdefault("includes", []).append(include) self.obj = self.config.set_service_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') @dbus_handle_exceptions def removeInclude(self, include, sender=None): include = dbus_to_python(include, str) log.debug1("%s.removeInclude('%s')", self._log_prefix, include) self.parent.accessCheck(sender) settings = self.config.get_service_config_dict(self.obj) settings["includes"].remove(include) self.obj = self.config.set_service_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryInclude(self, include, sender=None): include = dbus_to_python(include, str) log.debug1("%s.queryInclude('%s')", self._log_prefix, include) settings = self.config.get_service_config_dict(self.obj) return include in settings["includes"] if "includes" in settings else False firewalld-1.1.1/src/firewall/server/config_zone.py0000644000000000000000000013176714217342322022254 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . import dbus import dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.io.zone import Zone from firewall.core.fw_ifcfg import ifcfg_set_zone_of_interface from firewall.core.base import DEFAULT_ZONE_TARGET from firewall.core.rich import Rich_Rule from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_polkit_require_auth from firewall import errors from firewall.errors import FirewallError from firewall.functions import portStr, portInPortRange, coalescePortRange, \ breakPortRange ############################################################################ # # class FirewallDConfig # ############################################################################ class FirewallDConfigZone(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use PK_ACTION_INFO as a default """ @handle_exceptions def __init__(self, parent, conf, zone, item_id, *args, **kwargs): super(FirewallDConfigZone, self).__init__(*args, **kwargs) self.parent = parent self.config = conf self.obj = zone self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.zone.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ZONE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ZONE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_ZONE: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigZone, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_ZONE) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)") @dbus_handle_exceptions def getSettings(self, sender=None): # pylint: disable=W0613 """get settings for zone """ log.debug1("%s.getSettings()", self._log_prefix) settings = self.config.get_zone_config(self.obj) if settings[4] == DEFAULT_ZONE_TARGET: # convert to list, fix target, convert back to tuple _settings = list(settings) _settings[4] = "default" settings = tuple(_settings) return settings @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature="a{sv}") @dbus_handle_exceptions def getSettings2(self, sender=None): """get settings for zone """ log.debug1("%s.getSettings2()", self._log_prefix) settings = self.config.get_zone_config_dict(self.obj) if settings["target"] == DEFAULT_ZONE_TARGET: settings["target"] = "default" return settings def _checkDuplicateInterfacesSources(self, settings): """Assignment of interfaces/sources to zones is different from other zone settings in the sense that particular interface/zone can be part of only one zone. So make sure added interfaces/sources have not already been bound to another zone.""" old_settings = self.config.get_zone_config_dict(self.obj) old_ifaces = set(old_settings["interfaces"]) if "interfaces" in old_settings else set() old_sources = set(old_settings["sources"]) if "sources" in old_settings else set() if isinstance(settings, tuple): added_ifaces = set(settings[Zone.index_of("interfaces")]) - old_ifaces added_sources = set(settings[Zone.index_of("sources")]) - old_sources else: # dict new_ifaces = set(settings["interfaces"]) if "interfaces" in settings else set() new_sources = set(settings["sources"]) if "sources" in settings else set() added_ifaces = new_ifaces - old_ifaces added_sources = new_sources - old_sources for iface in added_ifaces: if self.parent.getZoneOfInterface(iface): raise FirewallError(errors.ZONE_CONFLICT, iface) # or move to new zone ? for source in added_sources: if self.parent.getZoneOfSource(source): raise FirewallError(errors.ZONE_CONFLICT, source) # or move to new zone ? @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)") @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for zone """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) if settings[4] == "default": # convert to list, fix target, convert back to tuple _settings = list(settings) _settings[4] = DEFAULT_ZONE_TARGET settings = tuple(_settings) self._checkDuplicateInterfacesSources(settings) self.obj = self.config.set_zone_config(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature="a{sv}") @dbus_handle_exceptions def update2(self, settings, sender=None): """update settings for zone """ settings = dbus_to_python(settings) log.debug1("%s.update2('...')", self._log_prefix) self.parent.accessCheck(sender) if "target" in settings and settings["target"] == "default": settings["target"] = DEFAULT_ZONE_TARGET self._checkDuplicateInterfacesSources(settings) self.obj = self.config.set_zone_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin zone """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_zone_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def remove(self, sender=None): """remove zone """ log.debug1("%s.removeZone()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_zone(self.obj) self.parent.removeZone(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename zone """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_zone(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) # version @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') @dbus_handle_exceptions def getVersion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getVersion()", self._log_prefix) return self.getSettings()[0] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def setVersion(self, version, sender=None): version = dbus_to_python(version, str) log.debug1("%s.setVersion('%s')", self._log_prefix, version) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[0] = version self.update(settings) # short @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') @dbus_handle_exceptions def getShort(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getShort()", self._log_prefix) return self.getSettings()[1] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def setShort(self, short, sender=None): short = dbus_to_python(short, str) log.debug1("%s.setShort('%s')", self._log_prefix, short) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[1] = short self.update(settings) # description @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') @dbus_handle_exceptions def getDescription(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getDescription()", self._log_prefix) return self.getSettings()[2] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def setDescription(self, description, sender=None): description = dbus_to_python(description, str) log.debug1("%s.setDescription('%s')", self._log_prefix, description) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[2] = description self.update(settings) # immutable (deprecated) # settings[3] was used for 'immutable' # target @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') @dbus_handle_exceptions def getTarget(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getTarget()", self._log_prefix) settings = self.getSettings() return settings[4] if settings[4] != DEFAULT_ZONE_TARGET else "default" @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def setTarget(self, target, sender=None): target = dbus_to_python(target, str) log.debug1("%s.setTarget('%s')", self._log_prefix, target) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[4] = target if target != "default" else DEFAULT_ZONE_TARGET self.update(settings) # service @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getServices(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getServices()", self._log_prefix) return self.getSettings()[5] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setServices(self, services, sender=None): services = dbus_to_python(services, list) log.debug1("%s.setServices('[%s]')", self._log_prefix, ",".join(services)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[5] = services self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addService(self, service, sender=None): service = dbus_to_python(service, str) log.debug1("%s.addService('%s')", self._log_prefix, service) self.parent.accessCheck(sender) settings = list(self.getSettings()) if service in settings[5]: raise FirewallError(errors.ALREADY_ENABLED, service) settings[5].append(service) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeService(self, service, sender=None): service = dbus_to_python(service, str) log.debug1("%s.removeService('%s')", self._log_prefix, service) self.parent.accessCheck(sender) settings = list(self.getSettings()) if service not in settings[5]: raise FirewallError(errors.NOT_ENABLED, service) settings[5].remove(service) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryService(self, service, sender=None): # pylint: disable=W0613 service = dbus_to_python(service, str) log.debug1("%s.queryService('%s')", self._log_prefix, service) return service in self.getSettings()[5] # port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='a(ss)') @dbus_handle_exceptions def getPorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getPorts()", self._log_prefix) return self.getSettings()[6] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='a(ss)') @dbus_handle_exceptions def setPorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setPorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[6] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') @dbus_handle_exceptions def addPort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addPort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) existing_port_ids = list(filter(lambda x: x[1] == protocol, settings[6])) for port_id in existing_port_ids: if portInPortRange(port, port_id[0]): raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) added_ranges, removed_ranges = coalescePortRange(port, [_port for (_port, _protocol) in existing_port_ids]) for range in removed_ranges: settings[6].remove((portStr(range, "-"), protocol)) for range in added_ranges: settings[6].append((portStr(range, "-"), protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') @dbus_handle_exceptions def removePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) existing_port_ids = list(filter(lambda x: x[1] == protocol, settings[6])) for port_id in existing_port_ids: if portInPortRange(port, port_id[0]): break else: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) added_ranges, removed_ranges = breakPortRange(port, [_port for (_port, _protocol) in existing_port_ids]) for range in removed_ranges: settings[6].remove((portStr(range, "-"), protocol)) for range in added_ranges: settings[6].append((portStr(range, "-"), protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryPort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.queryPort('%s', '%s')", self._log_prefix, port, protocol) for (_port, _protocol) in self.getSettings()[6]: if portInPortRange(port, _port) and protocol == _protocol: return True return False # protocol @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getProtocols(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getProtocols()", self._log_prefix) return self.getSettings()[13] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setProtocols(self, protocols, sender=None): protocols = dbus_to_python(protocols, list) log.debug1("%s.setProtocols('[%s]')", self._log_prefix, ",".join(protocols)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[13] = protocols self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addProtocol(self, protocol, sender=None): protocol = dbus_to_python(protocol, str) log.debug1("%s.addProtocol('%s')", self._log_prefix, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if protocol in settings[13]: raise FirewallError(errors.ALREADY_ENABLED, protocol) settings[13].append(protocol) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeProtocol(self, protocol, sender=None): protocol = dbus_to_python(protocol, str) log.debug1("%s.removeProtocol('%s')", self._log_prefix, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) if protocol not in settings[13]: raise FirewallError(errors.NOT_ENABLED, protocol) settings[13].remove(protocol) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryProtocol(self, protocol, sender=None): # pylint: disable=W0613 protocol = dbus_to_python(protocol, str) log.debug1("%s.queryProtocol('%s')", self._log_prefix, protocol) return protocol in self.getSettings()[13] # source port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='a(ss)') @dbus_handle_exceptions def getSourcePorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getSourcePorts()", self._log_prefix) return self.getSettings()[14] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='a(ss)') @dbus_handle_exceptions def setSourcePorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setSourcePorts('[%s]')", self._log_prefix, ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[14] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') @dbus_handle_exceptions def addSourcePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.addSourcePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) existing_port_ids = list(filter(lambda x: x[1] == protocol, settings[14])) for port_id in existing_port_ids: if portInPortRange(port, port_id[0]): raise FirewallError(errors.ALREADY_ENABLED, "%s:%s" % (port, protocol)) added_ranges, removed_ranges = coalescePortRange(port, [_port for (_port, _protocol) in existing_port_ids]) for range in removed_ranges: settings[14].remove((portStr(range, "-"), protocol)) for range in added_ranges: settings[14].append((portStr(range, "-"), protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') @dbus_handle_exceptions def removeSourcePort(self, port, protocol, sender=None): port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.removeSourcePort('%s', '%s')", self._log_prefix, port, protocol) self.parent.accessCheck(sender) settings = list(self.getSettings()) existing_port_ids = list(filter(lambda x: x[1] == protocol, settings[14])) for port_id in existing_port_ids: if portInPortRange(port, port_id[0]): break else: raise FirewallError(errors.NOT_ENABLED, "%s:%s" % (port, protocol)) added_ranges, removed_ranges = breakPortRange(port, [_port for (_port, _protocol) in existing_port_ids]) for range in removed_ranges: settings[14].remove((portStr(range, "-"), protocol)) for range in added_ranges: settings[14].append((portStr(range, "-"), protocol)) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def querySourcePort(self, port, protocol, sender=None): # pylint: disable=W0613 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("%s.querySourcePort('%s', '%s')", self._log_prefix, port, protocol) for (_port, _protocol) in self.getSettings()[14]: if portInPortRange(port, _port) and protocol == _protocol: return True return False # icmp block @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getIcmpBlocks(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getIcmpBlocks()", self._log_prefix) return self.getSettings()[7] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setIcmpBlocks(self, icmptypes, sender=None): icmptypes = dbus_to_python(icmptypes, list) log.debug1("%s.setIcmpBlocks('[%s]')", self._log_prefix, ",".join(icmptypes)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[7] = icmptypes self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addIcmpBlock(self, icmptype, sender=None): icmptype = dbus_to_python(icmptype, str) log.debug1("%s.addIcmpBlock('%s')", self._log_prefix, icmptype) self.parent.accessCheck(sender) settings = list(self.getSettings()) if icmptype in settings[7]: raise FirewallError(errors.ALREADY_ENABLED, icmptype) settings[7].append(icmptype) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeIcmpBlock(self, icmptype, sender=None): icmptype = dbus_to_python(icmptype, str) log.debug1("%s.removeIcmpBlock('%s')", self._log_prefix, icmptype) self.parent.accessCheck(sender) settings = list(self.getSettings()) if icmptype not in settings[7]: raise FirewallError(errors.NOT_ENABLED, icmptype) settings[7].remove(icmptype) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryIcmpBlock(self, icmptype, sender=None): # pylint: disable=W0613 icmptype = dbus_to_python(icmptype, str) log.debug1("%s.queryIcmpBlock('%s')", self._log_prefix, icmptype) return icmptype in self.getSettings()[7] # icmp block inversion @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') @dbus_handle_exceptions def getIcmpBlockInversion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getIcmpBlockInversion()", self._log_prefix) return self.getSettings()[15] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='b') @dbus_handle_exceptions def setIcmpBlockInversion(self, flag, sender=None): flag = dbus_to_python(flag, bool) log.debug1("%s.setIcmpBlockInversion('%s')", self._log_prefix, flag) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[15] = flag self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def addIcmpBlockInversion(self, sender=None): log.debug1("%s.addIcmpBlockInversion()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[15]: raise FirewallError(errors.ALREADY_ENABLED, "icmp-block-inversion") settings[15] = True self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def removeIcmpBlockInversion(self, sender=None): log.debug1("%s.removeIcmpBlockInversion()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) if not settings[15]: raise FirewallError(errors.NOT_ENABLED, "icmp-block-inversion") settings[15] = False self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') @dbus_handle_exceptions def queryIcmpBlockInversion(self, sender=None): # pylint: disable=W0613 log.debug1("%s.queryIcmpBlockInversion()", self._log_prefix) return self.getSettings()[15] # masquerade @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') @dbus_handle_exceptions def getMasquerade(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getMasquerade()", self._log_prefix) return self.getSettings()[8] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='b') @dbus_handle_exceptions def setMasquerade(self, masquerade, sender=None): masquerade = dbus_to_python(masquerade, bool) log.debug1("%s.setMasquerade('%s')", self._log_prefix, masquerade) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[8] = masquerade self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def addMasquerade(self, sender=None): log.debug1("%s.addMasquerade()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) if settings[8]: raise FirewallError(errors.ALREADY_ENABLED, "masquerade") settings[8] = True self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE) @dbus_handle_exceptions def removeMasquerade(self, sender=None): log.debug1("%s.removeMasquerade()", self._log_prefix) self.parent.accessCheck(sender) settings = list(self.getSettings()) if not settings[8]: raise FirewallError(errors.NOT_ENABLED, "masquerade") settings[8] = False self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') @dbus_handle_exceptions def queryMasquerade(self, sender=None): # pylint: disable=W0613 log.debug1("%s.queryMasquerade()", self._log_prefix) return self.getSettings()[8] # forward port @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='a(ssss)') @dbus_handle_exceptions def getForwardPorts(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getForwardPorts()", self._log_prefix) return self.getSettings()[9] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='a(ssss)') @dbus_handle_exceptions def setForwardPorts(self, ports, sender=None): _ports = [ ] # convert embedded lists to tuples for port in dbus_to_python(ports, list): if isinstance(port, list): _ports.append(tuple(port)) else: _ports.append(port) ports = _ports log.debug1("%s.setForwardPorts('[%s]')", self._log_prefix, ",".join("('%s, '%s', '%s', '%s')" % (port[0], port[1], \ port[2], port[3]) for port in ports)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[9] = ports self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss') @dbus_handle_exceptions def addForwardPort(self, port, protocol, toport, toaddr, sender=None): # pylint: disable=R0913 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("%s.addForwardPort('%s', '%s', '%s', '%s')", self._log_prefix, port, protocol, toport, toaddr) self.parent.accessCheck(sender) fwp_id = (port, protocol, str(toport), str(toaddr)) settings = list(self.getSettings()) if fwp_id in settings[9]: raise FirewallError(errors.ALREADY_ENABLED, "%s:%s:%s:%s" % (port, protocol, toport, toaddr)) settings[9].append(fwp_id) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss') @dbus_handle_exceptions def removeForwardPort(self, port, protocol, toport, toaddr, sender=None): # pylint: disable=R0913 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("%s.removeForwardPort('%s', '%s', '%s', '%s')", self._log_prefix, port, protocol, toport, toaddr) self.parent.accessCheck(sender) fwp_id = (port, protocol, str(toport), str(toaddr)) settings = list(self.getSettings()) if fwp_id not in settings[9]: raise FirewallError(errors.NOT_ENABLED, "%s:%s:%s:%s" % (port, protocol, toport, toaddr)) settings[9].remove(fwp_id) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss', out_signature='b') @dbus_handle_exceptions def queryForwardPort(self, port, protocol, toport, toaddr, sender=None): # pylint: disable=W0613, R0913 port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("%s.queryForwardPort('%s', '%s', '%s', '%s')", self._log_prefix, port, protocol, toport, toaddr) fwp_id = (port, protocol, str(toport), str(toaddr)) return fwp_id in self.getSettings()[9] # interface @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getInterfaces(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getInterfaces()", self._log_prefix) return self.getSettings()[10] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setInterfaces(self, interfaces, sender=None): interfaces = dbus_to_python(interfaces, list) log.debug1("%s.setInterfaces('[%s]')", self._log_prefix, ",".join(interfaces)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[10] = interfaces self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addInterface(self, interface, sender=None): interface = dbus_to_python(interface, str) log.debug1("%s.addInterface('%s')", self._log_prefix, interface) self.parent.accessCheck(sender) settings = list(self.getSettings()) if interface in settings[10]: raise FirewallError(errors.ALREADY_ENABLED, interface) settings[10].append(interface) self.update(settings) ifcfg_set_zone_of_interface(self.obj.name, interface) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeInterface(self, interface, sender=None): interface = dbus_to_python(interface, str) log.debug1("%s.removeInterface('%s')", self._log_prefix, interface) self.parent.accessCheck(sender) settings = list(self.getSettings()) if interface not in settings[10]: raise FirewallError(errors.NOT_ENABLED, interface) settings[10].remove(interface) self.update(settings) ifcfg_set_zone_of_interface("", interface) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryInterface(self, interface, sender=None): # pylint: disable=W0613 interface = dbus_to_python(interface, str) log.debug1("%s.queryInterface('%s')", self._log_prefix, interface) return interface in self.getSettings()[10] # source @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getSources(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getSources()", self._log_prefix) return self.getSettings()[11] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setSources(self, sources, sender=None): sources = dbus_to_python(sources, list) log.debug1("%s.setSources('[%s]')", self._log_prefix, ",".join(sources)) self.parent.accessCheck(sender) settings = list(self.getSettings()) settings[11] = sources self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addSource(self, source, sender=None): source = dbus_to_python(source, str) log.debug1("%s.addSource('%s')", self._log_prefix, source) self.parent.accessCheck(sender) settings = list(self.getSettings()) if source in settings[11]: raise FirewallError(errors.ALREADY_ENABLED, source) settings[11].append(source) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeSource(self, source, sender=None): source = dbus_to_python(source, str) log.debug1("%s.removeSource('%s')", self._log_prefix, source) self.parent.accessCheck(sender) settings = list(self.getSettings()) if source not in settings[11]: raise FirewallError(errors.NOT_ENABLED, source) settings[11].remove(source) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def querySource(self, source, sender=None): # pylint: disable=W0613 source = dbus_to_python(source, str) log.debug1("%s.querySource('%s')", self._log_prefix, source) return source in self.getSettings()[11] # rich rule @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') @dbus_handle_exceptions def getRichRules(self, sender=None): # pylint: disable=W0613 log.debug1("%s.getRichRules()", self._log_prefix) return self.getSettings()[12] @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') @dbus_handle_exceptions def setRichRules(self, rules, sender=None): rules = dbus_to_python(rules, list) log.debug1("%s.setRichRules('[%s]')", self._log_prefix, ",".join(rules)) self.parent.accessCheck(sender) settings = list(self.getSettings()) rules = [ str(Rich_Rule(rule_str=r)) for r in rules ] settings[12] = rules self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def addRichRule(self, rule, sender=None): rule = dbus_to_python(rule, str) log.debug1("%s.addRichRule('%s')", self._log_prefix, rule) self.parent.accessCheck(sender) settings = list(self.getSettings()) rule_str = str(Rich_Rule(rule_str=rule)) if rule_str in settings[12]: raise FirewallError(errors.ALREADY_ENABLED, rule) settings[12].append(rule_str) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') @dbus_handle_exceptions def removeRichRule(self, rule, sender=None): rule = dbus_to_python(rule, str) log.debug1("%s.removeRichRule('%s')", self._log_prefix, rule) self.parent.accessCheck(sender) settings = list(self.getSettings()) rule_str = str(Rich_Rule(rule_str=rule)) if rule_str not in settings[12]: raise FirewallError(errors.NOT_ENABLED, rule) settings[12].remove(rule_str) self.update(settings) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryRichRule(self, rule, sender=None): # pylint: disable=W0613 rule = dbus_to_python(rule, str) log.debug1("%s.queryRichRule('%s')", self._log_prefix, rule) rule_str = str(Rich_Rule(rule_str=rule)) return rule_str in self.getSettings()[12] firewalld-1.1.1/src/firewall/server/config_policy.py0000644000000000000000000002031514217342322022562 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # SPDX-License-Identifier: GPL-2.0-or-later import dbus import dbus.service from firewall import config from firewall.dbus_utils import dbus_to_python, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties from firewall.core.logger import log from firewall.server.dbus import DbusServiceObject from firewall.server.decorators import handle_exceptions, \ dbus_handle_exceptions, dbus_service_method, \ dbus_polkit_require_auth class FirewallDConfigPolicy(DbusServiceObject): persistent = True default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG @handle_exceptions def __init__(self, parent, conf, policy, item_id, *args, **kwargs): super(FirewallDConfigPolicy, self).__init__(*args, **kwargs) self.parent = parent self.config = conf self.obj = policy self.item_id = item_id self.busname = args[0] self.path = args[1] self._log_prefix = "config.policy.%d" % self.item_id dbus_introspection_prepare_properties( self, config.dbus.DBUS_INTERFACE_CONFIG_POLICY) @dbus_handle_exceptions def __del__(self): pass @dbus_handle_exceptions def unregister(self): self.remove_from_connection() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # P R O P E R T I E S @dbus_handle_exceptions def _get_property(self, property_name): if property_name == "name": return dbus.String(self.obj.name) elif property_name == "filename": return dbus.String(self.obj.filename) elif property_name == "path": return dbus.String(self.obj.path) elif property_name == "default": return dbus.Boolean(self.obj.default) elif property_name == "builtin": return dbus.Boolean(self.obj.builtin) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("%s.Get('%s', '%s')", self._log_prefix, interface_name, property_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_POLICY: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return self._get_property(property_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): interface_name = dbus_to_python(interface_name, str) log.debug1("%s.GetAll('%s')", self._log_prefix, interface_name) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_POLICY: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) ret = { } for x in [ "name", "filename", "path", "default", "builtin" ]: ret[x] = self._get_property(x) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("%s.Set('%s', '%s', '%s')", self._log_prefix, interface_name, property_name, new_value) self.parent.accessCheck(sender) if interface_name != config.dbus.DBUS_INTERFACE_CONFIG_POLICY: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("%s.PropertiesChanged('%s', '%s', '%s')", self._log_prefix, interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): log.debug2("%s.Introspect()", self._log_prefix) data = super(FirewallDConfigPolicy, self).Introspect( self.path, self.busname.get_bus()) return dbus_introspection_add_properties( self, data, config.dbus.DBUS_INTERFACE_CONFIG_POLICY) # S E T T I N G S @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICY, out_signature="a{sv}") @dbus_handle_exceptions def getSettings(self, sender=None): """get settings for policy """ log.debug1("%s.getSettings()", self._log_prefix) settings = self.config.get_policy_object_config_dict(self.obj) return settings @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICY, in_signature="a{sv}") @dbus_handle_exceptions def update(self, settings, sender=None): """update settings for policy """ settings = dbus_to_python(settings) log.debug1("%s.update('...')", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.set_policy_object_config_dict(self.obj, settings) self.Updated(self.obj.name) @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICY) @dbus_handle_exceptions def loadDefaults(self, sender=None): """load default settings for builtin policy """ log.debug1("%s.loadDefaults()", self._log_prefix) self.parent.accessCheck(sender) self.obj = self.config.load_policy_object_defaults(self.obj) self.Updated(self.obj.name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_POLICY, signature='s') @dbus_handle_exceptions def Updated(self, name): log.debug1("%s.Updated('%s')" % (self._log_prefix, name)) # R E M O V E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICY) @dbus_handle_exceptions def remove(self, sender=None): """remove policy """ log.debug1("%s.removePolicy()", self._log_prefix) self.parent.accessCheck(sender) self.config.remove_policy_object(self.obj) self.parent.removePolicy(self.obj) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_POLICY, signature='s') @dbus_handle_exceptions def Removed(self, name): log.debug1("%s.Removed('%s')" % (self._log_prefix, name)) # R E N A M E @dbus_service_method(config.dbus.DBUS_INTERFACE_CONFIG_POLICY, in_signature='s') @dbus_handle_exceptions def rename(self, name, sender=None): """rename policy """ name = dbus_to_python(name, str) log.debug1("%s.rename('%s')", self._log_prefix, name) self.parent.accessCheck(sender) self.obj = self.config.rename_policy_object(self.obj, name) self.Renamed(name) @dbus.service.signal(config.dbus.DBUS_INTERFACE_CONFIG_POLICY, signature='s') @dbus_handle_exceptions def Renamed(self, name): log.debug1("%s.Renamed('%s')" % (self._log_prefix, name)) firewalld-1.1.1/src/firewall/server/dbus.py0000644000000000000000000000226414217342322020676 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # SPDX-License-Identifier: GPL-2.0-or-later import dbus from firewall import config class FirewallDBusException(dbus.DBusException): """FirewallDBusException""" _dbus_error_name = "%s.Exception" % config.dbus.DBUS_INTERFACE class NotAuthorizedException(dbus.DBusException): def __init__(self, action_id, method, *args, **kwargs): self._dbus_error_name = config.dbus.DBUS_INTERFACE + ".NotAuthorizedException" super().__init__("Not Authorized({}): {}".format(method, action_id)) class DbusServiceObject(dbus.service.Object): def __new__(cls, *args, **kwargs): # Check each dbus method. If it does not have an explicit polkit auth # then implicitly wrap it with the default from firewall.server.decorators import dbus_polkit_require_auth for attr_name in dir(cls): method = getattr(cls, attr_name) if hasattr(method, "_dbus_is_method") and \ not hasattr(method, "_polkit_auth_required"): _decorator = dbus_polkit_require_auth(cls.default_polkit_auth_required) setattr(cls, attr_name, _decorator(method)) return super().__new__(cls) firewalld-1.1.1/src/firewall/server/decorators.py0000644000000000000000000001662514217342322022114 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2012-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . """This module contains decorators for use with and without D-Bus""" __all__ = ["handle_exceptions", "dbus_handle_exceptions", "dbus_service_method"] import dbus import dbus.service import traceback import functools import inspect from dbus.exceptions import DBusException from firewall.errors import FirewallError from firewall import errors from firewall.core.logger import log from firewall.server.dbus import FirewallDBusException, NotAuthorizedException from firewall.dbus_utils import uid_of_sender ############################################################################ # # Exception handler decorators # ############################################################################ def handle_exceptions(func): """Decorator to handle exceptions and log them. Used if not conneced to D-Bus. """ @functools.wraps(func) def _impl(*args, **kwargs): try: return func(*args, **kwargs) except FirewallError as error: log.debug1(traceback.format_exc()) log.error(error) except Exception: # pylint: disable=W0703 log.exception() return _impl def dbus_handle_exceptions(func): """Decorator to handle exceptions, log and report them into D-Bus :Raises DBusException: on a firewall error code problems. """ @functools.wraps(func) def _impl(*args, **kwargs): try: return func(*args, **kwargs) except FirewallError as error: code = FirewallError.get_code(str(error)) if code in [ errors.ALREADY_ENABLED, errors.NOT_ENABLED, errors.ZONE_ALREADY_SET, errors.ALREADY_SET ]: log.warning(str(error)) else: log.debug1(traceback.format_exc()) log.error(str(error)) raise FirewallDBusException(str(error)) except DBusException as ex: # only log DBusExceptions once raise ex except Exception as ex: log.exception() raise FirewallDBusException(str(ex)) # HACK: functools.wraps() does not copy the function signature and # dbus-python doesn't support varargs. As such we need to copy the # signature from the function to the newly decorated function otherwise the # decorators in dbus-python will manipulate the arg stack and fail # miserably. # # Note: This can be removed if we ever stop using dbus-python. # # Ref: https://gitlab.freedesktop.org/dbus/dbus-python/-/issues/12 # _impl.__signature__ = inspect.signature(func) return _impl def dbus_service_method(*args, **kwargs): """Add sender argument for D-Bus""" kwargs.setdefault("sender_keyword", "sender") return dbus.service.method(*args, **kwargs) class dbus_service_method_deprecated: """Decorator that maintains a list of deprecated methods in dbus interfaces. """ deprecated = {} def __init__(self, interface=None): self.interface = interface if self.interface: if self.interface not in self.deprecated: self.deprecated[self.interface] = set() def __call__(self, func): if self.interface: self.deprecated[self.interface].add(func.__name__) @functools.wraps(func) def _impl(*args, **kwargs): return func(*args, **kwargs) return _impl class dbus_service_signal_deprecated(dbus_service_method_deprecated): """Decorator that maintains a list of deprecated signals in dbus interfaces. """ pass class dbus_polkit_require_auth: """Decorator factory that checks if the interface/method can be used by the sender/user. Assumes wrapped function is a method inside a class derived from DbusServiceObject. """ _polkit_name = "org.freedesktop.PolicyKit1" _polkit_path = "/org/freedesktop/PolicyKit1/Authority" _polkit_interface = "org.freedesktop.PolicyKit1.Authority" _bus = None _bus_signal_receiver = None _interface_polkit = None def __init__(self, polkit_auth_required): self._polkit_auth_required = polkit_auth_required @classmethod def _polkit_name_owner_changed(cls, name, old_owner, new_owner): cls._bus.remove_signal_receiver(cls._bus_signal_receiver) cls._bus_signal_receiver = None cls._interface_polkit = None pass def __call__(self, func): @functools.wraps(func) def _impl(*args, **kwargs): if not type(self)._bus: type(self)._bus = dbus.SystemBus() if not type(self)._bus_signal_receiver: type(self)._bus_signal_receiver = type(self)._bus.add_signal_receiver( handler_function=type(self)._polkit_name_owner_changed, signal_name="NameOwnerChanged", dbus_interface="org.freedesktop.DBus", arg0=self._polkit_name) if not type(self)._interface_polkit: try: type(self)._interface_polkit = dbus.Interface(type(self)._bus.get_object( type(self)._polkit_name, type(self)._polkit_path), type(self)._polkit_interface) except dbus.DBusException: # polkit must not be available pass action_id = self._polkit_auth_required if not action_id: raise dbus.DBusException("Not Authorized: No action_id specified.") sender = kwargs.get("sender") if sender: # use polkit if it's available if type(self)._interface_polkit: (result, _, _) = type(self)._interface_polkit.CheckAuthorization( ("system-bus-name", {"name": sender}), action_id, {}, 1, "") if not result: raise NotAuthorizedException(action_id, "polkit") # fallback to checking UID else: uid = uid_of_sender(type(self)._bus, sender) if uid != 0: raise NotAuthorizedException(action_id, "uid") return func(*args, **kwargs) _impl._polkit_auth_required = self._polkit_auth_required return _impl firewalld-1.1.1/src/firewall/server/firewalld.py0000644000000000000000000034267514217342322021727 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . __all__ = [ "FirewallD" ] from gi.repository import GLib import copy import dbus import dbus.service from firewall import config from firewall.core.fw import Firewall from firewall.core.rich import Rich_Rule from firewall.core.logger import log from firewall.client import FirewallClientZoneSettings from firewall.server.dbus import FirewallDBusException, DbusServiceObject from firewall.server.decorators import dbus_handle_exceptions, \ dbus_service_method, \ handle_exceptions, \ dbus_service_method_deprecated, \ dbus_service_signal_deprecated, \ dbus_polkit_require_auth from firewall.server.config import FirewallDConfig from firewall.dbus_utils import dbus_to_python, \ command_of_sender, context_of_sender, uid_of_sender, user_of_uid, \ dbus_introspection_prepare_properties, \ dbus_introspection_add_properties, \ dbus_introspection_add_deprecated from firewall.core.io.functions import check_on_disk_config from firewall.core.io.ipset import IPSet from firewall.core.io.icmptype import IcmpType from firewall.core.io.helper import Helper from firewall.core.fw_nm import nm_get_connection_of_interface, \ nm_set_zone_of_connection from firewall.core.fw_ifcfg import ifcfg_set_zone_of_interface from firewall import errors from firewall.errors import FirewallError ############################################################################ # # class FirewallD # ############################################################################ class FirewallD(DbusServiceObject): """FirewallD main class""" persistent = True """ Make FirewallD persistent. """ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG """ Use config.dbus.PK_ACTION_CONFIG as a default """ @handle_exceptions def __init__(self, *args, **kwargs): super(FirewallD, self).__init__(*args, **kwargs) self.fw = Firewall() self.busname = args[0] self.path = args[1] self.start() dbus_introspection_prepare_properties(self, config.dbus.DBUS_INTERFACE) self.config = FirewallDConfig(self.fw.config, self.busname, config.dbus.DBUS_PATH_CONFIG) def __del__(self): self.stop() @handle_exceptions def start(self): # tests if iptables and ip6tables are usable using test functions # loads default firewall rules for iptables and ip6tables log.debug1("start()") self._timeouts = { } return self.fw.start() @handle_exceptions def stop(self): # stops firewall: unloads firewall modules, flushes chains and tables, # resets policies log.debug1("stop()") return self.fw.stop() # lockdown functions @dbus_handle_exceptions def accessCheck(self, sender): if self.fw.policies.query_lockdown(): if sender is None: log.error("Lockdown not possible, sender not set.") return bus = dbus.SystemBus() context = context_of_sender(bus, sender) if self.fw.policies.access_check("context", context): return uid = uid_of_sender(bus, sender) if self.fw.policies.access_check("uid", uid): return user = user_of_uid(uid) if self.fw.policies.access_check("user", user): return command = command_of_sender(bus, sender) if self.fw.policies.access_check("command", command): return raise FirewallError(errors.ACCESS_DENIED, "lockdown is enabled") # timeout functions @dbus_handle_exceptions def addTimeout(self, zone, x, tag): if zone not in self._timeouts: self._timeouts[zone] = { } self._timeouts[zone][x] = tag @dbus_handle_exceptions def removeTimeout(self, zone, x): if zone in self._timeouts and x in self._timeouts[zone]: GLib.source_remove(self._timeouts[zone][x]) del self._timeouts[zone][x] @dbus_handle_exceptions def cleanup_timeouts(self): # cleanup timeouts for zone in self._timeouts: for x in self._timeouts[zone]: GLib.source_remove(self._timeouts[zone][x]) self._timeouts[zone].clear() self._timeouts.clear() # property handling @dbus_handle_exceptions def _get_property(self, prop): if prop == "version": return dbus.String(config.VERSION) elif prop == "interface_version": return dbus.String("%d.%d" % (config.dbus.DBUS_INTERFACE_VERSION, config.dbus.DBUS_INTERFACE_REVISION)) elif prop == "state": return dbus.String(self.fw.get_state()) elif prop == "IPv4": return dbus.Boolean(self.fw.is_ipv_enabled("ipv4")) elif prop == "IPv4ICMPTypes": return dbus.Array(self.fw.ipv4_supported_icmp_types, "s") elif prop == "IPv6": return dbus.Boolean(self.fw.is_ipv_enabled("ipv6")) elif prop == "IPv6_rpfilter": return dbus.Boolean(self.fw.ipv6_rpfilter_enabled) elif prop == "IPv6ICMPTypes": return dbus.Array(self.fw.ipv6_supported_icmp_types, "s") elif prop == "BRIDGE": return dbus.Boolean(self.fw.ebtables_enabled) elif prop == "IPSet": return dbus.Boolean(self.fw.ipset_enabled) elif prop == "IPSetTypes": return dbus.Array(self.fw.ipset_supported_types, "s") elif prop == "nf_conntrack_helper_setting": return dbus.Boolean(False) elif prop == "nf_conntrack_helpers": return dbus.Dictionary({}, "sas") elif prop == "nf_nat_helpers": return dbus.Dictionary({}, "sas") else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % prop) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ss', out_signature='v') @dbus_handle_exceptions def Get(self, interface_name, property_name, sender=None): # pylint: disable=W0613 # get a property interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) log.debug1("Get('%s', '%s')", interface_name, property_name) if interface_name == config.dbus.DBUS_INTERFACE: return self._get_property(property_name) elif interface_name in [ config.dbus.DBUS_INTERFACE_ZONE, config.dbus.DBUS_INTERFACE_DIRECT, config.dbus.DBUS_INTERFACE_POLICIES, config.dbus.DBUS_INTERFACE_IPSET ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def GetAll(self, interface_name, sender=None): # pylint: disable=W0613 interface_name = dbus_to_python(interface_name, str) log.debug1("GetAll('%s')", interface_name) ret = { } if interface_name == config.dbus.DBUS_INTERFACE: for x in [ "version", "interface_version", "state", "IPv4", "IPv6", "IPv6_rpfilter", "BRIDGE", "IPSet", "IPSetTypes", "nf_conntrack_helper_setting", "nf_conntrack_helpers", "nf_nat_helpers", "IPv4ICMPTypes", "IPv6ICMPTypes" ]: ret[x] = self._get_property(x) elif interface_name in [ config.dbus.DBUS_INTERFACE_ZONE, config.dbus.DBUS_INTERFACE_DIRECT, config.dbus.DBUS_INTERFACE_POLICIES, config.dbus.DBUS_INTERFACE_IPSET ]: pass else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) return dbus.Dictionary(ret, signature="sv") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(dbus.PROPERTIES_IFACE, in_signature='ssv') @dbus_handle_exceptions def Set(self, interface_name, property_name, new_value, sender=None): interface_name = dbus_to_python(interface_name, str) property_name = dbus_to_python(property_name, str) new_value = dbus_to_python(new_value) log.debug1("Set('%s', '%s', '%s')", interface_name, property_name, new_value) self.accessCheck(sender) if interface_name == config.dbus.DBUS_INTERFACE: if property_name in [ "version", "interface_version", "state", "IPv4", "IPv6", "IPv6_rpfilter", "BRIDGE", "IPSet", "IPSetTypes", "nf_conntrack_helper_setting", "nf_conntrack_helpers", "nf_nat_helpers", "IPv4ICMPTypes", "IPv6ICMPTypes" ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.PropertyReadOnly: " "Property '%s' is read-only" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) elif interface_name in [ config.dbus.DBUS_INTERFACE_ZONE, config.dbus.DBUS_INTERFACE_DIRECT, config.dbus.DBUS_INTERFACE_POLICIES, config.dbus.DBUS_INTERFACE_IPSET ]: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.InvalidArgs: " "Property '%s' does not exist" % property_name) else: raise dbus.exceptions.DBusException( "org.freedesktop.DBus.Error.UnknownInterface: " "Interface '%s' does not exist" % interface_name) @dbus.service.signal(dbus.PROPERTIES_IFACE, signature='sa{sv}as') def PropertiesChanged(self, interface_name, changed_properties, invalidated_properties): interface_name = dbus_to_python(interface_name, str) changed_properties = dbus_to_python(changed_properties) invalidated_properties = dbus_to_python(invalidated_properties) log.debug1("PropertiesChanged('%s', '%s', '%s')", interface_name, changed_properties, invalidated_properties) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(dbus.INTROSPECTABLE_IFACE, out_signature='s') @dbus_handle_exceptions def Introspect(self, sender=None): # pylint: disable=W0613 log.debug2("Introspect()") data = super(FirewallD, self).Introspect(self.path, self.busname.get_bus()) data = dbus_introspection_add_properties(self, data, config.dbus.DBUS_INTERFACE) for interface in [config.dbus.DBUS_INTERFACE_DIRECT]: data = dbus_introspection_add_deprecated(self, data, interface, dbus_service_method_deprecated().deprecated, dbus_service_signal_deprecated().deprecated) return data # reload @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def reload(self, sender=None): # pylint: disable=W0613 """Reload the firewall rules. """ log.debug1("reload()") self.fw.reload() self.config.reload() self.Reloaded() # complete_reload @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def completeReload(self, sender=None): # pylint: disable=W0613 """Completely reload the firewall. Completely reload the firewall: Stops firewall, unloads modules and starts the firewall again. """ log.debug1("completeReload()") self.fw.reload(True) self.config.reload() self.Reloaded() @dbus.service.signal(config.dbus.DBUS_INTERFACE) @dbus_handle_exceptions def Reloaded(self): log.debug1("Reloaded()") @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def checkPermanentConfig(self, sender=None): # pylint: disable=W0613 """Check permanent configuration """ log.debug1("checkPermanentConfig()") check_on_disk_config(self.fw) # runtime to permanent @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def runtimeToPermanent(self, sender=None): # pylint: disable=W0613 """Make runtime configuration permanent """ log.debug1("copyRuntimeToPermanent()") error = False # Services or icmptypes can not be modified in runtime, but they can # be removed or modified in permanent environment. Therefore copying # of services and icmptypes to permanent is also needed. # services config_names = self.config.getServiceNames() for name in self.fw.service.get_services(): conf = self.getServiceSettings(name) try: if name in config_names: conf_obj = self.config.getServiceByName(name) if conf_obj.getSettings() != conf: log.debug1("Copying service '%s' settings" % name) conf_obj.update(conf) else: log.debug1("Service '%s' is identical, ignoring." % name) else: log.debug1("Creating service '%s'" % name) self.config.addService(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on service '%s': %s" % \ (name, e)) error = True # icmptypes config_names = self.config.getIcmpTypeNames() for name in self.fw.icmptype.get_icmptypes(): conf = self.getIcmpTypeSettings(name) try: if name in config_names: conf_obj = self.config.getIcmpTypeByName(name) if conf_obj.getSettings() != conf: log.debug1("Copying icmptype '%s' settings" % name) conf_obj.update(conf) else: log.debug1("IcmpType '%s' is identical, ignoring." % name) else: log.debug1("Creating icmptype '%s'" % name) self.config.addIcmpType(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on icmptype '%s': %s" % \ (name, e)) error = True # ipsets config_names = self.config.getIPSetNames() for name in self.fw.ipset.get_ipsets(): try: conf = self.getIPSetSettings(name) if name in config_names: conf_obj = self.config.getIPSetByName(name) if conf_obj.getSettings() != conf: log.debug1("Copying ipset '%s' settings" % name) conf_obj.update(conf) else: log.debug1("IPSet '%s' is identical, ignoring." % name) else: log.debug1("Creating ipset '%s'" % name) self.config.addIPSet(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on ipset '%s': %s" % \ (name, e)) error = True # zones config_names = self.config.getZoneNames() for name in self.fw.zone.get_zones(): conf = self.getZoneSettings2(name) settings = FirewallClientZoneSettings(conf) changed = False for interface in self.fw._nm_assigned_interfaces: log.debug1("Zone '%s': interface binding for '%s' has been added by NM, ignoring." % (name, interface)) settings.removeInterface(interface) changed = True # For the remaining interfaces, attempt to let NM manage them for interface in settings.getInterfaces(): try: connection = nm_get_connection_of_interface(interface) if connection and nm_set_zone_of_connection(name, connection): settings.removeInterface(interface) changed = True except Exception: pass if changed: conf = settings.getSettingsDict() # For the remaining try to update the ifcfg files for interface in settings.getInterfaces(): ifcfg_set_zone_of_interface(name, interface) try: if name in config_names: conf_obj = self.config.getZoneByName(name) log.debug1("Copying zone '%s' settings" % name) conf_obj.update2(conf) else: log.debug1("Creating zone '%s'" % name) self.config.addZone2(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on zone '%s': %s" % \ (name, e)) error = True # policies config_names = self.config.getPolicyNames() for name in self.fw.policy.get_policies_not_derived_from_zone(): conf = self.getPolicySettings(name) try: if name in config_names: conf_obj = self.config.getPolicyByName(name) conf_obj.update(conf) else: log.debug1("Creating policy '%s'" % name) self.config.addPolicy(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on policy '%s': %s" % \ (name, e)) error = True # helpers config_names = self.config.getHelperNames() for name in self.fw.helper.get_helpers(): conf = self.getHelperSettings(name) try: if name in config_names: conf_obj = self.config.getHelperByName(name) if conf_obj.getSettings() != conf: log.debug1("Copying helper '%s' settings" % name) conf_obj.update(conf) else: log.debug1("Helper '%s' is identical, ignoring." % name) else: log.debug1("Creating helper '%s'" % name) self.config.addHelper(name, conf) except Exception as e: log.warning( "Runtime To Permanent failed on helper '%s': %s" % \ (name, e)) error = True # direct # rt_config = self.fw.direct.get_config() conf = ( self.fw.direct.get_all_chains(), self.fw.direct.get_all_rules(), self.fw.direct.get_all_passthroughs() ) try: if self.config.getSettings() != conf: log.debug1("Copying direct configuration") self.config.update(conf) else: log.debug1("Direct configuration is identical, ignoring.") except Exception as e: log.warning( "Runtime To Permanent failed on direct configuration: %s" % e) error = True # policies conf = self.fw.policies.lockdown_whitelist.export_config() try: if self.config.getSettings() != conf: log.debug1("Copying policies configuration") self.config.setLockdownWhitelist(conf) else: log.debug1("Policies configuration is identical, ignoring.") except Exception as e: log.warning( "Runtime To Permanent failed on policies configuration: %s" % \ e) error = True if error: raise FirewallError(errors.RT_TO_PERM_FAILED) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # POLICIES # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # lockdown @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='') @dbus_handle_exceptions def enableLockdown(self, sender=None): """Enable lockdown policies """ log.debug1("policies.enableLockdown()") self.accessCheck(sender) self.fw.policies.enable_lockdown() self.LockdownEnabled() @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='') @dbus_handle_exceptions def disableLockdown(self, sender=None): """Disable lockdown policies """ log.debug1("policies.disableLockdown()") self.accessCheck(sender) self.fw.policies.disable_lockdown() self.LockdownDisabled() @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='b') @dbus_handle_exceptions def queryLockdown(self, sender=None): # pylint: disable=W0613 """Retuns True if lockdown is enabled """ log.debug1("policies.queryLockdown()") # no access check here return self.fw.policies.query_lockdown() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='') @dbus_handle_exceptions def LockdownEnabled(self): log.debug1("LockdownEnabled()") @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='') @dbus_handle_exceptions def LockdownDisabled(self): log.debug1("LockdownDisabled()") # lockdown whitelist # command @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def addLockdownWhitelistCommand(self, command, sender=None): """Add lockdown command """ command = dbus_to_python(command, str) log.debug1("policies.addLockdownWhitelistCommand('%s')" % command) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.add_command(command) self.LockdownWhitelistCommandAdded(command) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def removeLockdownWhitelistCommand(self, command, sender=None): """Remove lockdown command """ command = dbus_to_python(command, str) log.debug1("policies.removeLockdownWhitelistCommand('%s')" % command) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.remove_command(command) self.LockdownWhitelistCommandRemoved(command) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistCommand(self, command, sender=None): # pylint: disable=W0613 """Query lockdown command """ command = dbus_to_python(command, str) log.debug1("policies.queryLockdownWhitelistCommand('%s')" % command) # no access check here return self.fw.policies.lockdown_whitelist.has_command(command) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistCommands(self, sender=None): # pylint: disable=W0613 """Add lockdown command """ log.debug1("policies.getLockdownWhitelistCommands()") # no access check here return self.fw.policies.lockdown_whitelist.get_commands() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistCommandAdded(self, command): log.debug1("LockdownWhitelistCommandAdded('%s')" % command) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistCommandRemoved(self, command): log.debug1("LockdownWhitelistCommandRemoved('%s')" % command) # uid @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='i', out_signature='') @dbus_handle_exceptions def addLockdownWhitelistUid(self, uid, sender=None): """Add lockdown uid """ uid = dbus_to_python(uid, int) log.debug1("policies.addLockdownWhitelistUid('%s')" % uid) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.add_uid(uid) self.LockdownWhitelistUidAdded(uid) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='i', out_signature='') @dbus_handle_exceptions def removeLockdownWhitelistUid(self, uid, sender=None): """Remove lockdown uid """ uid = dbus_to_python(uid, int) log.debug1("policies.removeLockdownWhitelistUid('%s')" % uid) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.remove_uid(uid) self.LockdownWhitelistUidRemoved(uid) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='i', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistUid(self, uid, sender=None): # pylint: disable=W0613 """Query lockdown uid """ uid = dbus_to_python(uid, int) log.debug1("policies.queryLockdownWhitelistUid('%s')" % uid) # no access check here return self.fw.policies.lockdown_whitelist.has_uid(uid) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='ai') @dbus_handle_exceptions def getLockdownWhitelistUids(self, sender=None): # pylint: disable=W0613 """Add lockdown uid """ log.debug1("policies.getLockdownWhitelistUids()") # no access check here return self.fw.policies.lockdown_whitelist.get_uids() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='i') @dbus_handle_exceptions def LockdownWhitelistUidAdded(self, uid): log.debug1("LockdownWhitelistUidAdded(%d)" % uid) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='i') @dbus_handle_exceptions def LockdownWhitelistUidRemoved(self, uid): log.debug1("LockdownWhitelistUidRemoved(%d)" % uid) # user @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def addLockdownWhitelistUser(self, user, sender=None): """Add lockdown user """ user = dbus_to_python(user, str) log.debug1("policies.addLockdownWhitelistUser('%s')" % user) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.add_user(user) self.LockdownWhitelistUserAdded(user) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def removeLockdownWhitelistUser(self, user, sender=None): """Remove lockdown user """ user = dbus_to_python(user, str) log.debug1("policies.removeLockdownWhitelistUser('%s')" % user) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.remove_user(user) self.LockdownWhitelistUserRemoved(user) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistUser(self, user, sender=None): # pylint: disable=W0613 """Query lockdown user """ user = dbus_to_python(user, str) log.debug1("policies.queryLockdownWhitelistUser('%s')" % user) # no access check here return self.fw.policies.lockdown_whitelist.has_user(user) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistUsers(self, sender=None): # pylint: disable=W0613 """Add lockdown user """ log.debug1("policies.getLockdownWhitelistUsers()") # no access check here return self.fw.policies.lockdown_whitelist.get_users() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistUserAdded(self, user): log.debug1("LockdownWhitelistUserAdded('%s')" % user) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistUserRemoved(self, user): log.debug1("LockdownWhitelistUserRemoved('%s')" % user) # context @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def addLockdownWhitelistContext(self, context, sender=None): """Add lockdown context """ context = dbus_to_python(context, str) log.debug1("policies.addLockdownWhitelistContext('%s')" % context) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.add_context(context) self.LockdownWhitelistContextAdded(context) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='') @dbus_handle_exceptions def removeLockdownWhitelistContext(self, context, sender=None): """Remove lockdown context """ context = dbus_to_python(context, str) log.debug1("policies.removeLockdownWhitelistContext('%s')" % context) self.accessCheck(sender) self.fw.policies.lockdown_whitelist.remove_context(context) self.LockdownWhitelistContextRemoved(context) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryLockdownWhitelistContext(self, context, sender=None): # pylint: disable=W0613 """Query lockdown context """ context = dbus_to_python(context, str) log.debug1("policies.queryLockdownWhitelistContext('%s')" % context) # no access check here return self.fw.policies.lockdown_whitelist.has_context(context) @dbus_polkit_require_auth(config.dbus.PK_ACTION_POLICIES_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICIES, in_signature='', out_signature='as') @dbus_handle_exceptions def getLockdownWhitelistContexts(self, sender=None): # pylint: disable=W0613 """Add lockdown context """ log.debug1("policies.getLockdownWhitelistContexts()") # no access check here return self.fw.policies.lockdown_whitelist.get_contexts() @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistContextAdded(self, context): log.debug1("LockdownWhitelistContextAdded('%s')" % context) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICIES, signature='s') @dbus_handle_exceptions def LockdownWhitelistContextRemoved(self, context): log.debug1("LockdownWhitelistContextRemoved('%s')" % context) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # PANIC @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def enablePanicMode(self, sender=None): """Enable panic mode. All ingoing and outgoing connections and packets will be blocked. """ log.debug1("enablePanicMode()") self.accessCheck(sender) self.fw.enable_panic_mode() self.PanicModeEnabled() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def disablePanicMode(self, sender=None): """Disable panic mode. Enables normal mode: Allowed ingoing and outgoing connections will not be blocked anymore """ log.debug1("disablePanicMode()") self.accessCheck(sender) self.fw.disable_panic_mode() self.PanicModeDisabled() @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='b') @dbus_handle_exceptions def queryPanicMode(self, sender=None): # pylint: disable=W0613 # returns True if in panic mode log.debug1("queryPanicMode()") return self.fw.query_panic_mode() @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='') @dbus_handle_exceptions def PanicModeEnabled(self): log.debug1("PanicModeEnabled()") @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='') @dbus_handle_exceptions def PanicModeDisabled(self): log.debug1("PanicModeDisabled()") # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # list functions @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature="(sssbsasa(ss)asba(ssss)asasasasa(ss)b)") @dbus_handle_exceptions def getZoneSettings(self, zone, sender=None): # pylint: disable=W0613 # returns zone settings for zone zone = dbus_to_python(zone, str) log.debug1("getZoneSettings(%s)", zone) return self.fw.zone.get_config_with_settings(zone) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature="a{sv}") @dbus_handle_exceptions def getZoneSettings2(self, zone, sender=None): zone = dbus_to_python(zone, str) log.debug1("getZoneSettings2(%s)", zone) return self.fw.zone.get_config_with_settings_dict(zone) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sa{sv}') @dbus_handle_exceptions def setZoneSettings2(self, zone, settings, sender=None): zone = dbus_to_python(zone, str) log.debug1("setZoneSettings2(%s)", zone) self.accessCheck(sender) self.fw.zone.set_config_with_settings_dict(zone, dbus_to_python(settings), sender) self.ZoneUpdated(zone, settings) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sa{sv}') @dbus_handle_exceptions def ZoneUpdated(self, zone, settings): log.debug1("zone.ZoneUpdated('%s', '%s')" % (zone, settings)) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICY, in_signature='s', out_signature="a{sv}") @dbus_handle_exceptions def getPolicySettings(self, policy, sender=None): policy = dbus_to_python(policy, str) log.debug1("policy.getPolicySettings(%s)", policy) return self.fw.policy.get_config_with_settings_dict(policy) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICY, in_signature='sa{sv}') @dbus_handle_exceptions def setPolicySettings(self, policy, settings, sender=None): policy = dbus_to_python(policy, str) log.debug1("policy.setPolicySettings(%s)", policy) self.accessCheck(sender) self.fw.policy.set_config_with_settings_dict(policy, dbus_to_python(settings), sender) self.PolicyUpdated(policy, settings) @dbus.service.signal(config.dbus.DBUS_INTERFACE_POLICY, signature='sa{sv}') @dbus_handle_exceptions def PolicyUpdated(self, policy, settings): log.debug1("policy.PolicyUpdated('%s', '%s')" % (policy, settings)) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='as') @dbus_handle_exceptions def listServices(self, sender=None): # pylint: disable=W0613 # returns the list of services # TODO: should be renamed to getServices() # because is called by firewall-cmd --get-services log.debug1("listServices()") return self.fw.service.get_services() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='(sssa(ss)asa{ss}asa(ss))') @dbus_handle_exceptions def getServiceSettings(self, service, sender=None): # pylint: disable=W0613 # returns service settings for service service = dbus_to_python(service, str) log.debug1("getServiceSettings(%s)", service) obj = self.fw.service.get_service(service) conf_dict = obj.export_config_dict() conf_list = [] for i in range(8): # tuple based dbus API has 8 elements if obj.IMPORT_EXPORT_STRUCTURE[i][0] not in conf_dict: # old API needs the empty elements as well. Grab it from the # object otherwise we don't know the type. conf_list.append(copy.deepcopy(getattr(obj, obj.IMPORT_EXPORT_STRUCTURE[i][0]))) else: conf_list.append(conf_dict[obj.IMPORT_EXPORT_STRUCTURE[i][0]]) return tuple(conf_list) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='a{sv}') @dbus_handle_exceptions def getServiceSettings2(self, service, sender=None): # pylint: disable=W0613 service = dbus_to_python(service, str) log.debug1("getServiceSettings2(%s)", service) obj = self.fw.service.get_service(service) return obj.export_config_dict() @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='as') @dbus_handle_exceptions def listIcmpTypes(self, sender=None): # pylint: disable=W0613 # returns the list of services # TODO: should be renamed to getIcmptypes() # because is called by firewall-cmd --get-icmptypes log.debug1("listIcmpTypes()") return self.fw.icmptype.get_icmptypes() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature=IcmpType.DBUS_SIGNATURE) @dbus_handle_exceptions def getIcmpTypeSettings(self, icmptype, sender=None): # pylint: disable=W0613 # returns icmptype settings for icmptype icmptype = dbus_to_python(icmptype, str) log.debug1("getIcmpTypeSettings(%s)", icmptype) return self.fw.icmptype.get_icmptype(icmptype).export_config() # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # LOG DENIED @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='s') @dbus_handle_exceptions def getLogDenied(self, sender=None): # pylint: disable=W0613 # returns the log denied value log.debug1("getLogDenied()") return self.fw.get_log_denied() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='') @dbus_handle_exceptions def setLogDenied(self, value, sender=None): # set the log denied value value = dbus_to_python(value, str) log.debug1("setLogDenied('%s')" % value) self.accessCheck(sender) self.fw.set_log_denied(value) self.LogDeniedChanged(value) # must reload the firewall as well self.fw.reload() self.config.reload() self.Reloaded() @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='s') @dbus_handle_exceptions def LogDeniedChanged(self, value): log.debug1("LogDeniedChanged('%s')" % (value)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # AUTOMATIC HELPER ASSIGNMENT @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='s') @dbus_handle_exceptions def getAutomaticHelpers(self, sender=None): # pylint: disable=W0613 # returns the automatic helpers value log.debug1("getAutomaticHelpers()") # NOTE: This feature was removed and is now a noop. We retain the dbus # call to keep API. return "no" @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='') @dbus_handle_exceptions def setAutomaticHelpers(self, value, sender=None): # set the automatic helpers value value = dbus_to_python(value, str) log.debug1("setAutomaticHelpers('%s')" % value) self.accessCheck(sender) # NOTE: This feature was removed and is now a noop. We retain the dbus # call to keep API. @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='s') @dbus_handle_exceptions def AutomaticHelpersChanged(self, value): log.debug1("AutomaticHelpersChanged('%s')" % (value)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DEFAULT ZONE @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='s') @dbus_handle_exceptions def getDefaultZone(self, sender=None): # pylint: disable=W0613 # returns the system default zone log.debug1("getDefaultZone()") return self.fw.get_default_zone() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature='') @dbus_handle_exceptions def setDefaultZone(self, zone, sender=None): # set the system default zone zone = dbus_to_python(zone, str) log.debug1("setDefaultZone('%s')" % zone) self.accessCheck(sender) self.fw.set_default_zone(zone) self.DefaultZoneChanged(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE, signature='s') @dbus_handle_exceptions def DefaultZoneChanged(self, zone): log.debug1("DefaultZoneChanged('%s')" % (zone)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # POLICY INTERFACE # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # POLICIES @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICY, in_signature='', out_signature='as') @dbus_handle_exceptions def getPolicies(self, sender=None): log.debug1("policy.getPolicies()") return self.fw.policy.get_policies_not_derived_from_zone() @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_POLICY, in_signature='', out_signature='a{sa{sas}}') @dbus_handle_exceptions def getActivePolicies(self, sender=None): log.debug1("policy.getActivePolicies()") policies = { } for policy in self.fw.policy.get_active_policies_not_derived_from_zone(): policies[policy] = { } policies[policy]["ingress_zones"] = self.fw.policy.list_ingress_zones(policy) policies[policy]["egress_zones"] = self.fw.policy.list_egress_zones(policy) return policies # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ZONE INTERFACE # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ZONES @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) # TODO: shouldn't this be in DBUS_INTERFACE instead of DBUS_INTERFACE_ZONE ? @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='', out_signature='as') @dbus_handle_exceptions def getZones(self, sender=None): # pylint: disable=W0613 # returns the list of zones log.debug1("zone.getZones()") return self.fw.zone.get_zones() @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='', out_signature='a{sa{sas}}') @dbus_handle_exceptions def getActiveZones(self, sender=None): # pylint: disable=W0613 # returns the list of active zones log.debug1("zone.getActiveZones()") zones = { } for zone in self.fw.zone.get_zones(): interfaces = self.fw.zone.list_interfaces(zone) sources = self.fw.zone.list_sources(zone) if len(interfaces) + len(sources) > 0: zones[zone] = { } if len(interfaces) > 0: zones[zone]["interfaces"] = interfaces if len(sources) > 0: zones[zone]["sources"] = sources return zones @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def getZoneOfInterface(self, interface, sender=None): # pylint: disable=W0613 """Return the zone an interface belongs to. :Parameters: `interface` : str Name of the interface :Returns: str. The name of the zone. """ interface = dbus_to_python(interface, str) log.debug1("zone.getZoneOfInterface('%s')" % interface) zone = self.fw.zone.get_zone_of_interface(interface) if zone: return zone return "" @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def getZoneOfSource(self, source, sender=None): # pylint: disable=W0613 #Return the zone an source belongs to. source = dbus_to_python(source, str) log.debug1("zone.getZoneOfSource('%s')" % source) zone = self.fw.zone.get_zone_of_source(source) if zone: return zone return "" @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def isImmutable(self, zone, sender=None): # pylint: disable=W0613 # no immutable zones anymore return False # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # INTERFACES @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def addInterface(self, zone, interface, sender=None): """Add an interface to a zone. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) log.debug1("zone.addInterface('%s', '%s')" % (zone, interface)) self.accessCheck(sender) _zone = self.fw.zone.add_interface(zone, interface, sender) self.InterfaceAdded(_zone, interface) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def changeZone(self, zone, interface, sender=None): """Change a zone an interface is part of. If zone is empty, use default zone. This function is deprecated, use changeZoneOfInterface instead """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) return self.changeZoneOfInterface(zone, interface, sender) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def changeZoneOfInterface(self, zone, interface, sender=None): """Change a zone an interface is part of. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) log.debug1("zone.changeZoneOfInterface('%s', '%s')" % (zone, interface)) self.accessCheck(sender) _zone = self.fw.zone.change_zone_of_interface(zone, interface, sender) self.ZoneOfInterfaceChanged(_zone, interface) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeInterface(self, zone, interface, sender=None): """Remove interface from a zone. If zone is empty, remove from zone the interface belongs to. """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) log.debug1("zone.removeInterface('%s', '%s')" % (zone, interface)) self.accessCheck(sender) _zone = self.fw.zone.remove_interface(zone, interface) self.InterfaceRemoved(_zone, interface) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryInterface(self, zone, interface, sender=None): # pylint: disable=W0613 """Return true if an interface is in a zone. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) interface = dbus_to_python(interface, str) log.debug1("zone.queryInterface('%s', '%s')" % (zone, interface)) return self.fw.zone.query_interface(zone, interface) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getInterfaces(self, zone, sender=None): # pylint: disable=W0613 """Return the list of interfaces of a zone. If zone is empty, use default zone. """ # TODO: should be renamed to listInterfaces() # because is called by firewall-cmd --zone --list-interfaces zone = dbus_to_python(zone, str) log.debug1("zone.getInterfaces('%s')" % (zone)) return self.fw.zone.list_interfaces(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def InterfaceAdded(self, zone, interface): log.debug1("zone.InterfaceAdded('%s', '%s')" % (zone, interface)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ZoneChanged(self, zone, interface): """ This signal is deprecated. """ log.debug1("zone.ZoneChanged('%s', '%s')" % (zone, interface)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ZoneOfInterfaceChanged(self, zone, interface): log.debug1("zone.ZoneOfInterfaceChanged('%s', '%s')" % (zone, interface)) self.ZoneChanged(zone, interface) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def InterfaceRemoved(self, zone, interface): log.debug1("zone.InterfaceRemoved('%s', '%s')" % (zone, interface)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # SOURCES @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def addSource(self, zone, source, sender=None): """Add a source to a zone. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) source = dbus_to_python(source, str) log.debug1("zone.addSource('%s', '%s')" % (zone, source)) self.accessCheck(sender) _zone = self.fw.zone.add_source(zone, source, sender) self.SourceAdded(_zone, source) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def changeZoneOfSource(self, zone, source, sender=None): """Change a zone an source is part of. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) source = dbus_to_python(source, str) log.debug1("zone.changeZoneOfSource('%s', '%s')" % (zone, source)) self.accessCheck(sender) _zone = self.fw.zone.change_zone_of_source(zone, source, sender) self.ZoneOfSourceChanged(_zone, source) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeSource(self, zone, source, sender=None): """Remove source from a zone. If zone is empty, remove from zone the source belongs to. """ zone = dbus_to_python(zone, str) source = dbus_to_python(source, str) log.debug1("zone.removeSource('%s', '%s')" % (zone, source)) self.accessCheck(sender) _zone = self.fw.zone.remove_source(zone, source) self.SourceRemoved(_zone, source) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def querySource(self, zone, source, sender=None): # pylint: disable=W0613 """Return true if an source is in a zone. If zone is empty, use default zone. """ zone = dbus_to_python(zone, str) source = dbus_to_python(source, str) log.debug1("zone.querySource('%s', '%s')" % (zone, source)) return self.fw.zone.query_source(zone, source) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getSources(self, zone, sender=None): # pylint: disable=W0613 """Return the list of sources of a zone. If zone is empty, use default zone. """ # TODO: should be renamed to listSources() # because is called by firewall-cmd --zone --list-sources zone = dbus_to_python(zone, str) log.debug1("zone.getSources('%s')" % (zone)) return self.fw.zone.list_sources(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def SourceAdded(self, zone, source): log.debug1("zone.SourceAdded('%s', '%s')" % (zone, source)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ZoneOfSourceChanged(self, zone, source): log.debug1("zone.ZoneOfSourceChanged('%s', '%s')" % (zone, source)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def SourceRemoved(self, zone, source): log.debug1("zone.SourceRemoved('%s', '%s')" % (zone, source)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # RICH RULES @dbus_handle_exceptions def disableTimedRichRule(self, zone, rule): log.debug1("zone.disableTimedRichRule('%s', '%s')" % (zone, rule)) del self._timeouts[zone][rule] obj = Rich_Rule(rule_str=rule) self.fw.zone.remove_rule(zone, obj) self.RichRuleRemoved(zone, rule) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ssi', out_signature='s') @dbus_handle_exceptions def addRichRule(self, zone, rule, timeout, sender=None): # pylint: disable=W0613 zone = dbus_to_python(zone, str) rule = dbus_to_python(rule, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addRichRule('%s', '%s')" % (zone, rule)) obj = Rich_Rule(rule_str=rule) _zone = self.fw.zone.add_rule(zone, obj, timeout) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedRichRule, _zone, rule) self.addTimeout(_zone, rule, tag) self.RichRuleAdded(_zone, rule, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeRichRule(self, zone, rule, sender=None): # pylint: disable=W0613 zone = dbus_to_python(zone, str) rule = dbus_to_python(rule, str) log.debug1("zone.removeRichRule('%s', '%s')" % (zone, rule)) obj = Rich_Rule(rule_str=rule) _zone = self.fw.zone.remove_rule(zone, obj) self.removeTimeout(_zone, rule) self.RichRuleRemoved(_zone, rule) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryRichRule(self, zone, rule, sender=None): # pylint: disable=W0613 zone = dbus_to_python(zone, str) rule = dbus_to_python(rule, str) log.debug1("zone.queryRichRule('%s', '%s')" % (zone, rule)) obj = Rich_Rule(rule_str=rule) return self.fw.zone.query_rule(zone, obj) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getRichRules(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled rich rules for zone # TODO: should be renamed to listRichRules() # because is called by firewall-cmd --zone --list-rich-rules zone = dbus_to_python(zone, str) log.debug1("zone.getRichRules('%s')" % (zone)) return self.fw.zone.list_rules(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ssi') @dbus_handle_exceptions def RichRuleAdded(self, zone, rule, timeout): log.debug1("zone.RichRuleAdded('%s', '%s', %d)" % (zone, rule, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def RichRuleRemoved(self, zone, rule): log.debug1("zone.RichRuleRemoved('%s', '%s')" % (zone, rule)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # SERVICES @dbus_handle_exceptions def disableTimedService(self, zone, service): log.debug1("zone.disableTimedService('%s', '%s')" % (zone, service)) del self._timeouts[zone][service] self.fw.zone.remove_service(zone, service) self.ServiceRemoved(zone, service) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ssi', out_signature='s') @dbus_handle_exceptions def addService(self, zone, service, timeout, sender=None): # enables service if not enabled already for zone zone = dbus_to_python(zone, str) service = dbus_to_python(service, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addService('%s', '%s', %d)" % (zone, service, timeout)) self.accessCheck(sender) _zone = self.fw.zone.add_service(zone, service, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedService, _zone, service) self.addTimeout(_zone, service, tag) self.ServiceAdded(_zone, service, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeService(self, zone, service, sender=None): # disables service for zone zone = dbus_to_python(zone, str) service = dbus_to_python(service, str) log.debug1("zone.removeService('%s', '%s')" % (zone, service)) self.accessCheck(sender) _zone = self.fw.zone.remove_service(zone, service) self.removeTimeout(_zone, service) self.ServiceRemoved(_zone, service) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryService(self, zone, service, sender=None): # pylint: disable=W0613 # returns true if a service is enabled for zone zone = dbus_to_python(zone, str) service = dbus_to_python(service, str) log.debug1("zone.queryService('%s', '%s')" % (zone, service)) return self.fw.zone.query_service(zone, service) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getServices(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled services for zone # TODO: should be renamed to listServices() # because is called by firewall-cmd --zone --list-services zone = dbus_to_python(zone, str) log.debug1("zone.getServices('%s')" % (zone)) return self.fw.zone.list_services(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ssi') @dbus_handle_exceptions def ServiceAdded(self, zone, service, timeout): log.debug1("zone.ServiceAdded('%s', '%s', %d)" % \ (zone, service, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ServiceRemoved(self, zone, service): log.debug1("zone.ServiceRemoved('%s', '%s')" % (zone, service)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # PORTS @dbus_handle_exceptions def disableTimedPort(self, zone, port, protocol): log.debug1("zone.disableTimedPort('%s', '%s', '%s')" % \ (zone, port, protocol)) del self._timeouts[zone][(port, protocol)] self.fw.zone.remove_port(zone, port, protocol) self.PortRemoved(zone, port, protocol) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssi', out_signature='s') @dbus_handle_exceptions def addPort(self, zone, port, protocol, timeout, sender=None): # pylint: disable=R0913 # adds port if not enabled already to zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addPort('%s', '%s', '%s')" % \ (zone, port, protocol)) self.accessCheck(sender) _zone = self.fw.zone.add_port(zone, port, protocol, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedPort, _zone, port, protocol) self.addTimeout(_zone, (port, protocol), tag) self.PortAdded(_zone, port, protocol, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sss', out_signature='s') @dbus_handle_exceptions def removePort(self, zone, port, protocol, sender=None): # pylint: disable=R0913 # removes port if enabled from zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.removePort('%s', '%s', '%s')" % \ (zone, port, protocol)) self.accessCheck(sender) _zone= self.fw.zone.remove_port(zone, port, protocol) self.removeTimeout(_zone, (port, protocol)) self.PortRemoved(_zone, port, protocol) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sss', out_signature='b') @dbus_handle_exceptions def queryPort(self, zone, port, protocol, sender=None): # pylint: disable=W0613, R0913 # returns true if a port is enabled for zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.queryPort('%s', '%s', '%s')" % (zone, port, protocol)) return self.fw.zone.query_port(zone, port, protocol) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getPorts(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled ports # TODO: should be renamed to listPorts() # because is called by firewall-cmd --zone --list-ports zone = dbus_to_python(zone, str) log.debug1("zone.getPorts('%s')" % (zone)) return self.fw.zone.list_ports(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sssi') @dbus_handle_exceptions def PortAdded(self, zone, port, protocol, timeout=0): log.debug1("zone.PortAdded('%s', '%s', '%s', %d)" % \ (zone, port, protocol, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sss') @dbus_handle_exceptions def PortRemoved(self, zone, port, protocol): log.debug1("zone.PortRemoved('%s', '%s', '%s')" % \ (zone, port, protocol)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # PROTOCOLS @dbus_handle_exceptions def disableTimedProtocol(self, zone, protocol): log.debug1("zone.disableTimedProtocol('%s', '%s')" % (zone, protocol)) del self._timeouts[zone][(protocol)] self.fw.zone.remove_protocol(zone, protocol) self.ProtocolRemoved(zone, protocol) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ssi', out_signature='s') @dbus_handle_exceptions def addProtocol(self, zone, protocol, timeout, sender=None): # adds protocol if not enabled already to zone zone = dbus_to_python(zone, str) protocol = dbus_to_python(protocol, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.enableProtocol('%s', '%s')" % (zone, protocol)) self.accessCheck(sender) _zone = self.fw.zone.add_protocol(zone, protocol, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedProtocol, _zone, protocol) self.addTimeout(_zone, protocol, tag) self.ProtocolAdded(_zone, protocol, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeProtocol(self, zone, protocol, sender=None): # removes protocol if enabled from zone zone = dbus_to_python(zone, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.removeProtocol('%s', '%s')" % (zone, protocol)) self.accessCheck(sender) _zone= self.fw.zone.remove_protocol(zone, protocol) self.removeTimeout(_zone, protocol) self.ProtocolRemoved(_zone, protocol) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryProtocol(self, zone, protocol, sender=None): # pylint: disable=W0613 # returns true if a protocol is enabled for zone zone = dbus_to_python(zone, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.queryProtocol('%s', '%s')" % (zone, protocol)) return self.fw.zone.query_protocol(zone, protocol) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getProtocols(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled protocols # TODO: should be renamed to listProtocols() # because is called by firewall-cmd --zone --list-protocols zone = dbus_to_python(zone, str) log.debug1("zone.getProtocols('%s')" % (zone)) return self.fw.zone.list_protocols(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ssi') @dbus_handle_exceptions def ProtocolAdded(self, zone, protocol, timeout=0): log.debug1("zone.ProtocolAdded('%s', '%s', %d)" % \ (zone, protocol, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def ProtocolRemoved(self, zone, protocol): log.debug1("zone.ProtocolRemoved('%s', '%s')" % (zone, protocol)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # SOURCE PORTS @dbus_handle_exceptions def disableTimedSourcePort(self, zone, port, protocol): log.debug1("zone.disableTimedSourcePort('%s', '%s', '%s')" % \ (zone, port, protocol)) del self._timeouts[zone][("sport", port, protocol)] self.fw.zone.remove_source_port(zone, port, protocol) self.SourcePortRemoved(zone, port, protocol) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssi', out_signature='s') @dbus_handle_exceptions def addSourcePort(self, zone, port, protocol, timeout, sender=None): # pylint: disable=R0913 # adds source port if not enabled already to zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addSourcePort('%s', '%s', '%s')" % (zone, port, protocol)) self.accessCheck(sender) _zone = self.fw.zone.add_source_port(zone, port, protocol, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedSourcePort, _zone, port, protocol) self.addTimeout(_zone, ("sport", port, protocol), tag) self.SourcePortAdded(_zone, port, protocol, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sss', out_signature='s') @dbus_handle_exceptions def removeSourcePort(self, zone, port, protocol, sender=None): # pylint: disable=R0913 # removes source port if enabled from zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.removeSourcePort('%s', '%s', '%s')" % (zone, port, protocol)) self.accessCheck(sender) _zone= self.fw.zone.remove_source_port(zone, port, protocol) self.removeTimeout(_zone, ("sport", port, protocol)) self.SourcePortRemoved(_zone, port, protocol) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sss', out_signature='b') @dbus_handle_exceptions def querySourcePort(self, zone, port, protocol, sender=None): # pylint: disable=W0613, R0913 # returns true if a source port is enabled for zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) log.debug1("zone.querySourcePort('%s', '%s', '%s')" % (zone, port, protocol)) return self.fw.zone.query_source_port(zone, port, protocol) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getSourcePorts(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled source ports # TODO: should be renamed to listSourcePorts() # because is called by firewall-cmd --zone --list-source-ports zone = dbus_to_python(zone, str) log.debug1("zone.getSourcePorts('%s')" % (zone)) return self.fw.zone.list_source_ports(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sssi') @dbus_handle_exceptions def SourcePortAdded(self, zone, port, protocol, timeout=0): log.debug1("zone.SourcePortAdded('%s', '%s', '%s', %d)" % \ (zone, port, protocol, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sss') @dbus_handle_exceptions def SourcePortRemoved(self, zone, port, protocol): log.debug1("zone.SourcePortRemoved('%s', '%s', '%s')" % (zone, port, protocol)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # MASQUERADE @dbus_handle_exceptions def disableTimedMasquerade(self, zone): del self._timeouts[zone]["masquerade"] self.fw.zone.remove_masquerade(zone) self.MasqueradeRemoved(zone) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='si', out_signature='s') @dbus_handle_exceptions def addMasquerade(self, zone, timeout, sender=None): # adds masquerade if not added already zone = dbus_to_python(zone, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addMasquerade('%s')" % (zone)) self.accessCheck(sender) _zone = self.fw.zone.add_masquerade(zone, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedMasquerade, _zone) self.addTimeout(_zone, "masquerade", tag) self.MasqueradeAdded(_zone, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def removeMasquerade(self, zone, sender=None): # removes masquerade zone = dbus_to_python(zone, str) log.debug1("zone.removeMasquerade('%s')" % (zone)) self.accessCheck(sender) _zone = self.fw.zone.remove_masquerade(zone) self.removeTimeout(_zone, "masquerade") self.MasqueradeRemoved(_zone) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryMasquerade(self, zone, sender=None): # pylint: disable=W0613 # returns true if a masquerade is added zone = dbus_to_python(zone, str) log.debug1("zone.queryMasquerade('%s')" % (zone)) return self.fw.zone.query_masquerade(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='si') @dbus_handle_exceptions def MasqueradeAdded(self, zone, timeout=0): log.debug1("zone.MasqueradeAdded('%s', %d)" % (zone, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='s') @dbus_handle_exceptions def MasqueradeRemoved(self, zone): log.debug1("zone.MasqueradeRemoved('%s')" % (zone)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # FORWARD PORT @dbus_handle_exceptions def disable_forward_port(self, zone, port, protocol, toport, toaddr): # pylint: disable=R0913 del self._timeouts[zone][(port, protocol, toport, toaddr)] self.fw.zone.remove_forward_port(zone, port, protocol, toport, toaddr) self.ForwardPortRemoved(zone, port, protocol, toport, toaddr) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssssi', out_signature='s') @dbus_handle_exceptions def addForwardPort(self, zone, port, protocol, toport, toaddr, timeout, sender=None): # pylint: disable=R0913 # add forward port if not enabled already for zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.addForwardPort('%s', '%s', '%s', '%s', '%s')" % \ (zone, port, protocol, toport, toaddr)) self.accessCheck(sender) _zone = self.fw.zone.add_forward_port(zone, port, protocol, toport, toaddr, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disable_forward_port, _zone, port, protocol, toport, toaddr) self.addTimeout(_zone, (port, protocol, toport, toaddr), tag) self.ForwardPortAdded(_zone, port, protocol, toport, toaddr, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssss', out_signature='s') @dbus_handle_exceptions def removeForwardPort(self, zone, port, protocol, toport, toaddr, sender=None): # pylint: disable=R0913 # remove forward port from zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("zone.removeForwardPort('%s', '%s', '%s', '%s', '%s')" % \ (zone, port, protocol, toport, toaddr)) self.accessCheck(sender) _zone = self.fw.zone.remove_forward_port(zone, port, protocol, toport, toaddr) self.removeTimeout(_zone, (port, protocol, toport, toaddr)) self.ForwardPortRemoved(_zone, port, protocol, toport, toaddr) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='sssss', out_signature='b') @dbus_handle_exceptions def queryForwardPort(self, zone, port, protocol, toport, toaddr, sender=None): # pylint: disable=W0613, R0913 # returns true if a forward port is enabled for zone zone = dbus_to_python(zone, str) port = dbus_to_python(port, str) protocol = dbus_to_python(protocol, str) toport = dbus_to_python(toport, str) toaddr = dbus_to_python(toaddr, str) log.debug1("zone.queryForwardPort('%s', '%s', '%s', '%s', '%s')" % \ (zone, port, protocol, toport, toaddr)) return self.fw.zone.query_forward_port(zone, port, protocol, toport, toaddr) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getForwardPorts(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled ports for zone # TODO: should be renamed to listForwardPorts() # because is called by firewall-cmd --zone --list-forward-ports zone = dbus_to_python(zone, str) log.debug1("zone.getForwardPorts('%s')" % (zone)) return self.fw.zone.list_forward_ports(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sssssi') @dbus_handle_exceptions def ForwardPortAdded(self, zone, port, protocol, toport, toaddr, timeout=0): # pylint: disable=R0913 log.debug1("zone.ForwardPortAdded('%s', '%s', '%s', '%s', '%s', %d)" % \ (zone, port, protocol, toport, toaddr, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='sssss') @dbus_handle_exceptions def ForwardPortRemoved(self, zone, port, protocol, toport, toaddr): # pylint: disable=R0913 log.debug1("zone.ForwardPortRemoved('%s', '%s', '%s', '%s', '%s')" % \ (zone, port, protocol, toport, toaddr)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ICMP BLOCK @dbus_handle_exceptions def disableTimedIcmpBlock(self, zone, icmp, sender): # pylint: disable=W0613 log.debug1("zone.disableTimedIcmpBlock('%s', '%s')" % (zone, icmp)) del self._timeouts[zone][icmp] self.fw.zone.remove_icmp_block(zone, icmp) self.IcmpBlockRemoved(zone, icmp) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ssi', out_signature='s') @dbus_handle_exceptions def addIcmpBlock(self, zone, icmp, timeout, sender=None): # add icmpblock if not enabled already for zone zone = dbus_to_python(zone, str) icmp = dbus_to_python(icmp, str) timeout = dbus_to_python(timeout, int) log.debug1("zone.enableIcmpBlock('%s', '%s')" % (zone, icmp)) self.accessCheck(sender) _zone = self.fw.zone.add_icmp_block(zone, icmp, timeout, sender) if timeout > 0: tag = GLib.timeout_add_seconds(timeout, self.disableTimedIcmpBlock, _zone, icmp, sender) self.addTimeout(_zone, icmp, tag) self.IcmpBlockAdded(_zone, icmp, timeout) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='s') @dbus_handle_exceptions def removeIcmpBlock(self, zone, icmp, sender=None): # removes icmpBlock from zone zone = dbus_to_python(zone, str) icmp = dbus_to_python(icmp, str) log.debug1("zone.removeIcmpBlock('%s', '%s')" % (zone, icmp)) self.accessCheck(sender) _zone = self.fw.zone.remove_icmp_block(zone, icmp) self.removeTimeout(_zone, icmp) self.IcmpBlockRemoved(_zone, icmp) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryIcmpBlock(self, zone, icmp, sender=None): # pylint: disable=W0613 # returns true if a icmp is enabled for zone zone = dbus_to_python(zone, str) icmp = dbus_to_python(icmp, str) log.debug1("zone.queryIcmpBlock('%s', '%s')" % (zone, icmp)) return self.fw.zone.query_icmp_block(zone, icmp) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='as') @dbus_handle_exceptions def getIcmpBlocks(self, zone, sender=None): # pylint: disable=W0613 # returns the list of enabled icmpblocks # TODO: should be renamed to listIcmpBlocks() # because is called by firewall-cmd --zone --list-icmp-blocks zone = dbus_to_python(zone, str) log.debug1("zone.getIcmpBlocks('%s')" % (zone)) return self.fw.zone.list_icmp_blocks(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ssi') @dbus_handle_exceptions def IcmpBlockAdded(self, zone, icmp, timeout=0): log.debug1("zone.IcmpBlockAdded('%s', '%s', %d)" % \ (zone, icmp, timeout)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='ss') @dbus_handle_exceptions def IcmpBlockRemoved(self, zone, icmp): log.debug1("zone.IcmpBlockRemoved('%s', '%s')" % (zone, icmp)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ICMP BLOCK INVERSION @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def addIcmpBlockInversion(self, zone, sender=None): # adds icmpBlockInversion if not added already zone = dbus_to_python(zone, str) log.debug1("zone.addIcmpBlockInversion('%s')" % (zone)) self.accessCheck(sender) _zone = self.fw.zone.add_icmp_block_inversion(zone, sender) self.IcmpBlockInversionAdded(_zone) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='s') @dbus_handle_exceptions def removeIcmpBlockInversion(self, zone, sender=None): # removes icmpBlockInversion zone = dbus_to_python(zone, str) log.debug1("zone.removeIcmpBlockInversion('%s')" % (zone)) self.accessCheck(sender) _zone = self.fw.zone.remove_icmp_block_inversion(zone) self.IcmpBlockInversionRemoved(_zone) return _zone @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_ZONE, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryIcmpBlockInversion(self, zone, sender=None): # pylint: disable=W0613 # returns true if a icmpBlockInversion is added zone = dbus_to_python(zone, str) log.debug1("zone.queryIcmpBlockInversion('%s')" % (zone)) return self.fw.zone.query_icmp_block_inversion(zone) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='s') @dbus_handle_exceptions def IcmpBlockInversionAdded(self, zone): log.debug1("zone.IcmpBlockInversionAdded('%s')" % (zone)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_ZONE, signature='s') @dbus_handle_exceptions def IcmpBlockInversionRemoved(self, zone): log.debug1("zone.IcmpBlockInversionRemoved('%s')" % (zone)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT INTERFACE # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT CHAIN @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='') @dbus_handle_exceptions def addChain(self, ipv, table, chain, sender=None): # inserts direct chain ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.addChain('%s', '%s', '%s')" % (ipv, table, chain)) self.accessCheck(sender) self.fw.direct.add_chain(ipv, table, chain) self.ChainAdded(ipv, table, chain) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='') @dbus_handle_exceptions def removeChain(self, ipv, table, chain, sender=None): # removes direct chain ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.removeChain('%s', '%s', '%s')" % (ipv, table, chain)) self.accessCheck(sender) self.fw.direct.remove_chain(ipv, table, chain) self.ChainRemoved(ipv, table, chain) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='b') @dbus_handle_exceptions def queryChain(self, ipv, table, chain, sender=None): # pylint: disable=W0613 # returns true if a chain is enabled ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.queryChain('%s', '%s', '%s')" % (ipv, table, chain)) return self.fw.direct.query_chain(ipv, table, chain) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='ss', out_signature='as') @dbus_handle_exceptions def getChains(self, ipv, table, sender=None): # pylint: disable=W0613 # returns list of added chains ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) log.debug1("direct.getChains('%s', '%s')" % (ipv, table)) return self.fw.direct.get_chains(ipv, table) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='', out_signature='a(sss)') @dbus_handle_exceptions def getAllChains(self, sender=None): # pylint: disable=W0613 # returns list of added chains log.debug1("direct.getAllChains()") return self.fw.direct.get_all_chains() @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sss') @dbus_handle_exceptions def ChainAdded(self, ipv, table, chain): log.debug1("direct.ChainAdded('%s', '%s', '%s')" % (ipv, table, chain)) @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sss') @dbus_handle_exceptions def ChainRemoved(self, ipv, table, chain): log.debug1("direct.ChainRemoved('%s', '%s', '%s')" % (ipv, table, chain)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT RULE @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sssias', out_signature='') @dbus_handle_exceptions def addRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=R0913 # inserts direct rule ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) priority = dbus_to_python(priority, int) args = tuple( dbus_to_python(i, str) for i in args ) log.debug1("direct.addRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) self.accessCheck(sender) self.fw.direct.add_rule(ipv, table, chain, priority, args) self.RuleAdded(ipv, table, chain, priority, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sssias', out_signature='') @dbus_handle_exceptions def removeRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=R0913 # removes direct rule ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) priority = dbus_to_python(priority, int) args = tuple( dbus_to_python(i, str) for i in args ) log.debug1("direct.removeRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) self.accessCheck(sender) self.fw.direct.remove_rule(ipv, table, chain, priority, args) self.RuleRemoved(ipv, table, chain, priority, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='') @dbus_handle_exceptions def removeRules(self, ipv, table, chain, sender=None): # removes direct rule ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.removeRules('%s', '%s', '%s')" % (ipv, table, chain)) self.accessCheck(sender) for (priority, args) in self.fw.direct.get_rules(ipv, table, chain): self.fw.direct.remove_rule(ipv, table, chain, priority, args) self.RuleRemoved(ipv, table, chain, priority, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sssias', out_signature='b') @dbus_handle_exceptions def queryRule(self, ipv, table, chain, priority, args, sender=None): # pylint: disable=W0613, R0913 # returns true if a rule is enabled ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) priority = dbus_to_python(priority, int) args = tuple( dbus_to_python(i, str) for i in args ) log.debug1("direct.queryRule('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) return self.fw.direct.query_rule(ipv, table, chain, priority, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sss', out_signature='a(ias)') @dbus_handle_exceptions def getRules(self, ipv, table, chain, sender=None): # pylint: disable=W0613 # returns list of added rules ipv = dbus_to_python(ipv, str) table = dbus_to_python(table, str) chain = dbus_to_python(chain, str) log.debug1("direct.getRules('%s', '%s', '%s')" % (ipv, table, chain)) return self.fw.direct.get_rules(ipv, table, chain) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='', out_signature='a(sssias)') @dbus_handle_exceptions def getAllRules(self, sender=None): # pylint: disable=W0613 # returns list of added rules log.debug1("direct.getAllRules()") return self.fw.direct.get_all_rules() @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sssias') @dbus_handle_exceptions def RuleAdded(self, ipv, table, chain, priority, args): # pylint: disable=R0913 log.debug1("direct.RuleAdded('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sssias') @dbus_handle_exceptions def RuleRemoved(self, ipv, table, chain, priority, args): # pylint: disable=R0913 log.debug1("direct.RuleRemoved('%s', '%s', '%s', %d, '%s')" % \ (ipv, table, chain, priority, "','".join(args))) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # DIRECT PASSTHROUGH (untracked) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas', out_signature='s') @dbus_handle_exceptions def passthrough(self, ipv, args, sender=None): # inserts direct rule ipv = dbus_to_python(ipv, str) args = tuple( dbus_to_python(i, str) for i in args ) log.debug1("direct.passthrough('%s', '%s')" % (ipv, "','".join(args))) self.accessCheck(sender) try: return self.fw.direct.passthrough(ipv, args) except FirewallError as error: if ipv in ["ipv4", "ipv6"]: query_args = set(["-C", "--check", "-L", "--list"]) else: query_args = set(["-L", "--list"]) msg = str(error) if error.code == errors.COMMAND_FAILED: if len(set(args) & query_args) <= 0: log.warning(msg) raise FirewallDBusException(msg) raise # DIRECT PASSTHROUGH (tracked) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas', out_signature='') @dbus_handle_exceptions def addPassthrough(self, ipv, args, sender=None): # inserts direct passthrough ipv = dbus_to_python(ipv) args = tuple( dbus_to_python(i) for i in args ) log.debug1("direct.addPassthrough('%s', '%s')" % \ (ipv, "','".join(args))) self.accessCheck(sender) self.fw.direct.add_passthrough(ipv, args) self.PassthroughAdded(ipv, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas', out_signature='') @dbus_handle_exceptions def removePassthrough(self, ipv, args, sender=None): # removes direct passthrough ipv = dbus_to_python(ipv) args = tuple( dbus_to_python(i) for i in args ) log.debug1("direct.removePassthrough('%s', '%s')" % \ (ipv, "','".join(args))) self.accessCheck(sender) self.fw.direct.remove_passthrough(ipv, args) self.PassthroughRemoved(ipv, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas', out_signature='b') @dbus_handle_exceptions def queryPassthrough(self, ipv, args, sender=None): # pylint: disable=W0613 # returns true if a passthrough is enabled ipv = dbus_to_python(ipv) args = tuple( dbus_to_python(i) for i in args ) log.debug1("direct.queryPassthrough('%s', '%s')" % \ (ipv, "','".join(args))) return self.fw.direct.query_passthrough(ipv, args) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='', out_signature='a(sas)') @dbus_handle_exceptions def getAllPassthroughs(self, sender=None): # pylint: disable=W0613 # returns list of all added passthroughs log.debug1("direct.getAllPassthroughs()") return self.fw.direct.get_all_passthroughs() @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='', out_signature='') @dbus_handle_exceptions def removeAllPassthroughs(self, sender=None): # pylint: disable=W0613 # remove all passhroughs log.debug1("direct.removeAllPassthroughs()") # remove in reverse order to avoid removing non-empty chains for passthrough in reversed(self.getAllPassthroughs()): self.removePassthrough(*passthrough) @dbus_polkit_require_auth(config.dbus.PK_ACTION_DIRECT_INFO) @dbus_service_method_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='s', out_signature='aas') @dbus_handle_exceptions def getPassthroughs(self, ipv, sender=None): # pylint: disable=W0613 # returns list of all added passthroughs with ipv ipv = dbus_to_python(ipv) log.debug1("direct.getPassthroughs('%s')", ipv) return self.fw.direct.get_passthroughs(ipv) @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sas') @dbus_handle_exceptions def PassthroughAdded(self, ipv, args): log.debug1("direct.PassthroughAdded('%s', '%s')" % \ (ipv, "','".join(args))) @dbus_service_signal_deprecated(config.dbus.DBUS_INTERFACE_DIRECT) @dbus.service.signal(config.dbus.DBUS_INTERFACE_DIRECT, signature='sas') @dbus_handle_exceptions def PassthroughRemoved(self, ipv, args): log.debug1("direct.PassthroughRemoved('%s', '%s')" % \ (ipv, "','".join(args))) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @dbus_polkit_require_auth(config.dbus.PK_ACTION_ALL) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='') @dbus_handle_exceptions def authorizeAll(self, sender=None): # pylint: disable=W0613 """ PK_ACTION_ALL implies all other actions, i.e. once a subject is authorized for PK_ACTION_ALL it's also authorized for any other action. Use-case is GUI (RHBZ#994729). """ pass # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # IPSETS # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='s', out_signature='b') @dbus_handle_exceptions def queryIPSet(self, ipset, sender=None): # pylint: disable=W0613 # returns true if a set with the name exists ipset = dbus_to_python(ipset) log.debug1("ipset.queryIPSet('%s')" % (ipset)) return self.fw.ipset.query_ipset(ipset) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='', out_signature='as') @dbus_handle_exceptions def getIPSets(self, sender=None): # pylint: disable=W0613 # returns list of added sets log.debug1("ipsets.getIPSets()") return self.fw.ipset.get_ipsets() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='s', out_signature=IPSet.DBUS_SIGNATURE) @dbus_handle_exceptions def getIPSetSettings(self, ipset, sender=None): # pylint: disable=W0613 # returns ipset settings for ipset ipset = dbus_to_python(ipset, str) log.debug1("getIPSetSettings(%s)", ipset) return self.fw.ipset.get_ipset(ipset).export_config() # set entries # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='ss', out_signature='') @dbus_handle_exceptions def addEntry(self, ipset, entry, sender=None): # adds ipset entry ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.addEntry('%s', '%s')" % (ipset, entry)) self.accessCheck(sender) self.fw.ipset.add_entry(ipset, entry) self.EntryAdded(ipset, entry) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='ss', out_signature='') @dbus_handle_exceptions def removeEntry(self, ipset, entry, sender=None): # removes ipset entry ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.removeEntry('%s', '%s')" % (ipset, entry)) self.accessCheck(sender) self.fw.ipset.remove_entry(ipset, entry) self.EntryRemoved(ipset, entry) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='ss', out_signature='b') @dbus_handle_exceptions def queryEntry(self, ipset, entry, sender=None): # pylint: disable=W0613 # returns true if the entry exists in the ipset ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.queryEntry('%s', '%s')" % (ipset, entry)) return self.fw.ipset.query_entry(ipset, entry) @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='s', out_signature='as') @dbus_handle_exceptions def getEntries(self, ipset, sender=None): # pylint: disable=W0613 # returns list of added entries for the ipset ipset = dbus_to_python(ipset) log.debug1("ipset.getEntries('%s')" % ipset) return self.fw.ipset.get_entries(ipset) @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG) @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='sas') @dbus_handle_exceptions def setEntries(self, ipset, entries, sender=None): # pylint: disable=W0613 # returns list of added entries for the ipset ipset = dbus_to_python(ipset) entries = dbus_to_python(entries, list) log.debug1("ipset.setEntries('%s', '[%s]')", ipset, ",".join(entries)) old_entries = self.fw.ipset.get_entries(ipset) self.fw.ipset.set_entries(ipset, entries) old_entries_set = set(old_entries) entries_set = set(entries) for entry in entries_set - old_entries_set: self.EntryAdded(ipset, entry) for entry in old_entries_set - entries_set: self.EntryRemoved(ipset, entry) @dbus.service.signal(config.dbus.DBUS_INTERFACE_IPSET, signature='ss') @dbus_handle_exceptions def EntryAdded(self, ipset, entry): ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.EntryAdded('%s', '%s')" % (ipset, entry)) @dbus.service.signal(config.dbus.DBUS_INTERFACE_IPSET, signature='ss') @dbus_handle_exceptions def EntryRemoved(self, ipset, entry): ipset = dbus_to_python(ipset) entry = dbus_to_python(entry) log.debug1("ipset.EntryRemoved('%s', '%s')" % (ipset, entry)) # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # HELPERS # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @dbus_polkit_require_auth(config.dbus.PK_ACTION_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='', out_signature='as') @dbus_handle_exceptions def getHelpers(self, sender=None): # pylint: disable=W0613 # returns list of added sets log.debug1("helpers.getHelpers()") return self.fw.helper.get_helpers() @dbus_polkit_require_auth(config.dbus.PK_ACTION_CONFIG_INFO) @dbus_service_method(config.dbus.DBUS_INTERFACE, in_signature='s', out_signature=Helper.DBUS_SIGNATURE) @dbus_handle_exceptions def getHelperSettings(self, helper, sender=None): # pylint: disable=W0613 # returns helper settings for helper helper = dbus_to_python(helper, str) log.debug1("getHelperSettings(%s)", helper) return self.fw.helper.get_helper(helper).export_config() firewalld-1.1.1/src/firewall/server/__init__.py0000644000000000000000000000000014217342322021462 0ustar00rootroot00000000000000firewalld-1.1.1/src/firewall/server/server.py0000644000000000000000000000713114217342322021245 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # signal handling and run_server derived from setroubleshoot # Copyright (C) 2006,2007,2008,2009 Red Hat, Inc. # Authors: # John Dennis # Thomas Liu # Dan Walsh __all__ = [ "run_server" ] import signal from gi.repository import GLib import dbus import dbus.service import dbus.mainloop.glib from firewall import config from firewall.core.logger import log from firewall.server.firewalld import FirewallD ############################################################################ # # signal handlers # ############################################################################ def sighup(service): service.reload() return True def sigterm(mainloop): mainloop.quit() ############################################################################ # # run_server function # ############################################################################ def run_server(debug_gc=False): """ Main function for firewall server. Handles D-Bus and GLib mainloop. """ service = None if debug_gc: from pprint import pformat import gc gc.enable() gc.set_debug(gc.DEBUG_LEAK) gc_timeout = 10 def gc_collect(): gc.collect() if len(gc.garbage) > 0: print("\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n") print("GARBAGE OBJECTS (%d):\n" % len(gc.garbage)) for x in gc.garbage: print(type(x), "\n ",) print(pformat(x)) print("\n<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<" "<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n") GLib.timeout_add_seconds(gc_timeout, gc_collect) try: dbus.mainloop.glib.DBusGMainLoop(set_as_default=True) bus = dbus.SystemBus() name = dbus.service.BusName(config.dbus.DBUS_INTERFACE, bus=bus) service = FirewallD(name, config.dbus.DBUS_PATH) mainloop = GLib.MainLoop() if debug_gc: GLib.timeout_add_seconds(gc_timeout, gc_collect) # use unix_signal_add if available, else unix_signal_add_full if hasattr(GLib, 'unix_signal_add'): unix_signal_add = GLib.unix_signal_add else: unix_signal_add = GLib.unix_signal_add_full unix_signal_add(GLib.PRIORITY_HIGH, signal.SIGHUP, sighup, service) unix_signal_add(GLib.PRIORITY_HIGH, signal.SIGTERM, sigterm, mainloop) mainloop.run() except KeyboardInterrupt: log.debug1("Stopping..") except SystemExit: log.error("Raising SystemExit in run_server") except Exception as e: log.error("Exception %s: %s", e.__class__.__name__, str(e)) if service: service.stop() firewalld-1.1.1/src/firewall/client.py0000644000000000000000000035462014217342322017717 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2009-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from gi.repository import GLib import dbus.mainloop.glib import functools from firewall import config from firewall.core.base import DEFAULT_ZONE_TARGET, DEFAULT_POLICY_TARGET, DEFAULT_POLICY_PRIORITY from firewall.dbus_utils import dbus_to_python from firewall.core.rich import Rich_Rule from firewall.core.ipset import normalize_ipset_entry, check_entry_overlaps_existing, \ check_for_overlapping_entries from firewall import errors from firewall.errors import FirewallError import dbus import traceback exception_handler = None not_authorized_loop = False def handle_exceptions(func): """Decorator to handle exceptions """ @functools.wraps(func) def _impl(*args, **kwargs): authorized = False while not authorized: try: return func(*args, **kwargs) except dbus.exceptions.DBusException as e: dbus_message = e.get_dbus_message() # returns unicode dbus_name = e.get_dbus_name() if not exception_handler: raise if "NotAuthorizedException" in dbus_name: exception_handler("NotAuthorizedException") elif "org.freedesktop.DBus.Error" in dbus_name: # dbus error, try again exception_handler(dbus_message) else: authorized = True if dbus_message: exception_handler(dbus_message) else: exception_handler(str(e)) except FirewallError as e: if not exception_handler: raise else: exception_handler(str(e)) except Exception: if not exception_handler: raise else: exception_handler(traceback.format_exc()) if not not_authorized_loop: break return _impl # zone config setings class FirewallClientZoneSettings(object): @handle_exceptions def __init__(self, settings = None): self.settings = ["", "", "", False, DEFAULT_ZONE_TARGET, [], [], [], False, [], [], [], [], [], [], False, False] self.settings_name = ["version", "short", "description", "UNUSED", "target", "services", "ports", "icmp_blocks", "masquerade", "forward_ports", "interfaces", "sources", "rules_str", "protocols", "source_ports", "icmp_block_inversion", "forward"] self.settings_dbus_type = ["s", "s", "s", "b", "s", "s", "(ss)", "s", "b", "(ssss)", "s", "s", "s", "s", "(ss)", "b", "b"] if settings: if isinstance(settings, list): for i,v in enumerate(settings): self.settings[i] = settings[i] if isinstance(settings, dict): self.setSettingsDict(settings) @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getSettingsDict(self): settings = {} for key,value in zip(self.settings_name, self.settings): if key == 'UNUSED': continue settings[key] = value return settings @handle_exceptions def setSettingsDict(self, settings): for key in settings: self.settings[self.settings_name.index(key)] = settings[key] @handle_exceptions def getSettingsDbusDict(self): settings = {} for key,value,sig in zip(self.settings_name, self.settings, self.settings_dbus_type): if key == 'UNUSED': continue if type(value) is list: settings[key] = dbus.Array(value, signature=sig) elif type(value) is dict: settings[key] = dbus.Dictionary(value, signature=sig) else: settings[key] = value return settings @handle_exceptions def getRuntimeSettingsDict(self): settings = self.getSettingsDict() # These are not configurable at runtime: del settings['version'] del settings['short'] del settings['description'] del settings['target'] return settings @handle_exceptions def getRuntimeSettingsDbusDict(self): settings = self.getSettingsDbusDict() # These are not configurable at runtime: del settings['version'] del settings['short'] del settings['description'] del settings['target'] return settings @handle_exceptions def getVersion(self): return self.settings[0] @handle_exceptions def setVersion(self, version): self.settings[0] = version @handle_exceptions def getShort(self): return self.settings[1] @handle_exceptions def setShort(self, short): self.settings[1] = short @handle_exceptions def getDescription(self): return self.settings[2] @handle_exceptions def setDescription(self, description): self.settings[2] = description # self.settings[3] was used for 'immutable' @handle_exceptions def getTarget(self): return self.settings[4] if self.settings[4] != DEFAULT_ZONE_TARGET else "default" @handle_exceptions def setTarget(self, target): self.settings[4] = target if target != "default" else DEFAULT_ZONE_TARGET @handle_exceptions def getServices(self): return self.settings[5] @handle_exceptions def setServices(self, services): self.settings[5] = services @handle_exceptions def addService(self, service): if service not in self.settings[5]: self.settings[5].append(service) else: raise FirewallError(errors.ALREADY_ENABLED, service) @handle_exceptions def removeService(self, service): if service in self.settings[5]: self.settings[5].remove(service) else: raise FirewallError(errors.NOT_ENABLED, service) @handle_exceptions def queryService(self, service): return service in self.settings[5] @handle_exceptions def getPorts(self): return self.settings[6] @handle_exceptions def setPorts(self, ports): self.settings[6] = ports @handle_exceptions def addPort(self, port, protocol): if (port,protocol) not in self.settings[6]: self.settings[6].append((port,protocol)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def removePort(self, port, protocol): if (port,protocol) in self.settings[6]: self.settings[6].remove((port,protocol)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def queryPort(self, port, protocol): return (port,protocol) in self.settings[6] @handle_exceptions def getProtocols(self): return self.settings[13] @handle_exceptions def setProtocols(self, protocols): self.settings[13] = protocols @handle_exceptions def addProtocol(self, protocol): if protocol not in self.settings[13]: self.settings[13].append(protocol) else: raise FirewallError(errors.ALREADY_ENABLED, protocol) @handle_exceptions def removeProtocol(self, protocol): if protocol in self.settings[13]: self.settings[13].remove(protocol) else: raise FirewallError(errors.NOT_ENABLED, protocol) @handle_exceptions def queryProtocol(self, protocol): return protocol in self.settings[13] @handle_exceptions def getSourcePorts(self): return self.settings[14] @handle_exceptions def setSourcePorts(self, ports): self.settings[14] = ports @handle_exceptions def addSourcePort(self, port, protocol): if (port,protocol) not in self.settings[14]: self.settings[14].append((port,protocol)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def removeSourcePort(self, port, protocol): if (port,protocol) in self.settings[14]: self.settings[14].remove((port,protocol)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def querySourcePort(self, port, protocol): return (port,protocol) in self.settings[14] @handle_exceptions def getIcmpBlocks(self): return self.settings[7] @handle_exceptions def setIcmpBlocks(self, icmpblocks): self.settings[7] = icmpblocks @handle_exceptions def addIcmpBlock(self, icmptype): if icmptype not in self.settings[7]: self.settings[7].append(icmptype) else: raise FirewallError(errors.ALREADY_ENABLED, icmptype) @handle_exceptions def removeIcmpBlock(self, icmptype): if icmptype in self.settings[7]: self.settings[7].remove(icmptype) else: raise FirewallError(errors.NOT_ENABLED, icmptype) @handle_exceptions def queryIcmpBlock(self, icmptype): return icmptype in self.settings[7] @handle_exceptions def getIcmpBlockInversion(self): return self.settings[15] @handle_exceptions def setIcmpBlockInversion(self, flag): self.settings[15] = flag @handle_exceptions def addIcmpBlockInversion(self): if not self.settings[15]: self.settings[15] = True else: FirewallError(errors.ALREADY_ENABLED, "icmp-block-inversion") @handle_exceptions def removeIcmpBlockInversion(self): if self.settings[15]: self.settings[15] = False else: FirewallError(errors.NOT_ENABLED, "icmp-block-inversion") @handle_exceptions def queryIcmpBlockInversion(self): return self.settings[15] @handle_exceptions def getForward(self): return self.settings[16] @handle_exceptions def setForward(self, forward): self.settings[16] = forward @handle_exceptions def addForward(self): if not self.settings[16]: self.settings[16] = True else: FirewallError(errors.ALREADY_ENABLED, "forward") @handle_exceptions def removeForward(self): if self.settings[16]: self.settings[16] = False else: FirewallError(errors.NOT_ENABLED, "forward") @handle_exceptions def queryForward(self): return self.settings[16] @handle_exceptions def getMasquerade(self): return self.settings[8] @handle_exceptions def setMasquerade(self, masquerade): self.settings[8] = masquerade @handle_exceptions def addMasquerade(self): if not self.settings[8]: self.settings[8] = True else: FirewallError(errors.ALREADY_ENABLED, "masquerade") @handle_exceptions def removeMasquerade(self): if self.settings[8]: self.settings[8] = False else: FirewallError(errors.NOT_ENABLED, "masquerade") @handle_exceptions def queryMasquerade(self): return self.settings[8] @handle_exceptions def getForwardPorts(self): return self.settings[9] @handle_exceptions def setForwardPorts(self, ports): self.settings[9] = ports @handle_exceptions def addForwardPort(self, port, protocol, to_port, to_addr): if to_port is None: to_port = '' if to_addr is None: to_addr = '' if (port,protocol,to_port,to_addr) not in self.settings[9]: self.settings[9].append((port,protocol,to_port,to_addr)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s:%s:%s'" % \ (port, protocol, to_port, to_addr)) @handle_exceptions def removeForwardPort(self, port, protocol, to_port, to_addr): if to_port is None: to_port = '' if to_addr is None: to_addr = '' if (port,protocol,to_port,to_addr) in self.settings[9]: self.settings[9].remove((port,protocol,to_port,to_addr)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s:%s:%s'" % \ (port, protocol, to_port, to_addr)) @handle_exceptions def queryForwardPort(self, port, protocol, to_port, to_addr): if to_port is None: to_port = '' if to_addr is None: to_addr = '' return (port,protocol,to_port,to_addr) in self.settings[9] @handle_exceptions def getInterfaces(self): return self.settings[10] @handle_exceptions def setInterfaces(self, interfaces): self.settings[10] = interfaces @handle_exceptions def addInterface(self, interface): if interface not in self.settings[10]: self.settings[10].append(interface) else: raise FirewallError(errors.ALREADY_ENABLED, interface) @handle_exceptions def removeInterface(self, interface): if interface in self.settings[10]: self.settings[10].remove(interface) else: raise FirewallError(errors.NOT_ENABLED, interface) @handle_exceptions def queryInterface(self, interface): return interface in self.settings[10] @handle_exceptions def getSources(self): return self.settings[11] @handle_exceptions def setSources(self, sources): self.settings[11] = sources @handle_exceptions def addSource(self, source): if source not in self.settings[11]: self.settings[11].append(source) else: raise FirewallError(errors.ALREADY_ENABLED, source) @handle_exceptions def removeSource(self, source): if source in self.settings[11]: self.settings[11].remove(source) else: raise FirewallError(errors.NOT_ENABLED, source) @handle_exceptions def querySource(self, source): return source in self.settings[11] @handle_exceptions def getRichRules(self): return self.settings[12] @handle_exceptions def setRichRules(self, rules): rules = [ str(Rich_Rule(rule_str=r)) for r in rules ] self.settings[12] = rules @handle_exceptions def addRichRule(self, rule): rule = str(Rich_Rule(rule_str=rule)) if rule not in self.settings[12]: self.settings[12].append(rule) else: raise FirewallError(errors.ALREADY_ENABLED, rule) @handle_exceptions def removeRichRule(self, rule): rule = str(Rich_Rule(rule_str=rule)) if rule in self.settings[12]: self.settings[12].remove(rule) else: raise FirewallError(errors.NOT_ENABLED, rule) @handle_exceptions def queryRichRule(self, rule): rule = str(Rich_Rule(rule_str=rule)) return rule in self.settings[12] # zone config class FirewallClientConfigZone(object): def __init__(self, bus, path): self.bus = bus self.path = path self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, path) self.fw_zone = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_ZONE) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') #TODO: check interface version and revision (need to match client # version) @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE_CONFIG_ZONE, prop)) @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE_CONFIG_ZONE)) @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG_ZONE, prop, value) @handle_exceptions def getSettings(self): return FirewallClientZoneSettings(dbus_to_python(self.fw_zone.getSettings2())) @handle_exceptions def update(self, settings): self.fw_zone.update2(settings.getSettingsDbusDict()) @handle_exceptions def loadDefaults(self): self.fw_zone.loadDefaults() @handle_exceptions def remove(self): self.fw_zone.remove() @handle_exceptions def rename(self, name): self.fw_zone.rename(name) # version @handle_exceptions def getVersion(self): return self.fw_zone.getVersion() @handle_exceptions def setVersion(self, version): self.fw_zone.setVersion(version) # short @handle_exceptions def getShort(self): return self.fw_zone.getShort() @handle_exceptions def setShort(self, short): self.fw_zone.setShort(short) # description @handle_exceptions def getDescription(self): return self.fw_zone.getDescription() @handle_exceptions def setDescription(self, description): self.fw_zone.setDescription(description) # target @handle_exceptions def getTarget(self): return self.fw_zone.getTarget() @handle_exceptions def setTarget(self, target): self.fw_zone.setTarget(target) # service @handle_exceptions def getServices(self): return self.fw_zone.getServices() @handle_exceptions def setServices(self, services): self.fw_zone.setServices(services) @handle_exceptions def addService(self, service): self.fw_zone.addService(service) @handle_exceptions def removeService(self, service): self.fw_zone.removeService(service) @handle_exceptions def queryService(self, service): return self.fw_zone.queryService(service) # port @handle_exceptions def getPorts(self): return self.fw_zone.getPorts() @handle_exceptions def setPorts(self, ports): self.fw_zone.setPorts(ports) @handle_exceptions def addPort(self, port, protocol): self.fw_zone.addPort(port, protocol) @handle_exceptions def removePort(self, port, protocol): self.fw_zone.removePort(port, protocol) @handle_exceptions def queryPort(self, port, protocol): return self.fw_zone.queryPort(port, protocol) # protocol @handle_exceptions def getProtocols(self): return self.fw_zone.getProtocols() @handle_exceptions def setProtocols(self, protocols): self.fw_zone.setProtocols(protocols) @handle_exceptions def addProtocol(self, protocol): self.fw_zone.addProtocol(protocol) @handle_exceptions def removeProtocol(self, protocol): self.fw_zone.removeProtocol(protocol) @handle_exceptions def queryProtocol(self, protocol): return self.fw_zone.queryProtocol(protocol) # source-port @handle_exceptions def getSourcePorts(self): return self.fw_zone.getSourcePorts() @handle_exceptions def setSourcePorts(self, ports): self.fw_zone.setSourcePorts(ports) @handle_exceptions def addSourcePort(self, port, protocol): self.fw_zone.addSourcePort(port, protocol) @handle_exceptions def removeSourcePort(self, port, protocol): self.fw_zone.removeSourcePort(port, protocol) @handle_exceptions def querySourcePort(self, port, protocol): return self.fw_zone.querySourcePort(port, protocol) # icmp block @handle_exceptions def getIcmpBlocks(self): return self.fw_zone.getIcmpBlocks() @handle_exceptions def setIcmpBlocks(self, icmptypes): self.fw_zone.setIcmpBlocks(icmptypes) @handle_exceptions def addIcmpBlock(self, icmptype): self.fw_zone.addIcmpBlock(icmptype) @handle_exceptions def removeIcmpBlock(self, icmptype): self.fw_zone.removeIcmpBlock(icmptype) @handle_exceptions def queryIcmpBlock(self, icmptype): return self.fw_zone.queryIcmpBlock(icmptype) # icmp-block-inversion @handle_exceptions def getIcmpBlockInversion(self): return self.fw_zone.getIcmpBlockInversion() @handle_exceptions def setIcmpBlockInversion(self, inversion): self.fw_zone.setIcmpBlockInversion(inversion) @handle_exceptions def addIcmpBlockInversion(self): self.fw_zone.addIcmpBlockInversion() @handle_exceptions def removeIcmpBlockInversion(self): self.fw_zone.removeIcmpBlockInversion() @handle_exceptions def queryIcmpBlockInversion(self): return self.fw_zone.queryIcmpBlockInversion() # forward @handle_exceptions def getForward(self): return self.fw_zone.getSettings2()["forward"] @handle_exceptions def setForward(self, forward): self.fw_zone.update2({"forward": forward}) @handle_exceptions def addForward(self): self.fw_zone.update2({"forward": True}) @handle_exceptions def removeForward(self): self.fw_zone.update2({"forward": False}) @handle_exceptions def queryForward(self): return self.fw_zone.getSettings2()["forward"] # masquerade @handle_exceptions def getMasquerade(self): return self.fw_zone.getMasquerade() @handle_exceptions def setMasquerade(self, masquerade): self.fw_zone.setMasquerade(masquerade) @handle_exceptions def addMasquerade(self): self.fw_zone.addMasquerade() @handle_exceptions def removeMasquerade(self): self.fw_zone.removeMasquerade() @handle_exceptions def queryMasquerade(self): return self.fw_zone.queryMasquerade() # forward port @handle_exceptions def getForwardPorts(self): return self.fw_zone.getForwardPorts() @handle_exceptions def setForwardPorts(self, ports): self.fw_zone.setForwardPorts(ports) @handle_exceptions def addForwardPort(self, port, protocol, toport, toaddr): if toport is None: toport = '' if toaddr is None: toaddr = '' self.fw_zone.addForwardPort(port, protocol, toport, toaddr) @handle_exceptions def removeForwardPort(self, port, protocol, toport, toaddr): if toport is None: toport = '' if toaddr is None: toaddr = '' self.fw_zone.removeForwardPort(port, protocol, toport, toaddr) @handle_exceptions def queryForwardPort(self, port, protocol, toport, toaddr): if toport is None: toport = '' if toaddr is None: toaddr = '' return self.fw_zone.queryForwardPort(port, protocol, toport, toaddr) # interface @handle_exceptions def getInterfaces(self): return self.fw_zone.getInterfaces() @handle_exceptions def setInterfaces(self, interfaces): self.fw_zone.setInterfaces(interfaces) @handle_exceptions def addInterface(self, interface): self.fw_zone.addInterface(interface) @handle_exceptions def removeInterface(self, interface): self.fw_zone.removeInterface(interface) @handle_exceptions def queryInterface(self, interface): return self.fw_zone.queryInterface(interface) # source @handle_exceptions def getSources(self): return self.fw_zone.getSources() @handle_exceptions def setSources(self, sources): self.fw_zone.setSources(sources) @handle_exceptions def addSource(self, source): self.fw_zone.addSource(source) @handle_exceptions def removeSource(self, source): self.fw_zone.removeSource(source) @handle_exceptions def querySource(self, source): return self.fw_zone.querySource(source) # rich rule @handle_exceptions def getRichRules(self): return self.fw_zone.getRichRules() @handle_exceptions def setRichRules(self, rules): self.fw_zone.setRichRules(rules) @handle_exceptions def addRichRule(self, rule): self.fw_zone.addRichRule(rule) @handle_exceptions def removeRichRule(self, rule): self.fw_zone.removeRichRule(rule) @handle_exceptions def queryRichRule(self, rule): return self.fw_zone.queryRichRule(rule) class FirewallClientPolicySettings(object): @handle_exceptions def __init__(self, settings=None): self.settings = {"description": "", "egress_zones": [], "forward_ports": [], "icmp_blocks": [], "ingress_zones": [], "masquerade": False, "ports": [], "priority": DEFAULT_POLICY_PRIORITY, "protocols": [], "rich_rules": [], "services": [], "short": "", "source_ports": [], "target": DEFAULT_POLICY_TARGET, "version": "", } self.settings_dbus_type = ["s", "s", "(ssss)", "s", "s", "b", "(ss)", "i", "s", "s", "s", "s", "(ss)", "s", "s"] if settings: self.setSettingsDict(settings) @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getSettingsDict(self): return self.settings @handle_exceptions def setSettingsDict(self, settings): for key in settings: self.settings[key] = settings[key] @handle_exceptions def getSettingsDbusDict(self): settings = {} for key,sig in zip(self.settings, self.settings_dbus_type): value = self.settings[key] if type(value) is list: settings[key] = dbus.Array(value, signature=sig) elif type(value) is dict: settings[key] = dbus.Dictionary(value, signature=sig) else: settings[key] = value return settings def getRuntimeSettingsDbusDict(self): settings = self.getSettingsDbusDict() for key in ["version", "short", "description", "target"]: del settings[key] return settings @handle_exceptions def getVersion(self): return self.settings["version"] @handle_exceptions def setVersion(self, version): self.settings["version"] = version @handle_exceptions def getShort(self): return self.settings["short"] @handle_exceptions def setShort(self, short): self.settings["short"] = short @handle_exceptions def getDescription(self): return self.settings["description"] @handle_exceptions def setDescription(self, description): self.settings["description"] = description @handle_exceptions def getTarget(self): return self.settings["target"] @handle_exceptions def setTarget(self, target): self.settings["target"] = target @handle_exceptions def getServices(self): return self.settings["services"] @handle_exceptions def setServices(self, services): self.settings["services"] = services @handle_exceptions def addService(self, service): if service not in self.settings["services"]: self.settings["services"].append(service) else: raise FirewallError(errors.ALREADY_ENABLED, service) @handle_exceptions def removeService(self, service): if service in self.settings["services"]: self.settings["services"].remove(service) else: raise FirewallError(errors.NOT_ENABLED, service) @handle_exceptions def queryService(self, service): return service in self.settings["services"] @handle_exceptions def getPorts(self): return self.settings["ports"] @handle_exceptions def setPorts(self, ports): self.settings["ports"] = ports @handle_exceptions def addPort(self, port, protocol): if (port,protocol) not in self.settings["ports"]: self.settings["ports"].append((port,protocol)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def removePort(self, port, protocol): if (port,protocol) in self.settings["ports"]: self.settings["ports"].remove((port,protocol)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def queryPort(self, port, protocol): return (port,protocol) in self.settings["ports"] @handle_exceptions def getProtocols(self): return self.settings["protocols"] @handle_exceptions def setProtocols(self, protocols): self.settings["protocols"] = protocols @handle_exceptions def addProtocol(self, protocol): if protocol not in self.settings["protocols"]: self.settings["protocols"].append(protocol) else: raise FirewallError(errors.ALREADY_ENABLED, protocol) @handle_exceptions def removeProtocol(self, protocol): if protocol in self.settings["protocols"]: self.settings["protocols"].remove(protocol) else: raise FirewallError(errors.NOT_ENABLED, protocol) @handle_exceptions def queryProtocol(self, protocol): return protocol in self.settings["protocols"] @handle_exceptions def getSourcePorts(self): return self.settings["source_ports"] @handle_exceptions def setSourcePorts(self, ports): self.settings["source_ports"] = ports @handle_exceptions def addSourcePort(self, port, protocol): if (port,protocol) not in self.settings["source_ports"]: self.settings["source_ports"].append((port,protocol)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def removeSourcePort(self, port, protocol): if (port,protocol) in self.settings["source_ports"]: self.settings["source_ports"].remove((port,protocol)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def querySourcePort(self, port, protocol): return (port,protocol) in self.settings["source_ports"] @handle_exceptions def getIcmpBlocks(self): return self.settings["icmp_blocks"] @handle_exceptions def setIcmpBlocks(self, icmpblocks): self.settings["icmp_blocks"] = icmpblocks @handle_exceptions def addIcmpBlock(self, icmptype): if icmptype not in self.settings["icmp_blocks"]: self.settings["icmp_blocks"].append(icmptype) else: raise FirewallError(errors.ALREADY_ENABLED, icmptype) @handle_exceptions def removeIcmpBlock(self, icmptype): if icmptype in self.settings["icmp_blocks"]: self.settings["icmp_blocks"].remove(icmptype) else: raise FirewallError(errors.NOT_ENABLED, icmptype) @handle_exceptions def queryIcmpBlock(self, icmptype): return icmptype in self.settings["icmp_blocks"] @handle_exceptions def getMasquerade(self): return self.settings["masquerade"] @handle_exceptions def setMasquerade(self, masquerade): self.settings["masquerade"] = masquerade @handle_exceptions def addMasquerade(self): if not self.settings["masquerade"]: self.settings["masquerade"] = True else: FirewallError(errors.ALREADY_ENABLED, "masquerade") @handle_exceptions def removeMasquerade(self): if self.settings["masquerade"]: self.settings["masquerade"] = False else: FirewallError(errors.NOT_ENABLED, "masquerade") @handle_exceptions def queryMasquerade(self): return self.settings["masquerade"] @handle_exceptions def getForwardPorts(self): return self.settings["forward_ports"] @handle_exceptions def setForwardPorts(self, ports): self.settings["forward_ports"] = ports @handle_exceptions def addForwardPort(self, port, protocol, to_port, to_addr): if to_port is None: to_port = '' if to_addr is None: to_addr = '' if (port,protocol,to_port,to_addr) not in self.settings["forward_ports"]: self.settings["forward_ports"].append((port,protocol,to_port,to_addr)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s:%s:%s'" % \ (port, protocol, to_port, to_addr)) @handle_exceptions def removeForwardPort(self, port, protocol, to_port, to_addr): if to_port is None: to_port = '' if to_addr is None: to_addr = '' if (port,protocol,to_port,to_addr) in self.settings["forward_ports"]: self.settings["forward_ports"].remove((port,protocol,to_port,to_addr)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s:%s:%s'" % \ (port, protocol, to_port, to_addr)) @handle_exceptions def queryForwardPort(self, port, protocol, to_port, to_addr): if to_port is None: to_port = '' if to_addr is None: to_addr = '' return (port,protocol,to_port,to_addr) in self.settings["forward_ports"] @handle_exceptions def getRichRules(self): return self.settings["rich_rules"] @handle_exceptions def setRichRules(self, rules): rules = [ str(Rich_Rule(rule_str=r)) for r in rules ] self.settings["rich_rules"] = rules @handle_exceptions def addRichRule(self, rule): rule = str(Rich_Rule(rule_str=rule)) if rule not in self.settings["rich_rules"]: self.settings["rich_rules"].append(rule) else: raise FirewallError(errors.ALREADY_ENABLED, rule) @handle_exceptions def removeRichRule(self, rule): rule = str(Rich_Rule(rule_str=rule)) if rule in self.settings["rich_rules"]: self.settings["rich_rules"].remove(rule) else: raise FirewallError(errors.NOT_ENABLED, rule) @handle_exceptions def queryRichRule(self, rule): rule = str(Rich_Rule(rule_str=rule)) return rule in self.settings["rich_rules"] @handle_exceptions def getIngressZones(self): return self.settings["ingress_zones"] @handle_exceptions def setIngressZones(self, ingress_zones): self.settings["ingress_zones"] = ingress_zones @handle_exceptions def addIngressZone(self, ingress_zone): if ingress_zone not in self.settings["ingress_zones"]: self.settings["ingress_zones"].append(ingress_zone) else: raise FirewallError(errors.ALREADY_ENABLED, ingress_zone) @handle_exceptions def removeIngressZone(self, ingress_zone): if ingress_zone in self.settings["ingress_zones"]: self.settings["ingress_zones"].remove(ingress_zone) else: raise FirewallError(errors.NOT_ENABLED, ingress_zone) @handle_exceptions def queryIngressZone(self, ingress_zone): return ingress_zone in self.settings["ingress_zones"] @handle_exceptions def getEgressZones(self): return self.settings["egress_zones"] @handle_exceptions def setEgressZones(self, egress_zones): self.settings["egress_zones"] = egress_zones @handle_exceptions def addEgressZone(self, egress_zone): if egress_zone not in self.settings["egress_zones"]: self.settings["egress_zones"].append(egress_zone) else: raise FirewallError(errors.ALREADY_ENABLED, egress_zone) @handle_exceptions def removeEgressZone(self, egress_zone): if egress_zone in self.settings["egress_zones"]: self.settings["egress_zones"].remove(egress_zone) else: raise FirewallError(errors.NOT_ENABLED, egress_zone) @handle_exceptions def queryEgressZone(self, egress_zone): return egress_zone in self.settings["egress_zones"] @handle_exceptions def getPriority(self): return self.settings["priority"] @handle_exceptions def setPriority(self, priority): self.settings["priority"] = int(priority) class FirewallClientConfigPolicy(object): def __init__(self, bus, path): self.bus = bus self.path = path self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, path) self.fw_policy = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_POLICY) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE_CONFIG_POLICY, prop)) @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE_CONFIG_POLICY)) @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG_POLICY, prop, value) @handle_exceptions def getSettings(self): return FirewallClientPolicySettings(dbus_to_python(self.fw_policy.getSettings())) @handle_exceptions def update(self, settings): self.fw_policy.update(settings.getSettingsDbusDict()) @handle_exceptions def loadDefaults(self): self.fw_policy.loadDefaults() @handle_exceptions def remove(self): self.fw_policy.remove() @handle_exceptions def rename(self, name): self.fw_policy.rename(name) # service config settings class FirewallClientServiceSettings(object): @handle_exceptions def __init__(self, settings=None): self.settings = ["", "", "", [], [], {}, [], [], [], []] self.settings_name = ["version", "short", "description", "ports", "modules", "destination", "protocols", "source_ports", "includes", "helpers"] self.settings_dbus_type = ["s", "s", "s", "(ss)", "s", "ss", "s", "(ss)", "s", "s"] if settings: if type(settings) is list: for i,v in enumerate(settings): self.settings[i] = settings[i] elif type(settings) is dict: self.setSettingsDict(settings) @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getSettingsDict(self): settings = {} for key,value in zip(self.settings_name, self.settings): settings[key] = value return settings @handle_exceptions def setSettingsDict(self, settings): for key in settings: self.settings[self.settings_name.index(key)] = settings[key] @handle_exceptions def getSettingsDbusDict(self): settings = {} for key,value,sig in zip(self.settings_name, self.settings, self.settings_dbus_type): if type(value) is list: settings[key] = dbus.Array(value, signature=sig) elif type(value) is dict: settings[key] = dbus.Dictionary(value, signature=sig) else: settings[key] = value return settings @handle_exceptions def getVersion(self): return self.settings[0] @handle_exceptions def setVersion(self, version): self.settings[0] = version @handle_exceptions def getShort(self): return self.settings[1] @handle_exceptions def setShort(self, short): self.settings[1] = short @handle_exceptions def getDescription(self): return self.settings[2] @handle_exceptions def setDescription(self, description): self.settings[2] = description @handle_exceptions def getPorts(self): return self.settings[3] @handle_exceptions def setPorts(self, ports): self.settings[3] = ports @handle_exceptions def addPort(self, port, protocol): if (port,protocol) not in self.settings[3]: self.settings[3].append((port,protocol)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def removePort(self, port, protocol): if (port,protocol) in self.settings[3]: self.settings[3].remove((port,protocol)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def queryPort(self, port, protocol): return (port,protocol) in self.settings[3] @handle_exceptions def getProtocols(self): return self.settings[6] @handle_exceptions def setProtocols(self, protocols): self.settings[6] = protocols @handle_exceptions def addProtocol(self, protocol): if protocol not in self.settings[6]: self.settings[6].append(protocol) else: raise FirewallError(errors.ALREADY_ENABLED, protocol) @handle_exceptions def removeProtocol(self, protocol): if protocol in self.settings[6]: self.settings[6].remove(protocol) else: raise FirewallError(errors.NOT_ENABLED, protocol) @handle_exceptions def queryProtocol(self, protocol): return protocol in self.settings[6] @handle_exceptions def getSourcePorts(self): return self.settings[7] @handle_exceptions def setSourcePorts(self, ports): self.settings[7] = ports @handle_exceptions def addSourcePort(self, port, protocol): if (port,protocol) not in self.settings[7]: self.settings[7].append((port,protocol)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def removeSourcePort(self, port, protocol): if (port,protocol) in self.settings[7]: self.settings[7].remove((port,protocol)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def querySourcePort(self, port, protocol): return (port,protocol) in self.settings[7] @handle_exceptions def getModules(self): return self.settings[4] @handle_exceptions def setModules(self, modules): self.settings[4] = modules @handle_exceptions def addModule(self, module): if module not in self.settings[4]: self.settings[4].append(module) else: raise FirewallError(errors.ALREADY_ENABLED, module) @handle_exceptions def removeModule(self, module): if module in self.settings[4]: self.settings[4].remove(module) else: raise FirewallError(errors.NOT_ENABLED, module) @handle_exceptions def queryModule(self, module): return module in self.settings[4] @handle_exceptions def getDestinations(self): return self.settings[5] @handle_exceptions def setDestinations(self, destinations): self.settings[5] = destinations @handle_exceptions def setDestination(self, dest_type, address): if dest_type not in self.settings[5] or \ self.settings[5][dest_type] != address: self.settings[5][dest_type] = address else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % \ (dest_type, address)) @handle_exceptions def removeDestination(self, dest_type, address=None): if dest_type in self.settings[5]: if address is not None and self.settings[5][dest_type] != address: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % \ (dest_type, address)) del self.settings[5][dest_type] else: raise FirewallError(errors.NOT_ENABLED, "'%s'" % dest_type) @handle_exceptions def queryDestination(self, dest_type, address): return (dest_type in self.settings[5] and \ address == self.settings[5][dest_type]) @handle_exceptions def getIncludes(self): return self.settings[8] @handle_exceptions def setIncludes(self, includes): self.settings[8] = includes @handle_exceptions def addInclude(self, include): if include not in self.settings[8]: self.settings[8].append(include) else: raise FirewallError(errors.ALREADY_ENABLED, include) @handle_exceptions def removeInclude(self, include): if include in self.settings[8]: self.settings[8].remove(include) else: raise FirewallError(errors.NOT_ENABLED, include) @handle_exceptions def queryInclude(self, include): return include in self.settings[8] @handle_exceptions def getHelpers(self): return self.settings[9] @handle_exceptions def setHelpers(self, helpers): self.settings[9] = helpers @handle_exceptions def addHelper(self, helper): if helper not in self.settings[9]: self.settings[9].append(helper) else: raise FirewallError(errors.ALREADY_ENABLED, helper) @handle_exceptions def removeHelper(self, helper): if helper in self.settings[9]: self.settings[9].remove(helper) else: raise FirewallError(errors.NOT_ENABLED, helper) @handle_exceptions def queryHelper(self, helper): return helper in self.settings[9] # ipset config settings class FirewallClientIPSetSettings(object): @handle_exceptions def __init__(self, settings=None): if settings: self.settings = settings else: self.settings = ["", "", "", "", {}, []] @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getVersion(self): return self.settings[0] @handle_exceptions def setVersion(self, version): self.settings[0] = version @handle_exceptions def getShort(self): return self.settings[1] @handle_exceptions def setShort(self, short): self.settings[1] = short @handle_exceptions def getDescription(self): return self.settings[2] @handle_exceptions def setDescription(self, description): self.settings[2] = description @handle_exceptions def getType(self): return self.settings[3] @handle_exceptions def setType(self, ipset_type): self.settings[3] = ipset_type @handle_exceptions def getOptions(self): return self.settings[4] @handle_exceptions def setOptions(self, options): self.settings[4] = options @handle_exceptions def addOption(self, key, value): if key not in self.settings[4] or self.settings[4][key] != value: self.settings[4][key] = value else: raise FirewallError(errors.ALREADY_ENABLED, "'%s=%s'" % (key,value) if value else key) @handle_exceptions def removeOption(self, key): if key in self.settings[4]: del self.settings[4][key] else: raise FirewallError(errors.NOT_ENABLED, key) @handle_exceptions def queryOption(self, key, value): return key in self.settings[4] and self.settings[4][key] == value @handle_exceptions def getEntries(self): return self.settings[5] @handle_exceptions def setEntries(self, entries): if "timeout" in self.settings[4] and \ self.settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) check_for_overlapping_entries(entries) self.settings[5] = entries @handle_exceptions def addEntry(self, entry): if "timeout" in self.settings[4] and \ self.settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) entry = normalize_ipset_entry(entry) if entry not in self.settings[5]: check_entry_overlaps_existing(entry, self.settings[5]) self.settings[5].append(entry) else: raise FirewallError(errors.ALREADY_ENABLED, entry) @handle_exceptions def removeEntry(self, entry): if "timeout" in self.settings[4] and \ self.settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) entry = normalize_ipset_entry(entry) if entry in self.settings[5]: self.settings[5].remove(entry) else: raise FirewallError(errors.NOT_ENABLED, entry) @handle_exceptions def queryEntry(self, entry): if "timeout" in self.settings[4] and \ self.settings[4]["timeout"] != "0": raise FirewallError(errors.IPSET_WITH_TIMEOUT) entry = normalize_ipset_entry(entry) return entry in self.settings[5] # ipset config class FirewallClientConfigIPSet(object): @handle_exceptions def __init__(self, bus, path): self.bus = bus self.path = path self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, path) self.fw_ipset = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_IPSET) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE_CONFIG_IPSET, prop)) @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE_CONFIG_IPSET)) @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG_IPSET, prop, value) @handle_exceptions def getSettings(self): return FirewallClientIPSetSettings(list(dbus_to_python(\ self.fw_ipset.getSettings()))) @handle_exceptions def update(self, settings): self.fw_ipset.update(tuple(settings.settings)) @handle_exceptions def loadDefaults(self): self.fw_ipset.loadDefaults() @handle_exceptions def remove(self): self.fw_ipset.remove() @handle_exceptions def rename(self, name): self.fw_ipset.rename(name) # version @handle_exceptions def getVersion(self): return self.fw_ipset.getVersion() @handle_exceptions def setVersion(self, version): self.fw_ipset.setVersion(version) # short @handle_exceptions def getShort(self): return self.fw_ipset.getShort() @handle_exceptions def setShort(self, short): self.fw_ipset.setShort(short) # description @handle_exceptions def getDescription(self): return self.fw_ipset.getDescription() @handle_exceptions def setDescription(self, description): self.fw_ipset.setDescription(description) # entry @handle_exceptions def getEntries(self): return self.fw_ipset.getEntries() @handle_exceptions def setEntries(self, entries): self.fw_ipset.setEntries(entries) @handle_exceptions def addEntry(self, entry): self.fw_ipset.addEntry(entry) @handle_exceptions def removeEntry(self, entry): self.fw_ipset.removeEntry(entry) @handle_exceptions def queryEntry(self, entry): return self.fw_ipset.queryEntry(entry) # helper config settings class FirewallClientHelperSettings(object): @handle_exceptions def __init__(self, settings=None): if settings: self.settings = settings else: self.settings = ["", "", "", "", "", [ ]] @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getVersion(self): return self.settings[0] @handle_exceptions def setVersion(self, version): self.settings[0] = version @handle_exceptions def getShort(self): return self.settings[1] @handle_exceptions def setShort(self, short): self.settings[1] = short @handle_exceptions def getDescription(self): return self.settings[2] @handle_exceptions def setDescription(self, description): self.settings[2] = description @handle_exceptions def getFamily(self): return self.settings[3] @handle_exceptions def setFamily(self, ipv): if ipv is None: self.settings[3] = "" self.settings[3] = ipv @handle_exceptions def getModule(self): return self.settings[4] @handle_exceptions def setModule(self, module): self.settings[4] = module @handle_exceptions def getPorts(self): return self.settings[5] @handle_exceptions def setPorts(self, ports): self.settings[5] = ports @handle_exceptions def addPort(self, port, protocol): if (port,protocol) not in self.settings[5]: self.settings[5].append((port,protocol)) else: raise FirewallError(errors.ALREADY_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def removePort(self, port, protocol): if (port,protocol) in self.settings[5]: self.settings[5].remove((port,protocol)) else: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % (port, protocol)) @handle_exceptions def queryPort(self, port, protocol): return (port,protocol) in self.settings[5] # helper config class FirewallClientConfigHelper(object): @handle_exceptions def __init__(self, bus, path): self.bus = bus self.path = path self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, path) self.fw_helper = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_HELPER) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE_CONFIG_HELPER, prop)) @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE_CONFIG_HELPER)) @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG_HELPER, prop, value) @handle_exceptions def getSettings(self): return FirewallClientHelperSettings(list(dbus_to_python(\ self.fw_helper.getSettings()))) @handle_exceptions def update(self, settings): self.fw_helper.update(tuple(settings.settings)) @handle_exceptions def loadDefaults(self): self.fw_helper.loadDefaults() @handle_exceptions def remove(self): self.fw_helper.remove() @handle_exceptions def rename(self, name): self.fw_helper.rename(name) # version @handle_exceptions def getVersion(self): return self.fw_helper.getVersion() @handle_exceptions def setVersion(self, version): self.fw_helper.setVersion(version) # short @handle_exceptions def getShort(self): return self.fw_helper.getShort() @handle_exceptions def setShort(self, short): self.fw_helper.setShort(short) # description @handle_exceptions def getDescription(self): return self.fw_helper.getDescription() @handle_exceptions def setDescription(self, description): self.fw_helper.setDescription(description) # port @handle_exceptions def getPorts(self): return self.fw_helper.getPorts() @handle_exceptions def setPorts(self, ports): self.fw_helper.setPorts(ports) @handle_exceptions def addPort(self, port, protocol): self.fw_helper.addPort(port, protocol) @handle_exceptions def removePort(self, port, protocol): self.fw_helper.removePort(port, protocol) @handle_exceptions def queryPort(self, port, protocol): return self.fw_helper.queryPort(port, protocol) # family @handle_exceptions def getFamily(self): return self.fw_helper.getFamily() @handle_exceptions def setFamily(self, ipv): if ipv is None: self.fw_helper.setFamily("") self.fw_helper.setFamily(ipv) # module @handle_exceptions def getModule(self): return self.fw_helper.getModule() @handle_exceptions def setModule(self, module): self.fw_helper.setModule(module) # service config class FirewallClientConfigService(object): @handle_exceptions def __init__(self, bus, path): self.bus = bus self.path = path self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, path) self.fw_service = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_SERVICE) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, prop)) @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE_CONFIG_SERVICE)) @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, prop, value) @handle_exceptions def getSettings(self): return FirewallClientServiceSettings(dbus_to_python( self.fw_service.getSettings2())) @handle_exceptions def update(self, settings): self.fw_service.update2(settings.getSettingsDbusDict()) @handle_exceptions def loadDefaults(self): self.fw_service.loadDefaults() @handle_exceptions def remove(self): self.fw_service.remove() @handle_exceptions def rename(self, name): self.fw_service.rename(name) # version @handle_exceptions def getVersion(self): return self.fw_service.getVersion() @handle_exceptions def setVersion(self, version): self.fw_service.setVersion(version) # short @handle_exceptions def getShort(self): return self.fw_service.getShort() @handle_exceptions def setShort(self, short): self.fw_service.setShort(short) # description @handle_exceptions def getDescription(self): return self.fw_service.getDescription() @handle_exceptions def setDescription(self, description): self.fw_service.setDescription(description) # port @handle_exceptions def getPorts(self): return self.fw_service.getPorts() @handle_exceptions def setPorts(self, ports): self.fw_service.setPorts(ports) @handle_exceptions def addPort(self, port, protocol): self.fw_service.addPort(port, protocol) @handle_exceptions def removePort(self, port, protocol): self.fw_service.removePort(port, protocol) @handle_exceptions def queryPort(self, port, protocol): return self.fw_service.queryPort(port, protocol) # protocol @handle_exceptions def getProtocols(self): return self.fw_service.getProtocols() @handle_exceptions def setProtocols(self, protocols): self.fw_service.setProtocols(protocols) @handle_exceptions def addProtocol(self, protocol): self.fw_service.addProtocol(protocol) @handle_exceptions def removeProtocol(self, protocol): self.fw_service.removeProtocol(protocol) @handle_exceptions def queryProtocol(self, protocol): return self.fw_service.queryProtocol(protocol) # source-port @handle_exceptions def getSourcePorts(self): return self.fw_service.getSourcePorts() @handle_exceptions def setSourcePorts(self, ports): self.fw_service.setSourcePorts(ports) @handle_exceptions def addSourcePort(self, port, protocol): self.fw_service.addSourcePort(port, protocol) @handle_exceptions def removeSourcePort(self, port, protocol): self.fw_service.removeSourcePort(port, protocol) @handle_exceptions def querySourcePort(self, port, protocol): return self.fw_service.querySourcePort(port, protocol) # module @handle_exceptions def getModules(self): return self.fw_service.getModules() @handle_exceptions def setModules(self, modules): self.fw_service.setModules(modules) @handle_exceptions def addModule(self, module): self.fw_service.addModule(module) @handle_exceptions def removeModule(self, module): self.fw_service.removeModule(module) @handle_exceptions def queryModule(self, module): return self.fw_service.queryModule(module) # destination @handle_exceptions def getDestinations(self): return self.fw_service.getDestinations() @handle_exceptions def setDestinations(self, destinations): self.fw_service.setDestinations(destinations) @handle_exceptions def getDestination(self, destination): return self.fw_service.getDestination(destination) @handle_exceptions def setDestination(self, destination, address): self.fw_service.setDestination(destination, address) @handle_exceptions def removeDestination(self, destination, address=None): if address is not None and self.getDestination(destination) != address: raise FirewallError(errors.NOT_ENABLED, "'%s:%s'" % \ (destination, address)) self.fw_service.removeDestination(destination) @handle_exceptions def queryDestination(self, destination, address): return self.fw_service.queryDestination(destination, address) # include @handle_exceptions def getIncludes(self): return self.fw_service.getIncludes() @handle_exceptions def setIncludes(self, includes): self.fw_service.setIncludes(includes) @handle_exceptions def addInclude(self, include): self.fw_service.addInclude(include) @handle_exceptions def removeInclude(self, include): self.fw_service.removeInclude(include) @handle_exceptions def queryInclude(self, include): return self.fw_service.queryInclude(include) # icmptype config settings class FirewallClientIcmpTypeSettings(object): @handle_exceptions def __init__(self, settings=None): if settings: self.settings = settings else: self.settings = ["", "", "", []] @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getVersion(self): return self.settings[0] @handle_exceptions def setVersion(self, version): self.settings[0] = version @handle_exceptions def getShort(self): return self.settings[1] @handle_exceptions def setShort(self, short): self.settings[1] = short @handle_exceptions def getDescription(self): return self.settings[2] @handle_exceptions def setDescription(self, description): self.settings[2] = description @handle_exceptions def getDestinations(self): return self.settings[3] @handle_exceptions def setDestinations(self, destinations): self.settings[3] = destinations @handle_exceptions def addDestination(self, destination): # empty means all if not self.settings[3]: raise FirewallError(errors.ALREADY_ENABLED, destination) elif destination not in self.settings[3]: self.settings[3].append(destination) else: raise FirewallError(errors.ALREADY_ENABLED, destination) @handle_exceptions def removeDestination(self, destination): if destination in self.settings[3]: self.settings[3].remove(destination) # empty means all elif not self.settings[3]: self.setDestinations(list(set(['ipv4','ipv6']) - \ set([destination]))) else: raise FirewallError(errors.NOT_ENABLED, destination) @handle_exceptions def queryDestination(self, destination): # empty means all return not self.settings[3] or \ destination in self.settings[3] # icmptype config class FirewallClientConfigIcmpType(object): @handle_exceptions def __init__(self, bus, path): self.bus = bus self.path = path self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, path) self.fw_icmptype = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, prop)) @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE)) @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, prop, value) @handle_exceptions def getSettings(self): return FirewallClientIcmpTypeSettings(list(dbus_to_python(\ self.fw_icmptype.getSettings()))) @handle_exceptions def update(self, settings): self.fw_icmptype.update(tuple(settings.settings)) @handle_exceptions def loadDefaults(self): self.fw_icmptype.loadDefaults() @handle_exceptions def remove(self): self.fw_icmptype.remove() @handle_exceptions def rename(self, name): self.fw_icmptype.rename(name) # version @handle_exceptions def getVersion(self): return self.fw_icmptype.getVersion() @handle_exceptions def setVersion(self, version): self.fw_icmptype.setVersion(version) # short @handle_exceptions def getShort(self): return self.fw_icmptype.getShort() @handle_exceptions def setShort(self, short): self.fw_icmptype.setShort(short) # description @handle_exceptions def getDescription(self): return self.fw_icmptype.getDescription() @handle_exceptions def setDescription(self, description): self.fw_icmptype.setDescription(description) # destination @handle_exceptions def getDestinations(self): return self.fw_icmptype.getDestinations() @handle_exceptions def setDestinations(self, destinations): self.fw_icmptype.setDestinations(destinations) @handle_exceptions def addDestination(self, destination): self.fw_icmptype.addDestination(destination) @handle_exceptions def removeDestination(self, destination): self.fw_icmptype.removeDestination(destination) @handle_exceptions def queryDestination(self, destination): return self.fw_icmptype.queryDestination(destination) # config.policies lockdown whitelist class FirewallClientPoliciesLockdownWhitelist(object): @handle_exceptions def __init__(self, settings=None): if settings: self.settings = settings else: self.settings = [ [], [], [], [] ] @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getCommands(self): return self.settings[0] @handle_exceptions def setCommands(self, commands): self.settings[0] = commands @handle_exceptions def addCommand(self, command): if command not in self.settings[0]: self.settings[0].append(command) @handle_exceptions def removeCommand(self, command): if command in self.settings[0]: self.settings[0].remove(command) @handle_exceptions def queryCommand(self, command): return command in self.settings[0] @handle_exceptions def getContexts(self): return self.settings[1] @handle_exceptions def setContexts(self, contexts): self.settings[1] = contexts @handle_exceptions def addContext(self, context): if context not in self.settings[1]: self.settings[1].append(context) @handle_exceptions def removeContext(self, context): if context in self.settings[1]: self.settings[1].remove(context) @handle_exceptions def queryContext(self, context): return context in self.settings[1] @handle_exceptions def getUsers(self): return self.settings[2] @handle_exceptions def setUsers(self, users): self.settings[2] = users @handle_exceptions def addUser(self, user): if user not in self.settings[2]: self.settings[2].append(user) @handle_exceptions def removeUser(self, user): if user in self.settings[2]: self.settings[2].remove(user) @handle_exceptions def queryUser(self, user): return user in self.settings[2] @handle_exceptions def getUids(self): return self.settings[3] @handle_exceptions def setUids(self, uids): self.settings[3] = uids @handle_exceptions def addUid(self, uid): if uid not in self.settings[3]: self.settings[3].append(uid) @handle_exceptions def removeUid(self, uid): if uid in self.settings[3]: self.settings[3].remove(uid) @handle_exceptions def queryUid(self, uid): return uid in self.settings[3] # config.policies class FirewallClientConfigPolicies(object): @handle_exceptions def __init__(self, bus): self.bus = bus self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, config.dbus.DBUS_PATH_CONFIG) self.fw_policies = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_POLICIES) @handle_exceptions def getLockdownWhitelist(self): return FirewallClientPoliciesLockdownWhitelist( \ list(dbus_to_python(self.fw_policies.getLockdownWhitelist()))) @handle_exceptions def setLockdownWhitelist(self, settings): self.fw_policies.setLockdownWhitelist(tuple(settings.settings)) # command @handle_exceptions def addLockdownWhitelistCommand(self, command): self.fw_policies.addLockdownWhitelistCommand(command) @handle_exceptions def removeLockdownWhitelistCommand(self, command): self.fw_policies.removeLockdownWhitelistCommand(command) @handle_exceptions def queryLockdownWhitelistCommand(self, command): return dbus_to_python(self.fw_policies.queryLockdownWhitelistCommand(command)) @handle_exceptions def getLockdownWhitelistCommands(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistCommands()) # context @handle_exceptions def addLockdownWhitelistContext(self, context): self.fw_policies.addLockdownWhitelistContext(context) @handle_exceptions def removeLockdownWhitelistContext(self, context): self.fw_policies.removeLockdownWhitelistContext(context) @handle_exceptions def queryLockdownWhitelistContext(self, context): return dbus_to_python(self.fw_policies.queryLockdownWhitelistContext(context)) @handle_exceptions def getLockdownWhitelistContexts(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistContexts()) # user @handle_exceptions def addLockdownWhitelistUser(self, user): self.fw_policies.addLockdownWhitelistUser(user) @handle_exceptions def removeLockdownWhitelistUser(self, user): self.fw_policies.removeLockdownWhitelistUser(user) @handle_exceptions def queryLockdownWhitelistUser(self, user): return dbus_to_python(self.fw_policies.queryLockdownWhitelistUser(user)) @handle_exceptions def getLockdownWhitelistUsers(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistUsers()) # uid @handle_exceptions def getLockdownWhitelistUids(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistUids()) @handle_exceptions def setLockdownWhitelistUids(self, uids): self.fw_policies.setLockdownWhitelistUids(uids) @handle_exceptions def addLockdownWhitelistUid(self, uid): self.fw_policies.addLockdownWhitelistUid(uid) @handle_exceptions def removeLockdownWhitelistUid(self, uid): self.fw_policies.removeLockdownWhitelistUid(uid) @handle_exceptions def queryLockdownWhitelistUid(self, uid): return dbus_to_python(self.fw_policies.queryLockdownWhitelistUid(uid)) # config.direct class FirewallClientDirect(object): @handle_exceptions def __init__(self, settings=None): if settings: self.settings = settings else: self.settings = [ [], [], [], ] @handle_exceptions def __repr__(self): return '%s(%r)' % (self.__class__, self.settings) @handle_exceptions def getAllChains(self): return self.settings[0] @handle_exceptions def getChains(self, ipv, table): return [ entry[2] for entry in self.settings[0] \ if entry[0] == ipv and entry[1] == table ] @handle_exceptions def setAllChains(self, chains): self.settings[0] = chains @handle_exceptions def addChain(self, ipv, table, chain): idx = (ipv, table, chain) if idx not in self.settings[0]: self.settings[0].append(idx) @handle_exceptions def removeChain(self, ipv, table, chain): idx = (ipv, table, chain) if idx in self.settings[0]: self.settings[0].remove(idx) @handle_exceptions def queryChain(self, ipv, table, chain): idx = (ipv, table, chain) return idx in self.settings[0] @handle_exceptions def getAllRules(self): return self.settings[1] @handle_exceptions def getRules(self, ipv, table, chain): return [ entry[3:] for entry in self.settings[1] \ if entry[0] == ipv and entry[1] == table \ and entry[2] == chain ] @handle_exceptions def setAllRules(self, rules): self.settings[1] = rules @handle_exceptions def addRule(self, ipv, table, chain, priority, args): idx = (ipv, table, chain, priority, args) if idx not in self.settings[1]: self.settings[1].append(idx) @handle_exceptions def removeRule(self, ipv, table, chain, priority, args): idx = (ipv, table, chain, priority, args) if idx in self.settings[1]: self.settings[1].remove(idx) @handle_exceptions def removeRules(self, ipv, table, chain): for idx in list(self.settings[1]): if idx[0] == ipv and idx[1] == table and idx[2] == chain: self.settings[1].remove(idx) @handle_exceptions def queryRule(self, ipv, table, chain, priority, args): idx = (ipv, table, chain, priority, args) return idx in self.settings[1] @handle_exceptions def getAllPassthroughs(self): return self.settings[2] @handle_exceptions def setAllPassthroughs(self, passthroughs): self.settings[2] = passthroughs @handle_exceptions def removeAllPassthroughs(self): self.settings[2] = [] @handle_exceptions def getPassthroughs(self, ipv): return [ entry[1] for entry in self.settings[2] \ if entry[0] == ipv ] @handle_exceptions def addPassthrough(self, ipv, args): idx = (ipv, args) if idx not in self.settings[2]: self.settings[2].append(idx) @handle_exceptions def removePassthrough(self, ipv, args): idx = (ipv, args) if idx in self.settings[2]: self.settings[2].remove(idx) @handle_exceptions def queryPassthrough(self, ipv, args): idx = (ipv, args) return idx in self.settings[2] # config.direct class FirewallClientConfigDirect(object): @handle_exceptions def __init__(self, bus): self.bus = bus self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, config.dbus.DBUS_PATH_CONFIG) self.fw_direct = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG_DIRECT) @handle_exceptions def getSettings(self): return FirewallClientDirect( \ list(dbus_to_python(self.fw_direct.getSettings()))) @handle_exceptions def update(self, settings): self.fw_direct.update(tuple(settings.settings)) # direct chain @handle_exceptions def addChain(self, ipv, table, chain): self.fw_direct.addChain(ipv, table, chain) @handle_exceptions def removeChain(self, ipv, table, chain): self.fw_direct.removeChain(ipv, table, chain) @handle_exceptions def queryChain(self, ipv, table, chain): return dbus_to_python(self.fw_direct.queryChain(ipv, table, chain)) @handle_exceptions def getChains(self, ipv, table): return dbus_to_python(self.fw_direct.getChains(ipv, table)) @handle_exceptions def getAllChains(self): return dbus_to_python(self.fw_direct.getAllChains()) # direct rule @handle_exceptions def addRule(self, ipv, table, chain, priority, args): self.fw_direct.addRule(ipv, table, chain, priority, args) @handle_exceptions def removeRule(self, ipv, table, chain, priority, args): self.fw_direct.removeRule(ipv, table, chain, priority, args) @handle_exceptions def removeRules(self, ipv, table, chain): self.fw_direct.removeRules(ipv, table, chain) @handle_exceptions def queryRule(self, ipv, table, chain, priority, args): return dbus_to_python(self.fw_direct.queryRule(ipv, table, chain, priority, args)) @handle_exceptions def getRules(self, ipv, table, chain): return dbus_to_python(self.fw_direct.getRules(ipv, table, chain)) @handle_exceptions def getAllRules(self): return dbus_to_python(self.fw_direct.getAllRules()) # tracked passthrough @handle_exceptions def addPassthrough(self, ipv, args): self.fw_direct.addPassthrough(ipv, args) @handle_exceptions def removePassthrough(self, ipv, args): self.fw_direct.removePassthrough(ipv, args) @handle_exceptions def queryPassthrough(self, ipv, args): return dbus_to_python(self.fw_direct.queryPassthrough(ipv, args)) @handle_exceptions def getPassthroughs(self, ipv): return dbus_to_python(self.fw_direct.getPassthroughs(ipv)) @handle_exceptions def getAllPassthroughs(self): return dbus_to_python(self.fw_direct.getAllPassthroughs()) # config class FirewallClientConfig(object): @handle_exceptions def __init__(self, bus): self.bus = bus self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, config.dbus.DBUS_PATH_CONFIG) self.fw_config = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_CONFIG) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') self._policies = FirewallClientConfigPolicies(self.bus) self._direct = FirewallClientConfigDirect(self.bus) # properties @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE_CONFIG, prop)) @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE_CONFIG)) @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG, prop, value) # ipset @handle_exceptions def getIPSetNames(self): return dbus_to_python(self.fw_config.getIPSetNames()) @handle_exceptions def listIPSets(self): return dbus_to_python(self.fw_config.listIPSets()) @handle_exceptions def getIPSet(self, path): return FirewallClientConfigIPSet(self.bus, path) @handle_exceptions def getIPSetByName(self, name): path = dbus_to_python(self.fw_config.getIPSetByName(name)) return FirewallClientConfigIPSet(self.bus, path) @handle_exceptions def addIPSet(self, name, settings): if isinstance(settings, FirewallClientIPSetSettings): path = self.fw_config.addIPSet(name, tuple(settings.settings)) else: path = self.fw_config.addIPSet(name, tuple(settings)) return FirewallClientConfigIPSet(self.bus, path) # zone @handle_exceptions def getZoneNames(self): return dbus_to_python(self.fw_config.getZoneNames()) @handle_exceptions def listZones(self): return dbus_to_python(self.fw_config.listZones()) @handle_exceptions def getZone(self, path): return FirewallClientConfigZone(self.bus, path) @handle_exceptions def getZoneByName(self, name): path = dbus_to_python(self.fw_config.getZoneByName(name)) return FirewallClientConfigZone(self.bus, path) @handle_exceptions def getZoneOfInterface(self, iface): return dbus_to_python(self.fw_config.getZoneOfInterface(iface)) @handle_exceptions def getZoneOfSource(self, source): return dbus_to_python(self.fw_config.getZoneOfSource(source)) @handle_exceptions def addZone(self, name, settings): if isinstance(settings, FirewallClientZoneSettings): path = self.fw_config.addZone2(name, settings.getSettingsDbusDict()) elif isinstance(settings, dict): path = self.fw_config.addZone2(name, settings) else: # tuple based dbus API has 16 elements. Slice what we're given down # to the expected size. path = self.fw_config.addZone(name, tuple(settings[:16])) return FirewallClientConfigZone(self.bus, path) # policy @handle_exceptions def getPolicyNames(self): return dbus_to_python(self.fw_config.getPolicyNames()) @handle_exceptions def listPolicies(self): return dbus_to_python(self.fw_config.listPolicies()) @handle_exceptions def getPolicy(self, path): return FirewallClientConfigPolicy(self.bus, path) @handle_exceptions def getPolicyByName(self, name): path = dbus_to_python(self.fw_config.getPolicyByName(name)) return FirewallClientConfigPolicy(self.bus, path) @handle_exceptions def addPolicy(self, name, settings): if isinstance(settings, FirewallClientPolicySettings): path = self.fw_config.addPolicy(name, settings.getSettingsDbusDict()) else: # dict path = self.fw_config.addPolicy(name, settings) return FirewallClientConfigPolicy(self.bus, path) # service @handle_exceptions def getServiceNames(self): return dbus_to_python(self.fw_config.getServiceNames()) @handle_exceptions def listServices(self): return dbus_to_python(self.fw_config.listServices()) @handle_exceptions def getService(self, path): return FirewallClientConfigService(self.bus, path) @handle_exceptions def getServiceByName(self, name): path = dbus_to_python(self.fw_config.getServiceByName(name)) return FirewallClientConfigService(self.bus, path) @handle_exceptions def addService(self, name, settings): if isinstance(settings, FirewallClientServiceSettings): path = self.fw_config.addService2(name, settings.getSettingsDbusDict()) elif type(settings) is dict: path = self.fw_config.addService2(name, settings) else: # tuple based dbus API has 8 elements. Slice what we're given down # to the expected size. path = self.fw_config.addService(name, tuple(settings[:8])) return FirewallClientConfigService(self.bus, path) # icmptype @handle_exceptions def getIcmpTypeNames(self): return dbus_to_python(self.fw_config.getIcmpTypeNames()) @handle_exceptions def listIcmpTypes(self): return dbus_to_python(self.fw_config.listIcmpTypes()) @handle_exceptions def getIcmpType(self, path): return FirewallClientConfigIcmpType(self.bus, path) @handle_exceptions def getIcmpTypeByName(self, name): path = dbus_to_python(self.fw_config.getIcmpTypeByName(name)) return FirewallClientConfigIcmpType(self.bus, path) @handle_exceptions def addIcmpType(self, name, settings): if isinstance(settings, FirewallClientIcmpTypeSettings): path = self.fw_config.addIcmpType(name, tuple(settings.settings)) else: path = self.fw_config.addIcmpType(name, tuple(settings)) return FirewallClientConfigIcmpType(self.bus, path) @handle_exceptions def policies(self): return self._policies @handle_exceptions def direct(self): return self._direct # helper @handle_exceptions def getHelperNames(self): return dbus_to_python(self.fw_config.getHelperNames()) @handle_exceptions def listHelpers(self): return dbus_to_python(self.fw_config.listHelpers()) @handle_exceptions def getHelper(self, path): return FirewallClientConfigHelper(self.bus, path) @handle_exceptions def getHelperByName(self, name): path = dbus_to_python(self.fw_config.getHelperByName(name)) return FirewallClientConfigHelper(self.bus, path) @handle_exceptions def addHelper(self, name, settings): if isinstance(settings, FirewallClientHelperSettings): path = self.fw_config.addHelper(name, tuple(settings.settings)) else: path = self.fw_config.addHelper(name, tuple(settings)) return FirewallClientConfigHelper(self.bus, path) # class FirewallClient(object): @handle_exceptions def __init__(self, bus=None, wait=0, quiet=True): if not bus: dbus.mainloop.glib.DBusGMainLoop(set_as_default=True) try: self.bus = dbus.SystemBus() except dbus.exceptions.DBusException as e: raise FirewallError(errors.DBUS_ERROR, e.get_dbus_message()) else: self.bus = bus self.bus.add_signal_receiver( handler_function=self._dbus_connection_changed, signal_name="NameOwnerChanged", dbus_interface="org.freedesktop.DBus", arg0=config.dbus.DBUS_INTERFACE) for interface in [ config.dbus.DBUS_INTERFACE, config.dbus.DBUS_INTERFACE_IPSET, config.dbus.DBUS_INTERFACE_ZONE, config.dbus.DBUS_INTERFACE_POLICY, config.dbus.DBUS_INTERFACE_DIRECT, config.dbus.DBUS_INTERFACE_POLICIES, config.dbus.DBUS_INTERFACE_CONFIG, config.dbus.DBUS_INTERFACE_CONFIG_IPSET, config.dbus.DBUS_INTERFACE_CONFIG_ZONE, config.dbus.DBUS_INTERFACE_CONFIG_POLICY, config.dbus.DBUS_INTERFACE_CONFIG_SERVICE, config.dbus.DBUS_INTERFACE_CONFIG_HELPER, config.dbus.DBUS_INTERFACE_CONFIG_DIRECT, config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE, config.dbus.DBUS_INTERFACE_CONFIG_POLICIES ]: self.bus.add_signal_receiver(self._signal_receiver, dbus_interface=interface, interface_keyword='interface', member_keyword='member', path_keyword='path') # callbacks self._callback = { } self._callbacks = { # client callbacks "connection-changed": "connection-changed", "connection-established": "connection-established", "connection-lost": "connection-lost", # firewalld callbacks "log-denied-changed": "LogDeniedChanged", "default-zone-changed": "DefaultZoneChanged", "panic-mode-enabled": "PanicModeEnabled", "panic-mode-disabled": "PanicModeDisabled", "reloaded": "Reloaded", "service-added": "ServiceAdded", "service-removed": "ServiceRemoved", "port-added": "PortAdded", "port-removed": "PortRemoved", "source-port-added": "SourcePortAdded", "source-port-removed": "SourcePortRemoved", "protocol-added": "ProtocolAdded", "protocol-removed": "ProtocolRemoved", "masquerade-added": "MasqueradeAdded", "masquerade-removed": "MasqueradeRemoved", "forward-port-added": "ForwardPortAdded", "forward-port-removed": "ForwardPortRemoved", "icmp-block-added": "IcmpBlockAdded", "icmp-block-removed": "IcmpBlockRemoved", "icmp-block-inversion-added": "IcmpBlockInversionAdded", "icmp-block-inversion-removed": "IcmpBlockInversionRemoved", "richrule-added": "RichRuleAdded", "richrule-removed": "RichRuleRemoved", "interface-added": "InterfaceAdded", "interface-removed": "InterfaceRemoved", "zone-changed": "ZoneOfInterfaceChanged", # DEPRECATED, use zone-of-interface-changed instead "zone-of-interface-changed": "ZoneOfInterfaceChanged", "source-added": "SourceAdded", "source-removed": "SourceRemoved", "zone-of-source-changed": "ZoneOfSourceChanged", "zone-updated": "ZoneUpdated", "policy-updated": "PolicyUpdated", # ipset callbacks "ipset-entry-added": "EntryAdded", "ipset-entry-removed": "EntryRemoved", # direct callbacks "direct:chain-added": "ChainAdded", "direct:chain-removed": "ChainRemoved", "direct:rule-added": "RuleAdded", "direct:rule-removed": "RuleRemoved", "direct:passthrough-added": "PassthroughAdded", "direct:passthrough-removed": "PassthroughRemoved", "config:direct:updated": "config:direct:Updated", # policy callbacks "lockdown-enabled": "LockdownEnabled", "lockdown-disabled": "LockdownDisabled", "lockdown-whitelist-command-added": "LockdownWhitelistCommandAdded", "lockdown-whitelist-command-removed": "LockdownWhitelistCommandRemoved", "lockdown-whitelist-context-added": "LockdownWhitelistContextAdded", "lockdown-whitelist-context-removed": "LockdownWhitelistContextRemoved", "lockdown-whitelist-uid-added": "LockdownWhitelistUidAdded", "lockdown-whitelist-uid-removed": "LockdownWhitelistUidRemoved", "lockdown-whitelist-user-added": "LockdownWhitelistUserAdded", "lockdown-whitelist-user-removed": "LockdownWhitelistUserRemoved", # firewalld.config callbacks "config:policies:lockdown-whitelist-updated": "config:policies:LockdownWhitelistUpdated", "config:ipset-added": "config:IPSetAdded", "config:ipset-updated": "config:IPSetUpdated", "config:ipset-removed": "config:IPSetRemoved", "config:ipset-renamed": "config:IPSetRenamed", "config:zone-added": "config:ZoneAdded", "config:zone-updated": "config:ZoneUpdated", "config:zone-removed": "config:ZoneRemoved", "config:zone-renamed": "config:ZoneRenamed", "config:policy-added": "config:PolicyAdded", "config:policy-updated": "config:PolicyUpdated", "config:policy-removed": "config:PolicyRemoved", "config:policy-renamed": "config:PolicyRenamed", "config:service-added": "config:ServiceAdded", "config:service-updated": "config:ServiceUpdated", "config:service-removed": "config:ServiceRemoved", "config:service-renamed": "config:ServiceRenamed", "config:icmptype-added": "config:IcmpTypeAdded", "config:icmptype-updated": "config:IcmpTypeUpdated", "config:icmptype-removed": "config:IcmpTypeRemoved", "config:icmptype-renamed": "config:IcmpTypeRenamed", "config:helper-added": "config:HelperAdded", "config:helper-updated": "config:HelperUpdated", "config:helper-removed": "config:HelperRemoved", "config:helper-renamed": "config:HelperRenamed", } # initialize variables used for connection self._init_vars() self.quiet = quiet if wait > 0: # connect in one second GLib.timeout_add_seconds(wait, self._connection_established) else: self._connection_established() @handle_exceptions def _init_vars(self): self.fw = None self.fw_ipset = None self.fw_zone = None self.fw_policy = None self.fw_helper = None self.fw_direct = None self.fw_properties = None self._config = None self.connected = False @handle_exceptions def getExceptionHandler(self): return exception_handler @handle_exceptions def setExceptionHandler(self, handler): global exception_handler exception_handler = handler @handle_exceptions def getNotAuthorizedLoop(self): return not_authorized_loop @handle_exceptions def setNotAuthorizedLoop(self, enable): global not_authorized_loop not_authorized_loop = enable @handle_exceptions def connect(self, name, callback, *args): if name in self._callbacks: self._callback[self._callbacks[name]] = (callback, args) else: raise ValueError("Unknown callback name '%s'" % name) @handle_exceptions def _dbus_connection_changed(self, name, old_owner, new_owner): if name != config.dbus.DBUS_INTERFACE: return if new_owner: # connection established self._connection_established() else: # connection lost self._connection_lost() @handle_exceptions def _connection_established(self): try: self.dbus_obj = self.bus.get_object(config.dbus.DBUS_INTERFACE, config.dbus.DBUS_PATH) self.fw = dbus.Interface(self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE) self.fw_ipset = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_IPSET) self.fw_zone = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_ZONE) self.fw_policy = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_POLICY) self.fw_direct = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_DIRECT) self.fw_policies = dbus.Interface( self.dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_POLICIES) self.fw_properties = dbus.Interface( self.dbus_obj, dbus_interface='org.freedesktop.DBus.Properties') except dbus.exceptions.DBusException as e: # ignore dbus errors if not self.quiet: print ("DBusException", e.get_dbus_message()) return except Exception as e: if not self.quiet: print ("Exception", e) return self._config = FirewallClientConfig(self.bus) self.connected = True self._signal_receiver(member="connection-established", interface=config.dbus.DBUS_INTERFACE) self._signal_receiver(member="connection-changed", interface=config.dbus.DBUS_INTERFACE) @handle_exceptions def _connection_lost(self): self._init_vars() self._signal_receiver(member="connection-lost", interface=config.dbus.DBUS_INTERFACE) self._signal_receiver(member="connection-changed", interface=config.dbus.DBUS_INTERFACE) @handle_exceptions def _signal_receiver(self, *args, **kwargs): if "member" not in kwargs or "interface" not in kwargs: return signal = kwargs["member"] interface = kwargs["interface"] # config signals need special treatment # pimp signal name if interface.startswith(config.dbus.DBUS_INTERFACE_CONFIG_ZONE): signal = "config:Zone" + signal if interface.startswith(config.dbus.DBUS_INTERFACE_CONFIG_POLICY): signal = "config:Policy" + signal elif interface.startswith(config.dbus.DBUS_INTERFACE_CONFIG_IPSET): signal = "config:IPSet" + signal elif interface.startswith(config.dbus.DBUS_INTERFACE_CONFIG_SERVICE): signal = "config:Service" + signal elif interface.startswith(config.dbus.DBUS_INTERFACE_CONFIG_ICMPTYPE): signal = "config:IcmpType" + signal elif interface.startswith(config.dbus.DBUS_INTERFACE_CONFIG_HELPER): signal = "config:Helper" + signal elif interface == config.dbus.DBUS_INTERFACE_CONFIG: signal = "config:" + signal elif interface == config.dbus.DBUS_INTERFACE_CONFIG_POLICIES: signal = "config:policies:" + signal elif interface == config.dbus.DBUS_INTERFACE_CONFIG_DIRECT: signal = "config:direct:" + signal cb = None for callback in self._callbacks: if self._callbacks[callback] == signal and \ self._callbacks[callback] in self._callback: cb = self._callback[self._callbacks[callback]] if cb is None: return # call back with args converted to python types ... cb_args = [ dbus_to_python(arg) for arg in args ] try: if cb[1]: # add call data cb_args.extend(cb[1]) # call back cb[0](*cb_args) except Exception as msg: print(msg) @handle_exceptions def config(self): return self._config @handle_exceptions def reload(self): self.fw.reload() @handle_exceptions def complete_reload(self): self.fw.completeReload() @handle_exceptions def runtimeToPermanent(self): self.fw.runtimeToPermanent() @handle_exceptions def checkPermanentConfig(self): self.fw.checkPermanentConfig() @handle_exceptions def get_property(self, prop): return dbus_to_python(self.fw_properties.Get( config.dbus.DBUS_INTERFACE, prop)) @handle_exceptions def get_properties(self): return dbus_to_python(self.fw_properties.GetAll( config.dbus.DBUS_INTERFACE)) @handle_exceptions def set_property(self, prop, value): self.fw_properties.Set(config.dbus.DBUS_INTERFACE, prop, value) # panic mode @handle_exceptions def enablePanicMode(self): self.fw.enablePanicMode() @handle_exceptions def disablePanicMode(self): self.fw.disablePanicMode() @handle_exceptions def queryPanicMode(self): return dbus_to_python(self.fw.queryPanicMode()) # list functions @handle_exceptions def getZoneSettings(self, zone): return FirewallClientZoneSettings(dbus_to_python(self.fw_zone.getZoneSettings2(zone))) @handle_exceptions def getIPSets(self): return dbus_to_python(self.fw_ipset.getIPSets()) @handle_exceptions def getIPSetSettings(self, ipset): return FirewallClientIPSetSettings(list(dbus_to_python(\ self.fw_ipset.getIPSetSettings(ipset)))) @handle_exceptions def addEntry(self, ipset, entry): self.fw_ipset.addEntry(ipset, entry) @handle_exceptions def getEntries(self, ipset): return self.fw_ipset.getEntries(ipset) @handle_exceptions def setEntries(self, ipset, entries): return self.fw_ipset.setEntries(ipset, entries) @handle_exceptions def removeEntry(self, ipset, entry): self.fw_ipset.removeEntry(ipset, entry) @handle_exceptions def queryEntry(self, ipset, entry): return dbus_to_python(self.fw_ipset.queryEntry(ipset, entry)) @handle_exceptions def listServices(self): return dbus_to_python(self.fw.listServices()) @handle_exceptions def getServiceSettings(self, service): return FirewallClientServiceSettings(dbus_to_python( self.fw.getServiceSettings2(service))) @handle_exceptions def listIcmpTypes(self): return dbus_to_python(self.fw.listIcmpTypes()) @handle_exceptions def getIcmpTypeSettings(self, icmptype): return FirewallClientIcmpTypeSettings(list(dbus_to_python(\ self.fw.getIcmpTypeSettings(icmptype)))) @handle_exceptions def getHelpers(self): return dbus_to_python(self.fw.getHelpers()) @handle_exceptions def getHelperSettings(self, helper): return FirewallClientHelperSettings(list(dbus_to_python(\ self.fw.getHelperSettings(helper)))) # automatic helper setting @handle_exceptions def getAutomaticHelpers(self): return dbus_to_python(self.fw.getAutomaticHelpers()) @handle_exceptions def setAutomaticHelpers(self, value): self.fw.setAutomaticHelpers(value) # log denied @handle_exceptions def getLogDenied(self): return dbus_to_python(self.fw.getLogDenied()) @handle_exceptions def setLogDenied(self, value): self.fw.setLogDenied(value) # default zone @handle_exceptions def getDefaultZone(self): return dbus_to_python(self.fw.getDefaultZone()) @handle_exceptions def setDefaultZone(self, zone): self.fw.setDefaultZone(zone) # zone @handle_exceptions def setZoneSettings(self, zone, settings): self.fw_zone.setZoneSettings2(zone, settings.getRuntimeSettingsDbusDict()) @handle_exceptions def getZones(self): return dbus_to_python(self.fw_zone.getZones()) @handle_exceptions def getActiveZones(self): return dbus_to_python(self.fw_zone.getActiveZones()) @handle_exceptions def getZoneOfInterface(self, interface): return dbus_to_python(self.fw_zone.getZoneOfInterface(interface)) @handle_exceptions def getZoneOfSource(self, source): return dbus_to_python(self.fw_zone.getZoneOfSource(source)) @handle_exceptions def isImmutable(self, zone): return dbus_to_python(self.fw_zone.isImmutable(zone)) # policy @handle_exceptions def getPolicySettings(self, policy): return FirewallClientPolicySettings(dbus_to_python(self.fw_policy.getPolicySettings(policy))) @handle_exceptions def setPolicySettings(self, policy, settings): self.fw_policy.setPolicySettings(policy, settings.getRuntimeSettingsDbusDict()) @handle_exceptions def getPolicies(self): return dbus_to_python(self.fw_policy.getPolicies()) @handle_exceptions def getActivePolicies(self): return dbus_to_python(self.fw_policy.getActivePolicies()) @handle_exceptions def isPolicyImmutable(self, policy): return dbus_to_python(self.fw_policy.isImmutable(policy)) # interfaces @handle_exceptions def addInterface(self, zone, interface): return dbus_to_python(self.fw_zone.addInterface(zone, interface)) @handle_exceptions def changeZone(self, zone, interface): # DEPRECATED return dbus_to_python(self.fw_zone.changeZone(zone, interface)) @handle_exceptions def changeZoneOfInterface(self, zone, interface): return dbus_to_python(self.fw_zone.changeZoneOfInterface(zone, interface)) @handle_exceptions def getInterfaces(self, zone): return dbus_to_python(self.fw_zone.getInterfaces(zone)) @handle_exceptions def queryInterface(self, zone, interface): return dbus_to_python(self.fw_zone.queryInterface(zone, interface)) @handle_exceptions def removeInterface(self, zone, interface): return dbus_to_python(self.fw_zone.removeInterface(zone, interface)) # sources @handle_exceptions def addSource(self, zone, source): return dbus_to_python(self.fw_zone.addSource(zone, source)) @handle_exceptions def changeZoneOfSource(self, zone, source): return dbus_to_python(self.fw_zone.changeZoneOfSource(zone, source)) @handle_exceptions def getSources(self, zone): return dbus_to_python(self.fw_zone.getSources(zone)) @handle_exceptions def querySource(self, zone, source): return dbus_to_python(self.fw_zone.querySource(zone, source)) @handle_exceptions def removeSource(self, zone, source): return dbus_to_python(self.fw_zone.removeSource(zone, source)) # rich rules @handle_exceptions def addRichRule(self, zone, rule, timeout=0): return dbus_to_python(self.fw_zone.addRichRule(zone, rule, timeout)) @handle_exceptions def getRichRules(self, zone): return dbus_to_python(self.fw_zone.getRichRules(zone)) @handle_exceptions def queryRichRule(self, zone, rule): return dbus_to_python(self.fw_zone.queryRichRule(zone, rule)) @handle_exceptions def removeRichRule(self, zone, rule): return dbus_to_python(self.fw_zone.removeRichRule(zone, rule)) # services @handle_exceptions def addService(self, zone, service, timeout=0): return dbus_to_python(self.fw_zone.addService(zone, service, timeout)) @handle_exceptions def getServices(self, zone): return dbus_to_python(self.fw_zone.getServices(zone)) @handle_exceptions def queryService(self, zone, service): return dbus_to_python(self.fw_zone.queryService(zone, service)) @handle_exceptions def removeService(self, zone, service): return dbus_to_python(self.fw_zone.removeService(zone, service)) # ports @handle_exceptions def addPort(self, zone, port, protocol, timeout=0): return dbus_to_python(self.fw_zone.addPort(zone, port, protocol, timeout)) @handle_exceptions def getPorts(self, zone): return dbus_to_python(self.fw_zone.getPorts(zone)) @handle_exceptions def queryPort(self, zone, port, protocol): return dbus_to_python(self.fw_zone.queryPort(zone, port, protocol)) @handle_exceptions def removePort(self, zone, port, protocol): return dbus_to_python(self.fw_zone.removePort(zone, port, protocol)) # protocols @handle_exceptions def addProtocol(self, zone, protocol, timeout=0): return dbus_to_python(self.fw_zone.addProtocol(zone, protocol, timeout)) @handle_exceptions def getProtocols(self, zone): return dbus_to_python(self.fw_zone.getProtocols(zone)) @handle_exceptions def queryProtocol(self, zone, protocol): return dbus_to_python(self.fw_zone.queryProtocol(zone, protocol)) @handle_exceptions def removeProtocol(self, zone, protocol): return dbus_to_python(self.fw_zone.removeProtocol(zone, protocol)) # forward @handle_exceptions def addForward(self, zone): self.fw_zone.setZoneSettings2(zone, {"forward": True}) @handle_exceptions def queryForward(self, zone): return dbus_to_python(self.fw_zone.getZoneSettings2(zone))["forward"] @handle_exceptions def removeForward(self, zone): self.fw_zone.setZoneSettings2(zone, {"forward": False}) # masquerade @handle_exceptions def addMasquerade(self, zone, timeout=0): return dbus_to_python(self.fw_zone.addMasquerade(zone, timeout)) @handle_exceptions def queryMasquerade(self, zone): return dbus_to_python(self.fw_zone.queryMasquerade(zone)) @handle_exceptions def removeMasquerade(self, zone): return dbus_to_python(self.fw_zone.removeMasquerade(zone)) # forward ports @handle_exceptions def addForwardPort(self, zone, port, protocol, toport, toaddr, timeout=0): if toport is None: toport = "" if toaddr is None: toaddr = "" return dbus_to_python(self.fw_zone.addForwardPort(zone, port, protocol, toport, toaddr, timeout)) @handle_exceptions def getForwardPorts(self, zone): return dbus_to_python(self.fw_zone.getForwardPorts(zone)) @handle_exceptions def queryForwardPort(self, zone, port, protocol, toport, toaddr): if toport is None: toport = "" if toaddr is None: toaddr = "" return dbus_to_python(self.fw_zone.queryForwardPort(zone, port, protocol, toport, toaddr)) @handle_exceptions def removeForwardPort(self, zone, port, protocol, toport, toaddr): if toport is None: toport = "" if toaddr is None: toaddr = "" return dbus_to_python(self.fw_zone.removeForwardPort(zone, port, protocol, toport, toaddr)) # source ports @handle_exceptions def addSourcePort(self, zone, port, protocol, timeout=0): return dbus_to_python(self.fw_zone.addSourcePort(zone, port, protocol, timeout)) @handle_exceptions def getSourcePorts(self, zone): return dbus_to_python(self.fw_zone.getSourcePorts(zone)) @handle_exceptions def querySourcePort(self, zone, port, protocol): return dbus_to_python(self.fw_zone.querySourcePort(zone, port, protocol)) @handle_exceptions def removeSourcePort(self, zone, port, protocol): return dbus_to_python(self.fw_zone.removeSourcePort(zone, port, protocol)) # icmpblock @handle_exceptions def addIcmpBlock(self, zone, icmp, timeout=0): return dbus_to_python(self.fw_zone.addIcmpBlock(zone, icmp, timeout)) @handle_exceptions def getIcmpBlocks(self, zone): return dbus_to_python(self.fw_zone.getIcmpBlocks(zone)) @handle_exceptions def queryIcmpBlock(self, zone, icmp): return dbus_to_python(self.fw_zone.queryIcmpBlock(zone, icmp)) @handle_exceptions def removeIcmpBlock(self, zone, icmp): return dbus_to_python(self.fw_zone.removeIcmpBlock(zone, icmp)) # icmp block inversion @handle_exceptions def addIcmpBlockInversion(self, zone): return dbus_to_python(self.fw_zone.addIcmpBlockInversion(zone)) @handle_exceptions def queryIcmpBlockInversion(self, zone): return dbus_to_python(self.fw_zone.queryIcmpBlockInversion(zone)) @handle_exceptions def removeIcmpBlockInversion(self, zone): return dbus_to_python(self.fw_zone.removeIcmpBlockInversion(zone)) # direct chain @handle_exceptions def addChain(self, ipv, table, chain): self.fw_direct.addChain(ipv, table, chain) @handle_exceptions def removeChain(self, ipv, table, chain): self.fw_direct.removeChain(ipv, table, chain) @handle_exceptions def queryChain(self, ipv, table, chain): return dbus_to_python(self.fw_direct.queryChain(ipv, table, chain)) @handle_exceptions def getChains(self, ipv, table): return dbus_to_python(self.fw_direct.getChains(ipv, table)) @handle_exceptions def getAllChains(self): return dbus_to_python(self.fw_direct.getAllChains()) # direct rule @handle_exceptions def addRule(self, ipv, table, chain, priority, args): self.fw_direct.addRule(ipv, table, chain, priority, args) @handle_exceptions def removeRule(self, ipv, table, chain, priority, args): self.fw_direct.removeRule(ipv, table, chain, priority, args) @handle_exceptions def removeRules(self, ipv, table, chain): self.fw_direct.removeRules(ipv, table, chain) @handle_exceptions def queryRule(self, ipv, table, chain, priority, args): return dbus_to_python(self.fw_direct.queryRule(ipv, table, chain, priority, args)) @handle_exceptions def getRules(self, ipv, table, chain): return dbus_to_python(self.fw_direct.getRules(ipv, table, chain)) @handle_exceptions def getAllRules(self): return dbus_to_python(self.fw_direct.getAllRules()) # direct passthrough @handle_exceptions def passthrough(self, ipv, args): return dbus_to_python(self.fw_direct.passthrough(ipv, args)) # tracked passthrough @handle_exceptions def getAllPassthroughs(self): return dbus_to_python(self.fw_direct.getAllPassthroughs()) @handle_exceptions def removeAllPassthroughs(self): self.fw_direct.removeAllPassthroughs() @handle_exceptions def getPassthroughs(self, ipv): return dbus_to_python(self.fw_direct.getPassthroughs(ipv)) @handle_exceptions def addPassthrough(self, ipv, args): self.fw_direct.addPassthrough(ipv, args) @handle_exceptions def removePassthrough(self, ipv, args): self.fw_direct.removePassthrough(ipv, args) @handle_exceptions def queryPassthrough(self, ipv, args): return dbus_to_python(self.fw_direct.queryPassthrough(ipv, args)) # lockdown @handle_exceptions def enableLockdown(self): self.fw_policies.enableLockdown() @handle_exceptions def disableLockdown(self): self.fw_policies.disableLockdown() @handle_exceptions def queryLockdown(self): return dbus_to_python(self.fw_policies.queryLockdown()) # policies # lockdown white list commands @handle_exceptions def addLockdownWhitelistCommand(self, command): self.fw_policies.addLockdownWhitelistCommand(command) @handle_exceptions def getLockdownWhitelistCommands(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistCommands()) @handle_exceptions def queryLockdownWhitelistCommand(self, command): return dbus_to_python(self.fw_policies.queryLockdownWhitelistCommand(command)) @handle_exceptions def removeLockdownWhitelistCommand(self, command): self.fw_policies.removeLockdownWhitelistCommand(command) # lockdown white list contexts @handle_exceptions def addLockdownWhitelistContext(self, context): self.fw_policies.addLockdownWhitelistContext(context) @handle_exceptions def getLockdownWhitelistContexts(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistContexts()) @handle_exceptions def queryLockdownWhitelistContext(self, context): return dbus_to_python(self.fw_policies.queryLockdownWhitelistContext(context)) @handle_exceptions def removeLockdownWhitelistContext(self, context): self.fw_policies.removeLockdownWhitelistContext(context) # lockdown white list uids @handle_exceptions def addLockdownWhitelistUid(self, uid): self.fw_policies.addLockdownWhitelistUid(uid) @handle_exceptions def getLockdownWhitelistUids(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistUids()) @handle_exceptions def queryLockdownWhitelistUid(self, uid): return dbus_to_python(self.fw_policies.queryLockdownWhitelistUid(uid)) @handle_exceptions def removeLockdownWhitelistUid(self, uid): self.fw_policies.removeLockdownWhitelistUid(uid) # lockdown white list users @handle_exceptions def addLockdownWhitelistUser(self, user): self.fw_policies.addLockdownWhitelistUser(user) @handle_exceptions def getLockdownWhitelistUsers(self): return dbus_to_python(self.fw_policies.getLockdownWhitelistUsers()) @handle_exceptions def queryLockdownWhitelistUser(self, user): return dbus_to_python(self.fw_policies.queryLockdownWhitelistUser(user)) @handle_exceptions def removeLockdownWhitelistUser(self, user): self.fw_policies.removeLockdownWhitelistUser(user) @handle_exceptions def authorizeAll(self): """ Authorize once for all polkit actions. """ self.fw.authorizeAll() firewalld-1.1.1/src/firewall/command.py0000644000000000000000000005730114217342322020053 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # """FirewallCommand class for command line client simplification""" __all__ = [ "FirewallCommand" ] import sys from firewall import errors from firewall.errors import FirewallError from dbus.exceptions import DBusException from firewall.functions import checkIPnMask, checkIP6nMask, check_mac, \ check_port, check_single_address class FirewallCommand(object): def __init__(self, quiet=False, verbose=False): self.quiet = quiet self.verbose = verbose self.__use_exception_handler = True self.fw = None def set_fw(self, fw): self.fw = fw def set_quiet(self, flag): self.quiet = flag def get_quiet(self): return self.quiet def set_verbose(self, flag): self.verbose = flag def get_verbose(self): return self.verbose def print_msg(self, msg=None): if msg is not None and not self.quiet: sys.stdout.write(msg + "\n") def print_error_msg(self, msg=None): if msg is not None and not self.quiet: sys.stderr.write(msg + "\n") def print_warning(self, msg=None): FAIL = '\033[91m' END = '\033[00m' if sys.stderr.isatty(): msg = FAIL + msg + END self.print_error_msg(msg) def print_and_exit(self, msg=None, exit_code=0): #OK = '\033[92m' #END = '\033[00m' if exit_code > 1: self.print_warning(msg) else: #if sys.stdout.isatty(): # msg = OK + msg + END self.print_msg(msg) sys.exit(exit_code) def fail(self, msg=None): self.print_and_exit(msg, 2) def print_if_verbose(self, msg=None): if msg is not None and self.verbose: sys.stdout.write(msg + "\n") def __cmd_sequence(self, cmd_type, option, action_method, query_method, # pylint: disable=W0613, R0913, R0914 parse_method, message, start_args=None, end_args=None, # pylint: disable=W0613 no_exit=False): if self.fw is not None: self.fw.authorizeAll() items = [ ] _errors = 0 _error_codes = [ ] for item in option: if parse_method is not None: try: item = parse_method(item) except Exception as msg: code = FirewallError.get_code(str(msg)) if len(option) > 1: self.print_warning("Warning: %s" % msg) else: self.print_and_exit("Error: %s" % msg, code) if code not in _error_codes: _error_codes.append(code) _errors += 1 continue items.append(item) for item in items: call_item = [ ] if start_args is not None: call_item += start_args if not isinstance(item, list) and not isinstance(item, tuple): call_item.append(item) else: call_item += item if end_args is not None: call_item += end_args self.deactivate_exception_handler() try: action_method(*call_item) except (DBusException, Exception) as msg: if isinstance(msg, DBusException): self.fail_if_not_authorized(msg.get_dbus_name()) msg = msg.get_dbus_message() else: msg = str(msg) code = FirewallError.get_code(msg) if code in [ errors.ALREADY_ENABLED, errors.NOT_ENABLED, errors.ZONE_ALREADY_SET, errors.ALREADY_SET ]: code = 0 if len(option) > 1: self.print_warning("Warning: %s" % msg) elif code == 0: self.print_warning("Warning: %s" % msg) return else: self.print_and_exit("Error: %s" % msg, code) if code not in _error_codes: _error_codes.append(code) _errors += 1 self.activate_exception_handler() if not no_exit: if len(option) > _errors or 0 in _error_codes: # There have been more options than errors or there # was at least one error code 0, return. return elif len(_error_codes) == 1: # Exactly one error code, use it. sys.exit(_error_codes[0]) elif len(_error_codes) > 1: # There is more than error, exit using # UNKNOWN_ERROR. This could happen within sequences # where parsing failed with different errors like # INVALID_PORT and INVALID_PROTOCOL. sys.exit(errors.UNKNOWN_ERROR) def add_sequence(self, option, action_method, query_method, parse_method, # pylint: disable=R0913 message, no_exit=False): self.__cmd_sequence("add", option, action_method, query_method, parse_method, message, no_exit=no_exit) def x_add_sequence(self, x, option, action_method, query_method, # pylint: disable=R0913 parse_method, message, no_exit=False): self.__cmd_sequence("add", option, action_method, query_method, parse_method, message, start_args=[x], no_exit=no_exit) def zone_add_timeout_sequence(self, zone, option, action_method, # pylint: disable=R0913 query_method, parse_method, message, timeout, no_exit=False): self.__cmd_sequence("add", option, action_method, query_method, parse_method, message, start_args=[zone], end_args=[timeout], no_exit=no_exit) def remove_sequence(self, option, action_method, query_method, # pylint: disable=R0913 parse_method, message, no_exit=False): self.__cmd_sequence("remove", option, action_method, query_method, parse_method, message, no_exit=no_exit) def x_remove_sequence(self, x, option, action_method, query_method, # pylint: disable=R0913 parse_method, message, no_exit=False): self.__cmd_sequence("remove", option, action_method, query_method, parse_method, message, start_args=[x], no_exit=no_exit) def __query_sequence(self, option, query_method, parse_method, message, # pylint: disable=R0913 start_args=None, no_exit=False): items = [ ] for item in option: if parse_method is not None: try: item = parse_method(item) except Exception as msg: if len(option) > 1: self.print_warning("Warning: %s" % msg) continue else: code = FirewallError.get_code(str(msg)) self.print_and_exit("Error: %s" % msg, code) items.append(item) for item in items: call_item = [ ] if start_args is not None: call_item += start_args if not isinstance(item, list) and not isinstance(item, tuple): call_item.append(item) else: call_item += item self.deactivate_exception_handler() try: res = query_method(*call_item) except DBusException as msg: self.fail_if_not_authorized(msg.get_dbus_name()) code = FirewallError.get_code(msg.get_dbus_message()) if len(option) > 1: self.print_warning("Warning: %s" % msg.get_dbus_message()) continue else: self.print_and_exit("Error: %s" % msg.get_dbus_message(), code) except Exception as msg: code = FirewallError.get_code(str(msg)) if len(option) > 1: self.print_warning("Warning: %s" % msg) else: self.print_and_exit("Error: %s" % msg, code) self.activate_exception_handler() if len(option) > 1: self.print_msg("%s: %s" % (message % item, ("no", "yes")[res])) else: self.print_query_result(res) if not no_exit: sys.exit(0) def query_sequence(self, option, query_method, parse_method, message, # pylint: disable=R0913 no_exit=False): self.__query_sequence(option, query_method, parse_method, message, no_exit=no_exit) def x_query_sequence(self, x, option, query_method, parse_method, # pylint: disable=R0913 message, no_exit=False): self.__query_sequence(option, query_method, parse_method, message, start_args=[x], no_exit=no_exit) def parse_source(self, value): if not checkIPnMask(value) and not checkIP6nMask(value) \ and not check_mac(value) and not \ (value.startswith("ipset:") and len(value) > 6): raise FirewallError(errors.INVALID_ADDR, "'%s' is no valid IPv4, IPv6 or MAC address, nor an ipset" % value) return value def parse_port(self, value, separator="/"): try: (port, proto) = value.split(separator) except ValueError: raise FirewallError(errors.INVALID_PORT, "bad port (most likely " "missing protocol), correct syntax is " "portid[-portid]%sprotocol" % separator) if not check_port(port): raise FirewallError(errors.INVALID_PORT, port) if proto not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \ proto) return (port, proto) def parse_forward_port(self, value, compat=False): port = None protocol = None toport = None toaddr = None i = 0 while ("=" in value[i:]): opt = value[i:].split("=", 1)[0] i += len(opt) + 1 if "=" in value[i:]: val = value[i:].split(":", 1)[0] else: val = value[i:] i += len(val) + 1 if opt == "port": port = val elif opt == "proto": protocol = val elif opt == "toport": toport = val elif opt == "toaddr": toaddr = val elif opt == "if" and compat: # ignore if option in compat mode pass else: raise FirewallError(errors.INVALID_FORWARD, "invalid forward port arg '%s'" % (opt)) if not port: raise FirewallError(errors.INVALID_FORWARD, "missing port") if not protocol: raise FirewallError(errors.INVALID_FORWARD, "missing protocol") if not (toport or toaddr): raise FirewallError(errors.INVALID_FORWARD, "missing destination") if not check_port(port): raise FirewallError(errors.INVALID_PORT, port) if protocol not in [ "tcp", "udp", "sctp", "dccp" ]: raise FirewallError(errors.INVALID_PROTOCOL, "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \ protocol) if toport and not check_port(toport): raise FirewallError(errors.INVALID_PORT, toport) if toaddr and not check_single_address("ipv4", toaddr): if compat or not check_single_address("ipv6", toaddr): raise FirewallError(errors.INVALID_ADDR, toaddr) return (port, protocol, toport, toaddr) def parse_ipset_option(self, value): args = value.split("=") if len(args) == 1: return (args[0], "") elif len(args) == 2: return args else: raise FirewallError(errors.INVALID_OPTION, "invalid ipset option '%s'" % (value)) def check_destination_ipv(self, value): ipvs = [ "ipv4", "ipv6", ] if value not in ipvs: raise FirewallError(errors.INVALID_IPV, "invalid argument: %s (choose from '%s')" % \ (value, "', '".join(ipvs))) return value def parse_service_destination(self, value): try: (ipv, destination) = value.split(":", 1) except ValueError: raise FirewallError(errors.INVALID_DESTINATION, "destination syntax is ipv:address[/mask]") return (self.check_destination_ipv(ipv), destination) def check_ipv(self, value): ipvs = [ "ipv4", "ipv6", "eb" ] if value not in ipvs: raise FirewallError(errors.INVALID_IPV, "invalid argument: %s (choose from '%s')" % \ (value, "', '".join(ipvs))) return value def check_helper_family(self, value): ipvs = [ "", "ipv4", "ipv6" ] if value not in ipvs: raise FirewallError(errors.INVALID_IPV, "invalid argument: %s (choose from '%s')" % \ (value, "', '".join(ipvs))) return value def check_module(self, value): if not value.startswith("nf_conntrack_"): raise FirewallError( errors.INVALID_MODULE, "'%s' does not start with 'nf_conntrack_'" % value) if len(value.replace("nf_conntrack_", "")) < 1: raise FirewallError(errors.INVALID_MODULE, "Module name '%s' too short" % value) return value def print_zone_policy_info(self, zone, settings, default_zone=None, extra_interfaces=[], isPolicy=True): # pylint: disable=R0914 target = settings.getTarget() services = settings.getServices() ports = settings.getPorts() protocols = settings.getProtocols() masquerade = settings.getMasquerade() forward_ports = settings.getForwardPorts() source_ports = settings.getSourcePorts() icmp_blocks = settings.getIcmpBlocks() rules = settings.getRichRules() description = settings.getDescription() short_description = settings.getShort() if isPolicy: ingress_zones = settings.getIngressZones() egress_zones = settings.getEgressZones() priority = settings.getPriority() else: icmp_block_inversion = settings.getIcmpBlockInversion() interfaces = sorted(set(settings.getInterfaces() + extra_interfaces)) sources = settings.getSources() forward = settings.getForward() def rich_rule_sorted_key(rule): priority = 0 search_str = "priority=" try: i = rule.index(search_str) except ValueError: pass else: i += len(search_str) priority = int(rule[i:i+(rule[i:].index(" "))].replace("\"", "")) return priority attributes = [] if default_zone is not None: if zone == default_zone: attributes.append("default") if (not isPolicy and (interfaces or sources)) or \ ( isPolicy and ingress_zones and egress_zones): attributes.append("active") if attributes: zone = zone + " (%s)" % ", ".join(attributes) self.print_msg(zone) if self.verbose: self.print_msg(" summary: " + short_description) self.print_msg(" description: " + description) if isPolicy: self.print_msg(" priority: " + str(priority)) self.print_msg(" target: " + target) if not isPolicy: self.print_msg(" icmp-block-inversion: %s" % \ ("yes" if icmp_block_inversion else "no")) if isPolicy: self.print_msg(" ingress-zones: " + " ".join(ingress_zones)) self.print_msg(" egress-zones: " + " ".join(egress_zones)) else: self.print_msg(" interfaces: " + " ".join(interfaces)) self.print_msg(" sources: " + " ".join(sources)) self.print_msg(" services: " + " ".join(sorted(services))) self.print_msg(" ports: " + " ".join(["%s/%s" % (port[0], port[1]) for port in ports])) self.print_msg(" protocols: " + " ".join(sorted(protocols))) if not isPolicy: self.print_msg(" forward: %s" % ("yes" if forward else "no")) self.print_msg(" masquerade: %s" % ("yes" if masquerade else "no")) self.print_msg(" forward-ports: " + ("\n\t" if forward_ports else "") + "\n\t".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % \ (port, proto, toport, toaddr) for (port, proto, toport, toaddr) in \ forward_ports])) self.print_msg(" source-ports: " + " ".join(["%s/%s" % (port[0], port[1]) for port in source_ports])) self.print_msg(" icmp-blocks: " + " ".join(icmp_blocks)) self.print_msg(" rich rules: " + ("\n\t" if rules else "") + "\n\t".join(sorted(rules, key=rich_rule_sorted_key))) def print_zone_info(self, zone, settings, default_zone=None, extra_interfaces=[]): self.print_zone_policy_info(zone, settings, default_zone=default_zone, extra_interfaces=extra_interfaces, isPolicy=False) def print_policy_info(self, policy, settings, default_zone=None, extra_interfaces=[]): self.print_zone_policy_info(policy, settings, default_zone=default_zone, extra_interfaces=extra_interfaces, isPolicy=True) def print_service_info(self, service, settings): ports = settings.getPorts() protocols = settings.getProtocols() source_ports = settings.getSourcePorts() modules = settings.getModules() description = settings.getDescription() destinations = settings.getDestinations() short_description = settings.getShort() includes = settings.getIncludes() helpers = settings.getHelpers() self.print_msg(service) if self.verbose: self.print_msg(" summary: " + short_description) self.print_msg(" description: " + description) self.print_msg(" ports: " + " ".join(["%s/%s" % (port[0], port[1]) for port in ports])) self.print_msg(" protocols: " + " ".join(protocols)) self.print_msg(" source-ports: " + " ".join(["%s/%s" % (port[0], port[1]) for port in source_ports])) self.print_msg(" modules: " + " ".join(modules)) self.print_msg(" destination: " + " ".join(["%s:%s" % (k, v) for k, v in destinations.items()])) self.print_msg(" includes: " + " ".join(sorted(includes))) self.print_msg(" helpers: " + " ".join(sorted(helpers))) def print_icmptype_info(self, icmptype, settings): destinations = settings.getDestinations() description = settings.getDescription() short_description = settings.getShort() if len(destinations) == 0: destinations = [ "ipv4", "ipv6" ] self.print_msg(icmptype) if self.verbose: self.print_msg(" summary: " + short_description) self.print_msg(" description: " + description) self.print_msg(" destination: " + " ".join(destinations)) def print_ipset_info(self, ipset, settings): ipset_type = settings.getType() options = settings.getOptions() entries = settings.getEntries() description = settings.getDescription() short_description = settings.getShort() self.print_msg(ipset) if self.verbose: self.print_msg(" summary: " + short_description) self.print_msg(" description: " + description) self.print_msg(" type: " + ipset_type) self.print_msg(" options: " + " ".join(["%s=%s" % (k, v) if v else k for k, v in options.items()])) self.print_msg(" entries: " + " ".join(entries)) def print_helper_info(self, helper, settings): ports = settings.getPorts() module = settings.getModule() family = settings.getFamily() description = settings.getDescription() short_description = settings.getShort() self.print_msg(helper) if self.verbose: self.print_msg(" summary: " + short_description) self.print_msg(" description: " + description) self.print_msg(" family: " + family) self.print_msg(" module: " + module) self.print_msg(" ports: " + " ".join(["%s/%s" % (port[0], port[1]) for port in ports])) def print_query_result(self, value): if value: self.print_and_exit("yes") else: self.print_and_exit("no", 1) def exception_handler(self, exception_message): if not self.__use_exception_handler: raise self.fail_if_not_authorized(exception_message) code = FirewallError.get_code(str(exception_message)) if code in [ errors.ALREADY_ENABLED, errors.NOT_ENABLED, errors.ZONE_ALREADY_SET, errors.ALREADY_SET ]: self.print_warning("Warning: %s" % exception_message) else: self.print_and_exit("Error: %s" % exception_message, code) def fail_if_not_authorized(self, exception_message): if "NotAuthorizedException" in exception_message: msg = """Authorization failed. Make sure polkit agent is running or run the application as superuser.""" self.print_and_exit(msg, errors.NOT_AUTHORIZED) def deactivate_exception_handler(self): self.__use_exception_handler = False def activate_exception_handler(self): self.__use_exception_handler = True def get_ipset_entries_from_file(self, filename): entries = [ ] entries_set = set() f = open(filename) for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] in ['#', ';']: continue if line not in entries_set: entries.append(line) entries_set.add(line) f.close() return entries firewalld-1.1.1/src/firewall/dbus_utils.py0000644000000000000000000002230114217342322020602 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2011-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "command_of_pid", "pid_of_sender", "uid_of_sender", "user_of_uid", "context_of_sender", "command_of_sender", "user_of_sender", "dbus_to_python", "dbus_signature", "dbus_introspection_prepare_properties", "dbus_introspection_add_properties" ] import dbus import pwd from xml.dom import minidom from firewall.core.logger import log def command_of_pid(pid): """ Get command for pid from /proc """ try: with open("/proc/%d/cmdline" % pid, "r") as f: cmd = f.readlines()[0].replace('\0', " ").strip() except Exception: return None return cmd def pid_of_sender(bus, sender): """ Get pid from sender string using org.freedesktop.DBus.GetConnectionUnixProcessID """ dbus_obj = bus.get_object('org.freedesktop.DBus', '/org/freedesktop/DBus') dbus_iface = dbus.Interface(dbus_obj, 'org.freedesktop.DBus') try: pid = int(dbus_iface.GetConnectionUnixProcessID(sender)) except ValueError: return None return pid def uid_of_sender(bus, sender): """ Get user id from sender string using org.freedesktop.DBus.GetConnectionUnixUser """ dbus_obj = bus.get_object('org.freedesktop.DBus', '/org/freedesktop/DBus') dbus_iface = dbus.Interface(dbus_obj, 'org.freedesktop.DBus') try: uid = int(dbus_iface.GetConnectionUnixUser(sender)) except ValueError: return None return uid def user_of_uid(uid): """ Get user for uid from pwd """ try: pws = pwd.getpwuid(uid) except Exception: return None return pws[0] def context_of_sender(bus, sender): """ Get SELinux context from sender string using org.freedesktop.DBus.GetConnectionSELinuxSecurityContext """ dbus_obj = bus.get_object('org.freedesktop.DBus', '/org/freedesktop/DBus') dbus_iface = dbus.Interface(dbus_obj, 'org.freedesktop.DBus') try: context = dbus_iface.GetConnectionSELinuxSecurityContext(sender) except Exception: return None return "".join(map(chr, dbus_to_python(context))) def command_of_sender(bus, sender): """ Return command of D-Bus sender """ return command_of_pid(pid_of_sender(bus, sender)) def user_of_sender(bus, sender): return user_of_uid(uid_of_sender(bus, sender)) def dbus_to_python(obj, expected_type=None): if obj is None: python_obj = obj elif isinstance(obj, dbus.Boolean): python_obj = bool(obj) elif isinstance(obj, dbus.String): python_obj = str(obj) elif isinstance(obj, dbus.ObjectPath): python_obj = str(obj) elif isinstance(obj, dbus.Byte) or \ isinstance(obj, dbus.Int16) or \ isinstance(obj, dbus.Int32) or \ isinstance(obj, dbus.Int64) or \ isinstance(obj, dbus.UInt16) or \ isinstance(obj, dbus.UInt32) or \ isinstance(obj, dbus.UInt64): python_obj = int(obj) elif isinstance(obj, dbus.Double): python_obj = float(obj) elif isinstance(obj, dbus.Array): python_obj = [dbus_to_python(x) for x in obj] elif isinstance(obj, dbus.Struct): python_obj = tuple([dbus_to_python(x) for x in obj]) elif isinstance(obj, dbus.Dictionary): python_obj = {dbus_to_python(k): dbus_to_python(v) for k, v in obj.items()} elif isinstance(obj, bool) or \ isinstance(obj, str) or isinstance(obj, bytes) or \ isinstance(obj, int) or isinstance(obj, float) or \ isinstance(obj, list) or isinstance(obj, tuple) or \ isinstance(obj, dict): python_obj = obj else: raise TypeError("Unhandled %s" % repr(obj)) if expected_type is not None: if (expected_type == bool and not isinstance(python_obj, bool)) or \ (expected_type == str and not isinstance(python_obj, str)) or \ (expected_type == int and not isinstance(python_obj, int)) or \ (expected_type == float and not isinstance(python_obj, float)) or \ (expected_type == list and not isinstance(python_obj, list)) or \ (expected_type == tuple and not isinstance(python_obj, tuple)) or \ (expected_type == dict and not isinstance(python_obj, dict)): raise TypeError("%s is %s, expected %s" % (python_obj, type(python_obj), expected_type)) return python_obj def dbus_signature(obj): if isinstance(obj, dbus.Boolean): return 'b' elif isinstance(obj, dbus.String): return 's' elif isinstance(obj, dbus.ObjectPath): return 'o' elif isinstance(obj, dbus.Byte): return 'y' elif isinstance(obj, dbus.Int16): return 'n' elif isinstance(obj, dbus.Int32): return 'i' elif isinstance(obj, dbus.Int64): return 'x' elif isinstance(obj, dbus.UInt16): return 'q' elif isinstance(obj, dbus.UInt32): return 'u' elif isinstance(obj, dbus.UInt64): return 't' elif isinstance(obj, dbus.Double): return 'd' elif isinstance(obj, dbus.Array): if len(obj.signature) > 1: return 'a(%s)' % obj.signature else: return 'a%s' % obj.signature elif isinstance(obj, dbus.Struct): return '(%s)' % obj.signature elif isinstance(obj, dbus.Dictionary): return 'a{%s}' % obj.signature else: raise TypeError("Unhandled %s" % repr(obj)) def dbus_introspection_prepare_properties(obj, interface, access=None): if access is None: access = { } if not hasattr(obj, "_fw_dbus_properties"): setattr(obj, "_fw_dbus_properties", { }) dip = getattr(obj, "_fw_dbus_properties") dip[interface] = { } try: _dict = obj.GetAll(interface) except Exception: _dict = { } for key,value in _dict.items(): dip[interface][key] = { "type": dbus_signature(value) } if key in access: dip[interface][key]["access"] = access[key] else: dip[interface][key]["access"] = "read" def dbus_introspection_add_properties(obj, data, interface): doc = minidom.parseString(data) if hasattr(obj, "_fw_dbus_properties"): for node in doc.getElementsByTagName("interface"): if node.hasAttribute("name") and \ node.getAttribute("name") == interface: dip = { } if getattr(obj, "_fw_dbus_properties"): dip = getattr(obj, "_fw_dbus_properties") if interface in dip: for key,value in dip[interface].items(): prop = doc.createElement("property") prop.setAttribute("name", key) prop.setAttribute("type", value["type"]) prop.setAttribute("access", value["access"]) node.appendChild(prop) log.debug10(doc.toxml()) new_data = doc.toxml() doc.unlink() return new_data def dbus_introspection_add_deprecated(obj, data, interface, deprecated_methods, deprecated_signals): doc = minidom.parseString(data) if interface in deprecated_methods: for node in doc.getElementsByTagName("interface"): if node.hasAttribute("name") and \ node.getAttribute("name") == interface: for method_node in node.getElementsByTagName("method"): if method_node.hasAttribute("name") and \ method_node.getAttribute("name") in deprecated_methods[interface]: annotation = doc.createElement("annotation") annotation.setAttribute("name", "org.freedesktop.DBus.Deprecated") annotation.setAttribute("value", "true") method_node.appendChild(annotation) if interface in deprecated_signals: for node in doc.getElementsByTagName("interface"): if node.hasAttribute("name") and \ node.getAttribute("name") == interface: for signal_node in node.getElementsByTagName("signal"): if signal_node.hasAttribute("name") and \ signal_node.getAttribute("name") in deprecated_signals[interface]: annotation = doc.createElement("annotation") annotation.setAttribute("name", "org.freedesktop.DBus.Deprecated") annotation.setAttribute("value", "true") signal_node.appendChild(annotation) log.debug10(doc.toxml()) data = doc.toxml() doc.unlink() return data firewalld-1.1.1/src/firewall/errors.py0000644000000000000000000001046414217342322017750 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2010-2012 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # ALREADY_ENABLED = 11 NOT_ENABLED = 12 COMMAND_FAILED = 13 NO_IPV6_NAT = 14 PANIC_MODE = 15 ZONE_ALREADY_SET = 16 UNKNOWN_INTERFACE = 17 ZONE_CONFLICT = 18 BUILTIN_CHAIN = 19 EBTABLES_NO_REJECT = 20 NOT_OVERLOADABLE = 21 NO_DEFAULTS = 22 BUILTIN_ZONE = 23 BUILTIN_SERVICE = 24 BUILTIN_ICMPTYPE = 25 NAME_CONFLICT = 26 NAME_MISMATCH = 27 PARSE_ERROR = 28 ACCESS_DENIED = 29 UNKNOWN_SOURCE = 30 RT_TO_PERM_FAILED = 31 IPSET_WITH_TIMEOUT = 32 BUILTIN_IPSET = 33 ALREADY_SET = 34 MISSING_IMPORT = 35 DBUS_ERROR = 36 BUILTIN_HELPER = 37 NOT_APPLIED = 38 INVALID_ACTION = 100 INVALID_SERVICE = 101 INVALID_PORT = 102 INVALID_PROTOCOL = 103 INVALID_INTERFACE = 104 INVALID_ADDR = 105 INVALID_FORWARD = 106 INVALID_ICMPTYPE = 107 INVALID_TABLE = 108 INVALID_CHAIN = 109 INVALID_TARGET = 110 INVALID_IPV = 111 INVALID_ZONE = 112 INVALID_PROPERTY = 113 INVALID_VALUE = 114 INVALID_OBJECT = 115 INVALID_NAME = 116 INVALID_FILENAME = 117 INVALID_DIRECTORY = 118 INVALID_TYPE = 119 INVALID_SETTING = 120 INVALID_DESTINATION = 121 INVALID_RULE = 122 INVALID_LIMIT = 123 INVALID_FAMILY = 124 INVALID_LOG_LEVEL = 125 INVALID_AUDIT_TYPE = 126 INVALID_MARK = 127 INVALID_CONTEXT = 128 INVALID_COMMAND = 129 INVALID_USER = 130 INVALID_UID = 131 INVALID_MODULE = 132 INVALID_PASSTHROUGH = 133 INVALID_MAC = 134 INVALID_IPSET = 135 INVALID_ENTRY = 136 INVALID_OPTION = 137 INVALID_HELPER = 138 INVALID_PRIORITY = 139 INVALID_POLICY = 140 INVALID_LOG_PREFIX = 141 INVALID_NFLOG_GROUP = 142 INVALID_NFLOG_QUEUE = 143 MISSING_TABLE = 200 MISSING_CHAIN = 201 MISSING_PORT = 202 MISSING_PROTOCOL = 203 MISSING_ADDR = 204 MISSING_NAME = 205 MISSING_SETTING = 206 MISSING_FAMILY = 207 RUNNING_BUT_FAILED = 251 NOT_RUNNING = 252 NOT_AUTHORIZED = 253 UNKNOWN_ERROR = 254 import sys class FirewallError(Exception): def __init__(self, code, msg=None): self.code = code if msg is not None: # escape msg if needed if sys.version < '3': try: x = str(msg) # noqa: F841 except UnicodeEncodeError: msg = unicode(msg).encode("unicode_escape") # noqa: F821 self.msg = msg def __repr__(self): return '%s(%r, %r)' % (self.__class__, self.code, self.msg) def __str__(self): if self.msg: return "%s: %s" % (self.errors[self.code], self.msg) return self.errors[self.code] def get_code(msg): if ":" in msg: idx = msg.index(":") ecode = msg[:idx] else: ecode = msg try: code = FirewallError.codes[ecode] except KeyError: code = UNKNOWN_ERROR return code get_code = staticmethod(get_code) mod = sys.modules[FirewallError.__module__] FirewallError.errors = { getattr(mod,varname) : varname for varname in dir(mod) if not varname.startswith("_") and \ type(getattr(mod,varname)) == int } FirewallError.codes = { FirewallError.errors[code] : code for code in FirewallError.errors } firewalld-1.1.1/src/firewall/functions.py0000644000000000000000000004507614217342322020453 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2007,2008,2011,2012 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "getPortID", "getPortRange", "portStr", "getServiceName", "checkIP", "checkIP6", "checkIPnMask", "checkIP6nMask", "checkProtocol", "checkInterface", "checkUINT16", "checkUINT32", "firewalld_is_active", "tempFile", "readfile", "writefile", "enable_ip_forwarding", "check_port", "check_address", "check_single_address", "check_mac", "uniqify", "ppid_of_pid", "max_zone_name_len", "checkUser", "checkUid", "checkCommand", "checkContext", "joinArgs", "splitArgs", "max_policy_name_len", "checkTcpMssClamp", "stripNonPrintableCharacters"] import socket import os import os.path import shlex import pipes import string import tempfile from firewall.core.logger import log from firewall.config import FIREWALLD_TEMPDIR, FIREWALLD_PIDFILE NOPRINT_TRANS_TABLE = { # Limit to C0 and C1 code points. Building entries for all unicode code # points requires too much memory. # C0 = [0, 31] # C1 = [127, 159] # i: None for i in range(0, 160) if not (i > 31 and i < 127) } def getPortID(port): """ Check and Get port id from port string or port id using socket.getservbyname @param port port string or port id @return Port id if valid, -1 if port can not be found and -2 if port is too big """ if isinstance(port, int): _id = port else: if port: port = port.strip() try: _id = int(port) except ValueError: try: _id = socket.getservbyname(port) except socket.error: return -1 if _id > 65535: return -2 return _id def getPortRange(ports): """ Get port range for port range string or single port id @param ports an integer or port string or port range string @return Array containing start and end port id for a valid range or -1 if port can not be found and -2 if port is too big for integer input or -1 for invalid ranges or None if the range is ambiguous. """ # (port, port) or [port, port] case if isinstance(ports, tuple) or isinstance(ports, list): return ports # "" case if isinstance(ports, int) or ports.isdigit(): id1 = getPortID(ports) if id1 >= 0: return (id1,) return id1 splits = ports.split("-") # "-" case if len(splits) == 2 and splits[0].isdigit() and splits[1].isdigit(): id1 = getPortID(splits[0]) id2 = getPortID(splits[1]) if id1 >= 0 and id2 >= 0: if id1 < id2: return (id1, id2) elif id1 > id2: return (id2, id1) else: # ids are the same return (id1,) # everything else "[-]" matched = [ ] for i in range(len(splits), 0, -1): id1 = getPortID("-".join(splits[:i])) port2 = "-".join(splits[i:]) if len(port2) > 0: id2 = getPortID(port2) if id1 >= 0 and id2 >= 0: if id1 < id2: matched.append((id1, id2)) elif id1 > id2: matched.append((id2, id1)) else: matched.append((id1, )) else: if id1 >= 0: matched.append((id1,)) if i == len(splits): # full match, stop here break if len(matched) < 1: return -1 elif len(matched) > 1: return None return matched[0] def portStr(port, delimiter=":"): """ Create port and port range string @param port port or port range int or [int, int] @param delimiter of the output string for port ranges, default ':' @return Port or port range string, empty string if port isn't specified, None if port or port range is not valid """ if port == "": return "" _range = getPortRange(port) if isinstance(_range, int) and _range < 0: return None elif len(_range) == 1: return "%s" % _range else: return "%s%s%s" % (_range[0], delimiter, _range[1]) def portInPortRange(port, range): _port = getPortRange(port) _range = getPortRange(range) if len(_port) == 1: if len(_range) == 1: return getPortID(_port[0]) == getPortID(_range[0]) if len(_range) == 2 and \ getPortID(_port[0]) >= getPortID(_range[0]) and getPortID(_port[0]) <= getPortID(_range[1]): return True elif len(_port) == 2: if len(_range) == 2 and \ getPortID(_port[0]) >= getPortID(_range[0]) and getPortID(_port[0]) <= getPortID(_range[1]) and \ getPortID(_port[1]) >= getPortID(_range[0]) and getPortID(_port[1]) <= getPortID(_range[1]): return True return False def coalescePortRange(new_range, ranges): """ Coalesce a port range with existing list of port ranges @param new_range tuple/list/string @param ranges list of tuple/list/string @return tuple of (list of ranges added after coalescing, list of removed original ranges) """ coalesced_range = getPortRange(new_range) # normalize singleton ranges, e.g. (x,) --> (x,x) if len(coalesced_range) == 1: coalesced_range = (coalesced_range[0], coalesced_range[0]) _ranges = map(getPortRange, ranges) _ranges = sorted(map(lambda x: (x[0],x[0]) if len(x) == 1 else x, _ranges), key=lambda x: x[0]) removed_ranges = [] for range in _ranges: if coalesced_range[0] <= range[0] and coalesced_range[1] >= range[1]: # new range covers this removed_ranges.append(range) elif coalesced_range[0] <= range[0] and coalesced_range[1] < range[1] and \ coalesced_range[1] >= range[0]: # expand beginning of range removed_ranges.append(range) coalesced_range = (coalesced_range[0], range[1]) elif coalesced_range[0] > range[0] and coalesced_range[1] >= range[1] and \ coalesced_range[0] <= range[1]: # expand end of range removed_ranges.append(range) coalesced_range = (range[0], coalesced_range[1]) # normalize singleton ranges, e.g. (x,x) --> (x,) removed_ranges = list(map(lambda x: (x[0],) if x[0] == x[1] else x, removed_ranges)) if coalesced_range[0] == coalesced_range[1]: coalesced_range = (coalesced_range[0],) return ([coalesced_range], removed_ranges) def breakPortRange(remove_range, ranges): """ break a port range from existing list of port ranges @param remove_range tuple/list/string @param ranges list of tuple/list/string @return tuple of (list of ranges added after breaking up, list of removed original ranges) """ remove_range = getPortRange(remove_range) # normalize singleton ranges, e.g. (x,) --> (x,x) if len(remove_range) == 1: remove_range = (remove_range[0], remove_range[0]) _ranges = map(getPortRange, ranges) _ranges = sorted(map(lambda x: (x[0],x[0]) if len(x) == 1 else x, _ranges), key=lambda x: x[0]) removed_ranges = [] added_ranges = [] for range in _ranges: if remove_range[0] <= range[0] and remove_range[1] >= range[1]: # remove entire range removed_ranges.append(range) elif remove_range[0] <= range[0] and remove_range[1] < range[1] and \ remove_range[1] >= range[0]: # remove from beginning of range removed_ranges.append(range) added_ranges.append((remove_range[1] + 1, range[1])) elif remove_range[0] > range[0] and remove_range[1] >= range[1] and \ remove_range[0] <= range[1]: # remove from end of range removed_ranges.append(range) added_ranges.append((range[0], remove_range[0] - 1)) elif remove_range[0] > range[0] and remove_range[1] < range[1]: # remove inside range removed_ranges.append(range) added_ranges.append((range[0], remove_range[0] - 1)) added_ranges.append((remove_range[1] + 1, range[1])) # normalize singleton ranges, e.g. (x,x) --> (x,) removed_ranges = list(map(lambda x: (x[0],) if x[0] == x[1] else x, removed_ranges)) added_ranges = list(map(lambda x: (x[0],) if x[0] == x[1] else x, added_ranges)) return (added_ranges, removed_ranges) def getServiceName(port, proto): """ Check and Get service name from port and proto string combination using socket.getservbyport @param port string or id @param protocol string @return Service name if port and protocol are valid, else None """ try: name = socket.getservbyport(int(port), proto) except socket.error: return None return name def checkIP(ip): """ Check IPv4 address. @param ip address string @return True if address is valid, else False """ try: socket.inet_pton(socket.AF_INET, ip) except socket.error: return False return True def normalizeIP6(ip): """ Normalize the IPv6 address This is mostly about converting URL-like IPv6 address to normal ones. e.g. [1234::4321] --> 1234:4321 """ return ip.strip("[]") def checkIP6(ip): """ Check IPv6 address. @param ip address string @return True if address is valid, else False """ try: socket.inet_pton(socket.AF_INET6, normalizeIP6(ip)) except socket.error: return False return True def checkIPnMask(ip): if "/" in ip: addr = ip[:ip.index("/")] mask = ip[ip.index("/")+1:] if len(addr) < 1 or len(mask) < 1: return False else: addr = ip mask = None if not checkIP(addr): return False if mask: if "." in mask: return checkIP(mask) else: try: i = int(mask) except ValueError: return False if i < 0 or i > 32: return False return True def stripNonPrintableCharacters(rule_str): return rule_str.translate(NOPRINT_TRANS_TABLE) def checkIP6nMask(ip): if "/" in ip: addr = ip[:ip.index("/")] mask = ip[ip.index("/")+1:] if len(addr) < 1 or len(mask) < 1: return False else: addr = ip mask = None if not checkIP6(addr): return False if mask: try: i = int(mask) except ValueError: return False if i < 0 or i > 128: return False return True def checkProtocol(protocol): try: i = int(protocol) except ValueError: # string try: socket.getprotobyname(protocol) except socket.error: return False else: if i < 0 or i > 255: return False return True def checkTcpMssClamp(tcp_mss_clamp_value): if tcp_mss_clamp_value: if tcp_mss_clamp_value.isdigit(): if int(tcp_mss_clamp_value) < 536: return False elif tcp_mss_clamp_value == "None": return True elif tcp_mss_clamp_value != "pmtu": return False return True def checkInterface(iface): """ Check interface string @param interface string @return True if interface is valid (maximum 16 chars and does not contain ' ', '/', '!', ':', '*'), else False """ if not iface or len(iface) > 16: return False for ch in [ ' ', '/', '!', '*' ]: # !:* are limits for iptables <= 1.4.5 if ch in iface: return False # disabled old iptables check #if iface == "+": # # limit for iptables <= 1.4.5 # return False return True def checkUINT16(val): try: x = int(val, 0) except ValueError: return False else: if x >= 0 and x <= 65535: return True return False def checkUINT32(val): try: x = int(val, 0) except ValueError: return False else: if x >= 0 and x <= 4294967295: return True return False def firewalld_is_active(): """ Check if firewalld is active @return True if there is a firewalld pid file and the pid is used by firewalld """ if not os.path.exists(FIREWALLD_PIDFILE): return False try: with open(FIREWALLD_PIDFILE, "r") as fd: pid = fd.readline() except Exception: return False if not os.path.exists("/proc/%s" % pid): return False try: with open("/proc/%s/cmdline" % pid, "r") as fd: cmdline = fd.readline() except Exception: return False if "firewalld" in cmdline: return True return False def tempFile(): try: if not os.path.exists(FIREWALLD_TEMPDIR): os.mkdir(FIREWALLD_TEMPDIR, 0o750) return tempfile.NamedTemporaryFile(mode='wt', prefix="temp.", dir=FIREWALLD_TEMPDIR, delete=False) except Exception as msg: log.error("Failed to create temporary file: %s" % msg) raise return None def readfile(filename): try: with open(filename, "r") as f: return f.readlines() except Exception as e: log.error('Failed to read file "%s": %s' % (filename, e)) return None def writefile(filename, line): try: with open(filename, "w") as f: f.write(line) except Exception as e: log.error('Failed to write to file "%s": %s' % (filename, e)) return False return True def enable_ip_forwarding(ipv): if ipv == "ipv4": return writefile("/proc/sys/net/ipv4/ip_forward", "1\n") elif ipv == "ipv6": return writefile("/proc/sys/net/ipv6/conf/all/forwarding", "1\n") return False def get_nf_conntrack_short_name(module): return module.replace("_","-").replace("nf-conntrack-", "") def check_port(port): _range = getPortRange(port) if _range == -2 or _range == -1 or _range is None or \ (len(_range) == 2 and _range[0] >= _range[1]): if _range == -2: log.debug2("'%s': port > 65535" % port) elif _range == -1: log.debug2("'%s': port is invalid" % port) elif _range is None: log.debug2("'%s': port is ambiguous" % port) elif len(_range) == 2 and _range[0] >= _range[1]: log.debug2("'%s': range start >= end" % port) return False return True def check_address(ipv, source): if ipv == "ipv4": return checkIPnMask(source) elif ipv == "ipv6": return checkIP6nMask(source) else: return False def check_single_address(ipv, source): if ipv == "ipv4": return checkIP(source) elif ipv == "ipv6": return checkIP6(source) else: return False def check_mac(mac): if len(mac) == 12+5: # 0 1 : 3 4 : 6 7 : 9 10 : 12 13 : 15 16 for i in (2, 5, 8, 11, 14): if mac[i] != ":": return False for i in (0, 1, 3, 4, 6, 7, 9, 10, 12, 13, 15, 16): if mac[i] not in string.hexdigits: return False return True return False def uniqify(_list): # removes duplicates from list, whilst preserving order output = [] for x in _list: if x not in output: output.append(x) return output def ppid_of_pid(pid): """ Get parent for pid """ try: f = os.popen("ps -o ppid -h -p %d 2>/dev/null" % pid) pid = int(f.readlines()[0].strip()) f.close() except Exception: return None return pid def max_policy_name_len(): """ iptables limits length of chain to (currently) 28 chars. The longest chain we create is POST__allow, which leaves 28 - 11 = 17 chars for . """ from firewall.core.ipXtables import POLICY_CHAIN_PREFIX from firewall.core.base import SHORTCUTS longest_shortcut = max(map(len, SHORTCUTS.values())) return 28 - (longest_shortcut + len(POLICY_CHAIN_PREFIX) + len("_allow")) def max_zone_name_len(): """ Netfilter limits length of chain to (currently) 28 chars. The longest chain we create is POST__allow, which leaves 28 - 11 = 17 chars for . """ from firewall.core.base import SHORTCUTS longest_shortcut = max(map(len, SHORTCUTS.values())) return 28 - (longest_shortcut + len("__allow")) def checkUser(user): if len(user) < 1 or len(user) > os.sysconf('SC_LOGIN_NAME_MAX'): return False for c in user: if c not in string.ascii_letters and \ c not in string.digits and \ c not in [ ".", "-", "_", "$" ]: return False return True def checkUid(uid): if isinstance(uid, str): try: uid = int(uid) except ValueError: return False if uid >= 0 and uid <= 2**31-1: return True return False def checkCommand(command): if len(command) < 1 or len(command) > 1024: return False for ch in [ "|", "\n", "\0" ]: if ch in command: return False if command[0] != "/": return False return True def checkContext(context): splits = context.split(":") if len(splits) not in [4, 5]: return False # user ends with _u if not root if splits[0] != "root" and splits[0][-2:] != "_u": return False # role ends with _r if splits[1][-2:] != "_r": return False # type ends with _t if splits[2][-2:] != "_t": return False # level might also contain : if len(splits[3]) < 1: return False return True def joinArgs(args): if "quote" in dir(shlex): return " ".join(shlex.quote(a) for a in args) else: return " ".join(pipes.quote(a) for a in args) def splitArgs(_string): return shlex.split(_string) firewalld-1.1.1/src/firewall/fw_types.py0000644000000000000000000000422014217342322020265 0ustar00rootroot00000000000000# -*- coding: utf-8 -*- # # Copyright (C) 2013-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # __all__ = [ "LastUpdatedOrderedDict" ] class LastUpdatedOrderedDict(object): def __init__(self, x=None): self._dict = { } self._list = [ ] if x: self.update(x) def clear(self): del self._list[:] self._dict.clear() def update(self, x): for key,value in x.items(): self[key] = value def items(self): return [(key, self[key]) for key in self._list] def __delitem__(self, key): if key in self._dict: self._list.remove(key) del self._dict[key] def __repr__(self): return '%s([%s])' % (self.__class__.__name__, ', '.join( ['(%r, %r)' % (key, self[key]) for key in self._list])) def __setitem__(self, key, value): if key not in self._dict: self._list.append(key) self._dict[key] = value def __getitem__(self, key): if type(key) == int: return self._list[key] else: return self._dict[key] def __len__(self): return len(self._list) def copy(self): return LastUpdatedOrderedDict(self) def keys(self): return self._list[:] def values(self): return [ self[key] for key in self._list ] def setdefault(self, key, value=None): if key in self: return self[key] else: self[key] = value return value firewalld-1.1.1/src/firewall/__init__.py0000644000000000000000000000000014217342322020154 0ustar00rootroot00000000000000firewalld-1.1.1/src/Makefile.am0000644000000000000000000000572614217342322016316 0ustar00rootroot00000000000000SUBDIRS = icons tests dist_bin_SCRIPTS_in = firewall-applet.in firewall-cmd.in firewall-offline-cmd.in firewall-config.in dist_sbin_SCRIPTS_in = firewalld.in dist_bin_SCRIPTS = $(dist_bin_SCRIPTS_in:.in=) dist_sbin_SCRIPTS = $(dist_sbin_SCRIPTS_in:.in=) gladedir = $(pkgdatadir) dist_glade_DATA = firewall-config.glade gtkextradir = $(pkgdatadir) dist_gtkextra_DATA = gtk3_chooserbutton.py gtk3_niceexpander.py nobase_dist_python_DATA = \ firewall/client.py \ firewall/command.py \ firewall/config/dbus.py \ firewall/config/__init__.py \ firewall/core/base.py \ firewall/core/ebtables.py \ firewall/core/fw_config.py \ firewall/core/fw_direct.py \ firewall/core/fw_helper.py \ firewall/core/fw_icmptype.py \ firewall/core/fw_ifcfg.py \ firewall/core/fw_ipset.py \ firewall/core/fw_nm.py \ firewall/core/fw_policies.py \ firewall/core/fw_policy.py \ firewall/core/fw.py \ firewall/core/fw_service.py \ firewall/core/fw_transaction.py \ firewall/core/fw_zone.py \ firewall/core/helper.py \ firewall/core/icmp.py \ firewall/core/__init__.py \ firewall/core/io/direct.py \ firewall/core/io/firewalld_conf.py \ firewall/core/io/functions.py \ firewall/core/io/helper.py \ firewall/core/io/icmptype.py \ firewall/core/io/ifcfg.py \ firewall/core/io/__init__.py \ firewall/core/io/io_object.py \ firewall/core/io/ipset.py \ firewall/core/io/lockdown_whitelist.py \ firewall/core/io/policy.py \ firewall/core/io/service.py \ firewall/core/io/zone.py \ firewall/core/ipset.py \ firewall/core/ipXtables.py \ firewall/core/logger.py \ firewall/core/modules.py \ firewall/core/nftables.py \ firewall/core/prog.py \ firewall/core/rich.py \ firewall/core/watcher.py \ firewall/dbus_utils.py \ firewall/errors.py \ firewall/functions.py \ firewall/fw_types.py \ firewall/__init__.py \ firewall/server/config_helper.py \ firewall/server/config_icmptype.py \ firewall/server/config_ipset.py \ firewall/server/config.py \ firewall/server/config_service.py \ firewall/server/config_zone.py \ firewall/server/config_policy.py \ firewall/server/dbus.py \ firewall/server/decorators.py \ firewall/server/firewalld.py \ firewall/server/__init__.py \ firewall/server/server.py EXTRA_DIST = \ firewall/config/__init__.py.in \ $(dist_bin_SCRIPTS_in) $(dist_sbin_SCRIPTS_in) CLEANFILES = *~ *\# .\#* *.py? FLAKE8_IGNORE = E121,E122,E123,E124,E126,E127,E128,E201,E202,E203,E211,E221,E222,E225,E226,E231,E241,E251,E261,E262,E265,E266,W291,W293,E301,E302,E303,E305,E306,W391,E402,E501,E502,W503,W504,E722,E741 check-local: find . -name '*.py' -or -name '*.py.in' |xargs flake8 --ignore="$(FLAKE8_IGNORE)" flake8 --ignore="$(FLAKE8_IGNORE)" $(dist_bin_SCRIPTS_in) $(dist_sbin_SCRIPTS_in) @echo @for file in $(filter-out $(EXTRA_DIST:.in=),$(nobase_dist_python_DATA) $(dist_bin_SCRIPTS_in) $(dist_sbin_SCRIPTS_in)); do \ if ! grep "$${file}" ${top_srcdir}/po/POTFILES.in > /dev/null; then \ echo "$${file} should be in ${abs_top_srcdir}/po/POTFILES.in"; \ exit 1; \ fi; \ done firewalld-1.1.1/src/firewall-applet0000755000000000000000000012004514217353157017300 0ustar00rootroot00000000000000#!/usr/bin/python3 # -*- coding: utf-8 -*- # # Copyright (C) 2010-2015 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import sys from PyQt5 import QtGui, QtCore, QtWidgets import gi gi.require_version('Notify', '0.7') from gi.repository import Notify import os from dbus.mainloop.pyqt5 import DBusQtMainLoop import functools from firewall import config from firewall.core.fw_nm import nm_is_imported, nm_get_zone_of_connection, \ nm_set_zone_of_connection, \ nm_get_dbus_interface, \ nm_get_connections from firewall.core.watcher import Watcher from firewall.client import FirewallClient import dbus import signal import gettext gettext.textdomain(config.DOMAIN) _ = gettext.gettext PATH = [ ] for p in os.getenv("PATH").split(":"): if p not in PATH: PATH.append(p) def search_app(app): for p in PATH: _app = "%s/%s" % (p, app) if os.path.exists(_app): return _app return None NM_CONNECTION_EDITOR = "" for binary in [ "/usr/bin/nm-connection-editor", "/bin/nm-connection-editor", "/usr/bin/kde5-nm-connection-editor", "/bin/kde5-nm-connection-editor", "/usr/bin/kde-nm-connection-editor", "/bin/kde-nm-connection-editor" ]: if os.path.exists(binary): NM_CONNECTION_EDITOR = binary break def escape(text): text = text.replace('&', '&') text = text.replace('>', '>') text = text.replace('<', '<') return text # ZoneInterfaceEditor ######################################################### class ZoneInterfaceEditor(QtWidgets.QDialog): def __init__(self, fw, interface, zone): self.fw = fw self.interface = interface self.zone = None self.title = _("Select zone for interface '%s'") % self.interface QtWidgets.QDialog.__init__(self) self.create_ui(zone) def create_ui(self, zone): self.setWindowTitle(escape(self.title)) self.rejected.connect(self.hide) self.resize(100, 50) vbox = QtWidgets.QVBoxLayout() vbox.setSpacing(6) label = QtWidgets.QLabel(escape(self.title)) vbox.addWidget(label) self.combo = QtWidgets.QComboBox() self.fill_zone_combo() vbox.addWidget(self.combo) buttonBox = QtWidgets.QDialogButtonBox(QtWidgets.QDialogButtonBox.Ok | QtWidgets.QDialogButtonBox.Cancel) self.ok_button = buttonBox.button(QtWidgets.QDialogButtonBox.Ok) buttonBox.accepted.connect(self.ok) buttonBox.rejected.connect(self.hide) vbox.addWidget(buttonBox) self.ok_button.setDisabled(True) self.combo.activated.connect(self.combo_changed) self.setLayout(vbox) self.set_zone(zone) def combo_changed(self): self.ok_button.setDisabled(self.get_zone() == self.zone) def set_zone(self, zone): self.zone = zone if zone == "": self.combo.setCurrentIndex(self.combo.findText( escape(_("Default Zone")))) else: self.combo.setCurrentIndex(self.combo.findText(self.zone)) self.combo_changed() def get_zone(self): text = str(self.combo.currentText()) if text == escape(_("Default Zone")): text = "" return text def fill_zone_combo(self): self.combo.clear() self.combo.addItem(escape(_("Default Zone"))) for z in self.fw.getZones(): self.combo.addItem(z) def zones_changed(self): zone = self.get_zone() self.fill_zone_combo() self.set_zone(zone) def ok(self): self.fw.changeZoneOfInterface(self.get_zone(), self.interface) self.hide() # ZoneConnectionEditor ######################################################## class ZoneConnectionEditor(ZoneInterfaceEditor): def __init__(self, fw, connection, connection_name, zone): self.fw = fw self.connection = connection self.connection_name = connection_name self.zone = None self.title = _("Select zone for connection '%s'") % self.connection_name QtWidgets.QDialog.__init__(self) self.create_ui(zone) def ok(self): # apply changes try: nm_set_zone_of_connection(self.get_zone(), self.connection) except Exception: text = _("Failed to set zone {zone} for connection {connection_name}") QtWidgets.QMessageBox.warning(None, escape(self.title), escape(text.format( zone=self.get_zone(), connection_name=self.connection_name))) self.hide() # ZoneSourceEditor ############################################################ class ZoneSourceEditor(ZoneInterfaceEditor): def __init__(self, fw, source, zone): self.fw = fw self.source = source self.zone = None self.title = _("Select zone for source '%s'") % self.source QtWidgets.QDialog.__init__(self) self.create_ui(zone) def ok(self): self.fw.changeZoneOfSource(self.get_zone(), self.source) self.hide() # ShieldsEditor ######################################################### class ShieldsEditor(QtWidgets.QDialog): def __init__(self, fw, settings, shields_up, shields_down): self.fw = fw self.settings = settings self.shields_up = shields_up self.shields_down = shields_down self.title = _("Configure Shields Up/Down Zones") QtWidgets.QDialog.__init__(self) self.create_ui() def create_ui(self): self.setWindowTitle(escape(self.title)) self.rejected.connect(self.hide) vbox = QtWidgets.QVBoxLayout() vbox.setSpacing(6) label = QtWidgets.QLabel(escape( _("Here you can select the zones used for Shields Up and " "Shields Down."))) label.setWordWrap(True) vbox.addWidget(label) label = QtWidgets.QLabel(escape( _("This feature is useful for people using the default zones " "mostly. For users, that are changing zones of connections, it " "might be of limited use."))) label.setWordWrap(True) vbox.addWidget(label) grid = QtWidgets.QGridLayout() grid.setSpacing(6) label = QtWidgets.QLabel(escape(_("Shields Up Zone:"))) label.setWordWrap(True) grid.addWidget(label, 0, 0, 1, 1) self.shields_up_combo = QtWidgets.QComboBox() #self.fill_combo(self.shields_up_combo) #self.set_shields_up(self.shields_up) grid.addWidget(self.shields_up_combo, 0, 1, 1, 1) button = QtWidgets.QPushButton(_("Reset To Default")) button.clicked.connect(self.reset_shields_up) grid.addWidget(button, 0, 2, 1, 1) label = QtWidgets.QLabel(escape(_("Shields Down Zone:"))) label.setWordWrap(True) grid.addWidget(label, 1, 0, 1, 1) self.shields_down_combo = QtWidgets.QComboBox() #self.fill_combo(self.shields_down_combo) #self.set_shields_down(self.shields_down) grid.addWidget(self.shields_down_combo, 1, 1, 1, 1) button = QtWidgets.QPushButton(_("Reset To Default")) button.clicked.connect(self.reset_shields_down) grid.addWidget(button, 1, 2, 1, 1) vbox.addLayout(grid) buttonBox = QtWidgets.QDialogButtonBox(QtWidgets.QDialogButtonBox.Ok | QtWidgets.QDialogButtonBox.Cancel) self.ok_button = buttonBox.button(QtWidgets.QDialogButtonBox.Ok) buttonBox.accepted.connect(self.ok) buttonBox.rejected.connect(self.hide) vbox.addWidget(buttonBox) self.ok_button.setDisabled(True) self.shields_up_combo.activated.connect(self.shields_combo_changed) self.shields_down_combo.activated.connect(self.shields_combo_changed) self.setLayout(vbox) def shields_combo_changed(self): self.ok_button.setDisabled( self.get_shields_up() == self.shields_up and \ self.get_shields_down() == self.shields_down) def set_shields_up(self, zone): self.shields_up = zone if self.shields_up_combo.count() > 0: self.shields_up_combo.setCurrentIndex( self.shields_up_combo.findText(self.shields_up)) self.shields_combo_changed() def set_shields_down(self, zone): self.shields_down = zone if self.shields_down_combo.count() > 0: self.shields_down_combo.setCurrentIndex( self.shields_down_combo.findText(self.shields_down)) self.shields_combo_changed() def reset_shields_up(self): self.set_shields_up(self.shields_up) # remove user key to get fallback again self.settings.remove("shields-up") def reset_shields_down(self): self.set_shields_down(self.shields_down) # remove user key to get fallback again self.settings.remove("shields-down") def get_shields_up(self): return str(self.shields_up_combo.currentText()) def get_shields_down(self): return str(self.shields_down_combo.currentText()) def zones_changed(self): up_zone = self.shields_up if self.get_shields_up(): up_zone = self.get_shields_up() down_zone = self.shields_down if self.get_shields_down(): down_zone = self.get_shields_down() for z in self.fw.getZones(): self.shields_up_combo.addItem(z) self.shields_down_combo.addItem(z) self.set_shields_up(up_zone) self.set_shields_down(down_zone) def ok(self): if self.shields_up != self.get_shields_up(): self.settings.setValue("shields-up", self.get_shields_up()) if self.shields_down != self.get_shields_down(): self.settings.setValue("shields-down", self.get_shields_down()) self.settings.sync() self.hide() # AboutDialog ################################################################# class AboutDialog(QtWidgets.QDialog): def __init__(self, name, icon, version, url, copyright, authors, license): QtWidgets.QDialog.__init__(self) self.setWindowIcon(icon) self.setWindowTitle(escape(_("About %s" % name))) self.resize(500, 250) vbox = QtWidgets.QVBoxLayout() vbox.setSpacing(6) hbox = QtWidgets.QHBoxLayout() hbox.setSpacing(24) label = QtWidgets.QLabel() label.setPixmap(icon.pixmap(96)) label.setMinimumSize(96, 96) label.setMaximumSize(96, 96) hbox.addWidget(label) vbox2 = QtWidgets.QVBoxLayout() vbox2.setSpacing(3) label = QtWidgets.QLabel(name) font = label.font() font.setPointSize(font.pointSize()*2) font.setBold(True) label.setFont(font) vbox2.addWidget(label) vbox2.addWidget(QtWidgets.QLabel(version)) label = QtWidgets.QLabel("%s" % (url, url)) label.setTextFormat(QtCore.Qt.RichText) label.setTextInteractionFlags(QtCore.Qt.TextBrowserInteraction) label.setOpenExternalLinks(True) vbox2.addWidget(label) vbox2.addWidget(QtWidgets.QLabel(copyright)) hbox.addLayout(vbox2) vbox.addLayout(hbox) tabs = QtWidgets.QTabWidget() tabs.setStyleSheet("QTabWidget::tab { padding: 1px 1px 1px 1px; }") tab = QtWidgets.QWidget() vbox3 = QtWidgets.QVBoxLayout() textedit = QtWidgets.QPlainTextEdit() #textedit.setStyleSheet("QPlainTextEdit { border: 0; padding: 0; }") textedit.setReadOnly(True) textedit.setPlainText("\n".join(authors)) vbox3.addWidget(textedit) tab.setLayout(vbox3) tabs.addTab(tab, escape(_("Authors"))) tab = QtWidgets.QWidget() vbox3 = QtWidgets.QVBoxLayout() textedit = QtWidgets.QPlainTextEdit() #textedit.setStyleSheet("QPlainTextEdit { border: 0; padding: 0; }") textedit.setReadOnly(True) textedit.setPlainText(license) vbox3.addWidget(textedit) tab.setLayout(vbox3) tabs.addTab(tab, escape(_("License"))) vbox.addWidget(tabs) buttonBox = QtWidgets.QDialogButtonBox(QtWidgets.QDialogButtonBox.Close) buttonBox.rejected.connect(self.hide) vbox.addWidget(buttonBox) self.setLayout(vbox) # TrayApplet ################################################################## class TrayApplet(QtWidgets.QSystemTrayIcon): def __init__(self): super(TrayApplet, self).__init__() self.name = _("Firewall Applet") self.prog = "firewall-applet" self.icon_name = "firewall-applet" self.icons = { "normal": QtGui.QIcon.fromTheme(self.icon_name), "error": QtGui.QIcon.fromTheme(self.icon_name+"-error"), "panic": QtGui.QIcon.fromTheme(self.icon_name+"-panic"), "normal-shields_up": QtGui.QIcon.fromTheme(self.icon_name+"-shields_up"), "normal-shields_down": QtGui.QIcon.fromTheme(self.icon_name+"-shields_down"), } self.timer = None self.mode = None self.blink = False self.blink_count = 0 self._blink = False self._blink_count = 0 self.show_inactive = False self.tooltip_messages = [ ] self.active_zones = { } self.connections = { } self.connections_name = { } self.default_zone = None self.zone_connection_editors = { } self.zone_interface_editors = { } self.zone_source_editors = { } # settings self.settings = QtCore.QSettings("firewall", "applet") # file system watcher self.watcher = Watcher(self.load_settings, 2) self.watcher.add_watch_file("/etc/firewall/applet.conf") self.watcher.add_watch_file(str(self.settings.fileName())) # about dialog self.about_dialog = AboutDialog(self.name, self.icons["normal"], config.VERSION, config.WEBSITE, config.COPYRIGHT, config.AUTHORS, config.LICENSE) # urgencies self.urgencies = { "noicon": QtWidgets.QSystemTrayIcon.NoIcon, "information": QtWidgets.QSystemTrayIcon.Information, "warning": QtWidgets.QSystemTrayIcon.Warning, "critical": QtWidgets.QSystemTrayIcon.Critical } # actions self.shieldsupAction = QtWidgets.QAction(escape(_("Shields Up")), self) self.shieldsupAction.setCheckable(True) self.shieldsupAction.setChecked(False) self.shieldsupAction.triggered.connect(self.shieldsup_changed_cb) self.notificationsAction = QtWidgets.QAction( escape(_("Enable Notifications")), self) self.notificationsAction.setCheckable(True) self.notificationsAction.setChecked(False) self.notificationsAction.triggered.connect(self.notification_changed_cb) self.settingsAction = QtWidgets.QAction( escape(_("Edit Firewall Settings...")), self) self.settingsAction.triggered.connect(self.configure_cb) self.changeZonesAction = QtWidgets.QAction( escape(_("Change Zones of Connections...")), self) self.changeZonesAction.triggered.connect(self.nm_connection_editor) self.shieldsAction = QtWidgets.QAction( escape(_("Configure Shields UP/Down Zones...")), self) self.shieldsAction.triggered.connect(self.configure_shields) self.panicAction = QtWidgets.QAction( escape(_("Block all network traffic")), self) self.panicAction.setCheckable(True) self.panicAction.setChecked(False) self.panicAction.triggered.connect(self.panic_mode_cb) self.aboutAction = QtWidgets.QAction(escape(_("About")), self) self.aboutAction.triggered.connect(self.about_dialog.exec_) #self.quitAction = QtWidgets.QAction(escape(_("Quit")), self, # triggered=self.quit) self.connectionsAction = QtWidgets.QWidgetAction(self) self.connectionsAction.setDefaultWidget(QtWidgets.QLabel( ""+escape(_("Connections"))+" ")) self.interfacesAction = QtWidgets.QWidgetAction(self) self.interfacesAction.setDefaultWidget(QtWidgets.QLabel( ""+escape(_("Interfaces"))+" ")) self.sourcesAction = QtWidgets.QWidgetAction(self) self.sourcesAction.setDefaultWidget(QtWidgets.QLabel( ""+escape(_("Sources"))+" ")) # init self.left_menu = QtWidgets.QMenu() self.left_menu.setStyleSheet('QMenu { margin: 5px; }') self.right_menu = QtWidgets.QMenu() self.right_menu.addAction(self.shieldsupAction) self.right_menu.addAction(self.notificationsAction) self.right_menu.addSeparator() self.right_menu.addAction(self.settingsAction) self.right_menu.addAction(self.changeZonesAction) self.right_menu.addAction(self.shieldsAction) self.right_menu.addSeparator() self.right_menu.addAction(self.panicAction) self.right_menu.addSeparator() self.right_menu.addAction(self.aboutAction) #self.right_menu.addSeparator() #self.right_menu.addAction(self.quitAction) self.setContextMenu(self.right_menu) self.activated.connect(self.activated_cb) self.set_mode("error") self.set_icon() self.setVisible(self.show_inactive) # init notification Notify.init(self.prog) # connect to firewalld DBusQtMainLoop(set_as_default=True) self.bus = dbus.SystemBus() if nm_is_imported(): self.bus.add_signal_receiver( self.nm_signal_receiver, dbus_interface=nm_get_dbus_interface(), signal_name='PropertiesChanged', member_keyword='member') self.nm_signal_receiver() self.fw = FirewallClient(self.bus, wait=1) self.fw.setExceptionHandler(self._exception_handler) self.fw.connect("connection-established", self.connection_established) self.fw.connect("connection-lost", self.connection_lost) self.fw.connect("reloaded", self.reloaded), self.fw.connect("default-zone-changed", self.default_zone_changed) self.fw.connect("panic-mode-enabled", self.panic_mode_enabled) self.fw.connect("panic-mode-disabled", self.panic_mode_disabled) self.fw.connect("interface-added", self.interface_added) self.fw.connect("interface-removed", self.interface_removed) self.fw.connect("zone-of-interface-changed", self.zone_of_interface_changed) self.fw.connect("source-added", self.source_added) self.fw.connect("source-removed", self.source_removed) self.fw.connect("zone-of-source-changed", self.zone_of_source_changed) self.shields_editor = ShieldsEditor(self.fw, self.settings, None, None) self.load_settings() def _exception_handler(self, exception_message): if "NotAuthorizedException" in exception_message: self.error(escape(_("Authorization failed."))) elif "INVALID_NAME" in exception_message: msg = exception_message.replace("INVALID_NAME", _("Invalid name")) self.warning(escape(msg)) elif "NAME_CONFLICT" in exception_message: msg = exception_message.replace("NAME_CONFLICT", _("Name already exists")) self.warning(escape(msg)) elif "NO_DEFAULTS" in exception_message: pass else: self.error(exception_message) def quit(self): sys.exit(1) def set_icon(self, mode=None): if mode is not None: self.setIcon(self.icons[mode]) elif self.mode != "normal": self.setIcon(self.icons[self.mode]) elif self.default_zone == self.shields_up: self.setIcon(self.icons["normal-shields_up"]) else: self.setIcon(self.icons["normal-shields_down"]) def load_settings(self, name=None): self.settings.sync() notifications = self.settings.value("notifications", False, type=bool) self.notificationsAction.setChecked(notifications) self.show_inactive = self.settings.value("show-inactive", False, type=bool) self.blink = self.settings.value("blink", False, type=bool) self.blink_count = self.settings.value("blink-count", 5, type=int) self.shields_up = self.settings.value("shields-up", "block", type=str) if self.default_zone: self.shieldsupAction.setChecked( self.default_zone == self.shields_up) self.shields_editor.set_shields_up(self.shields_up) self.shields_down = self.settings.value("shields-down", "public", type=str) self.shields_editor.set_shields_down(self.shields_down) #print("shields-up=%s" % self.shields_up) #print("notifications=%s" % notifications) #print("blink=%s" % self.blink) #print("blink-count=%s" % self.blink_count) #print("show-inactive=%s" % self.show_inactive) if not self.fw.connected: self.setVisible(self.show_inactive) else: self.setVisible(True) def activated_cb(self, reason): if reason == QtWidgets.QSystemTrayIcon.Trigger: self.left_menu.popup(QtGui.QCursor.pos()) def update_active_zones(self): self.active_zones.clear() # remove all entries for the left menu self.left_menu.clear() # add connections entry self.left_menu.addAction(self.connectionsAction) if not self.fw.connected: return active_zones = self.fw.getActiveZones() if active_zones: self.active_zones = active_zones # get all active connections (NM) and interfaces connections = { } interfaces = { } sources = { } for zone in sorted(self.active_zones): if "interfaces" in self.active_zones[zone]: for interface in sorted(self.active_zones[zone]["interfaces"]): if interface not in self.connections: interfaces[interface] = zone if "sources" in self.active_zones[zone]: for source in sorted(self.active_zones[zone]["sources"]): sources[source] = zone # NM controlled connections for interface in self.connections: connection = self.connections[interface] if connection not in self.connections_name: connection_name = None else: connection_name = self.connections_name[connection] zone = nm_get_zone_of_connection(connection) connections[connection] = [ zone, connection_name ] binding = _("{entry} (Zone: {zone})") # add NM controlled bindings for connection in sorted(connections): zone = connections[connection][0] connection_name = connections[connection][1] if zone == "": _binding = _("{entry} (Default Zone: {default_zone})") action = QtWidgets.QAction( escape( _binding.format(default_zone=self.default_zone, entry=connection_name)), self) else: action = QtWidgets.QAction( escape(binding.format(zone=zone, entry=connection_name)), self) action.triggered.connect(functools.partial( self.zone_connection_editor, connection, connection_name, zone)) self.left_menu.addAction(action) # add interfaces entry self.left_menu.addAction(self.interfacesAction) # add other interfaces for interface in sorted(interfaces): zone = interfaces[interface] action = QtWidgets.QAction( escape(binding.format(zone=zone, entry=interface)), self) action.triggered.connect(functools.partial( self.zone_interface_editor, interface, zone)) self.left_menu.addAction(action) # add interfaces entry self.left_menu.addAction(self.sourcesAction) for source in sorted(sources): zone = sources[source] action = QtWidgets.QAction( escape(binding.format(zone=zone, entry=source)), self) action.triggered.connect(functools.partial( self.zone_source_editor, source, zone)) self.left_menu.addAction(action) def zone_interface_editor(self, interface, zone): if interface in self.zone_interface_editors: self.zone_interface_editors[interface].set_zone(zone) self.zone_interface_editors[interface].show() return self.zone_interface_editors[interface].raise_() editor = ZoneInterfaceEditor(self.fw, interface, zone) self.zone_interface_editors[interface] = editor editor.show() editor.raise_() editor.show() def zone_connection_editor(self, connection, connection_name, zone): if connection in self.zone_connection_editors: self.zone_connection_editors[connection].set_zone(zone) self.zone_connection_editors[connection].show() return self.zone_connection_editors[connection].raise_() editor = ZoneConnectionEditor(self.fw, connection, connection_name, zone) self.zone_connection_editors[connection] = editor editor.show() editor.raise_() editor.show() def zone_source_editor(self, source, zone): if source in self.zone_source_editors: self.zone_source_editors[source].set_zone(zone) self.zone_source_editors[source].show() return self.zone_source_editors[source].raise_() editor = ZoneSourceEditor(self.fw, source, zone) self.zone_source_editors[source] = editor editor.show() editor.raise_() editor.show() def nm_signal_receiver(self, *args, **kwargs): self.connections.clear() self.connections_name.clear() # do not use NMClient could result in python core dump if nm_is_imported(): text = _("Failed to get connections from NetworkManager") try: nm_get_connections(self.connections, self.connections_name) except Exception: self.notify(escape(text), urgency=Notify.Urgency.CRITICAL) if text not in self.tooltip_messages: self.tooltip_messages.append(text) else: if text in self.tooltip_messages: self.tooltip_messages.remove(text) else: text = _("No NetworkManager imports available") self.notify(escape(text), urgency=Notify.Urgency.CRITICAL) if text not in self.tooltip_messages: self.tooltip_messages.append(text) self.update_tooltip() def notify(self, msg, urgency="noicon", timeout=5): #self.showMessage(escape(self.name), msg, self.urgencies[urgency], timeout*1000) n = Notify.Notification.new(escape(self.name), msg, self.icon_name) n.set_urgency(Notify.Urgency.NORMAL) try: n.show() except: return def shieldsup_changed_cb(self): if self.shieldsupAction.isChecked(): zone = str(self.shields_up) else: zone = str(self.shields_down) if self.fw.connected and self.default_zone != zone: try: self.fw.setDefaultZone(zone) except dbus.exceptions.DBusException as e: print("Error: %s" % e.get_dbus_message()) def notification_changed_cb(self): self.settings.setValue("notifications", self.notificationsAction.isChecked()) self.settings.sync() def __blink(self, arg=None): if self._blink_count != 0: if self._blink_count > 0 and self._blink: self._blink_count -= 1 self._blink = not self._blink if not self.timer: self.timer = QtCore.QTimer(self) self.timer.timeout.connect(self.__blink) self.timer.setInterval(1000) self.timer.start() if not self._blink: self.set_icon() else: self.set_icon("normal") def get_mode(self): return self.mode def set_mode(self, mode): if self.mode != mode: if self.timer and self.timer.isActive(): self.timer.stop() self._blink = False self.mode = mode elif self.mode == mode and self.timer: if self._blink_count == 0: self._blink_count += 1 return if mode == "normal": self.set_icon() return if self.blink: if self.blink_count != 0: self._blink = True self._blink_count = self.blink_count self.__blink() else: self.set_icon() def update_tooltip(self): if self.get_mode() == "error": self.setToolTip(_("No connection to firewall daemon")) return messages = [ ] if self.panicAction.isChecked(): messages.append(_("All network traffic is blocked.")) if self.default_zone: messages.append(_("Default Zone: '%s'") % self.default_zone) for interface in self.connections: connection = self.connections[interface] zone = nm_get_zone_of_connection(connection) if zone == "": text = _("Default Zone '{default_zone}' active for connection " "'{connection}' on interface '{interface}'") else: text = _("Zone '{zone}' active for connection " "'{connection}' on interface '{interface}'") messages.append(text.format(zone=zone, default_zone=self.default_zone, connection=connection, interface=interface)) if len(self.active_zones) > 0: for zone in sorted(self.active_zones): if "interfaces" in self.active_zones[zone]: for interface in sorted(self.active_zones[zone]["interfaces"]): if interface not in self.connections: text = _("Zone '{zone}' active for interface " "'{interface}'") connection = None messages.append(text.format(zone=zone, connection=connection, interface=interface)) if "sources" in self.active_zones[zone]: for source in sorted(self.active_zones[zone]["sources"]): text = _("Zone '{zone}' active for source {source}") connection = None messages.append(text.format(zone=zone, source=source)) else: messages.append(_("No Active Zones.")) messages.extend(self.tooltip_messages) tooltip = "\n".join(messages) self.setToolTip(tooltip) self.set_icon() def show(self): # do not automatically show the applet pass def panic_mode_cb(self): if not self.fw or not self.fw.connected: return if self.panicAction.isChecked(): self.fw.enablePanicMode() else: self.fw.disablePanicMode() self.panicAction.setChecked(not self.panicAction.isChecked()) def configure_shields(self): self.shields_editor.show() self.shields_editor.raise_() def nm_connection_editor(self, item, uuid=None): if NM_CONNECTION_EDITOR == "": self.warning("NetworkManager connection editor is missing.") return if uuid: if "kde-" in NM_CONNECTION_EDITOR: os.system("%s %s &" % (NM_CONNECTION_EDITOR, uuid)) else: os.system("%s --edit=%s &" % (NM_CONNECTION_EDITOR, uuid)) else: os.system("%s &" % NM_CONNECTION_EDITOR) def warning(self, text): QtWidgets.QMessageBox.warning(None, escape(self.name), text) def error(self, text): QtWidgets.QMessageBox.critical(None, escape(self.name), text) def configure_cb(self, widget): os.system("firewall-config &") # firewallClient signal receivers def connection_established(self, first=False): self.default_zone = self.fw.getDefaultZone() self.panicAction.setChecked(self.fw.queryPanicMode()) self.update_active_zones() self.shields_editor.zones_changed() if self.shields_up: self.shieldsupAction.setChecked( self.default_zone == self.shields_up) if self.notificationsAction.isChecked(): self.notify(escape(_("Connection to FirewallD established."))) self.setVisible(True) self.set_mode("normal") self.update_tooltip() def connection_lost(self): self.default_zone = None self.set_mode("error") self.update_active_zones() self.update_tooltip() self.panicAction.setChecked(False) if self.notificationsAction.isChecked(): self.notify(escape(_("Connection to FirewallD lost."))) self.setVisible(self.show_inactive) def reloaded(self): if self.notificationsAction.isChecked(): self.notify(escape(_("FirewallD has been reloaded."))) self.update_active_zones() self.update_tooltip() def default_zone_changed(self, zone): self.default_zone = zone if self.notificationsAction.isChecked(): self.notify(escape(_("Default zone changed to '%s'.") % zone)) if self.shields_up: self.shieldsupAction.setChecked( self.default_zone == self.shields_up) self.update_active_zones() self.update_tooltip() def _panic_mode(self, enable): self.panicAction.setChecked(enable) self.update_tooltip() if enable: self.set_mode("panic") else: self.set_mode("normal") if self.notificationsAction.isChecked(): ed = { 1: _("All network traffic is blocked."), 0: _("Network traffic is not blocked anymore.") } self.notify(escape(ed[enable])) def panic_mode_enabled(self): self._panic_mode(True) def panic_mode_disabled(self): self._panic_mode(False) def _interface(self, zone, interface, enable): self.update_active_zones() self.update_tooltip() # close dialog of removed interface if not enable: if interface in self.connections: connection = self.connections[interface] if connection in self.zone_connection_editors: self.zone_connection_editors[connection].hide() del self.zone_connection_editors[connection] elif interface in self.zone_interface_editors: self.zone_interface_editors[interface].hide() del self.zone_interface_editors[interface] # send notification if enabled if self.notificationsAction.isChecked(): ed = { 1: _("activated"), 0: _("deactivated") } if interface in self.connections: connection = self.connections[interface] zone = nm_get_zone_of_connection(connection) if zone == "": text = _("Default zone '{default_zone}' " "{activated_deactivated} for " "connection '{connection}' on " "interface '{interface}'") else: text = _("Zone '{zone}' {activated_deactivated} for " "connection '{connection}' on " "interface '{interface}'") else: connection = None text = _("Zone '{zone}' {activated_deactivated} for " "interface '{interface}'") self.notify(escape(text.format( zone=zone, default_zone=self.default_zone, activated_deactivated=ed[enable], connection=connection, interface=interface))) def interface_added(self, zone, interface): self._interface(zone, interface, True) def interface_removed(self, zone, interface): self._interface(zone, interface, False) def zone_of_interface_changed(self, zone, interface): # update zone editor if interface in self.zone_interface_editors: self.zone_interface_editors[interface].set_zone(zone) self.update_active_zones() self.update_tooltip() if self.notificationsAction.isChecked(): self.notify(escape(_("Zone '%s' activated for interface '%s'") % \ (zone, interface))) def _source(self, zone, source, enable): self.update_active_zones() self.update_tooltip() # close dialog of removed source if not enable: if source in self.zone_source_editors: self.zone_source_editors[source].hide() del self.zone_source_editors[source] # send notification if enabled if self.notificationsAction.isChecked(): ed = { 1: _("activated"), 0: _("deactivated") } text = _("Zone '{zone}' {activated_deactivated} for " "source '{source}'") self.notify(escape(text.format( zone=zone, activated_deactivated=ed[enable], source=source))) def source_added(self, zone, source): self._source(zone, source, True) def source_removed(self, zone, source): self._source(zone, source, False) def zone_of_source_changed(self, zone, source): index = source if source in self.zone_source_editors: self.zone_source_editors[source].set_zone(zone) # update zone editor if index in self.zone_interface_editors: self.zone_interface_editors[index].set_zone(zone) self.update_active_zones() self.update_tooltip() if self.notificationsAction.isChecked(): self.notify(escape(_("Zone '%s' activated for source '%s'") % \ (zone, source))) # MAIN ######################################################################## if len(sys.argv) > 1: print("""Usage: %s [options] Options: -h, --help show this help message and exit """ % sys.argv[0]) sys.exit(1) # reset SIGINT signal to default signal.signal(signal.SIGINT, signal.SIG_DFL) app = QtWidgets.QApplication(sys.argv) app.setQuitOnLastWindowClosed(False) applet = TrayApplet() applet.show() sys.exit(app.exec_()) firewalld-1.1.1/src/firewall-cmd0000755000000000000000000042713514217353157016570 0ustar00rootroot00000000000000#!/usr/bin/python3 # -*- coding: utf-8 -*- # # Copyright (C) 2009-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from gi.repository import GObject import sys sys.modules['gobject'] = GObject import argparse import os from firewall.client import FirewallClient, FirewallClientIPSetSettings, \ FirewallClientZoneSettings, FirewallClientServiceSettings, \ FirewallClientIcmpTypeSettings, FirewallClientHelperSettings, \ FirewallClientPolicySettings from firewall.errors import FirewallError from firewall import errors from firewall.functions import joinArgs, splitArgs, getPortRange from firewall.core.fw_nm import nm_is_imported, \ nm_get_connection_of_interface, nm_get_zone_of_connection, \ nm_set_zone_of_connection, nm_get_interfaces_in_zone from firewall.core.io.zone import zone_reader from firewall.core.io.policy import policy_reader from firewall.core.io.service import service_reader from firewall.core.io.ipset import ipset_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.helper import helper_reader from firewall.command import FirewallCommand def __usage(): sys.stdout.write(""" Usage: firewall-cmd [OPTIONS...] General Options -h, --help Prints a short help text and exists -V, --version Print the version string of firewalld -q, --quiet Do not print status messages Status Options --state Return and print firewalld state --reload Reload firewall and keep state information --complete-reload Reload firewall and lose state information --runtime-to-permanent Create permanent from runtime configuration --check-config Check permanent configuration for errors Log Denied Options --get-log-denied Print the log denied value --set-log-denied= Set log denied value Permanent Options --permanent Set an option permanently Usable for options marked with [P] Zone Options --get-default-zone Print default zone for connections and interfaces --set-default-zone= Set default zone --get-active-zones Print currently active zones --get-zones Print predefined zones [P] --get-services Print predefined services [P] --get-icmptypes Print predefined icmptypes [P] --get-zone-of-interface= Print name of the zone the interface is bound to [P] --get-zone-of-source=[/]||ipset: Print name of the zone the source is bound to [P] --list-all-zones List everything added for or enabled in all zones [P] --new-zone= Add a new zone [P only] --new-zone-from-file= [--name=] Add a new zone from file with optional name [P only] --delete-zone= Delete an existing zone [P only] --load-zone-defaults= Load zone default settings [P only] --zone= Use this zone to set or query options, else default zone Usable for options marked with [Z] --info-zone= Print information about a zone --path-zone= Print file path of a zone [P only] Policy Options --get-policies Print predefined policies --get-active-policies Print currently active policies --list-all-policies List everything added for or enabled in all policies --new-policy= Add a new empty policy --new-policy-from-file= [--name=] Add a new policy from file with optional name override [P only] --delete-policy= Delete an existing policy --load-policy-defaults= Load policy default settings --policy= Use this policy to set or query options Usable for options marked with [O] --info-policy= Print information about a policy --path-policy= Print file path of a policy IPSet Options --get-ipset-types Print the supported ipset types --new-ipset= --type= [--option=[=]].. Add a new ipset [P only] --new-ipset-from-file= [--name=] Add a new ipset from file with optional name [P only] --delete-ipset= Delete an existing ipset [P only] --load-ipset-defaults= Load ipset default settings [P only] --info-ipset= Print information about an ipset --path-ipset= Print file path of an ipset [P only] --get-ipsets Print predefined ipsets --ipset= --set-description= Set new description to ipset [P only] --ipset= --get-description Print description for ipset [P only] --ipset= --set-short= Set new short description to ipset [P only] --ipset= --get-short Print short description for ipset [P only] --ipset= --add-entry= Add a new entry to an ipset [P] --ipset= --remove-entry= Remove an entry from an ipset [P] --ipset= --query-entry= Return whether ipset has an entry [P] --ipset= --get-entries List entries of an ipset [P] --ipset= --add-entries-from-file= Add a new entries to an ipset [P] --ipset= --remove-entries-from-file= Remove entries from an ipset [P] IcmpType Options --new-icmptype= Add a new icmptype [P only] --new-icmptype-from-file= [--name=] Add a new icmptype from file with optional name [P only] --delete-icmptype= Delete an existing icmptype [P only] --load-icmptype-defaults= Load icmptype default settings [P only] --info-icmptype= Print information about an icmptype --path-icmptype= Print file path of an icmptype [P only] --icmptype= --set-description= Set new description to icmptype [P only] --icmptype= --get-description Print description for icmptype [P only] --icmptype= --set-short= Set new short description to icmptype [P only] --icmptype= --get-short Print short description for icmptype [P only] --icmptype= --add-destination= Enable destination for ipv in icmptype [P only] --icmptype= --remove-destination= Disable destination for ipv in icmptype [P only] --icmptype= --query-destination= Return whether destination ipv is enabled in icmptype [P only] --icmptype= --get-destinations List destinations in icmptype [P only] Service Options --new-service= Add a new service [P only] --new-service-from-file= [--name=] Add a new service from file with optional name [P only] --delete-service= Delete an existing service [P only] --load-service-defaults= Load icmptype default settings [P only] --info-service= Print information about a service --path-service= Print file path of a service [P only] --service= --set-description= Set new description to service [P only] --service= --get-description Print description for service [P only] --service= --set-short= Set new short description to service [P only] --service= --get-short Print short description for service [P only] --service= --add-port=[-]/ Add a new port to service [P only] --service= --remove-port=[-]/ Remove a port from service [P only] --service= --query-port=[-]/ Return whether the port has been added for service [P only] --service= --get-ports List ports of service [P only] --service= --add-protocol= Add a new protocol to service [P only] --service= --remove-protocol= Remove a protocol from service [P only] --service= --query-protocol= Return whether the protocol has been added for service [P only] --service= --get-protocols List protocols of service [P only] --service= --add-source-port=[-]/ Add a new source port to service [P only] --service= --remove-source-port=[-]/ Remove a source port from service [P only] --service= --query-source-port=[-]/ Return whether the source port has been added for service [P only] --service= --get-source-ports List source ports of service [P only] --service= --add-helper= Add a new helper to service [P only] --service= --remove-helper= Remove a helper from service [P only] --service= --query-helper= Return whether the helper has been added for service [P only] --service= --get-service-helpers List helpers of service [P only] --service= --set-destination=:
[/] Set destination for ipv to address in service [P only] --service= --remove-destination= Disable destination for ipv i service [P only] --service= --query-destination=:
[/] Return whether destination ipv is set for service [P only] --service= --get-destinations List destinations in service [P only] --service= --add-include= Add a new include to service [P only] --service= --remove-include= Remove a include from service [P only] --service= --query-include= Return whether the include has been added for service [P only] --service= --get-includes List includes of service [P only] Options to Adapt and Query Zones and Policies --list-all List everything added for or enabled [P] [Z] [O] --timeout= Enable an option for timeval time, where timeval is a number followed by one of letters 's' or 'm' or 'h' Usable for options marked with [T] --set-description= Set new description [P only] [Z] [O] --get-description Print description [P only] [Z] [O] --get-target Get the target [P only] [Z] [O] --set-target= Set the target [P only] [Z] [O] --set-short= Set new short description [Z] [O] --get-short Print short description [P only] [Z] [O] --list-services List services added [P] [Z] --add-service= Add a service [P] [Z] [O] [T] --remove-service= Remove a service [P] [Z] [O] --query-service= Return whether service has been added [P] [Z] [O] --list-ports List ports added [P] [Z] [O] --add-port=[-]/ Add the port [P] [Z] [O] [T] --remove-port=[-]/ Remove the port [P] [Z] [O] --query-port=[-]/ Return whether the port has been added [P] [Z] [O] --list-protocols List protocols added [P] [Z] [O] --add-protocol= Add the protocol [P] [Z] [O] [T] --remove-protocol= Remove the protocol [P] [Z] [O] --query-protocol= Return whether the protocol has been added [P] [Z] [O] --list-source-ports List source ports added [P] [Z] [O] --add-source-port=[-]/ Add the source port [P] [Z] [O] [T] --remove-source-port=[-]/ Remove the source port [P] [Z] [O] --query-source-port=[-]/ Return whether the source port has been added [P] [Z] [O] --list-icmp-blocks List Internet ICMP type blocks added [P] [Z] [O] --add-icmp-block= Add an ICMP block [P] [Z] [O] [T] --remove-icmp-block= Remove the ICMP block [P] [Z] [O] --query-icmp-block= Return whether an ICMP block has been added [P] [Z] [O] --list-forward-ports List IPv4 forward ports added [P] [Z] [O] --add-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Add the IPv4 forward port [P] [Z] [O] [T] --remove-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Remove the IPv4 forward port [P] [Z] [O] --query-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Return whether the IPv4 forward port has been added [P] [Z] [O] --add-masquerade Enable IPv4 masquerade [P] [Z] [O] [T] --remove-masquerade Disable IPv4 masquerade [P] [Z] [O] --query-masquerade Return whether IPv4 masquerading has been enabled [P] [Z] [O] --list-rich-rules List rich language rules added [P] [Z] [O] --add-rich-rule= Add rich language rule 'rule' [P] [Z] [O] [T] --remove-rich-rule= Remove rich language rule 'rule' [P] [Z] [O] --query-rich-rule= Return whether a rich language rule 'rule' has been added [P] [Z] [O] Options to Adapt and Query Zones --add-icmp-block-inversion Enable inversion of icmp blocks for a zone [P] [Z] --remove-icmp-block-inversion Disable inversion of icmp blocks for a zone [P] [Z] --query-icmp-block-inversion Return whether inversion of icmp blocks has been enabled for a zone [P] [Z] --add-forward Enable forwarding of packets between interfaces and sources in a zone [P] [Z] [T] --remove-forward Disable forwarding of packets between interfaces and sources in a zone [P] [Z] --query-forward Return whether forwarding of packets between interfaces and sources has been enabled for a zone [P] [Z] Options to Adapt and Query Policies --get-priority Get the priority [P only] [O] --set-priority= Set the priority [P only] [O] --list-ingress-zones List ingress zones that are bound to a policy [P] [O] --add-ingress-zone= Add the ingress zone to a policy [P] [O] --remove-ingress-zone= Remove the ingress zone from a policy [P] [O] --query-ingress-zone= Query whether the ingress zone has been adedd to a policy [P] [O] --list-egress-zones List egress zones that are bound to a policy [P] [O] --add-egress-zone= Add the egress zone to a policy [P] [O] --remove-egress-zone= Remove the egress zone from a policy [P] [O] --query-egress-zone= Query whether the egress zone has been adedd to a policy [P] [O] Options to Handle Bindings of Interfaces --list-interfaces List interfaces that are bound to a zone [P] [Z] --add-interface= Bind the to a zone [P] [Z] --change-interface= Change zone the is bound to [P] [Z] --query-interface= Query whether is bound to a zone [P] [Z] --remove-interface= Remove binding of from a zone [P] [Z] Options to Handle Bindings of Sources --list-sources List sources that are bound to a zone [P] [Z] --add-source=[/]||ipset: Bind the source to a zone [P] [Z] --change-source=[/]||ipset: Change zone the source is bound to [Z] --query-source=[/]||ipset: Query whether the source is bound to a zone [P] [Z] --remove-source=[/]||ipset: Remove binding of the source from a zone [P] [Z] Helper Options --new-helper= --module= [--family=] Add a new helper [P only] --new-helper-from-file= [--name=] Add a new helper from file with optional name [P only] --delete-helper= Delete an existing helper [P only] --load-helper-defaults= Load helper default settings [P only] --info-helper= Print information about an helper --path-helper= Print file path of an helper [P only] --get-helpers Print predefined helpers --helper= --set-description= Set new description to helper [P only] --helper= --get-description Print description for helper [P only] --helper= --set-short= Set new short description to helper [P only] --helper= --get-short Print short description for helper [P only] --helper= --add-port=[-]/ Add a new port to helper [P only] --helper= --remove-port=[-]/ Remove a port from helper [P only] --helper= --query-port=[-]/ Return whether the port has been added for helper [P only] --helper= --get-ports List ports of helper [P only] --helper= --set-module= Set module to helper [P only] --helper= --get-module Get module from helper [P only] --helper= --set-family={ipv4|ipv6|} Set family for helper [P only] --helper= --get-family Get module from helper [P only] Direct Options --direct First option for all direct options --get-all-chains Get all chains [P] --get-chains {ipv4|ipv6|eb} Get all chains added to the table [P] --add-chain {ipv4|ipv6|eb}
Add a new chain to the table [P] --remove-chain {ipv4|ipv6|eb}
Remove the chain from the table [P] --query-chain {ipv4|ipv6|eb}
Return whether the chain has been added to the table [P] --get-all-rules Get all rules [P] --get-rules {ipv4|ipv6|eb}
Get all rules added to chain in table [P] --add-rule {ipv4|ipv6|eb}
... Add rule to chain in table [P] --remove-rule {ipv4|ipv6|eb}
... Remove rule with priority from chain in table [P] --remove-rules {ipv4|ipv6|eb}
Remove rules from chain in table [P] --query-rule {ipv4|ipv6|eb}
... Return whether a rule with priority has been added to chain in table [P] --passthrough {ipv4|ipv6|eb} ... Pass a command through (untracked by firewalld) --get-all-passthroughs Get all tracked passthrough rules [P] --get-passthroughs {ipv4|ipv6|eb} ... Get tracked passthrough rules [P] --add-passthrough {ipv4|ipv6|eb} ... Add a new tracked passthrough rule [P] --remove-passthrough {ipv4|ipv6|eb} ... Remove a tracked passthrough rule [P] --query-passthrough {ipv4|ipv6|eb} ... Return whether the tracked passthrough rule has been added [P] Lockdown Options --lockdown-on Enable lockdown. --lockdown-off Disable lockdown. --query-lockdown Query whether lockdown is enabled Lockdown Whitelist Options --list-lockdown-whitelist-commands List all command lines that are on the whitelist [P] --add-lockdown-whitelist-command= Add the command to the whitelist [P] --remove-lockdown-whitelist-command= Remove the command from the whitelist [P] --query-lockdown-whitelist-command= Query whether the command is on the whitelist [P] --list-lockdown-whitelist-contexts List all contexts that are on the whitelist [P] --add-lockdown-whitelist-context= Add the context context to the whitelist [P] --remove-lockdown-whitelist-context= Remove the context from the whitelist [P] --query-lockdown-whitelist-context= Query whether the context is on the whitelist [P] --list-lockdown-whitelist-uids List all user ids that are on the whitelist [P] --add-lockdown-whitelist-uid= Add the user id uid to the whitelist [P] --remove-lockdown-whitelist-uid= Remove the user id uid from the whitelist [P] --query-lockdown-whitelist-uid= Query whether the user id uid is on the whitelist [P] --list-lockdown-whitelist-users List all user names that are on the whitelist [P] --add-lockdown-whitelist-user= Add the user name user to the whitelist [P] --remove-lockdown-whitelist-user= Remove the user name user from the whitelist [P] --query-lockdown-whitelist-user= Query whether the user name user is on the whitelist [P] Panic Options --panic-on Enable panic mode --panic-off Disable panic mode --query-panic Query whether panic mode is enabled """) def try_set_zone_of_interface(_zone, interface): if nm_is_imported(): try: connection = nm_get_connection_of_interface(interface) except Exception: pass else: if connection is not None: if _zone == nm_get_zone_of_connection(connection): if _zone == "": cmd.print_warning("The interface is under control of NetworkManager and already bound to the default zone") else: cmd.print_warning("The interface is under control of NetworkManager and already bound to '%s'" % _zone) if _zone == "": cmd.print_msg("The interface is under control of NetworkManager, setting zone to default.") else: cmd.print_msg("The interface is under control of NetworkManager, setting zone to '%s'." % _zone) nm_set_zone_of_connection(_zone, connection) return True return False def try_get_zone_of_interface(interface): if nm_is_imported(): try: connection = nm_get_connection_of_interface(interface) except Exception: pass else: if connection is not None: return nm_get_zone_of_connection(connection) return False def try_nm_get_interfaces_in_zone(zone): if nm_is_imported(): try: return nm_get_interfaces_in_zone(zone) except Exception: pass return [] parser = argparse.ArgumentParser(usage="see firewall-cmd man page", add_help=False) parser_group_output = parser.add_mutually_exclusive_group() parser_group_output.add_argument("-v", "--verbose", action="store_true") parser_group_output.add_argument("-q", "--quiet", action="store_true") parser_group_standalone = parser.add_mutually_exclusive_group() parser_group_standalone.add_argument("-h", "--help", action="store_true") parser_group_standalone.add_argument("-V", "--version", action="store_true") parser_group_standalone.add_argument("--state", action="store_true") parser_group_standalone.add_argument("--reload", action="store_true") parser_group_standalone.add_argument("--complete-reload", action="store_true") parser_group_standalone.add_argument("--runtime-to-permanent", action="store_true") parser_group_standalone.add_argument("--check-config", action="store_true") parser_group_standalone.add_argument("--get-ipset-types", action="store_true") parser_group_standalone.add_argument("--get-log-denied", action="store_true") parser_group_standalone.add_argument("--set-log-denied", metavar="") parser_group_standalone.add_argument("--get-automatic-helpers", action="store_true") parser_group_standalone.add_argument("--set-automatic-helpers", metavar="") parser_group_standalone.add_argument("--panic-on", action="store_true") parser_group_standalone.add_argument("--panic-off", action="store_true") parser_group_standalone.add_argument("--query-panic", action="store_true") parser_group_standalone.add_argument("--lockdown-on", action="store_true") parser_group_standalone.add_argument("--lockdown-off", action="store_true") parser_group_standalone.add_argument("--query-lockdown", action="store_true") parser_group_standalone.add_argument("--get-default-zone", action="store_true") parser_group_standalone.add_argument("--set-default-zone", metavar="") parser_group_standalone.add_argument("--get-zones", action="store_true") parser_group_standalone.add_argument("--get-policies", action="store_true") parser_group_standalone.add_argument("--get-services", action="store_true") parser_group_standalone.add_argument("--get-icmptypes", action="store_true") parser_group_standalone.add_argument("--get-active-zones", action="store_true") parser_group_standalone.add_argument("--get-active-policies", action="store_true") parser_group_standalone.add_argument("--get-zone-of-interface", metavar="", action='append') parser_group_standalone.add_argument("--get-zone-of-source", metavar="", action='append') parser_group_standalone.add_argument("--list-all-zones", action="store_true") parser_group_standalone.add_argument("--list-all-policies", action="store_true") parser_group_standalone.add_argument("--info-zone", metavar="") parser_group_standalone.add_argument("--info-policy", metavar="") parser_group_standalone.add_argument("--info-service", metavar="") parser_group_standalone.add_argument("--info-icmptype", metavar="") parser_group_standalone.add_argument("--info-ipset", metavar="") parser_group_standalone.add_argument("--info-helper", metavar="") parser_group_config = parser.add_mutually_exclusive_group() parser_group_config.add_argument("--new-icmptype", metavar="") parser_group_config.add_argument("--new-icmptype-from-file", metavar="") parser_group_config.add_argument("--delete-icmptype", metavar="") parser_group_config.add_argument("--load-icmptype-defaults", metavar="") parser_group_config.add_argument("--new-service", metavar="") parser_group_config.add_argument("--new-service-from-file", metavar="") parser_group_config.add_argument("--delete-service", metavar="") parser_group_config.add_argument("--load-service-defaults", metavar="") parser_group_config.add_argument("--new-zone", metavar="") parser_group_config.add_argument("--new-zone-from-file", metavar="") parser_group_config.add_argument("--delete-zone", metavar="") parser_group_config.add_argument("--load-zone-defaults", metavar="") parser_group_config.add_argument("--new-policy", metavar="") parser_group_config.add_argument("--new-policy-from-file", metavar="") parser_group_config.add_argument("--delete-policy", metavar="") parser_group_config.add_argument("--load-policy-defaults", metavar="") parser_group_config.add_argument("--new-ipset", metavar="") parser_group_config.add_argument("--new-ipset-from-file", metavar="") parser_group_config.add_argument("--delete-ipset", metavar="") parser_group_config.add_argument("--load-ipset-defaults", metavar="") parser_group_config.add_argument("--new-helper", metavar="") parser_group_config.add_argument("--new-helper-from-file", metavar="") parser_group_config.add_argument("--delete-helper", metavar="") parser_group_config.add_argument("--load-helper-defaults", metavar="") parser_group_config.add_argument("--path-zone", metavar="") parser_group_config.add_argument("--path-policy", metavar="") parser_group_config.add_argument("--path-service", metavar="") parser_group_config.add_argument("--path-icmptype", metavar="") parser_group_config.add_argument("--path-ipset", metavar="") parser_group_config.add_argument("--path-helper", metavar="") parser.add_argument("--name", default="", metavar="") parser_group_lockdown_whitelist = parser.add_mutually_exclusive_group() parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-commands", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-contexts", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-uids", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-users", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-user", metavar="", action='append') parser.add_argument("--permanent", action="store_true") parser.add_argument("--zone", default="", metavar="") parser.add_argument("--policy", default="", metavar="") parser.add_argument("--timeout", default="0", metavar="") parser_group_zone_or_policy = parser.add_mutually_exclusive_group() parser_group_zone_or_policy.add_argument("--add-interface", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-interface", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-interface", metavar="", action='append') parser_group_zone_or_policy.add_argument("--change-interface", "--change-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-interfaces", action="store_true") parser_group_zone_or_policy.add_argument("--add-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--change-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-sources", action="store_true") parser_group_zone_or_policy.add_argument("--add-ingress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-ingress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-ingress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-ingress-zones", action="store_true") parser_group_zone_or_policy.add_argument("--add-egress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-egress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-egress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-egress-zones", action="store_true") parser_group_zone_or_policy.add_argument("--add-rich-rule", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-rich-rule", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-rich-rule", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-service", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-service", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-service", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-protocol", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-protocol", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-protocol", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-source-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-source-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-source-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-forward", action="store_true") parser_group_zone_or_policy.add_argument("--remove-forward", action="store_true") parser_group_zone_or_policy.add_argument("--query-forward", action="store_true") parser_group_zone_or_policy.add_argument("--add-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--remove-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--query-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--add-icmp-block", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-icmp-block", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-icmp-block", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--remove-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--query-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--add-forward-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-forward-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-forward-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-rich-rules", action="store_true") parser_group_zone_or_policy.add_argument("--list-services", action="store_true") parser_group_zone_or_policy.add_argument("--list-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-protocols", action="store_true") parser_group_zone_or_policy.add_argument("--list-icmp-blocks", action="store_true") parser_group_zone_or_policy.add_argument("--list-forward-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-source-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-all", action="store_true") parser_group_zone_or_policy.add_argument("--get-target", action="store_true") parser_group_zone_or_policy.add_argument("--set-target", metavar="") parser_group_zone_or_policy.add_argument("--get-priority", action="store_true") parser_group_zone_or_policy.add_argument("--set-priority", metavar="") parser.add_argument("--option", metavar="[=]", action='append') parser.add_argument("--type", metavar="") parser.add_argument("--ipset", metavar="") parser_ipset = parser.add_mutually_exclusive_group() #parser_ipset.add_argument("--add-option", metavar="[=]") #parser_ipset.add_argument("--remove-option", metavar="[=]") #parser_ipset.add_argument("--query-option", metavar="[=]") #parser_ipset.add_argument("--get-options", action="store_true") parser_ipset.add_argument("--get-ipsets", action="store_true") parser_ipset.add_argument("--add-entry", metavar="", action='append') parser_ipset.add_argument("--remove-entry", metavar="", action='append') parser_ipset.add_argument("--query-entry", metavar="", action='append') parser_ipset.add_argument("--get-entries", action="store_true") parser_ipset.add_argument("--add-entries-from-file", metavar="", action='append') parser_ipset.add_argument("--remove-entries-from-file", metavar="", action='append') parser.add_argument("--icmptype", metavar="") parser_icmptype = parser.add_mutually_exclusive_group() parser_icmptype.add_argument("--add-destination", metavar="", action='append') parser_icmptype.add_argument("--remove-destination", metavar="", action='append') parser_icmptype.add_argument("--query-destination", metavar="", action='append') parser_icmptype.add_argument("--get-destinations", action="store_true") parser.add_argument("--service", metavar="") parser_service = parser.add_mutually_exclusive_group() parser_service.add_argument("--get-ports", action="store_true") parser_service.add_argument("--get-source-ports", action="store_true") parser_service.add_argument("--get-protocols", action="store_true") parser_service.add_argument("--add-module", metavar="", action='append') parser_service.add_argument("--remove-module", metavar="", action='append') parser_service.add_argument("--query-module", metavar="", action='append') parser_service.add_argument("--get-modules", action="store_true") parser_service.add_argument("--add-helper", metavar="", action='append') parser_service.add_argument("--remove-helper", metavar="", action='append') parser_service.add_argument("--query-helper", metavar="", action='append') parser_service.add_argument("--get-service-helpers", action="store_true") parser_service.add_argument("--add-include", metavar="", action='append') parser_service.add_argument("--remove-include", metavar="", action='append') parser_service.add_argument("--query-include", metavar="", action='append') parser_service.add_argument("--get-includes", action="store_true") parser_service.add_argument("--set-destination", metavar="", action='append') parser_service.add_argument("--get-destination", action="store_true") parser_service.add_argument("--set-description", metavar="") parser_service.add_argument("--get-description", action="store_true") parser_service.add_argument("--set-short", metavar="") parser_service.add_argument("--get-short", action="store_true") parser.add_argument("--helper", metavar="") parser.add_argument("--family", metavar="") parser.add_argument("--module", metavar="") parser_helper = parser.add_mutually_exclusive_group() #parser_helper.add_argument("--get-ports", action="store_true") parser_helper.add_argument("--get-helpers", action="store_true") parser_helper.add_argument("--set-module", metavar="") parser_helper.add_argument("--get-module", action="store_true") #parser_helper.add_argument("--query-module", metavar="") parser_helper.add_argument("--set-family", metavar="|''", nargs="*") parser_helper.add_argument("--get-family", action="store_true") parser.add_argument("--direct", action="store_true") # not possible to have sequences of options here parser_direct = parser.add_mutually_exclusive_group() parser_direct.add_argument("--passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--add-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--remove-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--query-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--get-passthroughs", nargs=1, metavar=("{ ipv4 | ipv6 | eb }")) parser_direct.add_argument("--get-all-passthroughs", action="store_true") parser_direct.add_argument("--add-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--remove-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--query-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-chains", action="store_true") parser_direct.add_argument("--get-chains", nargs=2, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--add-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--query-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--get-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-rules", action="store_true") ############################################################################## args = sys.argv[1:] if len(sys.argv) > 1: i = -1 if '--passthrough' in args: i = args.index('--passthrough') + 1 elif '--add-passthrough' in args: i = args.index('--add-passthrough') + 1 elif '--remove-passthrough' in args: i = args.index('--remove-passthrough') + 1 elif '--query-passthrough' in args: i = args.index('--query-passthrough') + 1 elif '--add-rule' in args: i = args.index('--add-rule') + 4 elif '--remove-rule' in args: i = args.index('--remove-rule') + 4 elif '--query-rule' in args: i = args.index('--query-rule') + 4 # join into one argument to prevent parser from parsing each iptables # option, because they can conflict with firewall-cmd options # # e.g. --delete (iptables) and --delete-* (firewall-cmd) if (i > -1) and (i < len(args) - 1): aux_args = args[:] args = aux_args[:i+1] # all but not args.append(joinArgs(aux_args[i+1:])) # add as one arg a = parser.parse_args(args) options_standalone = a.help or a.version or \ a.state or a.reload or a.complete_reload or a.runtime_to_permanent or \ a.panic_on or a.panic_off or a.query_panic or \ a.lockdown_on or a.lockdown_off or a.query_lockdown or \ a.get_default_zone or a.set_default_zone or \ a.get_active_zones or a.get_ipset_types or \ a.get_log_denied or a.set_log_denied or \ a.get_automatic_helpers or a.set_automatic_helpers or a.check_config or \ a.get_active_policies options_desc_xml_file = a.set_description or a.get_description or \ a.set_short or a.get_short options_lockdown_whitelist = \ a.list_lockdown_whitelist_commands or a.add_lockdown_whitelist_command or \ a.remove_lockdown_whitelist_command or \ a.query_lockdown_whitelist_command or \ a.list_lockdown_whitelist_contexts or a.add_lockdown_whitelist_context or \ a.remove_lockdown_whitelist_context or \ a.query_lockdown_whitelist_context or \ a.list_lockdown_whitelist_uids or a.add_lockdown_whitelist_uid is not None or \ a.remove_lockdown_whitelist_uid is not None or \ a.query_lockdown_whitelist_uid is not None or \ a.list_lockdown_whitelist_users or a.add_lockdown_whitelist_user or \ a.remove_lockdown_whitelist_user or \ a.query_lockdown_whitelist_user options_config = a.get_zones or a.get_services or a.get_icmptypes or \ options_lockdown_whitelist or a.list_all_zones or \ a.get_zone_of_interface or a.get_zone_of_source or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.info_policy or a.get_ipsets or a.info_helper or \ a.get_helpers or a.get_policies or a.list_all_policies options_zone_and_policy_adapt_query = \ a.add_service or a.remove_service or a.query_service or \ a.add_port or a.remove_port or a.query_port or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.add_source_port or a.remove_source_port or a.query_source_port or \ a.add_icmp_block or a.remove_icmp_block or a.query_icmp_block or \ a.add_forward_port or a.remove_forward_port or a.query_forward_port or \ a.add_rich_rule or a.remove_rich_rule or a.query_rich_rule or \ a.add_masquerade or a.remove_masquerade or a.query_masquerade or \ a.list_services or a.list_ports or a.list_protocols or \ a.list_source_ports or \ a.list_icmp_blocks or a.list_forward_ports or a.list_rich_rules or \ a.list_all or a.get_target or a.set_target options_zone_unique = \ a.add_icmp_block_inversion or a.remove_icmp_block_inversion or \ a.query_icmp_block_inversion or \ a.add_forward or a.remove_forward or a.query_forward or \ a.list_interfaces or a.change_interface or \ a.add_interface or a.remove_interface or a.query_interface or \ a.list_sources or a.change_source or \ a.add_source or a.remove_source or a.query_source options_zone_ops = options_zone_unique or options_zone_and_policy_adapt_query options_policy_unique = \ a.list_ingress_zones or a.add_ingress_zone or \ a.remove_ingress_zone or a.query_ingress_zone or \ a.list_egress_zones or a.add_egress_zone or \ a.remove_egress_zone or a.query_egress_zone or \ a.set_priority or a.get_priority options_policy_ops = options_policy_unique or options_zone_and_policy_adapt_query options_zone = a.zone or a.timeout != "0" or options_zone_ops or \ options_desc_xml_file options_policy = a.policy or a.timeout != "0" or options_policy_ops or \ options_desc_xml_file options_ipset = a.add_entry or a.remove_entry or a.query_entry or \ a.get_entries or a.add_entries_from_file or \ a.remove_entries_from_file or options_desc_xml_file options_icmptype = a.add_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file options_service = a.add_port or a.remove_port or a.query_port or \ a.get_ports or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.get_protocols or \ a.add_source_port or a.remove_source_port or \ a.query_source_port or a.get_source_ports or \ a.add_module or a.remove_module or a.query_module or \ a.get_modules or \ a.set_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file or \ a.add_include or a.remove_include or a.query_include or \ a.get_includes or \ a.add_helper or a.remove_helper or a.query_helper or \ a.get_service_helpers options_helper = a.add_port or a.remove_port or a.query_port or \ a.get_ports or a.set_module or a.get_module or \ a.set_family or a.get_family or \ options_desc_xml_file options_permanent = a.permanent or options_config or \ a.zone or options_zone_ops or \ a.policy or options_policy_ops or \ a.ipset or options_ipset or \ a.helper or options_helper options_permanent_only = a.new_icmptype or a.delete_icmptype or \ a.new_icmptype_from_file or \ a.load_icmptype_defaults or \ a.new_service or a.delete_service or \ a.new_service_from_file or \ a.load_service_defaults or \ a.new_zone or a.delete_zone or \ a.new_zone_from_file or \ a.load_zone_defaults or \ a.new_policy or a.delete_policy or \ a.new_policy_from_file or \ a.load_policy_defaults or \ a.new_ipset or a.delete_ipset or \ a.new_ipset_from_file or \ a.load_ipset_defaults or \ a.new_helper or a.delete_helper or \ a.new_helper_from_file or \ a.load_helper_defaults or \ (a.icmptype and options_icmptype) or \ (a.service and options_service) or \ (a.helper and options_helper) or \ a.path_zone or a.path_icmptype or a.path_service or \ a.path_ipset or a.path_helper or options_desc_xml_file or \ a.path_policy options_direct = a.passthrough or \ a.add_chain or a.remove_chain or a.query_chain or \ a.get_chains or a.get_all_chains or \ a.add_rule or a.remove_rule or a.remove_rules or a.query_rule or \ a.get_rules or a.get_all_rules or \ a.add_passthrough or a.remove_passthrough or a.query_passthrough or \ a.get_passthroughs or a.get_all_passthroughs options_require_permanent = options_permanent_only or \ a.get_target or a.set_target # these are supposed to only write out some output options_list_get = a.help or a.version or a.list_all or a.list_all_zones or \ a.list_lockdown_whitelist_commands or a.list_lockdown_whitelist_contexts or \ a.list_lockdown_whitelist_uids or a.list_lockdown_whitelist_users or \ a.list_services or a.list_ports or a.list_protocols or a.list_icmp_blocks or \ a.list_forward_ports or a.list_rich_rules or a.list_interfaces or \ a.list_sources or a.get_default_zone or a.get_active_zones or \ a.get_zone_of_interface or a.get_zone_of_source or a.get_zones or \ a.get_services or a.get_icmptypes or a.get_target or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.get_entries or \ a.info_helper or a.get_helpers or \ a.get_destinations or a.get_description or \ a.list_all_policies or a.info_policy or a.get_policies or \ a.get_active_policies # Set quiet and verbose cmd = FirewallCommand(a.quiet, a.verbose) def myexcepthook(exctype, value, traceback): cmd.exception_handler(str(value)) sys.excepthook = myexcepthook # Check various impossible combinations of options if not (options_standalone or options_ipset or \ options_icmptype or options_service or options_helper or \ options_config or options_zone_ops or options_policy or \ options_direct or options_permanent_only): cmd.fail(parser.format_usage() + "No option specified.") if options_standalone and (options_zone or options_permanent or \ options_direct or options_permanent_only or \ options_ipset or options_policy): cmd.fail(parser.format_usage() + "Can't use stand-alone options with other options.") if options_ipset and not options_desc_xml_file and not a.ipset: cmd.fail(parser.format_usage() + "No ipset specified.") if (options_icmptype and not a.icmptype) and \ not (options_service and a.service) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No icmptype specified.") if (options_helper and not a.helper) and \ not (options_service and a.service) and \ not options_zone and not options_desc_xml_file and not options_policy: cmd.fail(parser.format_usage() + "No helper specified.") if (options_direct or options_permanent_only) and \ (options_zone and not a.zone) and (options_service and not a.service) and \ (options_icmptype and a.icmptype) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "Can't be used with --zone.") if (a.direct and not options_direct) or (options_direct and not a.direct): cmd.fail(parser.format_usage() + "Wrong usage of 'direct' options.") if a.zone and a.direct: cmd.fail(parser.format_usage() + "--zone is an invalid option with --direct") if a.name and not (a.new_zone_from_file or a.new_service_from_file or \ a.new_ipset_from_file or a.new_icmptype_from_file or \ a.new_helper_from_file or a.new_policy_from_file): cmd.fail(parser.format_usage() + "Wrong usage of '--name' option.") if options_require_permanent and not a.permanent: cmd.fail(parser.format_usage() + "Option can be used only with --permanent.") if options_config and (options_zone or options_policy): cmd.fail(parser.format_usage() + "Wrong usage of --get-zones | --get-services | --get-icmptypes | --get-policies.") if a.timeout != "0": value = 0 unit = 's' if len(a.timeout) < 1: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) elif len(a.timeout) == 1: if a.timeout.isdigit(): value = int (a.timeout[0]) else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) elif len(a.timeout) > 1: if a.timeout.isdigit(): value = int(a.timeout) unit = 's' else: if a.timeout[:-1].isdigit(): value = int (a.timeout[:-1]) else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) unit = a.timeout[-1:].lower() if unit == 's': a.timeout = value elif unit == 'm': a.timeout = value * 60 elif unit == 'h': a.timeout = value * 60 * 60 else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) else: a.timeout = 0 if a.timeout and not (a.add_service or a.add_port or a.add_protocol or \ a.add_icmp_block or a.add_forward_port or \ a.add_source_port or a.add_forward or \ a.add_masquerade or a.add_rich_rule): cmd.fail(parser.format_usage() + "Wrong --timeout usage") if a.permanent: if a.timeout: cmd.fail(parser.format_usage() + "Can't specify timeout for permanent action.") if options_config and not a.zone: pass elif options_permanent: pass else: cmd.fail(parser.format_usage() + "Wrong --permanent usage.") if a.quiet and options_list_get: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.zone and a.policy: cmd.fail(parser.format_usage() + "Can't use --zone with --policy.") if a.policy and options_zone_unique: cmd.fail(parser.format_usage() + "Can't use --policy with zone only options.") if a.zone and options_policy_unique: cmd.fail(parser.format_usage() + "Can't use --zone with policy only options.") if not a.policy and options_policy_unique: cmd.fail(parser.format_usage() + "Must use --policy with policy only options.") if a.help: __usage() sys.exit(0) zone = a.zone try: fw = FirewallClient() except FirewallError as msg: code = FirewallError.get_code(str(msg)) cmd.print_and_exit("Error: %s" % msg, code) fw.setExceptionHandler(cmd.exception_handler) if not fw.connected: if a.state: cmd.print_and_exit ("not running", errors.NOT_RUNNING) else: cmd.print_and_exit ("FirewallD is not running", errors.NOT_RUNNING) cmd.set_fw(fw) if options_zone_ops and not zone and not a.policy and not \ (a.service and options_service) and not \ (a.helper and options_helper): default = fw.getDefaultZone() cmd.print_if_verbose("No zone specified, using default zone, i.e. '%s'" % default) active = list(fw.getActiveZones().keys()) if active and default not in active: cmd.print_msg("""You're performing an operation over default zone ('%s'), but your connections/interfaces are in zone '%s' (see --get-active-zones) You most likely need to use --zone=%s option.\n""" % (default, ",".join(active), active[0])) if a.permanent: if a.get_ipsets: cmd.print_and_exit(" ".join(fw.config().getIPSetNames())) elif a.new_ipset: if not a.type: cmd.fail(parser.format_usage() + "No type specified.") if a.type=='hash:mac' and a.family: cmd.fail(parser.format_usage()+ "--family is not compatible with the hash:mac type") settings = FirewallClientIPSetSettings() settings.setType(a.type) if a.option: for opt in a.option: settings.addOption(*cmd.parse_ipset_option(opt)) if a.family: settings.addOption("family", a.family) config = fw.config() config.addIPSet(a.new_ipset, settings) elif a.new_ipset_from_file: filename = os.path.basename(a.new_ipset_from_file) dirname = os.path.dirname(a.new_ipset_from_file) if dirname == "": dirname = "./" try: obj = ipset_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load ipset file '%s': %s" % \ (a.new_ipset_from_file, msg)) except IOError as msg: cmd.fail("Failed to load ipset file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addIPSet(obj.name, obj.export_config()) elif a.delete_ipset: ipset = fw.config().getIPSetByName(a.delete_ipset) ipset.remove() elif a.load_ipset_defaults: ipset = fw.config().getIPSetByName(a.load_ipset_defaults) ipset.loadDefaults() elif a.info_ipset: ipset = fw.config().getIPSetByName(a.info_ipset) cmd.print_ipset_info(a.info_ipset, ipset.getSettings()) sys.exit(0) elif a.path_ipset: ipset = fw.config().getIPSetByName(a.path_ipset) cmd.print_and_exit("%s/%s" % (ipset.get_property("path"), ipset.get_property("filename"))) elif a.ipset: ipset = fw.config().getIPSetByName(a.ipset) settings = ipset.getSettings() if a.add_entry: cmd.add_sequence(a.add_entry, settings.addEntry, settings.queryEntry, None, "'%s'") ipset.update(settings) elif a.remove_entry: cmd.remove_sequence(a.remove_entry, settings.removeEntry, settings.queryEntry, None, "'%s'") ipset.update(settings) elif a.query_entry: cmd.query_sequence(a.query_entry, settings.queryEntry, None, "'%s'") elif a.get_entries: l = settings.getEntries() cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose( "Warning: ALREADY_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: ipset.update(settings) elif a.remove_entries_from_file: changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: ipset.update(settings) elif a.set_description: settings.setDescription(a.set_description) ipset.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) ipset.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.get_zones: cmd.print_and_exit(" ".join(fw.config().getZoneNames())) elif a.new_zone: config = fw.config() config.addZone(a.new_zone, FirewallClientZoneSettings()) elif a.new_zone_from_file: filename = os.path.basename(a.new_zone_from_file) dirname = os.path.dirname(a.new_zone_from_file) if dirname == "": dirname = "./" try: obj = zone_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load zone file '%s': %s" % \ (a.new_zone_from_file, msg)) except IOError as msg: cmd.fail("Failed to load zone file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addZone(obj.name, obj.export_config()) elif a.delete_zone: zone = fw.config().getZoneByName(a.delete_zone) zone.remove() elif a.load_zone_defaults: zone = fw.config().getZoneByName(a.load_zone_defaults) zone.loadDefaults() elif a.info_zone: zone = fw.config().getZoneByName(a.info_zone) cmd.print_zone_info(a.info_zone, zone.getSettings(), True) sys.exit(0) elif a.path_zone: zone = fw.config().getZoneByName(a.path_zone) cmd.print_and_exit("%s/%s" % (zone.get_property("path"), zone.get_property("filename"))) elif a.get_policies: cmd.print_and_exit(" ".join(fw.config().getPolicyNames())) elif a.new_policy: config = fw.config() config.addPolicy(a.new_policy, FirewallClientPolicySettings()) elif a.new_policy_from_file: filename = os.path.basename(a.new_policy_from_file) dirname = os.path.dirname(a.new_policy_from_file) if dirname == "": dirname = "./" try: obj = policy_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load policy file '%s': %s" % \ (a.new_policy_from_file, msg)) except IOError as msg: cmd.fail("Failed to load policy file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addPolicy(obj.name, obj.export_config_dict()) elif a.delete_policy: policy = fw.config().getPolicyByName(a.delete_policy) policy.remove() elif a.load_policy_defaults: policy = fw.config().getPolicyByName(a.load_policy_defaults) policy.loadDefaults() elif a.info_policy: policy = fw.config().getPolicyByName(a.info_policy) cmd.print_policy_info(a.info_policy, policy.getSettings()) sys.exit(0) elif a.path_policy: policy = fw.config().getPolicyByName(a.path_policy) cmd.print_and_exit("%s/%s" % (policy.get_property("path"), policy.get_property("filename"))) elif a.get_services: cmd.print_and_exit(" ".join(fw.config().getServiceNames())) elif a.new_service: config = fw.config() config.addService(a.new_service, FirewallClientServiceSettings()) elif a.new_service_from_file: filename = os.path.basename(a.new_service_from_file) dirname = os.path.dirname(a.new_service_from_file) if dirname == "": dirname = "./" try: obj = service_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load service file '%s': %s" % \ (a.new_service_from_file, msg)) except IOError as msg: cmd.fail("Failed to load service file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addService(obj.name, obj.export_config()) elif a.delete_service: service = fw.config().getServiceByName(a.delete_service) service.remove() elif a.load_service_defaults: service = fw.config().getServiceByName(a.load_service_defaults) service.loadDefaults() elif a.info_service: service = fw.config().getServiceByName(a.info_service) cmd.print_service_info(a.info_service, service.getSettings()) sys.exit(0) elif a.path_service: service = fw.config().getServiceByName(a.path_service) cmd.print_and_exit("%s/%s" % (service.get_property("path"), service.get_property("filename"))) elif a.get_helpers: cmd.print_and_exit(" ".join(fw.config().getHelperNames())) elif a.new_helper: if not a.module: cmd.fail(parser.format_usage() + "No module specified.") settings = FirewallClientHelperSettings() settings.setModule(a.module) if a.family: settings.setFamily(a.family) config = fw.config() config.addHelper(a.new_helper, settings) elif a.new_helper_from_file: filename = os.path.basename(a.new_helper_from_file) dirname = os.path.dirname(a.new_helper_from_file) if dirname == "": dirname = "./" try: obj = helper_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load helper file '%s': %s" % \ (a.new_helper_from_file, msg)) except IOError as msg: cmd.fail("Failed to load helper file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addHelper(obj.name, obj.export_config()) elif a.delete_helper: helper = fw.config().getHelperByName(a.delete_helper) helper.remove() elif a.load_helper_defaults: helper = fw.config().getHelperByName(a.load_helper_defaults) helper.loadDefaults() elif a.info_helper: helper = fw.config().getHelperByName(a.info_helper) cmd.print_helper_info(a.info_helper, helper.getSettings()) sys.exit(0) elif a.path_helper: helper = fw.config().getHelperByName(a.path_helper) cmd.print_and_exit("%s/%s" % (helper.get_property("path"), helper.get_property("filename"))) elif a.helper: helper = fw.config().getHelperByName(a.helper) settings = helper.getSettings() if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") helper.update(settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") helper.update(settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = helper.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.get_module: cmd.print_and_exit(settings.getModule()) elif a.set_module: settings.setModule(cmd.check_module(a.set_module)) helper.update(settings) elif a.get_family: cmd.print_and_exit(settings.getFamily()) elif a.set_family: settings.setFamily(cmd.check_helper_family(a.set_family[0])) helper.update(settings) elif a.set_description: settings.setDescription(a.set_description) helper.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) helper.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.get_icmptypes: cmd.print_and_exit(" ".join(fw.config().getIcmpTypeNames())) elif a.new_icmptype: config = fw.config() config.addIcmpType(a.new_icmptype, FirewallClientIcmpTypeSettings()) elif a.new_icmptype_from_file: filename = os.path.basename(a.new_icmptype_from_file) dirname = os.path.dirname(a.new_icmptype_from_file) if dirname == "": dirname = "./" try: obj = icmptype_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load icmptype file '%s': %s" % \ (a.new_icmptype_from_file, msg)) except IOError as msg: cmd.fail("Failed to load icmptype file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addIcmpType(obj.name, obj.export_config()) elif a.delete_icmptype: icmptype = fw.config().getIcmpTypeByName(a.delete_icmptype) icmptype.remove() elif a.load_icmptype_defaults: icmptype = fw.config().getIcmpTypeByName(a.load_icmptype_defaults) icmptype.loadDefaults() elif a.info_icmptype: icmptype = fw.config().getIcmpTypeByName(a.info_icmptype) cmd.print_icmptype_info(a.info_icmptype, icmptype.getSettings()) sys.exit(0) elif a.path_icmptype: icmptype = fw.config().getIcmpTypeByName(a.path_icmptype) cmd.print_and_exit("%s/%s" % (icmptype.get_property("path"), icmptype.get_property("filename"))) elif a.icmptype: icmptype = fw.config().getIcmpTypeByName(a.icmptype) settings = icmptype.getSettings() if a.add_destination: cmd.add_sequence(a.add_destination, settings.addDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") icmptype.update(settings) elif a.remove_destination: cmd.remove_sequence(a.remove_destination, settings.removeDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") icmptype.update(settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.check_destination_ipv , "'%s'") elif a.get_destinations: l = settings.getDestinations() if len(l) == 0: l = [ "ipv4", "ipv6" ] cmd.print_and_exit("\n".join(l)) elif a.set_description: settings.setDescription(a.set_description) icmptype.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) icmptype.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.service: service = fw.config().getServiceByName(a.service) settings = service.getSettings() if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") service.update(settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") service.update(settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") service.update(settings) elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") service.update(settings) elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") elif a.get_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") service.update(settings) elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") service.update(settings) elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.get_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_module: cmd.add_sequence(a.add_module, settings.addModule, settings.queryModule, None, "'%s'") service.update(settings) elif a.remove_module: cmd.remove_sequence(a.remove_module, settings.removeModule, settings.queryModule, None, "'%s'") service.update(settings) elif a.query_module: cmd.query_sequence(a.query_module, settings.queryModule, None, "'%s'") elif a.get_modules: l = settings.getModules() cmd.print_and_exit(" ".join(["%s" % module for module in l])) elif a.set_destination: cmd.add_sequence(a.set_destination, settings.setDestination, settings.queryDestination, cmd.parse_service_destination, "%s:%s") service.update(settings) elif a.remove_destination: # special case for removeDestination: Only ipv, no address for ipv in a.remove_destination: cmd.check_destination_ipv(ipv) if ipv not in settings.getDestinations(): if len(a.remove_destination) > 1: cmd.print_warning("Warning: NOT_ENABLED: '%s'" % ipv) else: code = FirewallError.get_code("NOT_ENABLED") cmd.print_and_exit("Error: NOT_ENABLED: '%s'" % ipv, code) else: settings.removeDestination(ipv) service.update(settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.parse_service_destination, "'%s'") elif a.get_destinations: l = settings.getDestinations() cmd.print_and_exit(" ".join(["%s:%s" % (dest[0], dest[1]) for dest in l.items()])) elif a.add_include: cmd.add_sequence(a.add_include, settings.addInclude, settings.queryInclude, None, "'%s'") service.update(settings) elif a.remove_include: cmd.remove_sequence(a.remove_include, settings.removeInclude, settings.queryInclude, None, "'%s'") service.update(settings) elif a.query_include: cmd.query_sequence(a.query_include, settings.queryInclude, None, "'%s'") elif a.get_includes: l = settings.getIncludes() cmd.print_and_exit(" ".join(["%s" % include for include in sorted(l)])) elif a.add_helper: cmd.add_sequence(a.add_helper, settings.addHelper, settings.queryHelper, None, "'%s'") service.update(settings) elif a.remove_helper: cmd.remove_sequence(a.remove_helper, settings.removeHelper, settings.queryHelper, None, "'%s'") service.update(settings) elif a.query_helper: cmd.query_sequence(a.query_helper, settings.queryHelper, None, "'%s'") elif a.get_service_helpers: l = settings.getHelpers() cmd.print_and_exit(" ".join(["%s" % helper for helper in sorted(l)])) elif a.set_description: settings.setDescription(a.set_description) service.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) service.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") # lockdown whitelist elif options_lockdown_whitelist: policies = fw.config().policies() # commands if a.list_lockdown_whitelist_commands: l = policies.getLockdownWhitelistCommands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, policies.addLockdownWhitelistCommand, policies.queryLockdownWhitelistCommand, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, policies.removeLockdownWhitelistCommand, policies.queryLockdownWhitelistCommand, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, policies.queryLockdownWhitelistCommand, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = policies.getLockdownWhitelistContexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, policies.addLockdownWhitelistContext, policies.queryLockdownWhitelistContext, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, policies.removeLockdownWhitelistContext, policies.queryLockdownWhitelistContext, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, policies.queryLockdownWhitelistContext, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = policies.getLockdownWhitelistUids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid is not None: cmd.add_sequence(a.add_lockdown_whitelist_uid, policies.addLockdownWhitelistUid, policies.queryLockdownWhitelistUid, None, "%s") elif a.remove_lockdown_whitelist_uid is not None: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, policies.removeLockdownWhitelistUid, policies.queryLockdownWhitelistUid, None, "%s") elif a.query_lockdown_whitelist_uid is not None: cmd.query_sequence(a.query_lockdown_whitelist_uid, policies.queryLockdownWhitelistUid, None, "%s") # users elif a.list_lockdown_whitelist_users: l = policies.getLockdownWhitelistUsers() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, policies.addLockdownWhitelistUser, policies.queryLockdownWhitelistUser, None, "%s") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, policies.removeLockdownWhitelistUser, policies.queryLockdownWhitelistUser, None, "%s") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, policies.queryLockdownWhitelistUser, None, "'%s'") elif options_direct: direct = fw.config().direct() if a.passthrough: if len(a.passthrough) < 2: cmd.fail("usage: --permanent --direct --passthrough { ipv4 | ipv6 | eb } ") cmd.print_msg(direct.addPassthrough(cmd.check_ipv(a.passthrough[0]), splitArgs(a.passthrough[1]))) if a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --permanent --direct --add-passthrough { ipv4 | ipv6 | eb } ") cmd.print_msg(direct.addPassthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1]))) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --permanent --direct --remove-passthrough { ipv4 | ipv6 | eb } ") direct.removePassthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --permanent --direct --query-passthrough { ipv4 | ipv6 | eb } ") cmd.print_query_result( direct.queryPassthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) sys.exit(0) elif a.get_passthroughs: rules = direct.getPassthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: for (ipv, rule) in direct.getAllPassthroughs(): cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: direct.addChain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: direct.removeChain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result( direct.queryChain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) sys.exit(0) elif a.get_chains: cmd.print_and_exit( " ".join(direct.getChains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) sys.exit(0) elif a.get_all_chains: chains = direct.getAllChains() for (ipv, table, chain) in chains: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --permanent --direct --add-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --add-rule { ipv4 | ipv6 | eb }
") direct.addRule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --permanent --direct --remove-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --remove-rule { ipv4 | ipv6 | eb }
") direct.removeRule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --permanent --direct --remove-rules { ipv4 | ipv6 | eb }
") direct.removeRules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --permanent --direct --query-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --query-rule { ipv4 | ipv6 | eb }
") cmd.print_query_result( direct.queryRule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) sys.exit(0) elif a.get_rules: rules = direct.getRules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = direct.getAllRules() for (ipv, table, chain, priority, rule) in rules: cmd.print_msg("%s %s %s %d %s" % (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) elif a.list_all_policies: names = fw.config().getPolicyNames() for policy in sorted(names): settings = fw.config().getPolicyByName(policy).getSettings() cmd.print_policy_info(policy, settings) cmd.print_msg("") sys.exit(0) elif a.policy: fw_policy = fw.config().getPolicyByName(a.policy) settings = fw_policy.getSettings() # list all policy settings if a.list_all: cmd.print_policy_info(a.policy, settings) sys.exit(0) # ingress zones elif a.list_ingress_zones: l = settings.getIngressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_ingress_zone: cmd.add_sequence(a.add_ingress_zone, settings.addIngressZone, settings.queryIngressZone, None, "'%s'") elif a.remove_ingress_zone: cmd.remove_sequence(a.remove_ingress_zone, settings.removeIngressZone, settings.queryIngressZone, None, "'%s'") elif a.query_ingress_zone: cmd.query_sequence(a.query_ingress_zone, settings.queryIngressZone, None, "'%s'") # egress zones elif a.list_egress_zones: l = settings.getEgressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_egress_zone: cmd.add_sequence(a.add_egress_zone, settings.addEgressZone, settings.queryEgressZone, None, "'%s'") elif a.remove_egress_zone: cmd.remove_sequence(a.remove_egress_zone, settings.removeEgressZone, settings.queryEgressZone, None, "'%s'") elif a.query_egress_zone: cmd.query_sequence(a.query_egress_zone, settings.queryEgressZone, None, "'%s'") # priority elif a.get_priority: cmd.print_and_exit(str(settings.getPriority())) elif a.set_priority: settings.setPriority(a.set_priority) # rich rules elif a.list_rich_rules: l = settings.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, settings.addRichRule, settings.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, settings.removeRichRule, settings.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, settings.queryRichRule, None, "'%s'") # service elif a.list_services: l = settings.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, settings.addService, settings.queryService, None, "'%s'") elif a.remove_service: cmd.remove_sequence(a.remove_service, settings.removeService, settings.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, settings.queryService, None, "'%s'") # port elif a.list_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") # masquerade elif a.add_masquerade: settings.addMasquerade() elif a.remove_masquerade: settings.removeMasquerade() elif a.query_masquerade: cmd.print_query_result(settings.queryMasquerade()) # forward port elif a.list_forward_ports: l = settings.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, settings.addForwardPort, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, settings.removeForwardPort, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = settings.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, settings.addIcmpBlock, settings.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, settings.removeIcmpBlock, settings.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, settings.queryIcmpBlock, None, "'%s'") # target elif a.get_target: target = settings.getTarget() cmd.print_and_exit(target) elif a.set_target: settings.setTarget(a.set_target) # set description elif a.set_description: settings = fw.config().getPolicyByName(a.policy).getSettings() settings.setDescription(a.set_description) # get description elif a.get_description: settings = fw.config().getPolicyByName(a.policy).getSettings() cmd.print_and_exit(settings.getDescription()) # set short description elif a.set_short: settings = fw.config().getPolicyByName(a.policy).getSettings() settings.setShort(a.set_short) # get short description elif a.get_short: settings = fw.config().getPolicyByName(a.policy).getSettings() cmd.print_and_exit(settings.getShort()) fw_policy.update(settings) else: if zone == "": zone = fw.getDefaultZone() fw_zone = fw.config().getZoneByName(zone) # interface if a.list_interfaces: interfaces = sorted(set(try_nm_get_interfaces_in_zone(zone)) | set(fw_zone.getInterfaces())) cmd.print_and_exit(" ".join(interfaces)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: # ask NM before checking our config zone = try_get_zone_of_interface(interface) if not zone: zone = fw.config().getZoneOfInterface(interface) if zone: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.fail("no zone") elif a.change_interface: interfaces = [ ] for interface in a.change_interface: if not try_set_zone_of_interface(zone, interface): interfaces.append(interface) for interface in interfaces: old_zone_name = fw.config().getZoneOfInterface(interface) if old_zone_name != zone: if old_zone_name: old_zone_obj = fw.config().getZoneByName(old_zone_name) old_zone_obj.removeInterface(interface)# remove from old fw_zone.addInterface(interface) # add to new elif a.add_interface: interfaces = [ ] for interface in a.add_interface: if not try_set_zone_of_interface(a.zone, interface): interfaces.append(interface) cmd.add_sequence(interfaces, fw_zone.addInterface, fw_zone.queryInterface, None, "'%s'") elif a.remove_interface: interfaces = [ ] for interface in a.remove_interface: if not try_set_zone_of_interface("", interface): interfaces.append(interface) cmd.remove_sequence(interfaces, fw_zone.removeInterface, fw_zone.queryInterface, None, "'%s'") elif a.query_interface: cmd.query_sequence(a.query_interface, fw_zone.queryInterface, None, "'%s'") # source if a.list_sources: sources = fw_zone.getSources() cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: zone = fw.config().getZoneOfSource(source) if zone: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.fail("no zone") elif a.change_source: for source in a.change_source: old_zone_name = fw.config().getZoneOfSource(source) if old_zone_name != zone: if old_zone_name: old_zone_obj = fw.config().getZoneByName(old_zone_name) old_zone_obj.removeSource(source) # remove from old fw_zone.addSource(source) # add to new elif a.add_source: cmd.add_sequence(a.add_source, fw_zone.addSource, fw_zone.querySource, None, "'%s'") elif a.remove_source: cmd.remove_sequence(a.remove_source, fw_zone.removeSource, fw_zone.querySource, None, "'%s'") elif a.query_source: cmd.query_sequence(a.query_source, fw_zone.querySource, None, "'%s'") # rich rules if a.list_rich_rules: l = fw_zone.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, fw_zone.addRichRule, fw_zone.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, fw_zone.removeRichRule, fw_zone.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, fw_zone.queryRichRule, None, "'%s'") # service if a.list_services: l = fw_zone.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, fw_zone.addService, fw_zone.queryService, None, "'%s'") elif a.remove_service: cmd.remove_sequence(a.remove_service, fw_zone.removeService, fw_zone.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, fw_zone.queryService, None, "'%s'") # port elif a.list_ports: l = fw_zone.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.add_sequence(a.add_port, fw_zone.addPort, fw_zone.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, fw_zone.removePort, fw_zone.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, fw_zone.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = fw_zone.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, fw_zone.addProtocol, fw_zone.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, fw_zone.removeProtocol, fw_zone.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, fw_zone.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw_zone.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, fw_zone.addSourcePort, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, fw_zone.removeSourcePort, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") # forward elif a.add_forward: fw_zone.addForward() elif a.remove_forward: fw_zone.removeForward() elif a.query_forward: cmd.print_query_result(fw_zone.queryForward()) # masquerade elif a.add_masquerade: fw_zone.addMasquerade() elif a.remove_masquerade: fw_zone.removeMasquerade() elif a.query_masquerade: cmd.print_query_result(fw_zone.queryMasquerade()) # forward port elif a.list_forward_ports: l = fw_zone.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, fw_zone.addForwardPort, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, fw_zone.removeForwardPort, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = fw_zone.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, fw_zone.addIcmpBlock, fw_zone.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, fw_zone.removeIcmpBlock, fw_zone.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, fw_zone.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw_zone.addIcmpBlockInversion() elif a.remove_icmp_block_inversion: fw_zone.removeIcmpBlockInversion() elif a.query_icmp_block_inversion: cmd.print_query_result(fw_zone.queryIcmpBlockInversion()) # zone target elif a.get_target: target = fw_zone.getTarget() cmd.print_and_exit(target if target != "%%REJECT%%" else "REJECT") elif a.set_target: fw_zone.setTarget(a.set_target if a.set_target != "REJECT" else "%%REJECT%%") # list all zone settings elif a.list_all: interfaces = try_nm_get_interfaces_in_zone(zone) cmd.print_zone_info(zone, fw_zone.getSettings(), extra_interfaces=interfaces) sys.exit(0) # list everything elif a.list_all_zones: names = fw.config().getZoneNames() for zone in sorted(names): interfaces = try_nm_get_interfaces_in_zone(zone) settings = fw.config().getZoneByName(zone).getSettings() cmd.print_zone_info(zone, settings, extra_interfaces=interfaces) cmd.print_msg("") sys.exit(0) # set zone description elif a.set_description: settings = fw.config().getZoneByName(zone).getSettings() settings.setDescription(a.set_description) fw_zone.update(settings) # get zone description elif a.get_description: settings = fw.config().getZoneByName(zone).getSettings() cmd.print_and_exit(settings.getDescription()) # set zone short description elif a.set_short: settings = fw.config().getZoneByName(zone).getSettings() settings.setShort(a.set_short) fw_zone.update(settings) # get zone short description elif a.get_short: settings = fw.config().getZoneByName(zone).getSettings() cmd.print_and_exit(settings.getShort()) elif a.version: cmd.print_and_exit(fw.get_property("version")) elif a.state: state = fw.get_property("state") if state == "RUNNING": cmd.print_and_exit ("running") elif state == "FAILED": cmd.print_and_exit("failed", errors.RUNNING_BUT_FAILED) else: cmd.print_and_exit ("not running", errors.NOT_RUNNING) elif a.get_log_denied: cmd.print_and_exit(fw.getLogDenied()) elif a.set_log_denied: fw.setLogDenied(a.set_log_denied) elif a.get_automatic_helpers: cmd.print_and_exit(fw.getAutomaticHelpers()) elif a.set_automatic_helpers: fw.setAutomaticHelpers(a.set_automatic_helpers) elif a.get_ipset_types: types = fw.get_property("IPSetTypes") cmd.print_and_exit(" ".join(sorted(types))) elif a.reload: fw.reload() elif a.complete_reload: fw.complete_reload() elif a.runtime_to_permanent: fw.runtimeToPermanent() elif a.check_config: fw.checkPermanentConfig() elif a.direct: if a.passthrough: if len(a.passthrough) < 2: cmd.fail("usage: --direct --passthrough { ipv4 | ipv6 | eb } ") msg = fw.passthrough(cmd.check_ipv(a.passthrough[0]), splitArgs(a.passthrough[1])) if msg: sys.stdout.write(msg + "\n") elif a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --direct --add-passthrough { ipv4 | ipv6 | eb } ") fw.addPassthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1])) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --direct --remove-passthrough { ipv4 | ipv6 | eb } ") fw.removePassthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --direct --query-passthrough { ipv4 | ipv6 | eb } ") cmd.print_query_result( fw.queryPassthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) elif a.get_passthroughs: rules = fw.getPassthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: for (ipv, rule) in fw.getAllPassthroughs(): cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: fw.addChain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: fw.removeChain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result(fw.queryChain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) elif a.get_chains: cmd.print_and_exit(" ".join(fw.getChains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) elif a.get_all_chains: chains = fw.getAllChains() for (ipv, table, chain) in chains: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb }
") fw.addRule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") fw.removeRule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --direct --remove-rules { ipv4 | ipv6 | eb }
") fw.removeRules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") cmd.print_query_result( fw.queryRule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) elif a.get_rules: rules = fw.getRules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = fw.getAllRules() for (ipv, table, chain, priority, rule) in rules: cmd.print_msg("%s %s %s %d %s" % (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) elif a.get_default_zone: cmd.print_and_exit(fw.getDefaultZone()) elif a.set_default_zone: fw.setDefaultZone(a.set_default_zone) elif a.get_zones: cmd.print_and_exit(" ".join(fw.getZones())) elif a.get_active_zones: zones = fw.getActiveZones() for zone in zones: cmd.print_msg("%s" % zone) for x in [ "interfaces", "sources" ]: if x in zones[zone]: cmd.print_msg(" %s: %s" % (x, " ".join(zones[zone][x]))) sys.exit(0) elif a.get_policies: cmd.print_and_exit(" ".join(fw.getPolicies())) elif a.get_active_policies: policies = fw.getActivePolicies() for policy in policies: cmd.print_msg("%s" % policy) for x in [ "ingress_zones", "egress_zones" ]: if x in policies[policy]: cmd.print_msg(" %s: %s" % (x.replace("_", "-"), " ".join(policies[policy][x]))) sys.exit(0) elif a.get_services: l = fw.listServices() cmd.print_and_exit(" ".join(l)) elif a.get_icmptypes: l = fw.listIcmpTypes() cmd.print_and_exit(" ".join(l)) # panic elif a.panic_on: fw.enablePanicMode() elif a.panic_off: fw.disablePanicMode() elif a.query_panic: cmd.print_query_result(fw.queryPanicMode()) # ipset elif a.get_ipsets: ipsets = fw.getIPSets() cmd.print_and_exit(" ".join(sorted(ipsets))) elif a.info_ipset: cmd.print_ipset_info(a.info_ipset, fw.getIPSetSettings(a.info_ipset)) sys.exit(0) elif a.add_entry: cmd.x_add_sequence(a.ipset, a.add_entry, fw.addEntry, fw.queryEntry, None, "'%s'") elif a.remove_entry: cmd.x_remove_sequence(a.ipset, a.remove_entry, fw.removeEntry, fw.queryEntry, None, "'%s'") elif a.query_entry: cmd.x_query_sequence(a.ipset, a.query_entry, fw.queryEntry, None, "'%s'") elif a.get_entries: l = fw.getEntries(a.ipset) cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: old_entries = fw.getEntries(a.ipset) changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose("Warning: ALREADY_ENABLED: %s" % entry) if changed: fw.setEntries(a.ipset, old_entries) elif a.remove_entries_from_file: old_entries = fw.getEntries(a.ipset) changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % entry) if changed: fw.setEntries(a.ipset, old_entries) # helper elif a.get_helpers: helpers = fw.getHelpers() cmd.print_and_exit(" ".join(sorted(helpers))) elif a.info_helper: cmd.print_helper_info(a.info_helper, fw.getHelperSettings(a.info_helper)) sys.exit(0) # lockdown elif a.lockdown_on: fw.config().set_property("Lockdown", "yes") # permanent fw.enableLockdown() # runtime elif a.lockdown_off: fw.config().set_property("Lockdown", "no") # permanent fw.disableLockdown() # runtime elif a.query_lockdown: cmd.print_query_result(fw.queryLockdown()) # runtime #lockdown = fw.config().get_property("Lockdown") #cmd.print_query_result(lockdown.lower() in [ "yes", "true" ]) # lockdown whitelist # commands elif a.list_lockdown_whitelist_commands: l = fw.getLockdownWhitelistCommands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, fw.addLockdownWhitelistCommand, fw.queryLockdownWhitelistCommand, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, fw.removeLockdownWhitelistCommand, fw.queryLockdownWhitelistCommand, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, fw.queryLockdownWhitelistCommand, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = fw.getLockdownWhitelistContexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, fw.addLockdownWhitelistContext, fw.queryLockdownWhitelistContext, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, fw.removeLockdownWhitelistContext, fw.queryLockdownWhitelistContext, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, fw.queryLockdownWhitelistContext, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = fw.getLockdownWhitelistUids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid is not None: cmd.add_sequence(a.add_lockdown_whitelist_uid, fw.addLockdownWhitelistUid, fw.queryLockdownWhitelistUid, None, "'%s'") elif a.remove_lockdown_whitelist_uid is not None: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, fw.removeLockdownWhitelistUid, fw.queryLockdownWhitelistUid, None, "'%s'") elif a.query_lockdown_whitelist_uid is not None: cmd.query_sequence(a.query_lockdown_whitelist_uid, fw.queryLockdownWhitelistUid, None, "'%s'") # users elif a.list_lockdown_whitelist_users: l = fw.getLockdownWhitelistUsers() cmd.print_and_exit(" ".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, fw.addLockdownWhitelistUser, fw.queryLockdownWhitelistUser, None, "'%s'") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, fw.removeLockdownWhitelistUser, fw.queryLockdownWhitelistUser, None, "'%s'") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, fw.queryLockdownWhitelistUser, None, "'%s'") # interface elif a.list_interfaces: l = fw.getInterfaces(zone) cmd.print_and_exit(" ".join(l)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: zone = fw.getZoneOfInterface(interface) if zone: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.fail("no zone") elif a.add_interface: interfaces = [ ] for interface in a.add_interface: interfaces.append(interface) cmd.x_add_sequence(zone, interfaces, fw.addInterface, fw.queryInterface, None, "'%s'") elif a.change_interface: interfaces = [ ] for interface in a.change_interface: interfaces.append(interface) cmd.x_add_sequence(zone, interfaces, fw.changeZoneOfInterface, fw.queryInterface, None, "'%s'") elif a.remove_interface: interfaces = [ ] for interface in a.remove_interface: interfaces.append(interface) cmd.x_remove_sequence(zone, interfaces, fw.removeInterface, fw.queryInterface, None, "'%s'") elif a.query_interface: cmd.x_query_sequence(zone, a.query_interface, fw.queryInterface, None, "'%s'") # source elif a.list_sources: sources = fw.getSources(zone) cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: zone = fw.getZoneOfSource(source) if zone: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.fail("no zone") sys.exit(0) elif a.add_source: cmd.x_add_sequence(zone, a.add_source, fw.addSource, fw.querySource, None, "'%s'") elif a.change_source: cmd.x_add_sequence(zone, a.change_source, fw.changeZoneOfSource, fw.querySource, None, "'%s'") elif a.remove_source: cmd.x_remove_sequence(zone, a.remove_source, fw.removeSource, fw.querySource, None, "'%s'") elif a.query_source: cmd.x_query_sequence(zone, a.query_source, fw.querySource, None, "'%s'") # policy elif a.policy: settings = fw.getPolicySettings(a.policy) if a.list_all: cmd.print_policy_info(a.policy, settings) sys.exit(0) # ingress zones elif a.list_ingress_zones: l = settings.getIngressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_ingress_zone: cmd.add_sequence(a.add_ingress_zone, settings.addIngressZone, settings.queryIngressZone, None, "'%s'") elif a.remove_ingress_zone: cmd.remove_sequence(a.remove_ingress_zone, settings.removeIngressZone, settings.queryIngressZone, None, "'%s'") elif a.query_ingress_zone: cmd.query_sequence(a.query_ingress_zone, settings.queryIngressZone, None, "'%s'") # egress zones elif a.list_egress_zones: l = settings.getEgressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_egress_zone: cmd.add_sequence(a.add_egress_zone, settings.addEgressZone, settings.queryEgressZone, None, "'%s'") elif a.remove_egress_zone: cmd.remove_sequence(a.remove_egress_zone, settings.removeEgressZone, settings.queryEgressZone, None, "'%s'") elif a.query_egress_zone: cmd.query_sequence(a.query_egress_zone, settings.queryEgressZone, None, "'%s'") # rich rules elif a.list_rich_rules: l = settings.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, settings.addRichRule, settings.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, settings.removeRichRule, settings.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, settings.queryRichRule, None, "'%s'") # service if a.list_services: l = settings.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, settings.addService, settings.queryService, None, "'%s'") elif a.remove_service: cmd.remove_sequence(a.remove_service, settings.removeService, settings.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, settings.queryService, None, "'%s'") # port elif a.list_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") # masquerade elif a.add_masquerade: settings.addMasquerade() elif a.remove_masquerade: settings.removeMasquerade() elif a.query_masquerade: cmd.print_query_result(settings.queryMasquerade()) # forward port elif a.list_forward_ports: l = settings.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, settings.addForwardPort, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, settings.removeForwardPort, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = settings.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, settings.addIcmpBlock, settings.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, settings.removeIcmpBlock, settings.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, settings.queryIcmpBlock, None, "'%s'") fw.setPolicySettings(a.policy, settings) # endif a.policy # # else zone: # rich rules elif a.list_rich_rules: l = fw.getRichRules(zone) cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.zone_add_timeout_sequence(zone, a.add_rich_rule, fw.addRichRule, fw.queryRichRule, None, "'%s'", a.timeout) elif a.remove_rich_rule: cmd.x_remove_sequence(zone, a.remove_rich_rule, fw.removeRichRule, fw.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.x_query_sequence(zone, a.query_rich_rule, fw.queryRichRule, None, "'%s'") # service elif a.list_services: l = fw.getServices(zone) cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.zone_add_timeout_sequence(zone, a.add_service, fw.addService, fw.queryService, None, "'%s'", a.timeout) elif a.remove_service: cmd.x_remove_sequence(zone, a.remove_service, fw.removeService, fw.queryService, None, "'%s'") elif a.query_service: cmd.x_query_sequence(zone, a.query_service, fw.queryService, None, "'%s'") # port elif a.list_ports: l = fw.getPorts(zone) cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.zone_add_timeout_sequence(zone, a.add_port, fw.addPort, fw.queryPort, cmd.parse_port, "'%s/%s'", a.timeout) elif a.remove_port: cmd.x_remove_sequence(zone, a.remove_port, fw.removePort, fw.queryPort, cmd.parse_port, "'%s/%s'") elif a.query_port: cmd.x_query_sequence(zone, a.query_port, fw.queryPort, cmd.parse_port, "'%s/%s'") # protocol elif a.list_protocols: l = fw.getProtocols(zone) cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.zone_add_timeout_sequence(zone, a.add_protocol, fw.addProtocol, fw.queryProtocol, None, "'%s'", a.timeout) elif a.remove_protocol: cmd.x_remove_sequence(zone, a.remove_protocol, fw.removeProtocol, fw.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.x_query_sequence(zone, a.query_protocol, fw.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw.getSourcePorts(zone) cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.zone_add_timeout_sequence(zone, a.add_source_port, fw.addSourcePort, fw.querySourcePort, cmd.parse_port, "'%s/%s'", a.timeout) elif a.remove_source_port: cmd.x_remove_sequence(zone, a.remove_source_port, fw.removeSourcePort, fw.querySourcePort, cmd.parse_port, "'%s/%s'") elif a.query_source_port: cmd.x_query_sequence(zone, a.query_source_port, fw.querySourcePort, cmd.parse_port, "'%s/%s'") # forward elif a.add_forward: fw.addForward(zone) elif a.remove_forward: fw.removeForward(zone) elif a.query_forward: cmd.print_query_result(fw.queryForward(zone)) # masquerade elif a.add_masquerade: fw.addMasquerade(zone, a.timeout) elif a.remove_masquerade: fw.removeMasquerade(zone) elif a.query_masquerade: cmd.print_query_result(fw.queryMasquerade(zone)) # forward port elif a.list_forward_ports: l = fw.getForwardPorts(zone) cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.zone_add_timeout_sequence(zone, a.add_forward_port, fw.addForwardPort, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'", a.timeout) elif a.remove_forward_port: cmd.x_remove_sequence(zone, a.remove_forward_port, fw.removeForwardPort, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'") elif a.query_forward_port: cmd.x_query_sequence(zone, a.query_forward_port, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'") # block icmp elif a.list_icmp_blocks: l = fw.getIcmpBlocks(zone) cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.zone_add_timeout_sequence(zone, a.add_icmp_block, fw.addIcmpBlock, fw.queryIcmpBlock, None, "'%s'", a.timeout) elif a.remove_icmp_block: cmd.x_remove_sequence(zone, a.remove_icmp_block, fw.removeIcmpBlock, fw.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.x_query_sequence(zone, a.query_icmp_block, fw.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw.addIcmpBlockInversion(zone) elif a.remove_icmp_block_inversion: fw.removeIcmpBlockInversion(zone) elif a.query_icmp_block_inversion: cmd.print_query_result(fw.queryIcmpBlockInversion(zone)) # list all elif a.list_all: z = zone if zone else fw.getDefaultZone() cmd.print_zone_info(z, fw.getZoneSettings(z)) sys.exit(0) # list everything elif a.list_all_zones: for zone in fw.getZones(): cmd.print_zone_info(zone, fw.getZoneSettings(zone)) cmd.print_msg("") sys.exit(0) elif a.list_all_policies: for policy in fw.getPolicies(): cmd.print_policy_info(policy, fw.getPolicySettings(policy)) cmd.print_msg("") sys.exit(0) elif a.info_zone: cmd.print_zone_info(a.info_zone, fw.getZoneSettings(a.info_zone), True) sys.exit(0) elif a.info_policy: cmd.print_policy_info(a.info_policy, fw.getPolicySettings(a.info_policy)) sys.exit(0) elif a.info_service: cmd.print_service_info(a.info_service, fw.getServiceSettings(a.info_service)) sys.exit(0) elif a.info_icmptype: cmd.print_icmptype_info(a.info_icmptype, fw.getIcmpTypeSettings(a.info_icmptype)) sys.exit(0) cmd.print_and_exit("success") firewalld-1.1.1/src/firewall-offline-cmd0000755000000000000000000036135214217353157020206 0ustar00rootroot00000000000000#!/usr/bin/python3 # -*- coding: utf-8 -*- # # Copyright (C) 2009-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from gi.repository import GObject import sys sys.modules['gobject'] = GObject import argparse import os from firewall.client import FirewallClientIPSetSettings, \ FirewallClientZoneSettings, FirewallClientServiceSettings, \ FirewallClientIcmpTypeSettings, FirewallClientHelperSettings, \ FirewallClientPolicySettings from firewall.errors import FirewallError from firewall import config from firewall.core.fw import Firewall from firewall.functions import joinArgs, splitArgs, getPortRange from firewall.core.io.functions import check_on_disk_config from firewall.core.io.zone import zone_reader from firewall.core.io.policy import policy_reader from firewall.core.io.service import service_reader from firewall.core.io.ipset import ipset_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.helper import helper_reader from firewall.command import FirewallCommand # check for root user def assert_root(): if os.getuid() != 0: sys.stderr.write("You need to be root to run %s.\n" % sys.argv[0]) sys.exit(-1) SYSTEM_CONFIG_FIREWALL = config.SYSCONFIGDIR + '/system-config-firewall' def __usage(): sys.stdout.write(""" Usage: firewall-offline-cmd [OPTIONS...] If no options are given, configuration from '%s' will be migrated. General Options -h, --help Prints a short help text and exists -V, --version Print the version string of firewalld -q, --quiet Do not print status messages --system-config Path to firewalld system configuration --default-config Path to firewalld default configuration --check-config Check system and default configuration Lokkit Compatibility Options --migrate-system-config-firewall= Import configuration data from the given configuration file. --enabled Enable firewall (default) --disabled Disable firewall --addmodule= Ignored option, was used to enable an iptables module --removemodule= Ignored option, was used to disable an iptables module -s , --service= Enable a service in the default zone (example: ssh) --remove-service= Disable a service in the default zone (example: ssh) -p [-]:, --port=[-]: Enable a port in the default zone (example: ssh:tcp) -t , --trust= Bind an interface to the trusted zone -m , --masq= Enables masquerading in the default zone, interface argument is ignored. This is IPv4 only. --custom-rules=[:][
:] Ignored option. Was used to add custom rules to the firewall (Example: ipv4:filter:%s/ipv4_filter_addon) --forward-port=if=:port=:proto=[:toport=][:toaddr=] Forward the port with protocol for the interface to either another local destination port (no destination address given) or to an other destination address with an optional destination port. This will be added to the default zone. This is IPv4 only. --block-icmp= Block this ICMP type in the default zone. The default is to accept all ICMP types. Log Denied Options --get-log-denied Print the log denied value --set-log-denied= Set log denied value Automatic Helpers Options --get-automatic-helpers Print the automatic helpers value --set-automatic-helpers= Set automatic helpers value Zone Options --get-default-zone Print default zone for connections and interfaces --set-default-zone= Set default zone --get-zones Print predefined zones --get-services Print predefined services --get-icmptypes Print predefined icmptypes --get-zone-of-interface= Print name of the zone the interface is bound to --get-zone-of-source=[/]||ipset: Print name of the zone the source is bound to --list-all-zones List everything added for or enabled in all zones --new-zone= Add a new empty zone --new-zone-from-file= [--name=] Add a new zone from file with optional name override [P only] --delete-zone= Delete an existing zone --load-zone-defaults= Load zone default settings --zone= Use this zone to set or query options, else default zone Usable for options marked with [Z] --info-zone= Print information about a zone --path-zone= Print file path of a zone Policy Options --get-policies Print predefined policies --list-all-policies List everything added for or enabled in all policies --new-policy= Add a new empty policy --new-policy-from-file= [--name=] Add a new policy from file with optional name override [P only] --delete-policy= Delete an existing policy --load-policy-defaults= Load policy default settings --policy= Use this policy to set or query options Usable for options marked with [O] --info-policy= Print information about a policy --path-policy= Print file path of a policy IPSet Options --new-ipset= --type= [--option=[=]].. Add a new empty ipset --new-ipset-from-file= [--name=] Add a new ipset from file with optional name override [P only] --delete-ipset= Delete an existing ipset --load-ipset-defaults= Load ipset default settings --info-ipset= Print information about an ipset --path-ipset= Print file path of an ipset --get-ipsets Print predefined ipsets --ipset= --set-description= Set new description to ipset --ipset= --get-description Print description for ipset --ipset= --set-short= Set new short description to ipset --ipset= --get-short Print short description for ipset --ipset= --add-entry= Add a new entry to an ipset --ipset= --remove-entry= Remove an entry from an ipset --ipset= --query-entry= Return whether ipset has an entry --ipset= --get-entries List entries of an ipset --ipset= --add-entries-from-file= Add a new entries to an ipset --ipset= --remove-entries-from-file= Remove entries from an ipset IcmpType Options --new-icmptype= Add a new empty icmptype --new-icmptype-from-file= [--name=] Add a new icmptype from file with optional name override [P only] --delete-icmptype= Delete an existing icmptype --load-icmptype-defaults= Load icmptype default settings --info-icmptype= Print information about an icmptype --path-icmptype= Print file path of an icmptype --icmptype= --set-description= Set new description to icmptype --icmptype= --get-description Print description for icmptype --icmptype= --set-short= Set new short description to icmptype --icmptype= --get-short Print short description for icmptype --icmptype= --add-destination= Enable destination for ipv in icmptype --icmptype= --remove-destination= Disable destination for ipv in icmptype --icmptype= --query-destination= Return whether destination ipv is enabled in icmptype --icmptype= --get-destinations List destinations in icmptype Service Options --new-service= Add a new empty service --new-service-from-file= [--name=] Add a new service from file with optional name override [P only] --delete-service= Delete an existing service --load-service-defaults= Load icmptype default settings --info-service= Print information about a service --path-service= Print file path of a service --service= --set-description= Set new description to service --service= --get-description Print description for service --service= --set-short= Set new short description to service --service= --get-short Print short description for service --service= --add-port=[-]/ Add a new port to service --service= --remove-port=[-]/ Remove a port from service --service= --query-port=[-]/ Return whether the port has been added for service --service= --get-ports List ports of service --service= --add-protocol= Add a new protocol to service --service= --remove-protocol= Remove a protocol from service --service= --query-protocol= Return whether the protocol has been added for service --service= --get-protocols List protocols of service --service= --add-source-port=[-]/ Add a new source port to service --service= --remove-source-port=[-]/ Remove a source port from service --service= --query-source-port=[-]/ Return whether the source port has been added for service [P only] --service= --get-source-ports List source ports of service --service= --add-helper= Add a new helper to service --service= --remove-helper= Remove a helper from service --service= --query-helper= Return whether the helper has been added for service --service= --get-service-helpers List helpers of service --service= --set-destination=:
[/] Set destination for ipv to address in service --service= --remove-destination= Disable destination for ipv i service --service= --query-destination=:
[/] Return whether destination ipv is set for service --service= --get-destinations List destinations in service --service= --add-include= Add a new include to service --service= --remove-include= Remove a include from service --service= --query-include= Return whether the include has been added for service --service= --get-includes List includes of service Options to Adapt and Query Zones and Policies --list-all List everything added for or enabled [Z] [O] --set-description= Set new description [Z] [O] --get-description Print description [Z] [O] --get-target Get the target [Z] [O] --set-target= Set the target [Z] [O] --set-short= Set new short description to zone [Z] [O] --get-short Print short description for zone [Z] [O] --list-services List services added [Z] [O] --add-service= Add a service [Z] [O] --remove-service-from-zone= Remove a service from a zone [Z] --remove-service-from-policy= Remove a service from a policy [O] --query-service= Return whether service has been added [Z] [O] --list-ports List ports added [Z] [O] --add-port=[-]/ Add the port [Z] [O] --remove-port=[-]/ Remove the port [Z] [O] --query-port=[-]/ Return whether the port has been added [Z] [O] --list-protocols List protocols added [Z] [O] --add-protocol= Add the protocol [Z] [O] --remove-protocol= Remove the protocol [Z] [O] --query-protocol= Return whether the protocol has been added [Z] [O] --list-source-ports List source ports added [Z] [O] --add-source-port=[-]/ Add the source port [Z] [O] --remove-source-port=[-]/ Remove the source port [Z] [O] --query-source-port=[-]/ Return whether the source port has been added [Z] [O] --list-icmp-blocks List Internet ICMP type blocks added [Z] [O] --add-icmp-block= Add an ICMP block [Z] [O] --remove-icmp-block= Remove the ICMP block [Z] [O] --query-icmp-block= Return whether an ICMP block has been added [Z] [O] --list-forward-ports List IPv4 forward ports added [Z] [O] --add-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Add the IPv4 forward port [Z] [O] --remove-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Remove the IPv4 forward port [Z] [O] Options to Adapt and Query Zones --add-icmp-block-inversion Enable inversion of icmp blocks for a zone [Z] --remove-icmp-block-inversion Disable inversion of icmp blocks for a zone [Z] --query-icmp-block-inversion Return whether inversion of icmp blocks has been enabled for a zone [Z] --add-forward Enable forwarding of packets between interfaces and sources in a zone [Z] --remove-forward Disable forwarding of packets between interfaces and sources in a zone [Z] --query-forward Return whether forwarding of packets between interfaces and sources has been enabled for a zone [Z] Options to Adapt and Query Policies --get-priority Get the priority [O] --set-priority= Set the priority [O] --list-ingress-zones List ingress zones that are bound to a policy [O] --add-ingress-zone= Add the ingress zone to a policy [O] --remove-ingress-zone= Remove the ingress zone from a policy [O] --query-ingress-zone= Query whether the ingress zone has been adedd to a policy [O] --list-egress-zones List egress zones that are bound to a policy [O] --add-egress-zone= Add the egress zone to a policy [O] --remove-egress-zone= Remove the egress zone from a policy [O] --query-egress-zone= Query whether the egress zone has been adedd to a policy [O] Options to Handle Bindings of Interfaces --list-interfaces List interfaces that are bound to a zone [Z] --add-interface= Bind the to a zone [Z] --change-interface= Change zone the is bound to [Z] --query-interface= Query whether is bound to a zone [Z] --remove-interface= Remove binding of from a zone [Z] Options to Handle Bindings of Sources --list-sources List sources that are bound to a zone [Z] --add-source=[/]||ipset: Bind the source to a zone [Z] --change-source=[/]||ipset: Change zone the source is bound to [Z] --query-source=[/]||ipset: Query whether the source is bound to a zone [Z] --remove-source=[/]||ipset: Remove binding of the source from a zone [Z] Helper Options --new-helper= --module= [--family=] Add a new helper --new-helper-from-file= [--name=] Add a new helper from file with optional name --delete-helper= Delete an existing helper --load-helper-defaults= Load helper default settings --info-helper= Print information about an helper --path-helper= Print file path of an helper --get-helpers Print predefined helpers --helper= --set-description= Set new description to helper --helper= --get-description Print description for helper --helper= --set-short= Set new short description to helper --helper= --get-short Print short description for helper --helper= --add-port=[-]/ Add a new port to helper --helper= --remove-port=[-]/ Remove a port from helper --helper= --query-port=[-]/ Return whether the port has been added for helper --helper= --get-ports List ports of helper --helper= --set-module= Set module to helper --helper= --get-module Get module from helper --helper= --set-family={ipv4|ipv6|} Set family for helper --helper= --get-family Get module from helper Direct Options --direct First option for all direct options --get-all-chains Get all chains --get-chains {ipv4|ipv6|eb}
Get all chains added to the table --add-chain {ipv4|ipv6|eb}
Add a new chain to the table --remove-chain {ipv4|ipv6|eb}
Remove the chain from the table --query-chain {ipv4|ipv6|eb}
Return whether the chain has been added to the table --get-all-rules Get all rules --get-rules {ipv4|ipv6|eb}
Get all rules added to chain in table --add-rule {ipv4|ipv6|eb}
... Add rule to chain in table --remove-rule {ipv4|ipv6|eb}
... Remove rule with priority from chain in table --remove-rules {ipv4|ipv6|eb}
Remove rules from chain in table --query-rule {ipv4|ipv6|eb}
... Return whether a rule with priority has been added to chain in table --get-all-passthroughs Get all passthrough rules --get-passthroughs {ipv4|ipv6|eb} ... Get passthrough rules --add-passthrough {ipv4|ipv6|eb} ... Add a new passthrough rule --remove-passthrough {ipv4|ipv6|eb} ... Remove a passthrough rule --query-passthrough {ipv4|ipv6|eb} ... Return whether the passthrough rule has been added Lockdown Options --lockdown-on Enable lockdown. --lockdown-off Disable lockdown. --query-lockdown Query whether lockdown is enabled Lockdown Whitelist Options --list-lockdown-whitelist-commands List all command lines that are on the whitelist --add-lockdown-whitelist-command= Add the command to the whitelist --remove-lockdown-whitelist-command= Remove the command from the whitelist --query-lockdown-whitelist-command= Query whether the command is on the whitelist --list-lockdown-whitelist-contexts List all contexts that are on the whitelist --add-lockdown-whitelist-context= Add the context context to the whitelist --remove-lockdown-whitelist-context= Remove the context from the whitelist --query-lockdown-whitelist-context= Query whether the context is on the whitelist --list-lockdown-whitelist-uids List all user ids that are on the whitelist --add-lockdown-whitelist-uid= Add the user id uid to the whitelist --remove-lockdown-whitelist-uid= Remove the user id uid from the whitelist --query-lockdown-whitelist-uid= Query whether the user id uid is on the whitelist --list-lockdown-whitelist-users List all user names that are on the whitelist --add-lockdown-whitelist-user= Add the user name user to the whitelist --remove-lockdown-whitelist-user= Remove the user name user from the whitelist --query-lockdown-whitelist-user= Query whether the user name user is on the whitelist Polkit Options --policy-server Change Polkit actions to 'server' (more restricted) --policy-desktop Change Polkit actions to 'desktop' (less restricted) """ % (SYSTEM_CONFIG_FIREWALL, config.SYSCONFIGDIR)) def parse_port_lokkit(value): try: (port, proto) = value.split(":") except Exception: cmd.fail("bad port (most likely missing protocol), correct syntax is portid[-portid]:protocol") return (port, proto) def pk_symlink(product='server'): _PK_DIR = '/usr/share/polkit-1/actions/' _PK_NAME = 'org.fedoraproject.FirewallD1.' os.chdir(_PK_DIR) if os.path.isfile(_PK_NAME+product+'.policy.choice'): if os.path.isfile(_PK_NAME+'policy'): os.remove(_PK_NAME+'policy') os.symlink(_PK_NAME+product+'.policy.choice', _PK_NAME+'policy') cmd.print_and_exit('symlink '+_PK_DIR+_PK_NAME+product+'.policy.choice -> '+_PK_NAME+'policy') else: cmd.fail('no such file '+_PK_DIR+_PK_NAME+product+'.policy.choice') # system-config-firewall def read_sysconfig_args(config_file=SYSTEM_CONFIG_FIREWALL): filename = None if os.path.exists(config_file) and os.path.isfile(config_file): filename = config_file try: f = open(filename, 'r') except Exception: return None argv = [ ] for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] == '#': continue argv.append(line) f.close() return argv parser = argparse.ArgumentParser(usage="see firewall-offline-cmd man page", add_help=False) parser_group_output = parser.add_mutually_exclusive_group() parser_group_output.add_argument("-v", "--verbose", action="store_true") parser_group_output.add_argument("-q", "--quiet", action="store_true") parser_group_lokkit = parser.add_argument_group() parser_group_lokkit.add_argument("--enabled", action="store_true") parser_group_lokkit.add_argument("--disabled", action="store_true") parser_group_lokkit.add_argument("--addmodule", metavar="", action='append') parser_group_lokkit.add_argument("--removemodule", metavar="", action='append') parser_group_lokkit.add_argument("--service", "-s", metavar="", action='append') parser_group_lokkit.add_argument("--remove-service", metavar="", action='append') parser_group_lokkit.add_argument("--port", "-p", metavar="", action='append') parser_group_lokkit.add_argument("--trust", "-t", metavar="", action='append') parser_group_lokkit.add_argument("--masq", "-m", metavar="", action='append') parser_group_lokkit.add_argument("--custom-rules", metavar="", action='append') parser_group_lokkit.add_argument("--forward-port", metavar="", action='append') parser_group_lokkit.add_argument("--block-icmp", metavar="", action='append') parser.add_argument("--system-config", metavar="path") parser.add_argument("--default-config", metavar="path") parser.add_argument("--check-config", action="store_true") parser_group_standalone = parser.add_mutually_exclusive_group() parser_group_standalone.add_argument("-h", "--help", action="store_true") parser_group_standalone.add_argument("-V", "--version", action="store_true") parser_group_standalone.add_argument("--get-log-denied", action="store_true") parser_group_standalone.add_argument("--set-log-denied", metavar="") parser_group_standalone.add_argument("--get-automatic-helpers", action="store_true") parser_group_standalone.add_argument("--set-automatic-helpers", metavar="") parser_group_standalone.add_argument("--policy-server", action="store_true") parser_group_standalone.add_argument("--policy-desktop", action="store_true") parser_group_standalone.add_argument("--lockdown-on", action="store_true") parser_group_standalone.add_argument("--lockdown-off", action="store_true") parser_group_standalone.add_argument("--query-lockdown", action="store_true") parser_group_standalone.add_argument("--get-default-zone", action="store_true") parser_group_standalone.add_argument("--set-default-zone", metavar="") parser_group_standalone.add_argument("--get-zones", action="store_true") parser_group_standalone.add_argument("--get-policies", action="store_true") parser_group_standalone.add_argument("--get-services", action="store_true") parser_group_standalone.add_argument("--get-icmptypes", action="store_true") parser_group_standalone.add_argument("--get-zone-of-interface", metavar="", action='append') parser_group_standalone.add_argument("--get-zone-of-source", metavar="", action='append') parser_group_standalone.add_argument("--list-all-zones", action="store_true") parser_group_standalone.add_argument("--list-all-policies", action="store_true") parser_group_standalone.add_argument("--info-zone", metavar="") parser_group_standalone.add_argument("--info-policy", metavar="") parser_group_standalone.add_argument("--info-service", metavar="") parser_group_standalone.add_argument("--info-icmptype", metavar="") parser_group_standalone.add_argument("--info-ipset", metavar="") parser_group_standalone.add_argument("--info-helper", metavar="") parser_group_config = parser.add_mutually_exclusive_group() parser_group_config.add_argument("--new-icmptype", metavar="") parser_group_config.add_argument("--new-icmptype-from-file", metavar="") parser_group_config.add_argument("--delete-icmptype", metavar="") parser_group_config.add_argument("--load-icmptype-defaults", metavar="") parser_group_config.add_argument("--new-service", metavar="") parser_group_config.add_argument("--new-service-from-file", metavar="") parser_group_config.add_argument("--delete-service", metavar="") parser_group_config.add_argument("--load-service-defaults", metavar="") parser_group_config.add_argument("--new-zone", metavar="") parser_group_config.add_argument("--new-zone-from-file", metavar="") parser_group_config.add_argument("--delete-zone", metavar="") parser_group_config.add_argument("--load-zone-defaults", metavar="") parser_group_config.add_argument("--new-policy", metavar="") parser_group_config.add_argument("--new-policy-from-file", metavar="") parser_group_config.add_argument("--delete-policy", metavar="") parser_group_config.add_argument("--load-policy-defaults", metavar="") parser_group_config.add_argument("--new-ipset", metavar="") parser_group_config.add_argument("--new-ipset-from-file", metavar="") parser_group_config.add_argument("--delete-ipset", metavar="") parser_group_config.add_argument("--load-ipset-defaults", metavar="") parser_group_config.add_argument("--new-helper", metavar="") parser_group_config.add_argument("--new-helper-from-file", metavar="") parser_group_config.add_argument("--delete-helper", metavar="") parser_group_config.add_argument("--load-helper-defaults", metavar="") parser_group_config.add_argument("--path-zone", metavar="") parser_group_config.add_argument("--path-policy", metavar="") parser_group_config.add_argument("--path-service", metavar="") parser_group_config.add_argument("--path-icmptype", metavar="") parser_group_config.add_argument("--path-ipset", metavar="") parser_group_config.add_argument("--path-helper", metavar="") parser.add_argument("--name", default="", metavar="") parser_group_lockdown_whitelist = parser.add_mutually_exclusive_group() parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-commands", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-contexts", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-uids", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-users", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-user", metavar="", action='append') parser.add_argument("--zone", default="", metavar="") parser.add_argument("--policy", default="", metavar="") parser_group_zone_or_policy = parser.add_mutually_exclusive_group() parser_group_zone_or_policy.add_argument("--add-interface", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-interface", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-interface", metavar="", action='append') parser_group_zone_or_policy.add_argument("--change-interface", "--change-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-interfaces", action="store_true") parser_group_zone_or_policy.add_argument("--add-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--change-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-sources", action="store_true") parser_group_zone_or_policy.add_argument("--add-ingress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-ingress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-ingress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-ingress-zones", action="store_true") parser_group_zone_or_policy.add_argument("--add-egress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-egress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-egress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-egress-zones", action="store_true") parser_group_zone_or_policy.add_argument("--add-rich-rule", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-rich-rule", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-rich-rule", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-service", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-service-from-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-service-from-policy", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-service", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-protocol", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-protocol", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-protocol", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-source-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-source-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-source-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-forward", action="store_true") parser_group_zone_or_policy.add_argument("--remove-forward", action="store_true") parser_group_zone_or_policy.add_argument("--query-forward", action="store_true") parser_group_zone_or_policy.add_argument("--add-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--remove-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--query-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--add-icmp-block", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-icmp-block", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-icmp-block", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--remove-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--query-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--add-forward-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-forward-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-forward-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-rich-rules", action="store_true") parser_group_zone_or_policy.add_argument("--list-services", action="store_true") parser_group_zone_or_policy.add_argument("--list-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-protocols", action="store_true") parser_group_zone_or_policy.add_argument("--list-icmp-blocks", action="store_true") parser_group_zone_or_policy.add_argument("--list-forward-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-source-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-all", action="store_true") parser_group_zone_or_policy.add_argument("--get-target", action="store_true") parser_group_zone_or_policy.add_argument("--set-target", metavar="") parser_group_zone_or_policy.add_argument("--get-priority", action="store_true") parser_group_zone_or_policy.add_argument("--set-priority", metavar="") parser.add_argument("--option", metavar="[=]", action='append') parser.add_argument("--type", metavar="") parser.add_argument("--ipset", metavar="") parser_ipset = parser.add_mutually_exclusive_group() #parser_ipset.add_argument("--add-option", metavar="[=]") #parser_ipset.add_argument("--remove-option", metavar="[=]") #parser_ipset.add_argument("--query-option", metavar="[=]") #parser_ipset.add_argument("--get-options", action="store_true") parser_ipset.add_argument("--get-ipsets", action="store_true") parser_ipset.add_argument("--add-entry", metavar="", action='append') parser_ipset.add_argument("--remove-entry", metavar="", action='append') parser_ipset.add_argument("--query-entry", metavar="", action='append') parser_ipset.add_argument("--get-entries", action="store_true") parser_ipset.add_argument("--add-entries-from-file", metavar="", action='append') parser_ipset.add_argument("--remove-entries-from-file", metavar="", action='append') parser.add_argument("--icmptype", metavar="") parser_icmptype = parser.add_mutually_exclusive_group() parser_icmptype.add_argument("--add-destination", metavar="", action='append') parser_icmptype.add_argument("--remove-destination", metavar="", action='append') parser_icmptype.add_argument("--query-destination", metavar="", action='append') parser_icmptype.add_argument("--get-destinations", action="store_true") parser_service = parser.add_mutually_exclusive_group() parser_service.add_argument("--get-ports", action="store_true") parser_service.add_argument("--get-source-ports", action="store_true") parser_service.add_argument("--get-protocols", action="store_true") parser_service.add_argument("--add-module", metavar="", action='append') parser_service.add_argument("--remove-module", metavar="", action='append') parser_service.add_argument("--query-module", metavar="", action='append') parser_service.add_argument("--get-modules", action="store_true") parser_service.add_argument("--add-helper", metavar="", action='append') parser_service.add_argument("--remove-helper", metavar="", action='append') parser_service.add_argument("--query-helper", metavar="", action='append') parser_service.add_argument("--get-service-helpers", action="store_true") parser_service.add_argument("--add-include", metavar="", action='append') parser_service.add_argument("--remove-include", metavar="", action='append') parser_service.add_argument("--query-include", metavar="", action='append') parser_service.add_argument("--get-includes", action="store_true") parser_service.add_argument("--set-destination", metavar="", action='append') parser_service.add_argument("--get-destination", action="store_true") parser_service.add_argument("--set-description", metavar="") parser_service.add_argument("--get-description", action="store_true") parser_service.add_argument("--set-short", metavar="") parser_service.add_argument("--get-short", action="store_true") parser.add_argument("--helper", metavar="") parser.add_argument("--family", metavar="") parser.add_argument("--module", metavar="") parser_helper = parser.add_mutually_exclusive_group() #parser_helper.add_argument("--get-ports", action="store_true") parser_helper.add_argument("--get-helpers", action="store_true") parser_helper.add_argument("--set-module", metavar="") parser_helper.add_argument("--get-module", action="store_true") #parser_helper.add_argument("--query-module", metavar="") parser_helper.add_argument("--set-family", metavar="|''", nargs="*") parser_helper.add_argument("--get-family", action="store_true") parser.add_argument("--direct", action="store_true") # not possible to have sequences of options here parser_direct = parser.add_mutually_exclusive_group() parser_direct.add_argument("--add-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--remove-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--query-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--get-passthroughs", nargs=1, metavar=("{ ipv4 | ipv6 | eb }")) parser_direct.add_argument("--get-all-passthroughs", action="store_true") parser_direct.add_argument("--add-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--remove-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--query-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-chains", action="store_true") parser_direct.add_argument("--get-chains", nargs=2, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--add-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--query-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--get-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-rules", action="store_true") ############################################################################## cmd = FirewallCommand() def myexcepthook(exctype, value, traceback): cmd.exception_handler(str(value)) sys.excepthook = myexcepthook if len(sys.argv) > 1 and \ any('--migrate-system-config-firewall' in arg for arg in sys.argv): args = sys.argv[1:] migration_parser = argparse.ArgumentParser( usage="see firewall-offline-cmd man page", add_help=False) migration_parser.add_argument("-h", "--help", action="store_true") migration_parser.add_argument("-v", "--verbose", action="store_true") migration_parser.add_argument("-q", "--quiet", action="store_true") migration_parser.add_argument("--migrate-system-config-firewall", metavar="", action='store') a,unknown = migration_parser.parse_known_args(args) cmd.set_quiet(a.quiet) cmd.set_verbose(a.verbose) if a.help: __usage() sys.exit(0) else: assert_root() if a.quiet: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.migrate_system_config_firewall: args = read_sysconfig_args(a.migrate_system_config_firewall) if not args: cmd.fail("Opening of '%s' failed, exiting." % \ a.migrate_system_config_firewall) args += unknown elif len(sys.argv) > 1: i = -1 args = sys.argv[1:] if '--add-passthrough' in args: i = args.index('--add-passthrough') + 1 elif '--remove-passthrough' in args: i = args.index('--remove-passthrough') + 1 elif '--query-passthrough' in args: i = args.index('--query-passthrough') + 1 elif '--add-rule' in args: i = args.index('--add-rule') + 4 elif '--remove-rule' in args: i = args.index('--remove-rule') + 4 elif '--query-rule' in args: i = args.index('--query-rule') + 4 # join into one argument to prevent parser from parsing each iptables # option, because they can conflict with firewall-cmd options # # e.g. --delete (iptables) and --delete-* (firewall-cmd) if (i > -1) and (i < len(args) - 1): aux_args = args[:] args = aux_args[:i+1] # all but not args.append(joinArgs(aux_args[i+1:])) # add as one arg else: assert_root() # migrate configuration from SYSTEM_CONFIG_FIREWALL args = read_sysconfig_args() if not args: cmd.fail("Opening of '%s' failed, exiting." % SYSTEM_CONFIG_FIREWALL) a = parser.parse_args(args) options_lokkit = a.enabled or a.disabled or a.addmodule or a.removemodule or \ a.trust or a.masq or a.custom_rules or \ a.service or a.remove_service or a.port or \ a.trust or a.masq or a.forward_port or a.block_icmp options_standalone = a.help or a.version or \ a.policy_server or a.policy_desktop or \ a.lockdown_on or a.lockdown_off or a.query_lockdown or \ a.get_default_zone or a.set_default_zone or \ a.get_log_denied or a.set_log_denied or \ a.get_automatic_helpers or a.set_automatic_helpers options_desc_xml_file = a.set_description or a.get_description or \ a.set_short or a.get_short options_lockdown_whitelist = \ a.list_lockdown_whitelist_commands or a.add_lockdown_whitelist_command or \ a.remove_lockdown_whitelist_command or \ a.query_lockdown_whitelist_command or \ a.list_lockdown_whitelist_contexts or a.add_lockdown_whitelist_context or \ a.remove_lockdown_whitelist_context or \ a.query_lockdown_whitelist_context or \ a.list_lockdown_whitelist_uids or a.add_lockdown_whitelist_uid is not None or \ a.remove_lockdown_whitelist_uid is not None or \ a.query_lockdown_whitelist_uid is not None or \ a.list_lockdown_whitelist_users or a.add_lockdown_whitelist_user or \ a.remove_lockdown_whitelist_user or \ a.query_lockdown_whitelist_user options_config = a.get_zones or a.get_services or a.get_icmptypes or \ options_lockdown_whitelist or a.list_all_zones or \ a.get_zone_of_interface or a.get_zone_of_source or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.info_policy or a.get_ipsets or a.info_helper or \ a.get_helpers or a.get_policies or a.list_all_policies options_zone_and_policy_adapt_query = \ a.add_service or a.remove_service_from_zone or a.query_service or \ a.add_port or a.remove_port or a.query_port or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.add_source_port or a.remove_source_port or a.query_source_port or \ a.add_icmp_block or a.remove_icmp_block or a.query_icmp_block or \ a.add_forward_port or a.remove_forward_port or a.query_forward_port or \ a.add_rich_rule or a.remove_rich_rule or a.query_rich_rule or \ a.add_masquerade or a.remove_masquerade or a.query_masquerade or \ a.list_services or a.list_ports or a.list_protocols or \ a.list_source_ports or \ a.list_icmp_blocks or a.list_forward_ports or a.list_rich_rules or \ a.list_all or a.get_target or a.set_target options_zone_unique = \ a.add_icmp_block_inversion or a.remove_icmp_block_inversion or \ a.query_icmp_block_inversion or \ a.add_forward or a.remove_forward or a.query_forward or \ a.list_interfaces or a.change_interface or \ a.add_interface or a.remove_interface or a.query_interface or \ a.list_sources or a.change_source or \ a.add_source or a.remove_source or a.query_source options_zone_ops = options_zone_unique or options_zone_and_policy_adapt_query options_policy_unique = \ a.list_ingress_zones or a.add_ingress_zone or \ a.remove_ingress_zone or a.query_ingress_zone or \ a.list_egress_zones or a.add_egress_zone or \ a.remove_egress_zone or a.query_egress_zone or \ a.set_priority or a.get_priority options_policy_ops = options_policy_unique or options_zone_and_policy_adapt_query options_zone = a.zone or options_zone_ops or options_desc_xml_file options_policy = a.policy or options_policy_ops or options_desc_xml_file options_ipset = a.add_entry or a.remove_entry or a.query_entry or \ a.get_entries or a.add_entries_from_file or \ a.remove_entries_from_file or options_desc_xml_file options_icmptype = a.add_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file options_service = a.add_port or a.remove_port or a.query_port or \ a.get_ports or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.get_protocols or \ a.add_source_port or a.remove_source_port or \ a.query_source_port or a.get_source_ports or \ a.add_module or a.remove_module or a.query_module or \ a.get_modules or \ a.set_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file or \ a.add_include or a.remove_include or a.query_include or \ a.get_includes or \ a.add_helper or a.remove_helper or a.query_helper or \ a.get_service_helpers options_helper = a.add_port or a.remove_port or a.query_port or \ a.get_ports or a.set_module or a.get_module or \ a.set_family or a.get_family or \ options_desc_xml_file options_permanent = options_config or options_zone or options_policy or \ a.new_icmptype or a.delete_icmptype or \ a.new_icmptype_from_file or \ a.load_icmptype_defaults or \ a.new_service or a.delete_service or \ a.new_service_from_file or \ a.load_service_defaults or \ a.new_zone or a.delete_zone or \ a.new_zone_from_file or \ a.load_zone_defaults or \ a.new_policy or a.delete_policy or \ a.new_policy_from_file or \ a.load_policy_defaults or \ a.new_helper or a.delete_helper or \ a.new_helper_from_file or \ a.load_helper_defaults or \ a.new_ipset or a.delete_ipset or \ a.new_ipset_from_file or \ a.load_ipset_defaults or \ a.ipset or options_ipset or \ (a.icmptype and options_icmptype) or \ (a.service and options_service) or \ (a.helper and options_helper) or \ a.path_zone or a.path_icmptype or a.path_service or \ a.path_ipset or a.path_helper or a.path_policy options_direct = \ a.add_chain or a.remove_chain or a.query_chain or \ a.get_chains or a.get_all_chains or \ a.add_rule or a.remove_rule or a.remove_rules or a.query_rule or \ a.get_rules or a.get_all_rules or \ a.add_passthrough or a.remove_passthrough or a.query_passthrough or \ a.get_passthroughs or a.get_all_passthroughs # these are supposed to only write out some output options_list_get = a.help or a.version or a.list_all or a.list_all_zones or \ a.list_lockdown_whitelist_commands or a.list_lockdown_whitelist_contexts or \ a.list_lockdown_whitelist_uids or a.list_lockdown_whitelist_users or \ a.list_services or a.list_ports or a.list_protocols or a.list_icmp_blocks or \ a.list_forward_ports or a.list_rich_rules or a.list_interfaces or \ a.list_sources or a.get_default_zone or \ a.get_zone_of_interface or a.get_zone_of_source or a.get_zones or \ a.get_services or a.get_icmptypes or a.get_target or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.get_entries or \ a.info_helper or a.get_helpers or \ a.get_destinations or a.get_description or \ a.list_all_policies or a.info_policy or a.get_policies # Set quiet and verbose cmd.set_quiet(a.quiet) cmd.set_verbose(a.verbose) # Check various impossible combinations of options if not (options_standalone or options_ipset or \ options_lokkit or \ options_icmptype or options_service or options_helper or \ options_permanent or options_direct or options_desc_xml_file or \ a.check_config): cmd.fail(parser.format_usage() + "No option specified.") if options_lokkit and (options_standalone or \ options_permanent or options_direct) and \ not (options_service and a.service): cmd.fail(parser.format_usage() + "Can't use lokkit options with other options.") if options_standalone and (options_permanent or \ options_direct or options_ipset): cmd.fail(parser.format_usage() + "Can't use stand-alone options with other options.") if options_ipset and not options_desc_xml_file and not a.ipset: cmd.fail(parser.format_usage() + "No ipset specified.") if (options_icmptype and not a.icmptype) and \ not (options_service and a.service) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No icmptype specified.") if options_service and a.service and len(a.service) > 0: if len(a.service) > 1: cmd.fail(parser.format_usage() + "More than one service specified.") # use the first entry in the array only a.service = a.service[0] if (options_helper and not a.helper) and \ not (options_service and a.service) and \ not options_zone and not options_desc_xml_file and \ not options_policy: cmd.fail(parser.format_usage() + "No helper specified.") if options_direct and (options_zone or options_policy): cmd.fail(parser.format_usage() + "Can't use 'direct' options with other options.") if (a.direct and not options_direct) or (options_direct and not a.direct): cmd.fail(parser.format_usage() + "Wrong usage of 'direct' options.") if a.name and not (a.new_zone_from_file or a.new_service_from_file or \ a.new_ipset_from_file or a.new_icmptype_from_file or \ a.new_helper_from_file or a.new_policy_from_file): cmd.fail(parser.format_usage() + "Wrong usage of '--name' option.") if options_config and (options_zone or options_policy): cmd.fail(parser.format_usage() + "Wrong usage of --get-zones | --get-services | --get-icmptypes | --get-policies.") if a.quiet and options_list_get: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.zone and a.policy: cmd.fail(parser.format_usage() + "Can't use --zone with --policy.") if a.policy and options_zone_unique: cmd.fail(parser.format_usage() + "Can't use --policy with zone only options.") if a.zone and options_policy_unique: cmd.fail(parser.format_usage() + "Can't use --zone with policy only options.") if not a.policy and options_policy_unique: cmd.fail(parser.format_usage() + "Must use --policy with policy only options.") if a.help: __usage() sys.exit(0) assert_root() if a.system_config: config.set_system_config_paths(a.system_config) if a.default_config: config.set_default_config_paths(a.default_config) if a.check_config: try: fw = Firewall(offline=True) fw.start() check_on_disk_config(fw) except FirewallError as error: cmd.print_and_exit("Configuration error: %s" % error, error.code) except Exception as msg: cmd.fail("Configuration error: %s" % msg) sys.exit(0) zone = a.zone fw = Firewall(offline=True) fw.start() try: # Lokkit Compatibility Options if options_lokkit and not (options_service and a.service): trusted_zone = "trusted" default_zone = fw.get_default_zone() fw_zone = fw.config.get_zone(default_zone) fw_settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(fw_zone)) if a.enabled: # Enable firewall (default) os.system("systemctl enable firewalld.service") if a.disabled: # Disable firewall os.system("systemctl disable firewalld.service") if a.addmodule: for m in a.addmodule: cmd.print_msg("Ignoring addmodule '%s'" % m) if a.removemodule: for m in a.removemodule: cmd.print_msg("Ignoring removemodule '%s'" % m) if a.custom_rules: for c in a.custom_rules: cmd.print_msg("Ignoring custom-rule '%s'" % c) if a.service: for s in a.service: cmd.print_msg("Adding service '%s' to default zone." % s) if not fw_settings.queryService(s): fw_settings.addService(s) else: cmd.print_msg("ALREADY_ENABLED: %s" % s) if a.remove_service: for s in a.remove_service: cmd.print_msg("Removing service '%s' from default zone." % s) if fw_settings.queryService(s): fw_settings.removeService(s) else: cmd.print_msg("NOT_ENABLED: %s" % s) if a.port: for port_proto in a.port: (port, proto) = parse_port_lokkit(port_proto) cmd.print_msg("Adding port '%s/%s' to default zone." % (port, proto)) if not fw_settings.queryPort(port, proto): fw_settings.addPort(port, proto) else: cmd.print_msg("ALREADY_ENABLED: %s" % port_proto) if a.trust: if default_zone != trusted_zone: fw_trusted = fw.config.get_zone("trusted") fw_trusted_settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(fw_trusted)) # Bind an interface to the trusted zone for i in a.trust: cmd.print_msg("Interface '%s' will be bound to zone '%s'." % \ (i, trusted_zone)) if not fw_trusted_settings.queryInterface(i): fw_trusted_settings.addInterface(i) else: cmd.print_msg("ALREADY_ENABLED: %s" % i) fw.config.set_zone_config_dict(fw_trusted, fw_trusted_settings.getSettingsDict()) else: for i in a.trust: cmd.print_msg("Interface '%s' will be bound to zone '%s'." % \ (i, trusted_zone)) if not fw_settings.queryInterface(i): fw_settings.addInterface(i) else: cmd.print_msg("ALREADY_ENABLED: %s" % i) if a.masq: # Enables masquerading in the default zone, interface argument is ignored cmd.print_msg("Enabling masquerade for the default zone.") fw_settings.setMasquerade(True) if a.forward_port: for fp in a.forward_port: (port, protocol, toport, toaddr) = cmd.parse_forward_port( fp, compat=True) cmd.print_msg("Adding forward port %s:%s:%s:%s to default zone." % \ (port, protocol, toport, toaddr)) if not fw_settings.queryForwardPort(port, protocol, toport, toaddr): fw_settings.addForwardPort(port, protocol, toport, toaddr) else: cmd.print_msg("ALREADY_ENABLED: %s" % fp) if a.block_icmp: for ib in a.block_icmp: cmd.print_msg("Adding icmpblock '%s' to default zone." % ib) if not fw_settings.queryIcmpBlock(ib): fw_settings.addIcmpBlock(ib) else: cmd.print_msg("ALREADY_ENABLED: %s" % ib) fw.config.set_zone_config_dict(fw_zone, fw_settings.getSettingsDict()) elif a.version: cmd.print_and_exit(config.VERSION) elif a.get_log_denied: cmd.print_and_exit(fw.get_log_denied()) elif a.set_log_denied: fw.set_log_denied(a.set_log_denied) elif a.get_automatic_helpers: cmd.print_and_exit(fw.get_automatic_helpers()) elif a.set_automatic_helpers: fw.set_automatic_helpers(a.set_automatic_helpers) elif a.policy_server: pk_symlink('server') elif a.policy_desktop: pk_symlink('desktop') # options from firewall-cmd elif a.get_default_zone: cmd.print_and_exit(fw.get_default_zone()) elif a.set_default_zone: fw.set_default_zone(a.set_default_zone) # lockdown elif a.lockdown_on: fw.enable_lockdown() elif a.lockdown_off: fw.disable_lockdown() elif a.query_lockdown: cmd.print_query_result(fw.policies.query_lockdown()) # zones elif a.get_zones: zones = fw.config.get_zones() cmd.print_and_exit(" ".join(zones)) elif a.new_zone: fw.config.new_zone_dict(a.new_zone, FirewallClientZoneSettings().getSettingsDict()) elif a.new_zone_from_file: filename = os.path.basename(a.new_zone_from_file) dirname = os.path.dirname(a.new_zone_from_file) if dirname == "": dirname = "./" try: obj = zone_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load zone file '%s': %s" % \ (a.new_zone_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load zone file: %s" % msg) if a.name: obj.name = a.name fw.config.new_zone(obj.name, obj.export_config()) elif a.delete_zone: obj = fw.config.get_zone(a.delete_zone) fw.config.remove_zone(obj) elif a.load_zone_defaults: obj = fw.config.get_zone(a.load_zone_defaults) fw.config.load_zone_defaults(obj) elif a.info_zone: zone = fw.config.get_zone(a.info_zone) settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(zone)) cmd.print_zone_info(a.info_zone, settings, True) sys.exit(0) elif a.path_zone: obj = fw.config.get_zone(a.path_zone) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) # policies elif a.get_policies: policies = fw.config.get_policy_objects() cmd.print_and_exit(" ".join(policies)) elif a.new_policy: fw.config.new_policy_object_dict(a.new_policy, FirewallClientPolicySettings().getSettingsDict()) elif a.new_policy_from_file: filename = os.path.basename(a.new_policy_from_file) dirname = os.path.dirname(a.new_policy_from_file) if dirname == "": dirname = "./" try: obj = policy_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load policy file '%s': %s" % \ (a.new_policy_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load policy file: %s" % msg) if a.name: obj.name = a.name fw.config.new_policy_object_dict(obj.name, obj.export_config_dict()) elif a.delete_policy: obj = fw.config.get_policy_object(a.delete_policy) fw.config.remove_policy_object(obj) elif a.load_policy_defaults: obj = fw.config.get_policy_object(a.load_policy_defaults) fw.config.load_policy_object_defaults(obj) elif a.info_policy: policy = fw.config.get_policy_object(a.info_policy) settings = FirewallClientPolicySettings(fw.config.get_policy_object_config_dict(policy)) cmd.print_policy_info(a.info_policy, settings, True) sys.exit(0) elif a.path_policy: obj = fw.config.get_policy_object(a.path_policy) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) # services elif a.get_services: services = fw.config.get_services() cmd.print_and_exit(" ".join(services)) elif a.new_service: fw.config.new_service_dict(a.new_service, FirewallClientServiceSettings().getSettingsDict()) elif a.new_service_from_file: filename = os.path.basename(a.new_service_from_file) dirname = os.path.dirname(a.new_service_from_file) if dirname == "": dirname = "./" try: obj = service_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load service file '%s': %s" % \ (a.new_service_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load service file: %s" % msg) if a.name: obj.name = a.name fw.config.new_service_dict(obj.name, obj.export_config_dict()) elif a.delete_service: obj = fw.config.get_service(a.delete_service) fw.config.remove_service(obj) # remove service from all zones zones = fw.config.get_zones() for zone in zones: _zone = fw.config.get_zone(zone) _settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(_zone)) if _settings.queryService(a.delete_service): _settings.removeService(a.delete_service) fw.config.set_zone_config_dict(_zone, _settings.getSettingsDict()) # remove service from all policies for policy in fw.config.get_policy_objects(): _policy = fw.config.get_policy_object(policy) _settings = FirewallClientPolicySettings(fw.config.get_policy_object_config_dict(_policy)) if _settings.queryService(a.delete_service): _settings.removeService(a.delete_service) fw.config.set_policy_object_config_dict(_policy, _settings.getSettingsDict()) elif a.load_service_defaults: obj = fw.config.get_service(a.load_service_defaults) fw.config.load_service_defaults(obj) elif a.info_service: service = fw.config.get_service(a.info_service) settings = FirewallClientServiceSettings( fw.config.get_service_config_dict(service)) cmd.print_service_info(a.info_service, settings) sys.exit(0) elif a.path_service: obj = fw.config.get_service(a.path_service) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) # icmptypes elif a.get_icmptypes: icmptypes = fw.config.get_icmptypes() cmd.print_and_exit(" ".join(icmptypes)) elif a.new_icmptype: fw.config.new_icmptype(a.new_icmptype, FirewallClientIcmpTypeSettings().settings) elif a.new_icmptype_from_file: filename = os.path.basename(a.new_icmptype_from_file) dirname = os.path.dirname(a.new_icmptype_from_file) if dirname == "": dirname = "./" try: obj = icmptype_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load icmptype file '%s': %s" % \ (a.new_icmptype_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load icmptype file: %s" % msg) if a.name: obj.name = a.name fw.config.new_icmptype(obj.name, obj.export_config()) elif a.delete_icmptype: obj = fw.config.get_icmptype(a.delete_icmptype) fw.config.remove_icmptype(obj) # remove icmpyte from all zones zones = fw.config.get_zones() for zone in zones: _zone = fw.config.get_zone(zone) _settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(_zone)) if _settings.queryIcmpBlock(a.delete_icmptype): _settings.removeIcmpBlock(a.delete_icmptype) fw.config.set_zone_config_dict(_zone, _settings.getSettingsDict()) for policy in fw.config.get_policy_objects(): _policy = fw.config.get_policy_object(policy) _settings = FirewallClientPolicySettings(fw.config.get_policy_object_config_dict(_policy)) if _settings.queryIcmpBlock(a.delete_icmptype): _settings.removeIcmpBlock(a.delete_icmptype) fw.config.set_policy_object_config_dict(_policy, _settings.getSettingsDict()) elif a.load_icmptype_defaults: obj = fw.config.get_icmptype(a.load_icmptype_defaults) fw.config.load_icmptype_defaults(obj) elif a.info_icmptype: icmptype = fw.config.get_icmptype(a.info_icmptype) settings = FirewallClientIcmpTypeSettings( list(fw.config.get_icmptype_config(icmptype))) cmd.print_icmptype_info(a.info_icmptype, settings) sys.exit(0) elif a.path_icmptype: obj = fw.config.get_icmptype(a.path_icmptype) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) elif a.icmptype and options_icmptype: icmptype = fw.config.get_icmptype(a.icmptype) settings = FirewallClientIcmpTypeSettings( list(fw.config.get_icmptype_config(icmptype))) if a.add_destination: cmd.add_sequence(a.add_destination, settings.addDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") fw.config.set_icmptype_config(icmptype, settings.settings) elif a.remove_destination: cmd.remove_sequence(a.remove_destination, settings.removeDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") fw.config.set_icmptype_config(icmptype, settings.settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.check_destination_ipv , "'%s'") elif a.get_destinations: l = settings.getDestinations() if len(l) == 0: l = [ "ipv4", "ipv6" ] cmd.print_and_exit("\n".join(l)) elif a.set_description: settings.setDescription(a.set_description) fw.config.set_icmptype_config(icmptype, settings.settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) fw.config.set_icmptype_config(icmptype, settings.settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") cmd.print_and_exit("success") elif a.service and options_service: service = fw.config.get_service(a.service) settings = FirewallClientServiceSettings( fw.config.get_service_config_dict(service)) if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") elif a.get_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.get_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_module: cmd.add_sequence(a.add_module, settings.addModule, settings.queryModule, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_module: cmd.remove_sequence(a.remove_module, settings.removeModule, settings.queryModule, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_module: cmd.query_sequence(a.query_module, settings.queryModule, None, "'%s'") elif a.get_modules: l = settings.getModules() cmd.print_and_exit(" ".join(["%s" % module for module in l])) elif a.set_destination: cmd.add_sequence(a.set_destination, settings.setDestination, settings.queryDestination, cmd.parse_service_destination, "%s:%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_destination: # special case for removeDestination: Only ipv, no address for ipv in a.remove_destination: cmd.check_destination_ipv(ipv) if ipv not in settings.getDestinations(): if len(a.remove_destination) > 1: cmd.print_warning("Warning: NOT_ENABLED: '%s'" % ipv) else: code = FirewallError.get_code("NOT_ENABLED") cmd.print_and_exit("Error: NOT_ENABLED: '%s'" % ipv, code) else: settings.removeDestination(ipv) fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.parse_service_destination, "'%s'") elif a.get_destinations: l = settings.getDestinations() cmd.print_and_exit(" ".join(["%s:%s" % (dest[0], dest[1]) for dest in l.items()])) elif a.add_include: cmd.add_sequence(a.add_include, settings.addInclude, settings.queryInclude, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_include: cmd.remove_sequence(a.remove_include, settings.removeInclude, settings.queryInclude, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_include: cmd.query_sequence(a.query_include, settings.queryInclude, None, "'%s'") elif a.get_includes: l = settings.getIncludes() cmd.print_and_exit(" ".join(["%s" % include for include in sorted(l)])) elif a.add_helper: cmd.add_sequence(a.add_helper, settings.addHelper, settings.queryHelper, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_helper: cmd.remove_sequence(a.remove_helper, settings.removeHelper, settings.queryHelper, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_helper: cmd.query_sequence(a.query_helper, settings.queryHelper, None, "'%s'") elif a.get_service_helpers: l = settings.getHelpers() cmd.print_and_exit(" ".join(["%s" % helper for helper in sorted(l)])) elif a.set_description: settings.setDescription(a.set_description) fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") cmd.print_and_exit("success") # ipsets if a.get_ipsets: ipsets = fw.config.get_ipsets() cmd.print_and_exit(" ".join(sorted(ipsets))) elif a.new_ipset: if not a.type: cmd.fail(parser.format_usage() + "No type specified.") if a.type=='hash:mac' and a.family: cmd.fail(parser.format_usage() + "--family is not compatible with the hash:mac type") settings = FirewallClientIPSetSettings() settings.setType(a.type) if a.option: for opt in a.option: settings.addOption(*cmd.parse_ipset_option(opt)) fw.config.new_ipset(a.new_ipset, settings.settings) elif a.new_ipset_from_file: filename = os.path.basename(a.new_ipset_from_file) dirname = os.path.dirname(a.new_ipset_from_file) if dirname == "": dirname = "./" try: obj = ipset_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load ipset file '%s': %s" % \ (a.new_ipset_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load ipset file: %s" % msg) if a.name: obj.name = a.name fw.config.new_ipset(obj.name, obj.export_config()) elif a.delete_ipset: ipset = fw.config.get_ipset(a.delete_ipset) fw.config.remove_ipset(ipset) elif a.load_ipset_defaults: obj = fw.config.get_ipset(a.load_ipset_defaults) fw.config.load_ipset_defaults(obj) elif a.info_ipset: ipset = fw.config.get_ipset(a.info_ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.print_ipset_info(a.info_ipset, settings) sys.exit(0) elif a.path_ipset: obj = fw.config.get_ipset(a.path_ipset) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) elif a.ipset: if a.add_entry: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.add_sequence(a.add_entry, settings.addEntry, settings.queryEntry, None, "'%s'") fw.config.set_ipset_config(ipset, settings.settings) elif a.remove_entry: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.remove_sequence(a.remove_entry, settings.removeEntry, settings.queryEntry, None, "'%s'") fw.config.set_ipset_config(ipset, settings.settings) elif a.query_entry: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.query_sequence(a.query_entry, settings.queryEntry, None, "'%s'") elif a.get_entries: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) l = settings.getEntries() cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose( "Warning: ALREADY_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: fw.config.set_ipset_config(ipset, settings.settings) elif a.remove_entries_from_file: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % \ entry) if changed: settings.setEntries(old_entries) if changed: fw.config.set_ipset_config(ipset, settings.settings) elif a.set_description: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) settings.setDescription(a.set_description) fw.config.set_ipset_config(ipset, settings.settings) elif a.get_description: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.print_and_exit(settings.getDescription()) elif a.set_short: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) settings.setShort(a.set_short) fw.config.set_ipset_config(ipset, settings.settings) elif a.get_short: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") cmd.print_and_exit("success") # helper elif a.get_helpers: cmd.print_and_exit(" ".join(sorted(fw.config.get_helpers()))) elif a.new_helper: if not a.module: cmd.fail(parser.format_usage() + "No module specified.") settings = FirewallClientHelperSettings() settings.setModule(a.module) if a.family: settings.setFamily(a.family) fw.config.new_helper(a.new_helper, settings.settings) elif a.new_helper_from_file: filename = os.path.basename(a.new_helper_from_file) dirname = os.path.dirname(a.new_helper_from_file) if dirname == "": dirname = "./" try: obj = helper_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load helper file '%s': %s" % \ (a.new_helper_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load helper file: %s" % msg) if a.name: obj.name = a.name fw.config.new_helper(obj.name, obj.export_config()) elif a.delete_helper: obj = fw.config.get_helper(a.delete_helper) fw.config.remove_helper(obj) elif a.load_helper_defaults: obj = fw.config.get_helper(a.load_helper_defaults) fw.config.load_helper_defaults(obj) elif a.info_helper: obj = fw.config.get_helper(a.info_helper) settings = FirewallClientHelperSettings( list(fw.config.get_helper_config(obj))) cmd.print_helper_info(a.info_helper, settings) sys.exit(0) elif a.path_helper: obj = fw.config.get_helper(a.path_helper) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) elif a.helper: obj = fw.config.get_helper(a.helper) settings = FirewallClientHelperSettings( list(fw.config.get_helper_config(obj))) if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_helper_config(obj, settings.settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_helper_config(obj, settings.settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.get_module: cmd.print_and_exit(settings.getModule()) elif a.set_module: settings.setModule(cmd.check_module(a.set_module)) fw.config.set_helper_config(obj, settings.settings) elif a.get_family: cmd.print_and_exit(settings.getFamily()) elif a.set_family: settings.setFamily(cmd.check_helper_family(a.set_family[0])) fw.config.set_helper_config(obj, settings.settings) elif a.set_description: settings.setDescription(a.set_description) fw.config.set_helper_config(obj, settings.settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) fw.config.set_helper_config(obj, settings.settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") # lockdown whitelist elif options_lockdown_whitelist: whitelist = fw.config.get_policies().lockdown_whitelist # commands if a.list_lockdown_whitelist_commands: l = whitelist.get_commands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, whitelist.add_command, whitelist.has_command, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, whitelist.remove_command, whitelist.has_command, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, whitelist.has_command, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = whitelist.get_contexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, whitelist.add_context, whitelist.has_context, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, whitelist.remove_context, whitelist.has_context, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, whitelist.has_context, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = whitelist.get_uids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid: cmd.add_sequence(a.add_lockdown_whitelist_uid, whitelist.add_uid, whitelist.has_uid, None, "'%s'") elif a.remove_lockdown_whitelist_uid: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, whitelist.remove_uid, whitelist.has_uid, None, "'%s'") elif a.query_lockdown_whitelist_uid: cmd.query_sequence(a.query_lockdown_whitelist_uid, whitelist.has_uid, None, "'%s'") # users elif a.list_lockdown_whitelist_users: l = whitelist.get_users() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, whitelist.add_user, whitelist.has_user, None, "'%s'") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, whitelist.remove_user, whitelist.has_user, None, "'%s'") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, whitelist.has_user, None, "'%s'") # apply whitelist changes whitelist.write() elif options_direct: obj = fw.config.get_direct() if a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --direct --add-passthrough { ipv4 | ipv6 | eb } ") cmd.print_msg( obj.add_passthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1]))) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --direct --remove-passthrough { ipv4 | ipv6 | eb } ") obj.remove_passthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --direct --query-passthrough { ipv4 | ipv6 | eb } ") cmd.print_query_result( obj.query_passthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) sys.exit(0) elif a.get_passthroughs: rules = obj.get_passthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: rules = obj.get_all_passthroughs() for ipv in rules: for rule in rules[ipv]: cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: obj.add_chain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: obj.remove_chain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result( obj.query_chain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) sys.exit(0) elif a.get_chains: cmd.print_and_exit( " ".join(obj.get_chains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) sys.exit(0) elif a.get_all_chains: chains = obj.get_all_chains() for (ipv, table) in chains: for chain in chains[(ipv, table)]: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("wrong priority\nusage: --direct --add-rule { ipv4 | ipv6 | eb }
") obj.add_rule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") obj.remove_rule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --direct --remove-rules { ipv4 | ipv6 | eb }
") obj.remove_rules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") cmd.print_query_result( obj.query_rule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) sys.exit(0) elif a.get_rules: rules = obj.get_rules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = obj.get_all_rules() for (ipv, table, chain) in rules: for (priority, rule) in rules[(ipv, table, chain)]: cmd.print_msg("%s %s %s %d %s" % \ (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) obj.write() # list everything elif a.list_all_policies: policies = fw.config.get_policy_objects() for policy in policies: fw_policy = fw.config.get_policy_object(policy) fw_settings = FirewallClientPolicySettings(fw.config.get_policy_object_config_dict(fw_policy)) cmd.print_policy_info(policy, fw_settings) cmd.print_msg("") sys.exit(0) elif a.policy: fw_policy = fw.config.get_policy_object(a.policy) fw_settings = FirewallClientPolicySettings(fw.config.get_policy_object_config_dict(fw_policy)) # ingress zones if a.list_ingress_zones: l = fw_settings.getIngressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_ingress_zone: cmd.add_sequence(a.add_ingress_zone, fw_settings.addIngressZone, fw_settings.queryIngressZone, None, "'%s'") elif a.remove_ingress_zone: cmd.remove_sequence(a.remove_ingress_zone, fw_settings.removeIngressZone, fw_settings.queryIngressZone, None, "'%s'") elif a.query_ingress_zone: cmd.query_sequence(a.query_ingress_zone, fw_settings.queryIngressZone, None, "'%s'") # egress zones if a.list_egress_zones: l = fw_settings.getEgressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_egress_zone: cmd.add_sequence(a.add_egress_zone, fw_settings.addEgressZone, fw_settings.queryEgressZone, None, "'%s'") elif a.remove_egress_zone: cmd.remove_sequence(a.remove_egress_zone, fw_settings.removeEgressZone, fw_settings.queryEgressZone, None, "'%s'") elif a.query_egress_zone: cmd.query_sequence(a.query_egress_zone, fw_settings.queryEgressZone, None, "'%s'") # priority elif a.get_priority: cmd.print_and_exit(str(fw_settings.getPriority())) elif a.set_priority: fw_settings.setPriority(a.set_priority) # rich rules if a.list_rich_rules: l = fw_settings.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, fw_settings.addRichRule, fw_settings.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, fw_settings.removeRichRule, fw_settings.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, fw_settings.queryRichRule, None, "'%s'") # service if a.list_services: l = fw_settings.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, fw_settings.addService, fw_settings.queryService, None, "'%s'") elif a.remove_service_from_policy: cmd.remove_sequence(a.remove_service_from_policy, fw_settings.removeService, fw_settings.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, fw_settings.queryService, None, "'%s'") # port elif a.list_ports: l = fw_settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.add_sequence(a.add_port, fw_settings.addPort, fw_settings.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, fw_settings.removePort, fw_settings.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, fw_settings.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = fw_settings.getProtocols() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_protocol: cmd.add_sequence(a.add_protocol, fw_settings.addProtocol, fw_settings.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, fw_settings.removeProtocol, fw_settings.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, fw_settings.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw_settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, fw_settings.addSourcePort, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, fw_settings.removeSourcePort, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") # masquerade elif a.add_masquerade: fw_settings.setMasquerade(True) elif a.remove_masquerade: fw_settings.setMasquerade(False) elif a.query_masquerade: cmd.print_query_result(fw_settings.getMasquerade()) # forward port elif a.list_forward_ports: l = fw_settings.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (_port, _protocol, _toport, _toaddr) for (_port, _protocol, _toport, _toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, fw_settings.addForwardPort, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, fw_settings.removeForwardPort, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = fw_settings.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, fw_settings.addIcmpBlock, fw_settings.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, fw_settings.removeIcmpBlock, fw_settings.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, fw_settings.queryIcmpBlock, None, "'%s'") # policy target elif a.get_target: cmd.print_and_exit(fw_settings.getTarget()) elif a.set_target: fw_settings.setTarget(a.set_target) # list all policy settings elif a.list_all: cmd.print_policy_info(a.policy, fw_settings) sys.exit(0) elif a.set_description: fw_settings.setDescription(a.set_description) elif a.get_description: cmd.print_and_exit(fw_settings.getDescription()) elif a.set_short: fw_settings.setShort(a.set_short) elif a.get_short: cmd.print_and_exit(fw_settings.getShort()) fw.config.set_policy_object_config_dict(fw_policy, fw_settings.getSettingsDict()) cmd.print_and_exit("success") else: if zone == "": zone = fw.get_default_zone() fw_zone = fw.config.get_zone(zone) fw_settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(fw_zone)) # interface if a.list_interfaces: l = fw_settings.getInterfaces() cmd.print_and_exit(" ".join(l)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: ret = [ ] for zone in fw.config.get_zones(): obj = fw.config.get_zone(zone) if interface in obj.interfaces: ret.append(obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same interface is in several zone XML files cmd.print_warning(" ".join(ret) + " (ERROR: interface '%s' is in %s zone XML files, can be only in one)" % (interface, len(ret))) if len(ret) == 1: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, ret[0])) else: cmd.print_and_exit(ret[0]) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.print_and_exit("no zone", 2) elif a.change_interface: for interface in a.change_interface: for old_zone in fw.config.get_zones(): old_zone_obj = fw.config.get_zone(old_zone) if interface in old_zone_obj.interfaces: if old_zone_obj.name != zone: old_zone_settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(old_zone_obj)) old_zone_settings.removeInterface(interface) # remove from old fw.config.set_zone_config_dict(old_zone_obj, old_zone_settings.getSettingsDict()) fw_settings.addInterface(interface) # add to new elif a.add_interface: cmd.add_sequence(a.add_interface, fw_settings.addInterface, fw_settings.queryInterface, None, "'%s'") elif a.remove_interface: cmd.remove_sequence(a.remove_interface, fw_settings.removeInterface, fw_settings.queryInterface, None, "'%s'") elif a.query_interface: cmd.query_sequence(a.query_interface, fw_settings.queryInterface, None, "'%s'") # source if a.list_sources: sources = fw_settings.getSources() cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: ret = [ ] for zone in fw.config.get_zones(): obj = fw.config.get_zone(zone) if source in obj.sources: ret.append(obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same source is in several zone XML files cmd.print_warning(" ".join(ret) + " (ERROR: source '%s' is in %s zone XML files, can be only in one)" % (source, len(ret))) if len(ret) == 1: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, ret[0])) else: cmd.print_and_exit(ret[0]) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.print_and_exit("no zone", 2) elif a.change_source: for source in a.change_source: for old_zone in fw.config.get_zones(): old_zone_obj = fw.config.get_zone(old_zone) if source in old_zone_obj.sources: if old_zone_obj.name != zone: old_zone_settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(old_zone_obj)) old_zone_settings.removeSource(source) # remove from old fw.config.set_zone_config_dict(old_zone_obj, old_zone_settings.getSettingsDict()) fw_settings.addSource(source) # add to new elif a.add_source: cmd.add_sequence(a.add_source, fw_settings.addSource, fw_settings.querySource, None, "'%s'") elif a.remove_source: cmd.remove_sequence(a.remove_source, fw_settings.removeSource, fw_settings.querySource, None, "'%s'") elif a.query_source: cmd.query_sequence(a.query_source, fw_settings.querySource, None, "'%s'") # rich rules if a.list_rich_rules: l = fw_settings.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, fw_settings.addRichRule, fw_settings.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, fw_settings.removeRichRule, fw_settings.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, fw_settings.queryRichRule, None, "'%s'") # service if a.list_services: l = fw_settings.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, fw_settings.addService, fw_settings.queryService, None, "'%s'") elif a.remove_service_from_zone: cmd.remove_sequence(a.remove_service_from_zone, fw_settings.removeService, fw_settings.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, fw_settings.queryService, None, "'%s'") # port elif a.list_ports: l = fw_settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.add_sequence(a.add_port, fw_settings.addPort, fw_settings.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, fw_settings.removePort, fw_settings.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, fw_settings.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = fw_settings.getProtocols() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_protocol: cmd.add_sequence(a.add_protocol, fw_settings.addProtocol, fw_settings.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, fw_settings.removeProtocol, fw_settings.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, fw_settings.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw_settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, fw_settings.addSourcePort, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, fw_settings.removeSourcePort, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") # forward elif a.add_forward: fw_settings.setForward(True) elif a.remove_forward: fw_settings.setForward(False) elif a.query_forward: cmd.print_query_result(fw_settings.getForward()) # masquerade elif a.add_masquerade: fw_settings.setMasquerade(True) elif a.remove_masquerade: fw_settings.setMasquerade(False) elif a.query_masquerade: cmd.print_query_result(fw_settings.getMasquerade()) # forward port elif a.list_forward_ports: l = fw_settings.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (_port, _protocol, _toport, _toaddr) for (_port, _protocol, _toport, _toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, fw_settings.addForwardPort, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, fw_settings.removeForwardPort, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = fw_settings.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, fw_settings.addIcmpBlock, fw_settings.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, fw_settings.removeIcmpBlock, fw_settings.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, fw_settings.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw_settings.addIcmpBlockInversion() elif a.remove_icmp_block_inversion: fw_settings.removeIcmpBlockInversion() elif a.query_icmp_block_inversion: cmd.print_query_result(fw_settings.queryIcmpBlockInversion()) # zone target elif a.get_target: cmd.print_and_exit(fw_settings.getTarget()) elif a.set_target: fw_settings.setTarget(a.set_target) # list all zone settings elif a.list_all: cmd.print_zone_info(zone if zone else fw.get_default_zone(), fw_settings) sys.exit(0) # list everything elif a.list_all_zones: zones = fw.config.get_zones() for zone in zones: fw_zone = fw.config.get_zone(zone) fw_settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(fw_zone)) cmd.print_zone_info(zone, fw_settings) cmd.print_msg("") sys.exit(0) elif a.set_description: fw_settings.setDescription(a.set_description) elif a.get_description: cmd.print_and_exit(fw_settings.getDescription()) elif a.set_short: fw_settings.setShort(a.set_short) elif a.get_short: cmd.print_and_exit(fw_settings.getShort()) fw.config.set_zone_config_dict(fw_zone, fw_settings.getSettingsDict()) cmd.print_and_exit("success") except FirewallError as msg: cmd.print_and_exit("%s" % msg, msg.code) except Exception as msg: cmd.fail("%s" % msg) else: cmd.print_and_exit("success") firewalld-1.1.1/src/firewall-config0000755000000000000000000121226214217353157017264 0ustar00rootroot00000000000000#!/usr/bin/python3 # -*- coding: utf-8 -*- # # Copyright (C) 2011-2015 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import sys import string import gi try: gi.require_version('Gtk', '3.0') from gi.repository import Gtk, Gdk, Pango, Gio Gtk.init(sys.argv) except RuntimeError as e: print("firewall-config: %s" % e) print("This is a graphical application and requires DISPLAY to be set.") sys.exit(1) from gi.repository import GObject, GLib sys.modules['gobject'] = GObject import os datadir = None if os.getenv("FIREWALLD_DEVEL_ENV") is not None: datadir = os.getenv("FIREWALLD_DEVEL_ENV") sys.path.insert(0, datadir) from dbus.exceptions import DBusException from firewall import config from firewall import client from firewall import functions from firewall.core.base import DEFAULT_ZONE_TARGET, REJECT_TYPES, \ SOURCE_IPSET_TYPES from firewall.core.ipset import IPSET_MAXNAMELEN from firewall.core.helper import HELPER_MAXNAMELEN from firewall.core.io.zone import Zone from firewall.core.io.service import Service from firewall.core.io.icmptype import IcmpType from firewall.core.io.ipset import IPSet from firewall.core.io.helper import Helper from firewall.core import rich from firewall.core.fw_nm import nm_is_imported, nm_get_dbus_interface, \ nm_get_connections, nm_get_zone_of_connection, \ nm_set_zone_of_connection from firewall import errors from firewall.errors import FirewallError import gettext gettext.textdomain(config.DOMAIN) _ = gettext.gettext if not datadir: datadir = config.DATADIR sys.path.insert(0, datadir) from gtk3_chooserbutton import ChooserButton from gtk3_niceexpander import NiceExpander def escape(text): text = text.replace('&', '&') text = text.replace('>', '>') text = text.replace('<', '<') return text FIREWALL_CONFIG_SCHEMA = "org.fedoraproject.FirewallConfig" class FirewallConfig(object): def __init__(self): builder = Gtk.Builder() builder.set_translation_domain("firewalld") builder.add_from_file("%s/%s" % (datadir, config.CONFIG_GLADE_NAME)) builder.connect_signals(self) self.connected_label = _("Connection to firewalld established.") self.trying_to_connect_label = \ _("Trying to connect to firewalld, waiting...") self.failed_to_connect_label = \ _("Failed to connect to firewalld. Please make sure that the " "service has been started correctly and try again.") self.changes_applied_label = _("Changes applied.") self.used_by_label = _("Used by network connection '%s'") self.default_zone_used_by_label = _("Default zone used by network " "connection '%s'") self.enabled = _("enabled") self.disabled = _("disabled") self.settings = Gio.Settings.new(FIREWALL_CONFIG_SCHEMA) self.modified_timer = None self.connection_timer = None self.zone_connection_editors = { } self.zone_interface_editors = { } self.zone_source_editors = { } self.default_zone = "" self.nf_conntrack_helpers = { } # point to the visible dialogs self.visible_dialogs = [ ] self.connection_lost = False # get icon and logo (foo, width, height) = Gtk.icon_size_lookup(Gtk.IconSize.BUTTON) size = min(width, height) self.icon_theme = Gtk.IconTheme.get_default() try: self.icon = self.icon_theme.load_icon(config.CONFIG_NAME, size, 0) self.logo = self.icon_theme.load_icon(config.CONFIG_NAME, 48, 0) except: print(_("Failed to load icons.")) self.icon = self.logo = None # get widgets self.mainWindow = builder.get_object("mainWindow") self.mainWindow.set_icon(self.icon) self.mainOverlay = builder.get_object("mainOverlay") self.mainPaned = builder.get_object("mainPaned") self.statusLabel = builder.get_object("statusLabel") self.modifiedLabel = builder.get_object("modifiedLabel") self.lockdownLabel = builder.get_object("lockdownLabel") self.panicLabel = builder.get_object("panicLabel") self.waitingWindow = builder.get_object("waitingWindow") self.waitingWindowLabel = builder.get_object("waitingWindowLabel") self.waitingWindowSpinner = builder.get_object("waitingWindowSpinner") self.waitingWindowQuitButton = \ builder.get_object("waitingWindowQuitButton") self.mainOverlay.add_overlay(self.waitingWindow) self.waitingWindow.set_valign(Gtk.Align.CENTER) self.waitingWindow.set_halign(Gtk.Align.CENTER) self.mainNotebook = builder.get_object("mainNotebook") self.ipsetsBox = builder.get_object("ipsetsBox") self.ipsetsMenuitem = builder.get_object("ipsetsMenuitem") self.icmpTypesBox = builder.get_object("icmpTypesBox") self.icmpTypesMenuitem = builder.get_object("icmpTypesMenuitem") self.helpersBox = builder.get_object("helpersBox") self.helpersMenuitem = builder.get_object("helpersMenuitem") self.directBox = builder.get_object("directBox") self.directMenuitem = builder.get_object("directMenuitem") self.lockdownWhitelistBox = builder.get_object("lockdownWhitelistBox") self.lockdownWhitelistMenuitem = \ builder.get_object("lockdownWhitelistMenuitem") self.activeBindingsMenuitem = \ builder.get_object("activeBindingsMenuitem") self.changeZonesConnectionMenuitem = \ builder.get_object("changeZonesConnectionMenuitem") self.left_menu = Gtk.Menu.new() self.left_menu.set_reserve_toggle_size(False) self.changeZonesConnectionMenuitem.set_submenu(self.left_menu) self.changeZonesConnectionMenuitem.connect( "activate", self.left_menu_cb, self.left_menu) self.active_zones = { } self.panicMenuitem = builder.get_object("panicMenuitem") self.panic_check_id = \ self.panicMenuitem.connect_after("toggled", self.panic_check_cb) self.lockdownMenuitem = builder.get_object("lockdownMenuitem") self.lockdown_check_id = \ self.lockdownMenuitem.connect_after("toggled", self.lockdown_check_cb) self.lockdownContextView = builder.get_object("lockdownContextView") self.lockdownContextStore = Gtk.ListStore(GObject.TYPE_STRING) self.lockdownContextView.append_column( Gtk.TreeViewColumn(_("Context"), Gtk.CellRendererText(), text=0)) self.lockdownContextView.set_model(self.lockdownContextStore) self.lockdownContextView.get_selection().connect( \ "changed", self.change_lockdown_context_selection_cb) self.editLockdownContextButton = \ builder.get_object("editLockdownContextButton") self.removeLockdownContextButton = \ builder.get_object("removeLockdownContextButton") self.contextDialog = builder.get_object("contextDialog") self.contextDialogOkButton = builder.get_object("contextDialogOkButton") self.contextDialogCancelButton = \ builder.get_object("contextDialogCancelButton") self.contextDialogContextEntry = \ builder.get_object("contextDialogContextEntry") self.lockdownCommandView = builder.get_object("lockdownCommandView") self.lockdownCommandStore = Gtk.ListStore(GObject.TYPE_STRING) self.lockdownCommandView.append_column( Gtk.TreeViewColumn(_("Command line"), Gtk.CellRendererText(), text=0)) self.lockdownCommandView.set_model(self.lockdownCommandStore) self.lockdownCommandView.get_selection().connect( \ "changed", self.change_lockdown_command_selection_cb) self.editLockdownCommandButton = \ builder.get_object("editLockdownCommandButton") self.removeLockdownCommandButton = \ builder.get_object("removeLockdownCommandButton") self.commandDialog = builder.get_object("commandDialog") self.commandDialogOkButton = builder.get_object("commandDialogOkButton") self.commandDialogCancelButton = \ builder.get_object("commandDialogCancelButton") self.commandDialogCommandEntry = \ builder.get_object("commandDialogCommandEntry") self.lockdownUserView = builder.get_object("lockdownUserView") self.lockdownUserStore = Gtk.ListStore(GObject.TYPE_STRING) self.lockdownUserView.append_column( Gtk.TreeViewColumn(_("User name"), Gtk.CellRendererText(), text=0)) self.lockdownUserView.set_model(self.lockdownUserStore) self.lockdownUserView.get_selection().connect( \ "changed", self.change_lockdown_user_selection_cb) self.editLockdownUserButton = \ builder.get_object("editLockdownUserButton") self.removeLockdownUserButton = \ builder.get_object("removeLockdownUserButton") self.userDialog = builder.get_object("userDialog") self.userDialogOkButton = builder.get_object("userDialogOkButton") self.userDialogCancelButton = \ builder.get_object("userDialogCancelButton") self.userDialogUserEntry = \ builder.get_object("userDialogUserEntry") self.lockdownUidView = builder.get_object("lockdownUidView") self.lockdownUidStore = Gtk.ListStore(GObject.TYPE_INT) self.lockdownUidView.append_column( Gtk.TreeViewColumn(_("User id"), Gtk.CellRendererText(), text=0)) self.lockdownUidView.set_model(self.lockdownUidStore) self.lockdownUidView.get_selection().connect( \ "changed", self.change_lockdown_uid_selection_cb) self.editLockdownUidButton = \ builder.get_object("editLockdownUidButton") self.removeLockdownUidButton = \ builder.get_object("removeLockdownUidButton") self.uidDialog = builder.get_object("uidDialog") self.uidDialogOkButton = builder.get_object("uidDialogOkButton") self.uidDialogCancelButton = \ builder.get_object("uidDialogCancelButton") self.uidDialogUidEntry = \ builder.get_object("uidDialogUidEntry") self.serviceConfServicesEditBox = \ builder.get_object("serviceConfServicesEditBox") self.serviceConfPortBox = \ builder.get_object("serviceConfPortBox") self.serviceConfProtocolBox = \ builder.get_object("serviceConfProtocolBox") self.serviceConfSourcePortBox = \ builder.get_object("serviceConfSourcePortBox") self.serviceConfModuleBox = \ builder.get_object("serviceConfModuleBox") self.serviceConfDestinationGrid = \ builder.get_object("serviceConfDestinationGrid") self.icmpDialogIcmpEditBox = \ builder.get_object("icmpDialogIcmpEditBox") self.directChainView = builder.get_object("directChainView") self.directChainStore = Gtk.ListStore(GObject.TYPE_STRING, # ipv GObject.TYPE_STRING, # table GObject.TYPE_STRING) # chain self.directChainView.append_column( Gtk.TreeViewColumn("ipv", Gtk.CellRendererText(), text=0)) self.directChainView.append_column( Gtk.TreeViewColumn(_("Table"), Gtk.CellRendererText(), text=1)) self.directChainView.append_column( Gtk.TreeViewColumn(_("Chain"), Gtk.CellRendererText(), text=2)) self.directChainView.set_model(self.directChainStore) self.directChainView.get_selection().connect( \ "changed", self.change_chain_selection_cb) self.editDirectChainButton = \ builder.get_object("editDirectChainButton") self.removeDirectChainButton = \ builder.get_object("removeDirectChainButton") self.directChainDialog = builder.get_object("directChainDialog") self.directChainDialogOkButton = \ builder.get_object("directChainDialogOkButton") self.directChainDialogCancelButton = \ builder.get_object("directChainDialogCancelButton") self.directChainDialogIPVCombobox = \ builder.get_object("directChainDialogIPVCombobox") self.directChainDialogTableCombobox = \ builder.get_object("directChainDialogTableCombobox") self.directChainDialogChainEntry = \ builder.get_object("directChainDialogChainEntry") self.directRuleView = builder.get_object("directRuleView") self.directRuleStore = Gtk.ListStore(GObject.TYPE_STRING, # ipv GObject.TYPE_STRING, # table GObject.TYPE_STRING, # chain GObject.TYPE_INT, # priority GObject.TYPE_STRING) # args self.directRuleView.append_column( Gtk.TreeViewColumn("ipv", Gtk.CellRendererText(), text=0)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Table"), Gtk.CellRendererText(), text=1)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Chain"), Gtk.CellRendererText(), text=2)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Priority"), Gtk.CellRendererText(), text=3)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Args"), Gtk.CellRendererText(), text=4)) self.directRuleView.set_model(self.directRuleStore) self.directRuleView.get_selection().connect( \ "changed", self.change_rule_selection_cb) self.editDirectRuleButton = \ builder.get_object("editDirectRuleButton") self.removeDirectRuleButton = \ builder.get_object("removeDirectRuleButton") self.directRuleDialog = builder.get_object("directRuleDialog") self.directRuleDialogOkButton = \ builder.get_object("directRuleDialogOkButton") self.directRuleDialogCancelButton = \ builder.get_object("directRuleDialogCancelButton") self.directRuleDialogIPVCombobox = \ builder.get_object("directRuleDialogIPVCombobox") self.directRuleDialogTableCombobox = \ builder.get_object("directRuleDialogTableCombobox") self.directRuleDialogChainEntry = \ builder.get_object("directRuleDialogChainEntry") self.directRuleDialogPrioritySpinbutton = \ builder.get_object("directRuleDialogPrioritySpinbutton") self.directRuleDialogArgsEntry = \ builder.get_object("directRuleDialogArgsEntry") self.directPassthroughBox = builder.get_object("directPassthroughBox") self.directPassthroughView = builder.get_object("directPassthroughView") self.directPassthroughStore = Gtk.ListStore( GObject.TYPE_STRING, # ipv GObject.TYPE_STRING) # passthrough self.directPassthroughView.append_column( Gtk.TreeViewColumn("ipv", Gtk.CellRendererText(), text=0)) self.directPassthroughView.append_column( Gtk.TreeViewColumn(_("Args"), Gtk.CellRendererText(), text=1)) self.directPassthroughView.set_model(self.directPassthroughStore) self.directPassthroughView.get_selection().connect( \ "changed", self.change_passthrough_selection_cb) self.editDirectPassthroughButton = \ builder.get_object("editDirectPassthroughButton") self.removeDirectPassthroughButton = \ builder.get_object("removeDirectPassthroughButton") self.directPassthroughDialog = \ builder.get_object("directPassthroughDialog") self.directPassthroughDialogOkButton = \ builder.get_object("directPassthroughDialogOkButton") self.directPassthroughDialogCancelButton = \ builder.get_object("directPassthroughDialogCancelButton") self.directPassthroughDialogIPVCombobox = \ builder.get_object("directPassthroughDialogIPVCombobox") self.directPassthroughDialogArgsEntry = \ builder.get_object("directPassthroughDialogArgsEntry") self.mainVBox = builder.get_object("mainVBox") self.optionsMenuitem = builder.get_object("optionsMenuitem") self.viewMenuitem = builder.get_object("viewMenuitem") self.aboutDialog = builder.get_object("aboutDialog") self.aboutDialog.set_program_name(config.CONFIG_NAME) self.aboutDialog.set_version(config.VERSION) self.aboutDialog.set_authors(config.AUTHORS) self.aboutDialog.set_license(config.LICENSE) self.aboutDialog.set_wrap_license(True) self.aboutDialog.set_copyright(config.COPYRIGHT) self.aboutDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.aboutDialog.set_transient_for(self.mainWindow) self.aboutDialog.set_modal(True) self.aboutDialog.set_icon(self.icon) self.aboutDialog.set_logo(self.logo) self.aboutDialog.set_website(config.WEBSITE) self.currentViewCombobox = builder.get_object("currentViewCombobox") self.currentViewCombobox.append_text(_("Runtime")) self.currentViewCombobox.append_text(_("Permanent")) self.runtime_view = True self.zoneView = builder.get_object("zoneView") self.zoneStore = Gtk.ListStore(GObject.TYPE_STRING, # name GObject.TYPE_INT) # weight self.zoneView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0, weight=1)) self.zoneView.set_model(self.zoneStore) self.zoneStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.zoneView.get_selection().connect("changed", self.onChangeZone) self.zoneNotebook = builder.get_object("zoneNotebook") self.defaultZoneLabel = builder.get_object("defaultZoneLabel") self.defaultZoneDialog = builder.get_object("defaultZoneDialog") self.defaultZoneDialogOkButton = \ builder.get_object("defaultZoneDialogOkButton") self.defaultZoneView = builder.get_object("defaultZoneView") self.defaultZoneStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_INT) self.defaultZoneView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0, weight=1)) self.defaultZoneView.set_model(self.defaultZoneStore) self.defaultZoneView.get_selection().connect(\ "changed", self.on_defaultZoneViewSelection_changed) self.logDeniedLabel = builder.get_object("logDeniedLabel") self.logDeniedDialog = builder.get_object("logDeniedDialog") self.logDeniedDialogOkButton = \ builder.get_object("logDeniedDialogOkButton") self.logDeniedDialogValueCombobox = \ builder.get_object("logDeniedDialogValueCombobox") for value in config.LOG_DENIED_VALUES: self.logDeniedDialogValueCombobox.append_text(value) self.automaticHelpersLabel = builder.get_object("automaticHelpersLabel") self.automaticHelpersDialog = builder.get_object("automaticHelpersDialog") self.automaticHelpersDialogOkButton = \ builder.get_object("automaticHelpersDialogOkButton") self.automaticHelpersDialogValueCombobox = \ builder.get_object("automaticHelpersDialogValueCombobox") for value in config.AUTOMATIC_HELPERS_VALUES: self.automaticHelpersDialogValueCombobox.append_text(value) self.zoneEditBox = builder.get_object("zoneEditBox") self.zoneEditBox.hide() self.zoneEditLoadDefaultsButton = \ builder.get_object("zoneEditLoadDefaultsButton") self.zoneEditEditButton = builder.get_object("zoneEditEditButton") self.zoneEditRemoveButton = builder.get_object("zoneEditRemoveButton") self.zoneBaseDialog = builder.get_object("zoneBaseDialog") self.zoneBaseDialogOkButton = \ builder.get_object("zoneBaseDialogOkButton") self.zoneBaseDialogNameEntry = \ builder.get_object("zoneBaseDialogNameEntry") self.zoneBaseDialogVersionEntry = \ builder.get_object("zoneBaseDialogVersionEntry") self.zoneBaseDialogShortEntry = \ builder.get_object("zoneBaseDialogShortEntry") self.zoneBaseDialogDescText = \ builder.get_object("zoneBaseDialogDescText") self.zoneBaseDialogDescText.get_buffer().connect(\ "changed", self.onZoneBaseDialogChanged) self.zoneBaseDialogTargetCheck = \ builder.get_object("zoneBaseDialogTargetCheck") self.zoneBaseDialogTargetCombobox = \ builder.get_object("zoneBaseDialogTargetCombobox") self.serviceView = builder.get_object("serviceView") self.serviceStore = Gtk.ListStore(GObject.TYPE_BOOLEAN, # checked GObject.TYPE_STRING) # name toggle = Gtk.CellRendererToggle() toggle.connect("toggled", self.service_toggle_cb, self.serviceStore, 0) self.serviceView.append_column(Gtk.TreeViewColumn("", toggle, active=0)) self.serviceView.append_column( Gtk.TreeViewColumn(_("Service"), Gtk.CellRendererText(), text=1)) self.serviceView.set_model(self.serviceStore) self.serviceStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.portView = builder.get_object("portView") self.portStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.portView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.portView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.portView.set_model(self.portStore) self.portStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.portView.get_selection().connect("changed", self.change_port_selection_cb) self.editPortButton = builder.get_object("editPortButton") self.removePortButton = builder.get_object("removePortButton") self.portDialog = builder.get_object("portDialog") self.portDialogOkButton = builder.get_object("portDialogOkButton") self.portDialogCancelButton = \ builder.get_object("portDialogCancelButton") self.portDialogPortEntry = builder.get_object("portDialogPortEntry") self.portDialogProtoCombobox = \ builder.get_object("portDialogProtoCombobox") self.protocolView = builder.get_object("protocolView") self.protocolStore = Gtk.ListStore(GObject.TYPE_STRING) self.protocolView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=0)) self.protocolView.set_model(self.protocolStore) self.protocolStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.protocolView.get_selection().connect( "changed", self.change_protocol_selection_cb) self.editProtocolButton = builder.get_object("editProtocolButton") self.removeProtocolButton = builder.get_object("removeProtocolButton") self.protoDialog = builder.get_object("protoDialog") self.protoDialogOkButton = builder.get_object("protoDialogOkButton") self.protoDialogCancelButton = \ builder.get_object("protoDialogCancelButton") self.protoDialogProtoLabel = builder.get_object("protoDialogProtoLabel") self.protoDialogProtoCombobox = \ builder.get_object("protoDialogProtoCombobox") self.protoDialogOtherProtoCheck = \ builder.get_object("protoDialogOtherProtoCheck") self.protoDialogOtherProtoEntry = \ builder.get_object("protoDialogOtherProtoEntry") self.sourcePortView = builder.get_object("sourcePortView") self.sourcePortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.sourcePortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.sourcePortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.sourcePortView.set_model(self.sourcePortStore) self.sourcePortStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.sourcePortView.get_selection().connect( "changed", self.change_source_port_selection_cb) self.editSourcePortButton = builder.get_object("editSourcePortButton") self.removeSourcePortButton = \ builder.get_object("removeSourcePortButton") self.masqueradeCheck = builder.get_object("masqueradeCheck") self.masqueradeEventbox = builder.get_object("masqueradeEventbox") self.masqueradeEventbox.connect("button-press-event", self.masquerade_check_cb) self.forwardView = builder.get_object("forwardView") self.forwardStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING) self.forwardView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.forwardView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.forwardView.append_column( Gtk.TreeViewColumn(_("To Port"), Gtk.CellRendererText(), text=2)) self.forwardView.append_column( Gtk.TreeViewColumn(_("To Address"), Gtk.CellRendererText(), text=3)) self.forwardView.set_model(self.forwardStore) self.forwardStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.forwardView.get_selection().connect(\ "changed", self.change_forward_selection_cb) self.editForwardButton = builder.get_object("editForwardButton") self.removeForwardButton = builder.get_object("removeForwardButton") self.forwardDialog = builder.get_object("forwardDialog") self.forwardDialogOkButton = builder.get_object("forwardDialogOkButton") self.forwardDialogCancelButton = \ builder.get_object("forwardDialogCancelButton") self.forwardDialogPortEntry = \ builder.get_object("forwardDialogPortEntry") self.forwardDialogProtoCombobox = \ builder.get_object("forwardDialogProtoCombobox") self.forwardDialogLocalCheck = \ builder.get_object("forwardDialogLocalCheck") self.forwardDialogToPortCheck = \ builder.get_object("forwardDialogToPortCheck") self.forwardDialogToPortLabel = \ builder.get_object("forwardDialogToPortLabel") self.forwardDialogToPortEntry = \ builder.get_object("forwardDialogToPortEntry") self.forwardDialogToAddrLabel = \ builder.get_object("forwardDialogToAddrLabel") self.forwardDialogToAddrEntry = \ builder.get_object("forwardDialogToAddrEntry") # bindings Expander self.bindingsBox = builder.get_object("bindingsBox") self.bindingsExpanderButton = \ builder.get_object("bindingsExpanderButton") self.bindingsUnexpanderButton = \ builder.get_object("bindingsUnexpanderButton") self.bindingsExpander = NiceExpander( self.bindingsExpanderButton, self.bindingsUnexpanderButton, self.mainPaned, self.bindingsBox) self.bindingsExpander.connect("notify::expanded", self.bindings_expander_changed) # bindings View self.bindingsView = builder.get_object("bindingsView") self.bindingsStore = Gtk.TreeStore(GObject.TYPE_STRING, # label GObject.TYPE_STRING, # connection/interface/source GObject.TYPE_STRING) # real zone self.bindingsView.set_model(self.bindingsStore) self.bindingsView.append_column( Gtk.TreeViewColumn(_("Bindings"), Gtk.CellRendererText(), markup=0)) self.connectionsIter = self.bindingsStore.append( None, [ _("Connections"), "", "" ]) self.interfacesIter = self.bindingsStore.append( None, [ _("Interfaces"), "", "" ]) self.sourcesIter = self.bindingsStore.append( None, [ _("Sources"), "", "" ]) self.bindingsView.get_selection().connect("changed", self.onSelectBinding) self.bindingsView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.bindingsView.set_show_expanders(False) self.bindingsView.set_level_indentation(10) self.changeBindingsButton = builder.get_object("changeBindingsButton") self.changeBindingsButton.connect("clicked", self.onChangeBinding) #self.editBindingsButton = builder.get_object("editBindingsButton") #self.editBindingsButton.connect("clicked", self.onEditBinding) self.ipsetConfIPSetView = builder.get_object("ipsetConfIPSetView") self.ipsetConfIPSetStore = Gtk.ListStore(GObject.TYPE_STRING) # name self.ipsetConfIPSetView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.ipsetConfIPSetView.set_model(self.ipsetConfIPSetStore) self.ipsetConfIPSetStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.ipsetConfIPSetView.get_selection().connect("changed", self.onChangeIPSet) self.ipsetConfNotebook = builder.get_object("ipsetConfNotebook") self.ipsetConfEntryLabel = builder.get_object("ipsetConfEntryLabel") self.ipsetConfTimeoutLabel = builder.get_object("ipsetConfTimeoutLabel") self.ipsetConfEntrySW = builder.get_object("ipsetConfEntrySW") self.ipsetConfEntryView = builder.get_object("ipsetConfEntryView") self.ipsetConfEntryStore = Gtk.ListStore(GObject.TYPE_STRING) self.ipsetConfEntryView.append_column( Gtk.TreeViewColumn(_("Entry"), Gtk.CellRendererText(), text=0)) self.ipsetConfEntryView.set_model(self.ipsetConfEntryStore) self.ipsetConfEntryStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.ipsetConfEntryView.get_selection().connect(\ "changed", self.change_ipset_conf_entry_selection_cb) self.ipsetConfIPSetEditBox = \ builder.get_object("ipsetConfIPSetEditBox") self.ipsetConfEntryBox = \ builder.get_object("ipsetConfEntryBox") self.ipsetConfEditIPSetButton = \ builder.get_object("ipsetConfEditIPSetButton") self.ipsetConfRemoveIPSetButton = \ builder.get_object("ipsetConfRemoveIPSetButton") self.ipsetConfLoadDefaultsIPSetButton = \ builder.get_object("ipsetConfLoadDefaultsIPSetButton") self.ipsetConfAddEntryBox = \ builder.get_object("ipsetConfAddEntryBox") self.ipsetConfAddEntryMenu = \ builder.get_object("ipsetConfAddEntryMenu") self.ipsetConfAddEntryMenubutton = \ builder.get_object("ipsetConfAddEntryMenubutton") self.ipsetConfEditEntryButton = \ builder.get_object("ipsetConfEditEntryButton") self.ipsetConfRemoveEntryBox = \ builder.get_object("ipsetConfRemoveEntryBox") self.ipsetConfRemoveEntryMenu = \ builder.get_object("ipsetConfRemoveEntryMenu") self.ipsetConfRemoveEntryMenubutton = \ builder.get_object("ipsetConfRemoveEntryMenubutton") self.ipsetConfRemoveEntryMenuitem = \ builder.get_object("ipsetConfRemoveEntryMenuitem") self.ipsetConfRemoveEntryMenuitem.set_sensitive(False) self.ipsetEntryDialog = \ builder.get_object("ipsetEntryDialog") self.ipsetEntryDialogCancelButton = \ builder.get_object("ipsetEntryDialogCancelButton") self.ipsetEntryDialogOkButton = \ builder.get_object("ipsetEntryDialogOkButton") self.ipsetEntryDialogEntryEntry = \ builder.get_object("ipsetEntryDialogEntryEntry") self.ipsetEntryDialogTypeLabel = \ builder.get_object("ipsetEntryDialogTypeLabel") self.ipsetBaseDialog = builder.get_object("ipsetBaseDialog") self.ipsetBaseDialogOkButton = \ builder.get_object("ipsetBaseDialogOkButton") self.ipsetBaseDialogNameEntry = \ builder.get_object("ipsetBaseDialogNameEntry") self.ipsetBaseDialogVersionEntry = \ builder.get_object("ipsetBaseDialogVersionEntry") self.ipsetBaseDialogShortEntry = \ builder.get_object("ipsetBaseDialogShortEntry") self.ipsetBaseDialogDescText = \ builder.get_object("ipsetBaseDialogDescText") self.ipsetBaseDialogDescText.get_buffer().connect(\ "changed", self.onIPSetBaseDialogChanged) self.ipsetBaseDialogTypeCombobox = \ builder.get_object("ipsetBaseDialogTypeCombobox") self.ipsetBaseDialogBadTypeLabel = \ builder.get_object("ipsetBaseDialogBadTypeLabel") self.ipsetBaseDialogFamilyLabel = \ builder.get_object("ipsetBaseDialogFamilyLabel") self.ipsetBaseDialogFamilyCombobox = \ builder.get_object("ipsetBaseDialogFamilyCombobox") self.ipsetBaseDialogTimeoutEntry = \ builder.get_object("ipsetBaseDialogTimeoutEntry") self.ipsetBaseDialogHashsizeEntry = \ builder.get_object("ipsetBaseDialogHashsizeEntry") self.ipsetBaseDialogMaxelemEntry = \ builder.get_object("ipsetBaseDialogMaxelemEntry") self.helperConfHelperNotebook = \ builder.get_object("helperConfHelperNotebook") self.helperConfHelperEditBox = \ builder.get_object("helperConfHelperEditBox") self.helperConfPortBox = \ builder.get_object("helperConfPortBox") self.helperConfEditHelperButton = \ builder.get_object("helperConfEditHelperButton") self.helperConfRemoveHelperButton = \ builder.get_object("helperConfRemoveHelperButton") self.helperConfLoadDefaultsHelperButton = \ builder.get_object("helperConfLoadDefaultsHelperButton") self.helperConfAddPortButton = \ builder.get_object("helperConfAddPortButton") self.helperConfEditPortButton = \ builder.get_object("helperConfEditPortButton") self.helperConfRemovePortButton = \ builder.get_object("helperConfRemovePortButton") self.helperBaseDialog = builder.get_object("helperBaseDialog") self.helperBaseDialogOkButton = \ builder.get_object("helperBaseDialogOkButton") self.helperBaseDialogNameEntry = \ builder.get_object("helperBaseDialogNameEntry") self.helperBaseDialogVersionEntry = \ builder.get_object("helperBaseDialogVersionEntry") self.helperBaseDialogShortEntry = \ builder.get_object("helperBaseDialogShortEntry") self.helperBaseDialogDescText = \ builder.get_object("helperBaseDialogDescText") self.helperBaseDialogDescText.get_buffer().connect(\ "changed", self.onHelperBaseDialogChanged) self.helperBaseDialogModuleChooser = \ ChooserButton(builder.get_object("helperBaseDialogModuleChooser")) self.helperBaseDialogFamilyCombobox = \ builder.get_object("helperBaseDialogFamilyCombobox") self.icmpView = builder.get_object("icmpView") self.icmpStore = Gtk.ListStore(GObject.TYPE_BOOLEAN, # checked GObject.TYPE_STRING) # name toggle = Gtk.CellRendererToggle() toggle.connect("toggled", self.icmp_toggle_cb, self.icmpStore, 0) self.icmpView.append_column(Gtk.TreeViewColumn("", toggle, active=0)) self.icmpView.append_column( Gtk.TreeViewColumn(_("Icmp Type"), Gtk.CellRendererText(), text=1)) self.icmpView.set_model(self.icmpStore) self.icmpStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.icmpBlockInversionCheck = \ builder.get_object("icmpBlockInversionCheck") self.icmpBlockInversionEventbox = \ builder.get_object("icmpBlockInversionEventbox") self.icmpBlockInversionEventbox.connect( "button-press-event", self.icmp_block_inversion_check_cb) self.helperConfHelperView = builder.get_object("helperConfHelperView") self.helperConfHelperStore = Gtk.ListStore(GObject.TYPE_STRING) # name self.helperConfHelperView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.helperConfHelperView.set_model(self.helperConfHelperStore) self.helperConfHelperStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.helperConfHelperView.get_selection().connect("changed", self.onChangeHelper) self.helperConfPortView = builder.get_object("helperConfPortView") self.helperConfPortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.helperConfPortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.helperConfPortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.helperConfPortView.set_model(self.helperConfPortStore) self.helperConfPortStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.helperConfPortView.get_selection().connect(\ "changed", self.change_helper_conf_port_selection_cb) self.richRuleView = builder.get_object("richRuleView") self.richRuleStore = Gtk.ListStore(GObject.TYPE_PYOBJECT, # the rule obj GObject.TYPE_STRING, # ipv4/ipv6 GObject.TYPE_INT, # priority GObject.TYPE_STRING, # action GObject.TYPE_STRING, # element GObject.TYPE_STRING, # source GObject.TYPE_STRING, # destination GObject.TYPE_STRING, # log GObject.TYPE_STRING) # audit self.richRuleView.append_column( Gtk.TreeViewColumn(_("Family"), Gtk.CellRendererText(), text=1)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Priority"), Gtk.CellRendererText(), text=2)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Action"), Gtk.CellRendererText(), text=3)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Element"), Gtk.CellRendererText(), text=4)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Src"), Gtk.CellRendererText(), text=5)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Dest"), Gtk.CellRendererText(), text=6)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("log"), Gtk.CellRendererText(), text=7)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Audit"), Gtk.CellRendererText(), text=8)) self.richRuleView.set_model(self.richRuleStore) self.richRuleStore.set_sort_column_id(2, Gtk.SortType.ASCENDING) self.richRuleView.get_selection().connect( \ "changed", self.change_rich_rule_selection_cb) self.addRichRuleButton = builder.get_object("addRichRuleButton") self.editRichRuleButton = builder.get_object("editRichRuleButton") self.removeRichRuleButton = builder.get_object("removeRichRuleButton") self.richRuleDialog = builder.get_object("richRuleDialog") self.richRuleDialogOkButton = builder.get_object( \ "richRuleDialogOkButton") self.richRuleDialogCancelButton = builder.get_object( \ "richRuleDialogCancelButton") self.richRuleDialogFamilyCombobox = builder.get_object( \ "richRuleDialogFamilyCombobox") self.richRuleDialogPriorityEntry = builder.get_object( \ "richRuleDialogPriorityEntry") self.richRuleDialogElementCheck = builder.get_object( \ "richRuleDialogElementCheck") self.richRuleDialogElementBox = builder.get_object( \ "richRuleDialogElementBox") self.richRuleDialogElementCombobox = builder.get_object( \ "richRuleDialogElementCombobox") self.richRuleDialogElementChooser = ChooserButton(builder.get_object( \ "richRuleDialogElementChooser")) self.richRuleDialogActionCheck = builder.get_object( \ "richRuleDialogActionCheck") self.richRuleDialogActionBox = builder.get_object( \ "richRuleDialogActionBox") self.richRuleDialogActionCombobox = builder.get_object( \ "richRuleDialogActionCombobox") self.richRuleDialogActionRejectBox = builder.get_object( \ "richRuleDialogActionRejectBox") self.richRuleDialogActionRejectTypeCheck = builder.get_object( \ "richRuleDialogActionRejectTypeCheck") self.richRuleDialogActionRejectTypeCombobox = builder.get_object( \ "richRuleDialogActionRejectTypeCombobox") self.richRuleDialogActionMarkBox = builder.get_object( \ "richRuleDialogActionMarkBox") self.richRuleDialogActionMarkChooser = ChooserButton(builder.get_object( \ "richRuleDialogActionMarkChooser")) self.richRuleDialogActionLimitCheck = builder.get_object( \ "richRuleDialogActionLimitCheck") self.richRuleDialogActionLimitBox = builder.get_object( \ "richRuleDialogActionLimitBox") self.richRuleDialogActionLimitRateEntry = builder.get_object( \ "richRuleDialogActionLimitRateEntry") self.richRuleDialogActionLimitDurationCombobox = builder.get_object( \ "richRuleDialogActionLimitDurationCombobox") self.richRuleDialogSourceLabel = builder.get_object( \ "richRuleDialogSourceLabel") self.richRuleDialogSourceInvertCheck = builder.get_object( \ "richRuleDialogSourceInvertCheck") self.richRuleDialogSourceTypeCombobox = builder.get_object( \ "richRuleDialogSourceTypeCombobox") self.richRuleDialogSourceChooser = ChooserButton(builder.get_object( \ "richRuleDialogSourceChooser")) self.richRuleDialogDestinationLabel = builder.get_object( \ "richRuleDialogDestinationLabel") self.richRuleDialogDestinationBox = builder.get_object( \ "richRuleDialogDestinationBox") self.richRuleDialogDestinationInvertCheck = builder.get_object( \ "richRuleDialogDestinationInvertCheck") self.richRuleDialogDestinationChooser = \ ChooserButton(builder.get_object( \ "richRuleDialogDestinationChooser")) self.richRuleDialogLogCheck = builder.get_object( \ "richRuleDialogLogCheck") self.richRuleDialogLogGrid = builder.get_object( \ "richRuleDialogLogGrid") self.richRuleDialogLogPrefixEntry = builder.get_object( \ "richRuleDialogLogPrefixEntry") self.richRuleDialogLogLevelCombobox = builder.get_object( \ "richRuleDialogLogLevelCombobox") self.richRuleDialogLogLimitCheck = builder.get_object( \ "richRuleDialogLogLimitCheck") self.richRuleDialogLogLimitBox = builder.get_object( \ "richRuleDialogLogLimitBox") self.richRuleDialogLogLimitRateEntry = builder.get_object( \ "richRuleDialogLogLimitRateEntry") self.richRuleDialogLogLimitDurationCombobox = builder.get_object( \ "richRuleDialogLogLimitDurationCombobox") self.richRuleDialogAuditCheck = builder.get_object( \ "richRuleDialogAuditCheck") self.richRuleDialogAuditBox = builder.get_object( \ "richRuleDialogAuditBox") self.richRuleDialogAuditLimitBox = builder.get_object( \ "richRuleDialogAuditLimitBox") self.richRuleDialogAuditLimitCheck = builder.get_object( \ "richRuleDialogAuditLimitCheck") self.richRuleDialogAuditLimitRateEntry = builder.get_object( \ "richRuleDialogAuditLimitRateEntry") self.richRuleDialogAuditLimitDurationCombobox = builder.get_object( \ "richRuleDialogAuditLimitDurationCombobox") self.interfaceView = builder.get_object("interfaceView") self.interfaceStore = Gtk.ListStore(GObject.TYPE_STRING, # interface GObject.TYPE_STRING) # comment self.interfaceView.append_column( Gtk.TreeViewColumn(_("Interface"), Gtk.CellRendererText(), text=0)) self.interfaceView.append_column( Gtk.TreeViewColumn(_("Comment"), Gtk.CellRendererText(), text=1)) self.interfaceView.set_model(self.interfaceStore) self.interfaceView.get_selection().connect( "changed", self.change_interface_selection_cb) self.interfaceDialog = builder.get_object("interfaceDialog") self.interfaceDialogOkButton = builder.get_object( "interfaceDialogOkButton") self.interfaceDialogCancelButton = builder.get_object( "interfaceDialogCancelButton") self.interfaceDialogInterfaceEntry = builder.get_object( "interfaceDialogInterfaceEntry") self.editInterfaceButton = builder.get_object("editInterfaceButton") self.removeInterfaceButton = builder.get_object("removeInterfaceButton") self.sourceView = builder.get_object("sourceView") self.sourceStore = Gtk.ListStore(GObject.TYPE_STRING) # source self.sourceView.append_column( Gtk.TreeViewColumn(_("Source"), Gtk.CellRendererText(), text=0)) self.sourceView.set_model(self.sourceStore) self.sourceView.get_selection().connect( "changed", self.change_source_selection_cb) self.editSourceButton = builder.get_object("editSourceButton") self.removeSourceButton = builder.get_object("removeSourceButton") self.serviceConfServiceNotebook = \ builder.get_object("serviceConfServiceNotebook") self.serviceConfServiceEditBox = \ builder.get_object("serviceConfServiceEditBox") self.serviceConfEditServiceButton = \ builder.get_object("serviceConfEditServiceButton") self.serviceConfRemoveServiceButton = \ builder.get_object("serviceConfRemoveServiceButton") self.serviceConfLoadDefaultsServiceButton = \ builder.get_object("serviceConfLoadDefaultsServiceButton") self.serviceConfServiceView = \ builder.get_object("serviceConfServiceView") self.serviceConfServiceStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceConfServiceView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.serviceConfServiceView.set_model(self.serviceConfServiceStore) self.serviceConfServiceStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.serviceConfServiceView.get_selection().connect(\ "changed", self.onChangeService) self.serviceConfPortView = builder.get_object("serviceConfPortView") self.serviceConfPortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.serviceConfPortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.serviceConfPortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.serviceConfPortView.set_model(self.serviceConfPortStore) self.serviceConfPortStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.serviceConfPortView.get_selection().connect(\ "changed", self.change_service_dialog_port_selection_cb) self.serviceConfEditPortButton = \ builder.get_object("serviceConfEditPortButton") self.serviceConfRemovePortButton = \ builder.get_object("serviceConfRemovePortButton") self.serviceConfProtocolView = \ builder.get_object("serviceConfProtocolView") self.serviceConfProtocolStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceConfProtocolView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=0)) self.serviceConfProtocolView.set_model(self.serviceConfProtocolStore) self.serviceConfProtocolStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.serviceConfProtocolView.get_selection().connect(\ "changed", self.change_service_dialog_protocol_selection_cb) self.serviceConfEditProtocolButton = \ builder.get_object("serviceConfEditProtocolButton") self.serviceConfRemoveProtocolButton = \ builder.get_object("serviceConfRemoveProtocolButton") self.serviceConfSourcePortView = \ builder.get_object("serviceConfSourcePortView") self.serviceConfSourcePortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.serviceConfSourcePortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.serviceConfSourcePortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.serviceConfSourcePortView.set_model(self.serviceConfSourcePortStore) self.serviceConfSourcePortStore.set_sort_column_id( 1, Gtk.SortType.ASCENDING) self.serviceConfSourcePortView.get_selection().connect(\ "changed", self.change_service_dialog_source_port_selection_cb) self.serviceConfEditSourcePortButton = \ builder.get_object("serviceConfEditSourcePortButton") self.serviceConfRemoveSourcePortButton = \ builder.get_object("serviceConfRemoveSourcePortButton") self.serviceConfModuleView = \ builder.get_object("serviceConfModuleView") self.serviceConfModuleStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceConfModuleView.append_column( Gtk.TreeViewColumn("Module", Gtk.CellRendererText(), text=0)) self.serviceConfModuleView.set_model(self.serviceConfModuleStore) self.serviceConfModuleStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.serviceConfModuleView.get_selection().connect(\ "changed", self.change_service_dialog_module_selection_cb) self.serviceConfEditModuleButton = \ builder.get_object("serviceConfEditModuleButton") self.serviceConfRemoveModuleButton = \ builder.get_object("serviceConfRemoveModuleButton") self.serviceConfDestIpv4Chooser = ChooserButton( builder.get_object("serviceConfDestIpv4Chooser"), "") self.serviceConfDestIpv6Chooser = ChooserButton( builder.get_object("serviceConfDestIpv6Chooser"), "") self.addressDialog = builder.get_object("addressDialog") self.addressDialogLabel = builder.get_object("addressDialogLabel") self.addressDialogLabel2 = builder.get_object("addressDialogLabel2") self.addressDialogOkButton = \ builder.get_object("addressDialogOkButton") self.addressDialogCancelButton = \ builder.get_object("addressDialogCancelButton") self.addressDialogAddressEntry = \ builder.get_object("addressDialogAddressEntry") self.macDialog = builder.get_object("macDialog") self.macDialogOkButton = \ builder.get_object("macDialogOkButton") self.macDialogCancelButton = \ builder.get_object("macDialogCancelButton") self.macDialogMacEntry = \ builder.get_object("macDialogMacEntry") self.ipsetDialog = builder.get_object("ipsetDialog") self.ipsetDialogOkButton = \ builder.get_object("ipsetDialogOkButton") self.ipsetDialogCancelButton = \ builder.get_object("ipsetDialogCancelButton") self.ipsetDialogIPSetView = \ builder.get_object("ipsetDialogIPSetView") self.ipsetDialogIPSetStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.ipsetDialogIPSetView.append_column( Gtk.TreeViewColumn("IPSet", Gtk.CellRendererText(), text=0)) self.ipsetDialogIPSetView.append_column( Gtk.TreeViewColumn("Type", Gtk.CellRendererText(), text=1)) self.ipsetDialogIPSetView.set_model(self.ipsetDialogIPSetStore) self.ipsetDialogIPSetView.get_selection().connect( \ "changed", self.change_ipset_selection_cb) self.helperDialog = builder.get_object("helperDialog") self.helperDialogOkButton = \ builder.get_object("helperDialogOkButton") self.helperDialogCancelButton = \ builder.get_object("helperDialogCancelButton") self.helperDialogHelperView = \ builder.get_object("helperDialogHelperView") self.helperDialogHelperStore = Gtk.ListStore(GObject.TYPE_STRING) self.helperDialogHelperView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.helperDialogHelperView.set_model(self.helperDialogHelperStore) self.helperDialogHelperView.get_selection().connect( \ "changed", self.change_helper_selection_cb) self.moduleDialog = builder.get_object("moduleDialog") self.moduleDialogOkButton = builder.get_object("moduleDialogOkButton") self.moduleDialogCancelButton = \ builder.get_object("moduleDialogCancelButton") self.moduleDialogModuleLabel = builder.get_object("moduleDialogModuleLabel") self.moduleDialogModuleCombobox = \ builder.get_object("moduleDialogModuleCombobox") self.moduleDialogOtherModuleCheck = \ builder.get_object("moduleDialogOtherModuleCheck") self.moduleDialogOtherModuleEntry = \ builder.get_object("moduleDialogOtherModuleEntry") self.sourceDialog = builder.get_object("sourceDialog") self.sourceDialogOkButton = \ builder.get_object("sourceDialogOkButton") self.sourceDialogCancelButton = \ builder.get_object("sourceDialogCancelButton") self.sourceDialogSourceTypeCombobox = \ builder.get_object("sourceDialogSourceTypeCombobox") self.sourceDialogSourceChooser = ChooserButton(builder.get_object( \ "sourceDialogSourceChooser")) self.markDialog = builder.get_object("markDialog") self.markDialogOkButton = \ builder.get_object("markDialogOkButton") self.markDialogCancelButton = \ builder.get_object("markDialogCancelButton") self.markDialogMarkEntry = \ builder.get_object("markDialogMarkEntry") self.markDialogMaskEntry = \ builder.get_object("markDialogMaskEntry") self.serviceBaseDialog = builder.get_object("serviceBaseDialog") self.serviceBaseDialogOkButton = \ builder.get_object("serviceBaseDialogOkButton") self.serviceBaseDialogNameEntry = \ builder.get_object("serviceBaseDialogNameEntry") self.serviceBaseDialogVersionEntry = \ builder.get_object("serviceBaseDialogVersionEntry") self.serviceBaseDialogShortEntry = \ builder.get_object("serviceBaseDialogShortEntry") self.serviceBaseDialogDescText = \ builder.get_object("serviceBaseDialogDescText") self.serviceBaseDialogDescText.get_buffer().connect(\ "changed", self.onServiceBaseDialogChanged) self.icmpDialogIcmpNotebook = \ builder.get_object("icmpDialogIcmpNotebook") self.icmpDialogIcmpEditBox = \ builder.get_object("icmpDialogIcmpEditBox") self.icmpDialogEditIcmpButton = \ builder.get_object("icmpDialogEditIcmpButton") self.icmpDialogRemoveIcmpButton = \ builder.get_object("icmpDialogRemoveIcmpButton") self.icmpDialogLoadDefaultsIcmpButton = \ builder.get_object("icmpDialogLoadDefaultsIcmpButton") self.icmpDialogIcmpView = \ builder.get_object("icmpDialogIcmpView") self.icmpDialogIcmpStore = Gtk.ListStore(GObject.TYPE_STRING) self.icmpDialogIcmpView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.icmpDialogIcmpView.set_model(self.icmpDialogIcmpStore) self.icmpDialogIcmpStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.icmpDialogIcmpView.get_selection().connect(\ "changed", self.onChangeIcmp) self.icmpDialogDestIpv4Check = \ builder.get_object("icmpDialogDestIpv4Check") self.icmpDialogDestIpv6Check = \ builder.get_object("icmpDialogDestIpv6Check") self.icmpDialogDestIpv4Eventbox = \ builder.get_object("icmpDialogDestIpv4Eventbox") self.icmpDialogDestIpv4Eventbox.connect(\ "button-press-event", self.icmp_dialog_dest_ipv4_check_cb) self.icmpDialogDestIpv6Eventbox = \ builder.get_object("icmpDialogDestIpv6Eventbox") self.icmpDialogDestIpv6Eventbox.connect(\ "button-press-event", self.icmp_dialog_dest_ipv6_check_cb) self.icmpBaseDialog = builder.get_object("icmpBaseDialog") self.icmpBaseDialogOkButton = \ builder.get_object("icmpBaseDialogOkButton") self.icmpBaseDialogNameEntry = \ builder.get_object("icmpBaseDialogNameEntry") self.icmpBaseDialogVersionEntry = \ builder.get_object("icmpBaseDialogVersionEntry") self.icmpBaseDialogShortEntry = \ builder.get_object("icmpBaseDialogShortEntry") self.icmpBaseDialogDescText = \ builder.get_object("icmpBaseDialogDescText") self.icmpBaseDialogDescText.get_buffer().connect(\ "changed", self.onIcmpBaseDialogChanged) # service dialog self.serviceDialog = builder.get_object("serviceDialog") self.serviceDialogOkButton = builder.get_object("serviceDialogOkButton") self.serviceDialogCancelButton = \ builder.get_object("serviceDialogCancelButton") self.serviceDialogServiceView = \ builder.get_object("serviceDialogServiceView") self.serviceDialogServiceStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceDialogServiceView.append_column( Gtk.TreeViewColumn("Service", Gtk.CellRendererText(), text=0)) self.serviceDialogServiceView.set_model(self.serviceDialogServiceStore) self.serviceDialogServiceView.get_selection().connect( \ "changed", self.change_service_selection_cb) # icmptype dialog self.icmptypeDialog = builder.get_object("icmptypeDialog") self.icmptypeDialogOkButton = \ builder.get_object("icmptypeDialogOkButton") self.icmptypeDialogCancelButton = \ builder.get_object("icmptypeDialogCancelButton") self.icmptypeDialogIcmptypeView = \ builder.get_object("icmptypeDialogIcmptypeView") self.icmptypeDialogIcmptypeStore = Gtk.ListStore(GObject.TYPE_STRING) self.icmptypeDialogIcmptypeView.append_column( Gtk.TreeViewColumn("ICMP Type", Gtk.CellRendererText(), text=0)) self.icmptypeDialogIcmptypeView.set_model( self.icmptypeDialogIcmptypeStore) self.icmptypeDialogIcmptypeView.get_selection().connect( \ "changed", self.change_icmptype_selection_cb) # firewall client self.fw = client.FirewallClient(wait=1) self.__use_exception_handler = True self.fw.setExceptionHandler(self._exception_handler) self.fw.setNotAuthorizedLoop(True) self.fw.connect("panic-mode-enabled", self.panic_mode_enabled_cb) self.fw.connect("panic-mode-disabled", self.panic_mode_disabled_cb) self.fw.connect("connection-changed", self.connection_changed) self.fw.connect("default-zone-changed", self.default_zone_changed_cb) self.fw.connect("reloaded", self.reload_cb) self.fw.connect("lockdown-enabled", self.lockdown_enabled_cb) self.fw.connect("lockdown-disabled", self.lockdown_disabled_cb) self.fw.connect("log-denied-changed", self.log_denied_changed_cb) self.fw.connect("service-added", self.service_added_cb) self.fw.connect("service-removed", self.service_removed_cb) self.fw.connect("port-added", self.port_added_cb) self.fw.connect("port-removed", self.port_removed_cb) self.fw.connect("protocol-added", self.protocol_added_cb) self.fw.connect("protocol-removed", self.protocol_removed_cb) self.fw.connect("source-port-added", self.source_port_added_cb) self.fw.connect("source-port-removed", self.source_port_removed_cb) self.fw.connect("masquerade-added", self.masquerade_added_cb) self.fw.connect("masquerade-removed", self.masquerade_removed_cb) self.fw.connect("forward-port-added", self.forward_port_added_cb) self.fw.connect("forward-port-removed", self.forward_port_removed_cb) self.fw.connect("icmp-block-added", self.icmp_added_cb) self.fw.connect("icmp-block-removed", self.icmp_removed_cb) self.fw.connect("icmp-block-inversion-added", self.icmp_inversion_added_cb) self.fw.connect("icmp-block-inversion-removed", self.icmp_inversion_removed_cb) self.fw.connect("richrule-added", self.richrule_added_cb) self.fw.connect("richrule-removed", self.richrule_removed_cb) self.fw.connect("interface-added", self.interface_added_cb) self.fw.connect("interface-removed", self.interface_removed_cb) self.fw.connect("zone-of-interface-changed", self.zone_of_interface_changed_cb) self.fw.connect("source-added", self.source_added_cb) self.fw.connect("source-removed", self.source_removed_cb) self.fw.connect("zone-of-source-changed", self.zone_of_source_changed_cb) self.fw.connect("ipset-entry-added", self.ipset_entry_added_cb) self.fw.connect("ipset-entry-removed", self.ipset_entry_removed_cb) self.fw.connect("lockdown-whitelist-command-added", self.lockdown_whitelist_command_added_cb) self.fw.connect("lockdown-whitelist-command-removed", self.lockdown_whitelist_command_removed_cb) self.fw.connect("lockdown-whitelist-context-added", self.lockdown_whitelist_context_added_cb) self.fw.connect("lockdown-whitelist-context-removed", self.lockdown_whitelist_context_removed_cb) self.fw.connect("lockdown-whitelist-uid-added", self.lockdown_whitelist_uid_added_cb) self.fw.connect("lockdown-whitelist-uid-removed", self.lockdown_whitelist_uid_removed_cb) self.fw.connect("lockdown-whitelist-user-added", self.lockdown_whitelist_user_added_cb) self.fw.connect("lockdown-whitelist-user-removed", self.lockdown_whitelist_user_removed_cb) self.fw.connect("direct:chain-added", self.direct_chain_added_cb) self.fw.connect("direct:chain-removed", self.direct_chain_removed_cb) self.fw.connect("direct:rule-added", self.direct_rule_added_cb) self.fw.connect("direct:rule-removed", self.direct_rule_removed_cb) self.fw.connect("direct:passthrough-added", self.direct_passthrough_added_cb) self.fw.connect("direct:passthrough-removed", self.direct_passthrough_removed_cb) self.fw.connect("config:direct:updated", self.direct_updated_cb) self.fw.connect("config:zone-added", self.conf_zone_added_cb) self.fw.connect("config:zone-updated", self.conf_zone_updated_cb) self.fw.connect("config:zone-removed", self.conf_zone_removed_cb) self.fw.connect("config:zone-renamed", self.conf_zone_renamed_cb) self.fw.connect("config:ipset-added", self.conf_ipset_added_cb) self.fw.connect("config:ipset-updated", self.conf_ipset_updated_cb) self.fw.connect("config:ipset-removed", self.conf_ipset_removed_cb) self.fw.connect("config:ipset-renamed", self.conf_ipset_renamed_cb) self.fw.connect("config:service-added", self.conf_service_added_cb) self.fw.connect("config:service-updated", self.conf_service_updated_cb) self.fw.connect("config:service-removed", self.conf_service_removed_cb) self.fw.connect("config:service-renamed", self.conf_service_renamed_cb) self.fw.connect("config:icmptype-added", self.conf_icmp_added_cb) self.fw.connect("config:icmptype-updated", self.conf_icmp_updated_cb) self.fw.connect("config:icmptype-removed", self.conf_icmp_removed_cb) self.fw.connect("config:icmptype-renamed", self.conf_icmp_renamed_cb) self.fw.connect("config:helper-added", self.conf_helper_added_cb) self.fw.connect("config:helper-updated", self.conf_helper_updated_cb) self.fw.connect("config:helper-removed", self.conf_helper_removed_cb) self.fw.connect("config:helper-renamed", self.conf_helper_renamed_cb) self.fw.connect("config:policies:lockdown-whitelist-updated", self.lockdown_whitelist_updated_cb) # settings self.settings.connect("changed::show-ipsets", self.settings_show_ipsets_changed) self.settings_show_ipsets_changed(self.settings, "show-ipsets") self.settings.connect("changed::show-icmp-types", self.settings_show_icmp_types_changed) self.settings_show_icmp_types_changed(self.settings, "show-icmp-types") self.settings.connect("changed::show-direct", self.settings_show_direct_changed) self.settings_show_direct_changed(self.settings, "show-direct") self.settings.connect("changed::show-helpers", self.settings_show_helpers_changed) self.settings_show_helpers_changed(self.settings, "show-helpers") self.settings.connect("changed::show-lockdown-whitelist", self.settings_show_lockdown_whitelist_changed) self.settings_show_lockdown_whitelist_changed(self.settings, "show-lockdown-whitelist") self.settings.connect("changed::show-active-bindings", self.settings_show_active_bindings_changed) self.settings_show_active_bindings_changed(self.settings, "show-active-bindings") # connect self.connections = { } self.connections_name = { } if nm_is_imported(): self.fw.bus.add_signal_receiver( self.nm_signal_receiver, dbus_interface=nm_get_dbus_interface(), signal_name='PropertiesChanged', member_keyword='member') else: text = _("No NetworkManager imports available") self._warning(text) self.nm_signal_receiver() # start with no connection self.connection_changed() # mainloop self.mainWindow.show() self.mainloop = GLib.MainLoop() try: self.mainloop.run() except KeyboardInterrupt: self.onQuit() def add_visible_dialog(self, dialog): self.visible_dialogs.append(dialog) def remove_visible_dialog(self, dialog): self.visible_dialogs.append(dialog) def hide_and_remove_visible_dialogs(self): while len(self.visible_dialogs) > 0: dialog = self.visible_dialogs.pop() dialog.hide() def left_menu_cb(self, widget, menu): menu.show_all() def no_select(self, item): item.deselect() def change_zone_interface_editor(self, item, interface, zone): if interface in self.zone_interface_editors: return self.zone_interface_editors[interface].present() editor = ZoneInterfaceEditor(self.fw, interface, zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) self.zone_interface_editors[interface] = editor editor.show_all() result = editor.run() editor.hide() if result == 2: self.fw.changeZoneOfInterface(editor.get_zone(), interface) del self.zone_interface_editors[interface] def change_zone_connection_editor(self, item, connection, connection_name, zone): if connection in self.zone_connection_editors: return self.zone_connection_editors[connection].present() editor = ZoneConnectionEditor(self.fw, connection, connection_name, zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) self.zone_connection_editors[connection] = editor editor.show_all() editor.run() editor.hide() del self.zone_connection_editors[connection] def change_zone_source_editor(self, item, source, zone): if source in self.zone_source_editors: return self.zone_source_editors[source].present() editor = ZoneSourceEditor(self.fw, source, zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) self.zone_source_editors[source] = editor editor.show_all() result = editor.run() editor.hide() if result == 2: self.fw.changeZoneOfSource(editor.get_zone(), source) del self.zone_source_editors[source] def onViewIPSet_toggled(self, button): self.settings.set_boolean("show-ipsets", button.get_active()) def settings_show_ipsets_changed(self, settings, key): self.show_ipsets = settings.get_boolean(key) self.ipsetsBox.set_visible(self.show_ipsets) self.ipsetsMenuitem.set_active(self.show_ipsets) if self.show_ipsets: if self.fw.connected: self.load_ipsets() else: self.ipsetConfIPSetStore.clear() def onViewICMPTypes_toggled(self, button): self.settings.set_boolean("show-icmp-types", button.get_active()) def settings_show_icmp_types_changed(self, settings, key): self.show_icmp_types = settings.get_boolean(key) self.icmpTypesBox.set_visible(self.show_icmp_types) self.icmpTypesMenuitem.set_active(self.show_icmp_types) if self.show_icmp_types: if self.fw.connected: self.load_icmps() else: self.icmpDialogIcmpStore.clear() def onViewHelpers_toggled(self, button): self.settings.set_boolean("show-helpers", button.get_active()) def settings_show_helpers_changed(self, settings, key): self.show_helpers = settings.get_boolean(key) self.helpersBox.set_visible(self.show_helpers) self.helpersMenuitem.set_active(self.show_helpers) if self.show_helpers: if self.fw.connected: self.load_helpers() else: self.helperConfHelperStore.clear() def onViewDirect_toggled(self, button): self.settings.set_boolean("show-direct", button.get_active()) def settings_show_direct_changed(self, settings, key): self.show_direct = settings.get_boolean(key) self.directBox.set_visible(self.show_direct) self.directMenuitem.set_active(self.show_direct) if self.show_direct: if self.fw.connected: self.load_direct() else: self.directChainStore.clear() self.directRuleStore.clear() self.directPassthroughStore.clear() def onViewLockdownWhitelist_toggled(self, button): self.settings.set_boolean("show-lockdown-whitelist", button.get_active()) def settings_show_lockdown_whitelist_changed(self, settings, key): self.show_lockdown_whitelist = settings.get_boolean(key) self.lockdownWhitelistBox.set_visible(self.show_lockdown_whitelist) self.lockdownWhitelistMenuitem.set_active(self.show_lockdown_whitelist) if self.show_lockdown_whitelist: if self.fw.connected: self.load_lockdown_whitelist() else: self.lockdownContextStore.clear() self.lockdownCommandStore.clear() self.lockdownUserStore.clear() self.lockdownUidStore.clear() def settings_show_active_bindings_changed(self, settings, key): self.show_active_bindings = settings.get_boolean(key) self.activeBindingsMenuitem.set_active(self.show_active_bindings) if self.show_active_bindings != self.bindingsExpander.get_expanded(): self.bindingsExpander.set_expanded(self.show_active_bindings) def onViewActiveBindings_toggled(self, button): self.settings.set_boolean("show-active-bindings", button.get_active()) def bindings_expander_changed(self, *args): self.show_active_bindings = self.bindingsExpander.get_expanded() self.settings.set_boolean("show-active-bindings", self.show_active_bindings) self.activeBindingsMenuitem.set_active(self.show_active_bindings) def nm_signal_receiver(self, *args, **kwargs): #print("nm_signal_receiver", args, kwargs) self.update_active_zones() self.connections.clear() self.connections_name.clear() # do not use NMClient could result in python core dump if nm_is_imported(): try: nm_get_connections(self.connections, self.connections_name) except Exception: text = _("Failed to get connections from NetworkManager") self._warning(text) iter = self.interfaceStore.get_iter_first() while iter: interface = self.interfaceStore.get_value(iter, 0) if interface in self.connections: connection = self.connections[interface] connection_name = self.connections_name[connection] zone = nm_get_zone_of_connection(connection) if zone == "": comment = self.default_zone_used_by_label % \ connection_name else: comment = self.used_by_label % connection_name self.interfaceStore.set_value(iter, 1, comment) iter = self.interfaceStore.iter_next(iter) self.change_interface_selection_cb(self.interfaceView.get_selection()) def _dialog(self, text, msg=None, title=None, message_type=Gtk.MessageType.INFO, buttons=[("gtk-close", 1)]): dialog = Gtk.MessageDialog(parent=None, flags=0, message_type=message_type) dialog.set_markup(text) if title: dialog.set_title(title) if msg: dialog.format_secondary_markup(msg) if len(buttons) > 0: for button,id in buttons: dialog.add_button(button, id) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) result = dialog.run() dialog.hide() return result def _warning(self, msg): dialog = Gtk.MessageDialog(parent=None, flags=0, message_type=Gtk.MessageType.WARNING) dialog.set_markup("" + _("Warning") + "") dialog.format_secondary_markup(msg) dialog.add_button("gtk-close", 1) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) dialog.run() dialog.hide() def _error(self, msg): if self._dialog(""+_("Error")+"", message_type=Gtk.MessageType.ERROR, msg=msg, buttons=(("gtk-ok", 0),("gtk-quit", 1))) == 1: self.onQuit() def connection_failed(self, msg): if self._dialog(""+_("Error")+"", message_type=Gtk.MessageType.ERROR, msg=msg, buttons=[("gtk-quit", 1)]) == 1: self.onQuit() def connection_changed(self): if self.connection_timer: GLib.source_remove(self.connection_timer) self.connection_timer = None if self.fw.connected: self.fw.authorizeAll() self.statusLabel.set_text(self.connected_label) self.default_zone = self.fw.getDefaultZone() self.defaultZoneLabel.set_text(self.default_zone) self.log_denied = self.fw.getLogDenied() self.logDeniedLabel.set_text(self.log_denied) self.automatic_helpers = self.fw.getAutomaticHelpers() self.set_automaticHelpersLabel(self.automatic_helpers) lockdown = self.fw.queryLockdown() if lockdown: self.lockdownLabel.set_text(self.enabled) else: self.lockdownLabel.set_text(self.disabled) panic = self.fw.queryPanicMode() if panic: self.panicLabel.set_text(self.enabled) else: self.panicLabel.set_text(self.disabled) self.modifiedLabel.set_text("") self.lockdownMenuitem.handler_block(self.lockdown_check_id) self.lockdownMenuitem.set_active(lockdown) self.lockdownMenuitem.handler_unblock(self.lockdown_check_id) self.panicMenuitem.handler_block(self.panic_check_id) self.panicMenuitem.set_active(panic) self.panicMenuitem.handler_unblock(self.panic_check_id) self.nf_conntrack_helpers = \ self.fw.get_property("nf_conntrack_helpers") for x in self.nf_conntrack_helpers.keys(): self.moduleDialogModuleCombobox.append_text(x) if self.connection_lost: self.onChangeView() else: self.currentViewCombobox.set_active(0) self.waitingWindow.hide() self.waitingWindowSpinner.stop() else: if self.statusLabel.get_text() == self.connected_label: self.connection_lost = True self.statusLabel.set_text(self.trying_to_connect_label) self.defaultZoneLabel.set_text("-") self.lockdownLabel.set_text("-") self.panicLabel.set_text("-") self.moduleDialogModuleCombobox.remove_all() self.nf_conntrack_helpers.clear() self.hide_and_remove_visible_dialogs() self.waitingWindow.show() self.waitingWindowLabel.set_text(self.trying_to_connect_label) self.waitingWindowSpinner.start() self.connection_timer = GLib.timeout_add_seconds( 15, self.connection_failed, self.failed_to_connect_label) self.update_active_zones() self.mainPaned.set_sensitive(self.fw.connected) # make all entries in options menu (in)sensitive for child in self.optionsMenuitem.get_submenu().get_children(): child.set_sensitive(self.fw.connected) # make all entries in view menu (in)sensitive for child in self.viewMenuitem.get_submenu().get_children(): child.set_sensitive(self.fw.connected) def changes_applied(self): self.modifiedLabel.set_text(self.changes_applied_label) if self.modified_timer: GLib.source_remove(self.modified_timer) self.modified_timer = GLib.timeout_add_seconds( 5, self.clear_changes_applied, None) def clear_changes_applied(self, *args): self.modifiedLabel.set_text("") self.modified_timer = None def panic_mode_enabled_cb(self): self.panicLabel.set_text(self.enabled) self.panicMenuitem.handler_block(self.panic_check_id) self.panicMenuitem.set_active(True) self.panicMenuitem.handler_unblock(self.panic_check_id) def panic_mode_disabled_cb(self): self.panicLabel.set_text(self.disabled) self.panicMenuitem.handler_block(self.panic_check_id) self.panicMenuitem.set_active(False) self.panicMenuitem.handler_unblock(self.panic_check_id) def reload_cb(self): self.default_zone = self.fw.getDefaultZone() self.defaultZoneLabel.set_text(self.default_zone) self.log_denied = self.fw.getLogDenied() self.logDeniedLabel.set_text(self.log_denied) self.automatic_helpers = self.fw.getAutomaticHelpers() self.set_automaticHelpersLabel(self.automatic_helpers) self.load_ipsets() self.load_zones() self.load_services() self.load_icmps() self.load_helpers() self.load_direct() self.load_lockdown_whitelist() self.update_active_zones() def load_zones(self): selected_zone = self.get_selected_zone() if self.runtime_view: zones = self.fw.getZones() else: zones = self.fw.config().getZoneNames() # reset and fill notebook content according to view selection = self.zoneView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) self.zoneStore.clear() self.serviceStore.clear() self.portStore.clear() self.protocolStore.clear() self.forwardStore.clear() self.icmpStore.clear() self.richRuleStore.clear() self.interfaceStore.clear() self.sourceStore.clear() if self.runtime_view: for item in self.fw.listServices(): self.serviceStore.append([False, item]) for item in self.fw.listIcmpTypes(): self.icmpStore.append([False, item]) else: for item in self.fw.config().getServiceNames(): self.serviceStore.append([False, item]) for item in self.fw.config().getIcmpTypeNames(): self.icmpStore.append([False, item]) # zones active_zones = self.active_zones.keys() for zone in zones: if zone in active_zones: self.zoneStore.append([zone, Pango.Weight.BOLD]) else: self.zoneStore.append([zone, Pango.Weight.NORMAL]) if selected_zone in zones: _zone = selected_zone else: _zone = self.defaultZoneLabel.get_text() selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) == _zone: selection.select_iter(iter) return iter = self.zoneStore.iter_next(iter) # fallback selection.select_path(0) if not self.get_selected_zone(): self.zoneEditEditButton.set_sensitive(False) self.zoneEditRemoveButton.set_sensitive(False) self.zoneEditLoadDefaultsButton.set_sensitive(False) self.zoneNotebook.set_sensitive(False) def get_active_service(self): selection = self.serviceConfServiceView.get_selection() (model, iter) = selection.get_selected() if iter: return self.serviceConfServiceStore.get_value(iter, 0) return None def load_services(self): active_service = self.get_active_service() if self.runtime_view: services = self.fw.listServices() else: services = self.fw.config().getServiceNames() selection = self.serviceConfServiceView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.serviceConfServiceStore.clear() # services for service in services: self.serviceConfServiceStore.append([service]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) == \ active_service: selection.select_iter(iter) return iter = self.serviceConfServiceStore.iter_next(iter) selection.select_path(0) if not self.get_active_service(): self.serviceConfEditServiceButton.set_sensitive(False) self.serviceConfRemoveServiceButton.set_sensitive(False) self.serviceConfLoadDefaultsServiceButton.set_sensitive(False) self.serviceConfServiceNotebook.set_sensitive(False) def change_rich_rule_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editRichRuleButton.set_sensitive(True) self.removeRichRuleButton.set_sensitive(True) else: self.editRichRuleButton.set_sensitive(False) self.removeRichRuleButton.set_sensitive(False) def service_added_cb(self, zone, service, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.serviceStore.get_iter_first() while iter: if self.serviceStore.get_value(iter, 1) == service: self.serviceStore.set_value(iter, 0, True) break iter = self.serviceStore.iter_next(iter) def service_removed_cb(self, zone, service): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.serviceStore.get_iter_first() while iter: if self.serviceStore.get_value(iter, 1) == service: self.serviceStore.set_value(iter, 0, False) break iter = self.serviceStore.iter_next(iter) def service_toggle_cb(self, toggle, row, model, col): iter = model.get_iter(row) old_val = model.get(iter, col)[0] name = model.get(iter, 1)[0] selected_zone = self.get_selected_zone() if self.runtime_view: if not old_val: self.fw.addService(selected_zone, name) else: self.fw.removeService(selected_zone, name) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not old_val: zone.addService(name) else: zone.removeService(name) self.changes_applied() def change_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editPortButton.set_sensitive(True) self.removePortButton.set_sensitive(True) else: self.editPortButton.set_sensitive(False) self.removePortButton.set_sensitive(False) def change_source_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editSourcePortButton.set_sensitive(True) self.removeSourcePortButton.set_sensitive(True) else: self.editSourcePortButton.set_sensitive(False) self.removeSourcePortButton.set_sensitive(False) def change_protocol_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editProtocolButton.set_sensitive(True) self.removeProtocolButton.set_sensitive(True) else: self.editProtocolButton.set_sensitive(False) self.removeProtocolButton.set_sensitive(False) def change_forward_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editForwardButton.set_sensitive(True) self.removeForwardButton.set_sensitive(True) else: self.editForwardButton.set_sensitive(False) self.removeForwardButton.set_sensitive(False) def masquerade_check_cb(self, *args): selected_zone = self.get_selected_zone() if self.runtime_view: if not self.masqueradeCheck.get_active(): if not self.fw.queryMasquerade(selected_zone): self.fw.addMasquerade(selected_zone) self.changes_applied() else: if self.fw.queryMasquerade(selected_zone): self.fw.removeMasquerade(selected_zone) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) zone.setMasquerade(not self.masqueradeCheck.get_active()) self.changes_applied() def masquerade_added_cb(self, zone, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return self.masqueradeCheck.set_active(True) def masquerade_removed_cb(self, zone): if not self.runtime_view or zone != self.get_selected_zone(): return self.masqueradeCheck.set_active(False) def icmp_toggle_cb(self, toggle, row, model, col): iter = model.get_iter(row) old_val = model.get(iter, col)[0] name = model.get(iter, 1)[0] selected_zone = self.get_selected_zone() if self.runtime_view: if not old_val: self.fw.addIcmpBlock(selected_zone, name) else: self.fw.removeIcmpBlock(selected_zone, name) else: zone = self.fw.config().getZoneByName(selected_zone) if not old_val: zone.addIcmpBlock(name) else: zone.removeIcmpBlock(name) self.changes_applied() def icmp_added_cb(self, zone, icmp, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.icmpStore.get_iter_first() while iter: if self.icmpStore.get_value(iter, 1) == icmp: self.icmpStore.set_value(iter, 0, True) break iter = self.icmpStore.iter_next(iter) def icmp_removed_cb(self, zone, icmp): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.icmpStore.get_iter_first() while iter: if self.icmpStore.get_value(iter, 1) == icmp: self.icmpStore.set_value(iter, 0, False) break iter = self.icmpStore.iter_next(iter) def icmp_block_inversion_check_cb(self, *args): selected_zone = self.get_selected_zone() if self.runtime_view: if not self.icmpBlockInversionCheck.get_active(): if not self.fw.queryIcmpBlockInversion(selected_zone): self.fw.addIcmpBlockInversion(selected_zone) self.changes_applied() else: if self.fw.queryIcmpBlockInversion(selected_zone): self.fw.removeIcmpBlockInversion(selected_zone) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) zone.setIcmpBlockInversion(not self.icmpBlockInversionCheck.get_active()) self.changes_applied() def icmp_inversion_added_cb(self, zone): if not self.runtime_view or zone != self.get_selected_zone(): return self.icmpBlockInversionCheck.set_active(True) def icmp_inversion_removed_cb(self, zone): if not self.runtime_view or zone != self.get_selected_zone(): return self.icmpBlockInversionCheck.set_active(False) def _add_rich_rule(self, obj): family = "all" priority = 0 src = "" dest = "" elem = "" log = "" audit = "" action = "" if obj.family: family = obj.family if obj.priority: priority = obj.priority if obj.action: if type(obj.action) == rich.Rich_Accept: action = _("accept") elif type(obj.action) == rich.Rich_Reject: action = _("reject") if obj.action.type is not None: action += "\n" + obj.action.type elif type(obj.action) == rich.Rich_Drop: action = _("drop") elif type(obj.action) == rich.Rich_Mark: action = _("mark") action += "\nset " + obj.action.set if obj.action.limit: action += "\n" + _("limit") + " " + obj.action.limit.value if obj.source: if obj.source.invert: src = "! " if obj.source.addr: src += "IP: %s" % obj.source.addr elif obj.source.mac: src += "MAC: %s" % obj.source.mac elif obj.source.ipset: src += "ipset:%s" % obj.source.ipset if obj.destination: dest = obj.destination.addr if obj.destination.invert: dest = "! %s" % dest if obj.element: if type(obj.element) == rich.Rich_Service: elem = _("service") + "\n" + obj.element.name elif type(obj.element) == rich.Rich_Port: elem = _("port") + "\n%s/%s" % (obj.element.port, obj.element.protocol) elif type(obj.element) == rich.Rich_Protocol: elem = _("protocol") + "\n" + obj.element.value elif type(obj.element) == rich.Rich_Masquerade: elem = _("masquerade") elif type(obj.element) == rich.Rich_IcmpBlock: elem = _("icmp-block") + "\n%s" % obj.element.name elif type(obj.element) == rich.Rich_IcmpType: elem = _("icmp-type") + "\n%s" % obj.element.name elif type(obj.element) == rich.Rich_ForwardPort: elem = _("forward-port") + "\n%s" % self.create_fwp_string( obj.element.port, obj.element.protocol, obj.element.to_port, obj.element.to_address) elif type(obj.element) == rich.Rich_SourcePort: elem = _("source-port") + "\n%s/%s" % (obj.element.port, obj.element.protocol) else: elem = str(obj.element) if obj.log: if obj.log.prefix: log = '"%s"' % obj.log.prefix if obj.log.level: log += "\n" + _("level") + " " + obj.log.level if obj.log.limit: log += "\n" + _("limit") + " " + obj.log.limit.value if log == "": log = _("yes") if obj.audit: if obj.audit.limit: audit += "\n" + _("limit") + " " + obj.audit.limit.value if audit == "": audit = _("yes") self.richRuleStore.append([obj, family, priority, action, elem, src, dest, log, audit]) def richrule_added_cb(self, zone, rule, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return obj = rich.Rich_Rule(rule_str=rule) iter = self.richRuleStore.get_iter_first() while iter: if str(self.richRuleStore.get_value(iter, 0)) == str(obj): # already there return iter = self.richRuleStore.iter_next(iter) # nothing found, so add it self._add_rich_rule(obj) def richrule_removed_cb(self, zone, rule): if not self.runtime_view or zone != self.get_selected_zone(): return obj = rich.Rich_Rule(rule_str=rule) iter = self.richRuleStore.get_iter_first() while iter: if str(self.richRuleStore.get_value(iter, 0)) == str(obj): self.richRuleStore.remove(iter) break iter = self.richRuleStore.iter_next(iter) def _add_interface(self, interface): comment = "" if interface in self.connections: zone = nm_get_zone_of_connection(self.connections[interface]) if zone == "": comment = self.default_zone_used_by_label % \ self.connections[interface] else: comment = self.used_by_label % self.connections[interface] self.interfaceStore.append([interface, comment]) def interface_added_cb(self, zone, interface): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.interfaceStore.get_iter_first() while iter: if self.interfaceStore.get_value(iter, 0) == interface: # already there return iter = self.interfaceStore.iter_next(iter) # nothing found, so add it self._add_interface(interface) def interface_removed_cb(self, zone, interface): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.interfaceStore.get_iter_first() while iter: if self.interfaceStore.get_value(iter, 0) == interface: self.interfaceStore.remove(iter) break iter = self.interfaceStore.iter_next(iter) def zone_of_interface_changed_cb(self, zone, interface): self.update_active_zones() if not self.runtime_view: return iter = self.interfaceStore.get_iter_first() while iter: if self.interfaceStore.get_value(iter, 0) == interface: # it is here, remove it self.interfaceStore.remove(iter) iter = self.interfaceStore.iter_next(iter) # add if zone is active_zone if zone == self.get_selected_zone(): self._add_interface(interface) def source_added_cb(self, zone, source): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourceStore.get_iter_first() while iter: if self.sourceStore.get_value(iter, 0) == source: # already there return iter = self.sourceStore.iter_next(iter) # nothing found, so add it self.sourceStore.append([source]) def source_removed_cb(self, zone, source): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourceStore.get_iter_first() while iter: if self.sourceStore.get_value(iter, 0) == source: self.sourceStore.remove(iter) break iter = self.sourceStore.iter_next(iter) def zone_of_source_changed_cb(self, zone, source): self.update_active_zones() if not self.runtime_view: return iter = self.sourceStore.get_iter_first() while iter: if self.sourceStore.get_value(iter, 0) == source: # it is here, remove it self.sourceStore.remove(iter) iter = self.sourceStore.iter_next(iter) # add if zone is active_zone if zone == self.get_selected_zone(): self.sourceStore.append([source]) def conf_zone_added_cb(self, zone): if self.runtime_view: return # check if zone is in store iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) == zone: return iter = self.zoneStore.iter_next(iter) # not in list, append if zone in self.active_zones: self.zoneStore.append([zone, Pango.Weight.BOLD]) else: self.zoneStore.append([zone, Pango.Weight.NORMAL]) selection = self.zoneView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_zone_updated_cb(self, zone): if self.runtime_view or zone != self.get_selected_zone(): return self.onChangeZone() def conf_zone_removed_cb(self, zone): if self.runtime_view: return iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) == zone: self.zoneStore.remove(iter) break iter = self.zoneStore.iter_next(iter) def conf_zone_renamed_cb(self, zone): if self.runtime_view: return # Get all zones, renamed the one that is missing. # If more or less than one is missing, update zone store. zones = self.fw.config().getZoneNames() use_iter = None iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) not in zones: if use_iter is not None: return self.load_zones() use_iter = iter iter = self.zoneStore.iter_next(iter) if use_iter is None: return self.load_zones() self.zoneStore.set_value(use_iter, 0, zone) def deactivate_exception_handler(self): self.__use_exception_handler = False def activate_exception_handler(self): self.__use_exception_handler = True def _exception_handler(self, exception_message): if not self.__use_exception_handler: raise if "NotAuthorizedException" in exception_message: self._error(_("Authorization failed.")) elif "INVALID_NAME" in exception_message: msg = exception_message.replace("INVALID_NAME", _("Invalid name")) self._warning(msg) elif "NAME_CONFLICT" in exception_message: msg = exception_message.replace("NAME_CONFLICT", _("Name already exists")) self._warning(msg) elif "NO_DEFAULTS" in exception_message: pass else: self._error(exception_message) def get_selected_zone(self): selection = self.zoneView.get_selection() (model, iter) = selection.get_selected() if iter: return self.zoneStore.get_value(iter, 0) return None def onQuit(self, *args): self.mainloop.quit() sys.exit() def onAbout(self, *args): self.aboutDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.aboutDialog.set_transient_for(self.mainWindow) self.aboutDialog.show_all() self.aboutDialog.run() self.aboutDialog.hide() def onReloadFirewalld(self, *args): self.fw.reload() def onChangeView(self, *args): # Fix interaction problem of changed event of gtk combobox with # polkit-kde by processing all remaining events. # # The changed callback is signaled before the popup window has been # destroyed and before the focus (keyboard and mouse) has been reset. # This results in a deadlock in KDE and Qt, because the polkit KDE # agent can not get the focus and the user has no chance to enter the # desired password into the agent and is also not able to close the # agent with the mouse. The focus is still on the combobox popup. Gdk.DisplayManager.get().get_default_display().flush() self.fw.authorizeAll() self.runtime_view = (self.currentViewCombobox.get_active_text() == \ _("Runtime")) self.zoneEditBox.set_sensitive(not self.runtime_view) self.serviceConfDestinationGrid.set_sensitive(not self.runtime_view) self.icmpDialogDestIpv4Check.set_sensitive(not self.runtime_view) self.icmpDialogDestIpv6Check.set_sensitive(not self.runtime_view) self.ipsetConfEntryBox.set_sensitive(False) if self.runtime_view: self.zoneEditBox.hide() self.ipsetConfIPSetEditBox.hide() self.serviceConfServiceEditBox.hide() self.serviceConfPortBox.hide() self.serviceConfProtocolBox.hide() self.serviceConfSourcePortBox.hide() self.serviceConfModuleBox.hide() self.icmpDialogIcmpEditBox.hide() self.helperConfHelperEditBox.hide() self.helperConfPortBox.hide() else: self.zoneEditBox.show() self.ipsetConfIPSetEditBox.show() self.serviceConfServiceEditBox.show() self.serviceConfPortBox.show() self.serviceConfProtocolBox.show() self.serviceConfSourcePortBox.show() self.serviceConfModuleBox.show() self.icmpDialogIcmpEditBox.show() self.helperConfHelperEditBox.show() self.helperConfPortBox.show() self.load_ipsets() self.load_zones() self.load_services() self.load_icmps() self.load_helpers() self.load_direct() self.load_lockdown_whitelist() def update_active_zones(self): self.active_zones.clear() # remove all entries for the left menu left_menu_children = self.left_menu.get_children() for child in left_menu_children: self.left_menu.remove(child) child.destroy() # add connecitons entry item = Gtk.MenuItem.new() label = Gtk.Label() label.set_markup(escape(_("Connections"))) label.set_alignment(0, 0.5) item.add(label) item.connect("select", self.no_select) self.left_menu.append(item) if self.fw.connected: self.active_zones = self.fw.getActiveZones() else: self.active_zones = { } # clean bindingsView, leave connections, interfaces and sources entries self.bindingsView.get_selection().set_mode(Gtk.SelectionMode.NONE) iter = self.bindingsStore.iter_children(self.connectionsIter) while iter: self.bindingsStore.remove(iter) iter = self.bindingsStore.iter_children(self.connectionsIter) iter = self.bindingsStore.iter_children(self.interfacesIter) while iter: self.bindingsStore.remove(iter) iter = self.bindingsStore.iter_children(self.interfacesIter) iter = self.bindingsStore.iter_children(self.sourcesIter) while iter: self.bindingsStore.remove(iter) iter = self.bindingsStore.iter_children(self.sourcesIter) self.changeBindingsButton.set_sensitive(False) # get all active connections (NM) and interfaces connections = { } interfaces = { } sources = { } for zone in sorted(self.active_zones): if "interfaces" in self.active_zones[zone]: for interface in sorted(self.active_zones[zone]["interfaces"]): if interface not in self.connections: interfaces[interface] = zone if "sources" in self.active_zones[zone]: for source in sorted(self.active_zones[zone]["sources"]): sources[source] = zone # NM controlled connections for interface in self.connections: connection = self.connections[interface] if connection not in connections: zone = nm_get_zone_of_connection(connection) connections[connection] = [ zone, [ interface, ] ] else: connections[connection][1].append(interface) # add NM controlled entries for connection in sorted(connections): [ zone, _interfaces ] = connections[connection] connection_name = self.connections_name[connection] item = Gtk.MenuItem.new() hbox = Gtk.Box(orientation=Gtk.Orientation.HORIZONTAL, spacing=6) label = Gtk.Label() if zone == "": label.set_markup("%s (%s)\n%s: %s" % \ (connection_name, ",".join(_interfaces), escape(_("Default Zone")), self.default_zone)) else: label.set_markup("%s (%s)\n%s: %s" % \ (connection_name, ",".join(_interfaces), escape(_("Zone")), zone)) label.set_alignment(0, 0.5) label.set_padding(12, 0) hbox.pack_start(label, True, True, 0) item.add(hbox) item.connect("activate", self.change_zone_connection_editor, connection, connection_name, zone) self.left_menu.append(item) if zone == "": self.bindingsStore.append( self.connectionsIter, [ "%s (%s)\n%s" % ( connection_name, ",".join(_interfaces), _("Default Zone: %s") % self.default_zone), connection, zone ]) else: self.bindingsStore.append( self.connectionsIter, [ "%s (%s)\n%s" % ( connection_name, ",".join(_interfaces), _("Zone: %s") % zone), connection, zone ]) item = Gtk.MenuItem.new() label = Gtk.Label() label.set_markup(escape(_("Interfaces"))) label.set_alignment(0, 0.5) item.add(label) item.connect("select", self.no_select) self.left_menu.append(item) if len(interfaces) > 0: # add other interfaces for interface in sorted(interfaces): zone = interfaces[interface] item = Gtk.MenuItem.new() hbox = Gtk.Box(orientation=Gtk.Orientation.HORIZONTAL, spacing=6) label = Gtk.Label() label.set_markup("%s\n%s: %s" % \ (interface, escape(_("Zone")), zone)) label.set_alignment(0, 0.5) label.set_padding(12, 0) hbox.pack_start(label, True, True, 0) item.add(hbox) item.connect("activate", self.change_zone_interface_editor, interface, zone) self.left_menu.append(item) self.bindingsStore.append( self.interfacesIter, [ "%s\n%s" % (interface, _("Zone: %s") % zone), interface, zone ]) item = Gtk.MenuItem.new() label = Gtk.Label() label.set_markup(escape(_("Sources"))) label.set_alignment(0, 0.5) item.add(label) item.connect("select", self.no_select) self.left_menu.append(item) if len(sources) > 0: for source in sorted(sources): zone = sources[source] item = Gtk.MenuItem.new() hbox = Gtk.Box(orientation=Gtk.Orientation.HORIZONTAL, spacing=6) label = Gtk.Label() label.set_markup("%s\n%s: %s" % \ (source, escape(_("Zone")), zone)) label.set_alignment(0, 0.5) label.set_padding(12, 0) hbox.pack_start(label, True, True, 0) item.add(hbox) item.connect("activate", self.change_zone_source_editor, source, zone) self.left_menu.append(item) self.bindingsStore.append( self.sourcesIter, [ "%s\n%s" % (source, _("Zone: %s") % zone), source, zone ]) self.bindingsView.expand_all() self.bindingsView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) in self.active_zones.keys(): self.zoneStore.set_value(iter, 1, Pango.Weight.BOLD) else: self.zoneStore.set_value(iter, 1, Pango.Weight.NORMAL) iter = self.zoneStore.iter_next(iter) def onChangeDefaultZone(self, *args): self.defaultZoneStore.clear() zones = self.fw.getZones() # self.default_zone = self.fw.getDefaultZone() for zone in zones: if zone == self.default_zone: self.defaultZoneStore.append([zone, Pango.Weight.BOLD]) else: self.defaultZoneStore.append([zone, Pango.Weight.NORMAL]) selection = self.defaultZoneView.get_selection() if self.default_zone in zones: selection.select_path(zones.index(self.default_zone)) else: selection.set_mode(Gtk.SelectionMode.NONE) self.defaultZoneDialogOkButton.set_sensitive(False) self.defaultZoneDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.defaultZoneDialog.set_transient_for(self.mainWindow) self.defaultZoneDialog.show_all() self.add_visible_dialog(self.defaultZoneDialog) result = self.defaultZoneDialog.run() self.defaultZoneDialog.hide() self.remove_visible_dialog(self.defaultZoneDialog) if result == 1: (model, iter) = selection.get_selected() if not iter: return new_default_zone = model.get(iter, 0)[0] if new_default_zone != self.default_zone: self.fw.setDefaultZone(new_default_zone) self.default_zone = new_default_zone self.changes_applied() def on_logDeniedDialogValueCombobox_changed(self, combo): self.logDeniedDialogOkButton.set_sensitive( combo.get_active_text() != self.log_denied) def onChangeLogDenied(self, *args): combobox_select_text(self.logDeniedDialogValueCombobox, self.fw.getLogDenied()) self.logDeniedDialogOkButton.set_sensitive(False) self.logDeniedDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.logDeniedDialog.set_transient_for(self.mainWindow) self.logDeniedDialog.show_all() self.add_visible_dialog(self.logDeniedDialog) result = self.logDeniedDialog.run() self.logDeniedDialog.hide() self.remove_visible_dialog(self.logDeniedDialog) if result == 1: value = self.logDeniedDialogValueCombobox.get_active_text() if value != self.log_denied: self.fw.setLogDenied(value) self.log_denied = value self.changes_applied() def log_denied_changed_cb(self, value): self.logDeniedLabel.set_text(value) combobox_select_text(self.logDeniedDialogValueCombobox, value) def set_automaticHelpersLabel(self, value): if value == "system": self.automaticHelpersLabel.set_text( "%s (%s)" % (value, { 0:"off", 1:"on" }[ self.fw.get_property("nf_conntrack_helper_setting")])) else: self.automaticHelpersLabel.set_text(value) def on_automaticHelpersDialogValueCombobox_changed(self, combo): self.automaticHelpersDialogOkButton.set_sensitive( combo.get_active_text() != self.automatic_helpers) def onChangeAutomaticHelpers(self, *args): combobox_select_text(self.automaticHelpersDialogValueCombobox, self.fw.getAutomaticHelpers()) self.automaticHelpersDialogOkButton.set_sensitive(False) self.automaticHelpersDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.automaticHelpersDialog.set_transient_for(self.mainWindow) self.automaticHelpersDialog.show_all() self.add_visible_dialog(self.automaticHelpersDialog) result = self.automaticHelpersDialog.run() self.automaticHelpersDialog.hide() self.remove_visible_dialog(self.automaticHelpersDialog) if result == 1: value = self.automaticHelpersDialogValueCombobox.get_active_text() if value != self.automatic_helpers: self.fw.setAutomaticHelpers(value) self.automatic_helpers = value self.changes_applied() def automatic_helpers_changed_cb(self, value): self.set_automaticHelpersLabel(value) combobox_select_text(self.automaticHelpersDialogValueCombobox, value) def onRuntimeToPermanent(self, *args): self.fw.runtimeToPermanent() def on_defaultZoneViewSelection_changed(self, selection): (model, iter) = selection.get_selected() if not iter: return new_default_zone = model.get(iter, 0)[0] self.defaultZoneDialogOkButton.set_sensitive( \ new_default_zone != self.default_zone) def default_zone_changed_cb(self, zone): self.default_zone = zone self.defaultZoneLabel.set_text(zone) self.update_active_zones() def onSelectBinding(self, *args): selection = self.bindingsView.get_selection() (model, iter) = selection.get_selected() if not iter: self.changeBindingsButton.set_sensitive(False) return parent_iter = self.bindingsStore.iter_parent(iter) if parent_iter is None: selection.unselect_all() self.changeBindingsButton.set_sensitive(False) #self.editBindingsButton.set_sensitive(False) return if self.bindingsStore.get_value(parent_iter, 0) == _("Connections"): self.changeBindingsButton.set_sensitive(True) #self.editBindingsButton.set_sensitive(False) elif self.bindingsStore.get_value(parent_iter, 0) == _("Interfaces"): self.changeBindingsButton.set_sensitive(True) #self.editBindingsButton.set_sensitive(True) elif self.bindingsStore.get_value(parent_iter, 0) == _("Sources"): self.changeBindingsButton.set_sensitive(True) #self.editBindingsButton.set_sensitive(True) def onBindingClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.onChangeBinding() def onChangeBinding(self, *args): selection = self.bindingsView.get_selection() (model, iter) = selection.get_selected() if not iter: return parent_iter = self.bindingsStore.iter_parent(iter) if parent_iter is None: return item = self.bindingsStore.get_value(iter, 1) zone = self.bindingsStore.get_value(iter, 2) if self.bindingsStore.get_value(parent_iter, 0) == _("Connections"): self.change_zone_connection_editor(None, item, self.connections_name[item], zone) elif self.bindingsStore.get_value(parent_iter, 0) == _("Interfaces"): self.change_zone_interface_editor(None, item, zone) elif self.bindingsStore.get_value(parent_iter, 0) == _("Sources"): self.change_zone_source_editor(None, item, zone) #def onEditBindingClicked(self, widget, event): # if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: # self.onEditBinding() #def onEditBinding(self, *args): # return def onChangeZone(self, *args): selected_zone = self.get_selected_zone() ### load zone settings self.portStore.clear() self.protocolStore.clear() self.forwardStore.clear() self.sourcePortStore.clear() self.richRuleStore.clear() self.interfaceStore.clear() self.sourceStore.clear() self.serviceView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.portView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.protocolView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.forwardView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.sourcePortView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.icmpView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.richRuleView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.zoneNotebook.set_tooltip_markup("") if not selected_zone: self.zoneEditEditButton.set_sensitive(False) self.zoneEditRemoveButton.set_sensitive(False) self.zoneEditLoadDefaultsButton.set_sensitive(False) self.zoneNotebook.set_sensitive(False) iter = self.serviceStore.get_iter_first() while iter: self.serviceStore.set_value(iter, 0, False) iter = self.serviceStore.iter_next(iter) self.masqueradeCheck.set_active(False) iter = self.icmpStore.get_iter_first() while iter: self.icmpStore.set_value(iter, 0, False) iter = self.icmpStore.iter_next(iter) self.icmpBlockInversionCheck.set_active(False) return self.zoneEditEditButton.set_sensitive(True) self.zoneNotebook.set_sensitive(True) if self.runtime_view: # load runtime configuration try: settings = self.fw.getZoneSettings(selected_zone) except: return default = False builtin = False else: # load permanent configuration try: zone = self.fw.config().getZoneByName(selected_zone) except: return settings = zone.getSettings() props = zone.get_properties() default = props["default"] builtin = props["builtin"] services = settings.getServices() ports = settings.getPorts() protocols = settings.getProtocols() masquerade = settings.getMasquerade() forward_ports = settings.getForwardPorts() source_ports = settings.getSourcePorts() icmpblocks = settings.getIcmpBlocks() rules = settings.getRichRules() interfaces = settings.getInterfaces() sources = settings.getSources() icmp_block_inversion = settings.getIcmpBlockInversion() self.zoneNotebook.set_sensitive(True) self.zoneEditRemoveButton.set_sensitive(not builtin and default) self.zoneEditLoadDefaultsButton.set_sensitive(not default) # set services _services = services[:] iter = self.serviceStore.get_iter_first() while iter: name = self.serviceStore.get_value(iter, 1) if name in _services: self.serviceStore.set_value(iter, 0, True) _services.remove(name) else: self.serviceStore.set_value(iter, 0, False) iter = self.serviceStore.iter_next(iter) # handle unknown services for name in _services: text = _("Zone '%s': Service '%s' is not available.") % \ (selected_zone, name) result = self._dialog(text, message_type=Gtk.MessageType.WARNING, title=_("Warning"), buttons=((_("Remove"), 1), (_("Ignore"), 2))) if result == 1: if self.runtime_view: self.fw.removeService(selected_zone, name) else: settings.removeService(name) zone.update(settings) self.changes_applied() # set ports for item in ports: self.portStore.append(item) # set protocols for item in protocols: self.protocolStore.append([item]) # set masquerade self.masqueradeCheck.set_active(masquerade) # set forward ports for item in forward_ports: self.forwardStore.append(item) # set source ports for item in source_ports: self.sourcePortStore.append(item) # set icmpblocks _icmpblocks = icmpblocks[:] iter = self.icmpStore.get_iter_first() while iter: name = self.icmpStore.get_value(iter, 1) if name in _icmpblocks: self.icmpStore.set_value(iter, 0, True) _icmpblocks.remove(name) else: self.icmpStore.set_value(iter, 0, False) iter = self.icmpStore.iter_next(iter) self.icmpBlockInversionCheck.set_active(icmp_block_inversion) # handle unknown icmpblocks for name in _icmpblocks: text = _("Zone '%s': ICMP type '%s' is not available.") % \ (selected_zone, name) result = self._dialog(text, message_type=Gtk.MessageType.WARNING, title=_("Warning"), buttons=((_("Remove"), 1),(_("Ignore"), 2))) if result == 1: if self.runtime_view: self.fw.removeIcmpBlock(selected_zone, name) else: settings.removeIcmpBlock(name) zone.update(settings) self.changes_applied() # set rich rules for item in rules: rule = rich.Rich_Rule(rule_str=item) self._add_rich_rule(rule) # set interfaces for item in interfaces: self._add_interface(item) # set sources for item in sources: self.sourceStore.append([item]) self.serviceView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.portView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.protocolView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.forwardView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.sourcePortView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.icmpView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.richRuleView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.interfaceView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.sourceView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) def onAddZone(self, *args): if self.runtime_view: return self.add_edit_zone(True) def onRemoveZone(self, *args): if self.runtime_view: return selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) zone.remove() self.changes_applied() self.load_zones() self.onChangeZone() def onEditZone(self, *args): if self.runtime_view: return self.add_edit_zone(False) def onLoadDefaultsZone(self, *args): if self.runtime_view: return selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) zone.loadDefaults() self.changes_applied() self.onChangeZone() def entry_changed(self, entry, allowed_chars, modify=None): "Remove all disallowed characters and truncate length." origtext = entry.get_text() newtext = origtext for char in origtext: if char not in allowed_chars: newtext = newtext.replace(char, "") OK = len(newtext) > 0 if modify: OK, newtext = modify(newtext) if newtext != origtext: entry.set_text(newtext) return OK def onZoneBaseDialogChanged(self, *args): def check_zone_name(zone): max_len = functions.max_zone_name_len() parts = zone.split('/') if len(parts) < 2: return (True, zone) if len(parts[0]) > max_len: parts[0] = parts[0][:max_len] zone = '/'.join(parts[:2]) OK = len(zone) > 1 and zone[0] != '/' and zone[-1] != '/' return (OK, zone) OK=True if args and (args[0] == self.zoneBaseDialogNameEntry): additional_chars = "".join(Zone.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars OK = self.entry_changed(args[0], allowed_chars, check_zone_name) self.zoneBaseDialogOkButton.set_sensitive(OK) def onZoneBaseDialogTargetCheckToggled(self, check): val = check.get_active() self.zoneBaseDialogTargetCombobox.set_sensitive(not val) def add_edit_zone(self, add): l = functions.max_zone_name_len() self.zoneBaseDialogNameEntry.set_max_length(l) self.zoneBaseDialogNameEntry.set_width_chars(l) self.zoneBaseDialogNameEntry.set_max_width_chars(l) if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None old_target = None self.zoneBaseDialogNameEntry.set_text("") self.zoneBaseDialogVersionEntry.set_text("") self.zoneBaseDialogShortEntry.set_text("") self.zoneBaseDialogDescText.get_buffer().set_text("") self.zoneBaseDialogTargetCheck.set_active(True) self.zoneBaseDialogTargetCombobox.set_active(0) else: selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) settings = zone.getSettings() props = zone.get_properties() default = props["default"] builtin = props["builtin"] old_name = zone.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() old_target = settings.getTarget() self.zoneBaseDialogNameEntry.set_text(old_name) self.zoneBaseDialogVersionEntry.set_text(old_version) self.zoneBaseDialogShortEntry.set_text(old_short) self.zoneBaseDialogDescText.get_buffer().set_text(old_desc) if old_target == "default" or \ old_target == DEFAULT_ZONE_TARGET: self.zoneBaseDialogTargetCheck.set_active(True) self.zoneBaseDialogTargetCombobox.set_active(0) else: self.zoneBaseDialogTargetCheck.set_active(False) combobox_select_text(self.zoneBaseDialogTargetCombobox, old_target if old_target != "%%REJECT%%" else "REJECT") self.zoneBaseDialogOkButton.set_sensitive(False) if builtin: self.zoneBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in zone, rename not supported.")) else: self.zoneBaseDialogNameEntry.set_tooltip_markup("") self.zoneBaseDialogNameEntry.set_sensitive(not builtin and default) self.zoneBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.zoneBaseDialog.set_transient_for(self.mainWindow) self.zoneBaseDialog.show_all() self.add_visible_dialog(self.zoneBaseDialog) result = self.zoneBaseDialog.run() self.zoneBaseDialog.hide() self.remove_visible_dialog(self.zoneBaseDialog) if result != 1: return name = self.zoneBaseDialogNameEntry.get_text() version = self.zoneBaseDialogVersionEntry.get_text() short = self.zoneBaseDialogShortEntry.get_text() buffer = self.zoneBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) target = "default" # this has been DEFAULT_ZONE_TARGET before if not self.zoneBaseDialogTargetCheck.get_active(): target = self.zoneBaseDialogTargetCombobox.get_active_text() if target == "REJECT": target = "%%REJECT%%" if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc and old_target == target: # no changes return if not add: selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) settings = zone.getSettings() else: settings = client.FirewallClientZoneSettings() if old_version != version or old_short != short or \ old_desc != desc or old_target != target: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) settings.setTarget(target) if not add: zone.update(settings) if not add: if old_name == name: return zone.rename(name) else: self.fw.config().addZone(name, settings) self.changes_applied() def onAddRichRule(self, *args): self.add_edit_rich_rule(True) def onEditRichRule(self, *args): self.add_edit_rich_rule(False) def onRichRuleClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_rich_rule(False) def onRemoveRichRule(self, *args): selected_zone = self.get_selected_zone() selection = self.richRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return obj = self.richRuleStore.get_value(iter, 0) if self.runtime_view: self.fw.removeRichRule(selected_zone, str(obj)) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeRichRule(str(obj)) self.changes_applied() def add_edit_rich_rule(self, add): self.richRuleDialogFamilyCombobox.set_active(0) self.richRuleDialogPriorityEntry.set_value(0) self.richRuleDialogElementCheck.set_active(False) self.richRuleDialogElementCombobox.set_active(0) self.richRuleDialogElementChooser.set_text("") self.richRuleDialogActionCheck.set_active(False) self.richRuleDialogActionCombobox.set_active(0) self.richRuleDialogActionRejectTypeCheck.set_active(False) self.richRuleDialogActionRejectTypeCombobox.set_active(0) self.richRuleDialogActionMarkChooser.set_text("") self.richRuleDialogActionLimitCheck.set_active(False) self.richRuleDialogActionLimitRateEntry.set_text("") self.richRuleDialogActionLimitDurationCombobox.set_active(0) self.richRuleDialogSourceInvertCheck.set_active(False) self.richRuleDialogSourceTypeCombobox.set_active(0) self.richRuleDialogSourceChooser.set_text("") self.richRuleDialogDestinationInvertCheck.set_active(False) self.richRuleDialogDestinationChooser.set_text("") self.richRuleDialogLogCheck.set_active(False) self.richRuleDialogLogPrefixEntry.set_text("") self.richRuleDialogLogLevelCombobox.set_active(4) self.richRuleDialogLogLimitCheck.set_active(False) self.richRuleDialogLogLimitRateEntry.set_text("") self.richRuleDialogLogLimitDurationCombobox.set_active(0) self.richRuleDialogAuditCheck.set_active(False) self.richRuleDialogAuditLimitCheck.set_active(False) self.richRuleDialogAuditLimitRateEntry.set_text("") self.richRuleDialogAuditLimitDurationCombobox.set_active(0) smhd = { "s": _("second"), "m": _("minute"), "h": _("hour"), "d": _("day") } loglevel = { "emerg": _("emergency"), "alert": _("alert"), "crit": _("critical"), "error": _("error"), "warning": _("warning"), "notice": _("notice"), "info": _("info"), "debug": _("debug"), } selected_zone = self.get_selected_zone() old_obj = None iter = None if not add: selection = self.richRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_obj = self.richRuleStore.get_value(iter, 0) self.richRuleDialog.old_obj = old_obj if old_obj: if old_obj.family in [ "ipv4", "ipv6" ]: combobox_select_text(self.richRuleDialogFamilyCombobox, old_obj.family, insensitive=True) if old_obj.priority != 0: self.richRuleDialogPriorityEntry.set_value(old_obj.priority) if old_obj.element: self.richRuleDialogElementCheck.set_active(True) # element if type(old_obj.element) == rich.Rich_Service: combobox_select_text(self.richRuleDialogElementCombobox, _("service")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.name) elif type(old_obj.element) == rich.Rich_Port: combobox_select_text(self.richRuleDialogElementCombobox, _("port")) self.richRuleDialogElementChooser.set_text( \ "%s/%s" % (old_obj.element.port, old_obj.element.protocol)) elif type(old_obj.element) == rich.Rich_Protocol: combobox_select_text(self.richRuleDialogElementCombobox, _("protocol")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.value) elif type(old_obj.element) == rich.Rich_Masquerade: combobox_select_text(self.richRuleDialogElementCombobox, _("masquerade")) elif type(old_obj.element) == rich.Rich_IcmpBlock: combobox_select_text(self.richRuleDialogElementCombobox, _("icmp-block")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.name) elif type(old_obj.element) == rich.Rich_IcmpType: combobox_select_text(self.richRuleDialogElementCombobox, _("icmp-type")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.name) elif type(old_obj.element) == rich.Rich_ForwardPort: combobox_select_text(self.richRuleDialogElementCombobox, _("forward-port")) s = "%s/%s" % (old_obj.element.port, old_obj.element.protocol) if old_obj.element.to_port != "": s += " >%s" % old_obj.element.to_port if old_obj.element.to_address != "": s += " @%s" % old_obj.element.to_address self.richRuleDialogElementChooser.set_text(s) elif type(old_obj.element) == rich.Rich_SourcePort: combobox_select_text(self.richRuleDialogElementCombobox, _("source-port")) self.richRuleDialogElementChooser.set_text( \ "%s/%s" % (old_obj.element.port, old_obj.element.protocol)) # action if old_obj.action: self.richRuleDialogActionCheck.set_active(True) action = None if type(old_obj.action) == rich.Rich_Accept: action = _("accept") elif type(old_obj.action) == rich.Rich_Reject: action = _("reject") self.richRuleDialogActionRejectTypeCombobox.remove_all() if old_obj.family is not None: for icmp in REJECT_TYPES[old_obj.family]: self.richRuleDialogActionRejectTypeCombobox. \ append(icmp, icmp) if old_obj.action.type: self.richRuleDialogActionRejectTypeCheck. \ set_active(True) self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(old_obj.action.type) else: self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(REJECT_TYPES[old_obj.family][0]) elif type(old_obj.action) == rich.Rich_Drop: action = _("drop") elif type(old_obj.action) == rich.Rich_Mark: action = _("mark") self.richRuleDialogActionMarkChooser.set_text(old_obj.action.set) combobox_select_text(self.richRuleDialogActionCombobox, action) if old_obj.action.limit: self.richRuleDialogActionLimitCheck.set_active(True) (rate, duration) = old_obj.action.limit.value.split("/") self.richRuleDialogActionLimitRateEntry.set_text(rate) combobox_select_text( \ self.richRuleDialogActionLimitDurationCombobox, smhd[duration], insensitive=True) # source if old_obj.source: if old_obj.source.addr: combobox_select_text(self.richRuleDialogSourceTypeCombobox, "IP") self.richRuleDialogSourceChooser.set_text(old_obj.source.addr) elif old_obj.source.mac: combobox_select_text(self.richRuleDialogSourceTypeCombobox, "MAC") self.richRuleDialogSourceChooser.set_text(old_obj.source.mac) elif old_obj.source.ipset: combobox_select_text(self.richRuleDialogSourceTypeCombobox, "ipset") self.richRuleDialogSourceChooser.set_text(old_obj.source.ipset) self.richRuleDialogSourceInvertCheck.set_active( \ old_obj.source.invert) # destination if old_obj.destination: self.richRuleDialogDestinationChooser.set_text( \ old_obj.destination.addr) self.richRuleDialogDestinationInvertCheck.set_active( \ old_obj.destination.invert) # log if old_obj.log: self.richRuleDialogLogCheck.set_active(True) if old_obj.log.prefix: self.richRuleDialogLogPrefixEntry.set_text( \ old_obj.log.prefix) log_level = "warning" if old_obj.log.level and old_obj.log.level != log_level: log_level = old_obj.log.level combobox_select_text(self.richRuleDialogLogLevelCombobox, loglevel[log_level]) if old_obj.log.limit: self.richRuleDialogLogLimitCheck.set_active(True) (rate, duration) = old_obj.log.limit.value.split("/") self.richRuleDialogLogLimitRateEntry.set_text(rate) combobox_select_text( \ self.richRuleDialogLogLimitDurationCombobox, smhd[duration], insensitive=True) # audit if old_obj.audit: self.richRuleDialogAuditCheck.set_active(True) if old_obj.audit.limit: self.richRuleDialogAuditLimitCheck.set_active(True) (rate, duration) = old_obj.audit.limit.value.split("/") self.richRuleDialogAuditLimitRateEntry.set_text(rate) combobox_select_text( \ self.richRuleDialogAuditLimitDurationCombobox, smhd[duration], insensitive=True) self.richRuleDialogOkButton.set_sensitive(False) self.on_richRuleDialog_changed() self.richRuleDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.richRuleDialog.set_transient_for(self.mainWindow) self.richRuleDialog.show_all() self.add_visible_dialog(self.richRuleDialog) result = self.richRuleDialog.run() self.richRuleDialog.hide() self.remove_visible_dialog(self.richRuleDialog) if result != 1: return obj = self.richRuleDialog_getRule() old_rule = str(old_obj) rule = str(obj) if old_rule == rule: # nothing to change return if self.runtime_view: if not self.fw.queryRichRule(selected_zone, rule): self.fw.addRichRule(selected_zone, rule) if not add: self.fw.removeRichRule(selected_zone, old_rule) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryRichRule(rule): if not add: zone.removeRichRule(old_rule) zone.addRichRule(rule) self.changes_applied() def on_richRuleDialogElementChooser_clicked(self, *args): combolabel = self.richRuleDialogElementCombobox.get_active_text() old_value = self.richRuleDialogElementChooser.get_text() familylabel = self.richRuleDialogFamilyCombobox.get_active_text() if familylabel == _("ipv4"): family = "ipv4" elif familylabel == _("ipv6"): family = "ipv6" else: family = None value = None if combolabel == _("service"): value = self.service_select_dialog(old_value) elif combolabel == _("port"): old_port = None old_proto = None if old_value != "": try: (old_port,old_proto) = old_value.split("/") except: pass value = self.port_select_dialog(old_port, old_proto) elif combolabel == _("protocol"): value = self.protocol_select_dialog(old_value) elif combolabel == _("icmp-block"): value = self.icmptype_select_dialog(old_value) elif combolabel == _("icmp-type"): value = self.icmptype_select_dialog(old_value) elif combolabel == _("forward-port"): value = self.forwardport_select_dialog(family, old_value) elif combolabel == _("source-port"): old_port = None old_proto = None if old_value != "": try: (old_port,old_proto) = old_value.split("/") except: pass value = self.port_select_dialog(old_port, old_proto) if value is None: return self.richRuleDialogElementChooser.set_text(value) def port_select_dialog(self, old_port, old_proto): self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return None port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return None return "%s/%s" % (port, proto) def onProtoChanged(self, *args): if self.protoDialogOtherProtoCheck.get_active(): self.protoDialogProtoLabel.set_sensitive(False) self.protoDialogProtoCombobox.set_sensitive(False) self.protoDialogOtherProtoEntry.set_sensitive(True) proto = self.protoDialogOtherProtoEntry.get_text() else: self.protoDialogProtoLabel.set_sensitive(True) self.protoDialogProtoCombobox.set_sensitive(True) self.protoDialogOtherProtoEntry.set_sensitive(False) proto = self.protoDialogProtoCombobox.get_active_text() if functions.checkProtocol(proto): self.protoDialogOkButton.set_sensitive(True) else: self.protoDialogOkButton.set_sensitive(False) def protocol_select_dialog(self, old_proto): self.protoDialogProtoCombobox.set_active(0) self.protoDialogOtherProtoCheck.set_active(False) self.protoDialogOtherProtoEntry.set_text("") if old_proto: if not combobox_select_text(self.protoDialogProtoCombobox, old_proto): self.protoDialogOtherProtoCheck.set_active(True) self.protoDialogOtherProtoEntry.set_text(old_proto) self.protoDialogOkButton.set_sensitive(False) self.protoDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.protoDialog.set_transient_for(self.mainWindow) self.protoDialog.show_all() self.add_visible_dialog(self.protoDialog) result = self.protoDialog.run() self.protoDialog.hide() self.remove_visible_dialog(self.protoDialog) if result != 1: return None if self.protoDialogOtherProtoCheck.get_active(): proto = self.protoDialogOtherProtoEntry.get_text() else: proto = self.protoDialogProtoCombobox.get_active_text() if old_proto == proto: # nothing to change return None return proto def change_service_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceDialogOkButton.set_sensitive(True) else: self.serviceDialogOkButton.set_sensitive(False) def service_select_dialog(self, old_service=""): self.serviceDialogServiceStore.clear() if self.runtime_view: services = self.fw.listServices() else: services = self.fw.config().getServiceNames() for service in services: self.serviceDialogServiceStore.append([service]) selection = self.serviceDialogServiceView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) selection.select_path(0) iter = self.serviceDialogServiceStore.get_iter_first() while iter: if self.serviceDialogServiceStore.get_value(iter, 0) == \ old_service: selection.select_iter(iter) iter = self.serviceDialogServiceStore.iter_next(iter) self.serviceDialogOkButton.set_sensitive(False) self.serviceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.serviceDialog.set_transient_for(self.mainWindow) self.serviceDialog.show_all() self.add_visible_dialog(self.serviceDialog) result = self.serviceDialog.run() self.serviceDialog.hide() self.remove_visible_dialog(self.serviceDialog) if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None service = self.serviceDialogServiceStore.get_value(iter, 0) if old_service == service: return None return service def change_icmptype_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.icmptypeDialogOkButton.set_sensitive(True) else: self.icmptypeDialogOkButton.set_sensitive(False) def icmptype_select_dialog(self, old_icmptype=""): self.icmptypeDialogIcmptypeStore.clear() if self.runtime_view: icmptypes = self.fw.listIcmpTypes() else: icmptypes = self.fw.config().getIcmpTypeNames() for icmptype in icmptypes: self.icmptypeDialogIcmptypeStore.append([icmptype]) selection = self.icmptypeDialogIcmptypeView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) selection.select_path(0) iter = self.icmptypeDialogIcmptypeStore.get_iter_first() while iter: if self.icmptypeDialogIcmptypeStore.get_value(iter, 0) == \ old_icmptype: selection.select_iter(iter) iter = self.icmptypeDialogIcmptypeStore.iter_next(iter) self.icmptypeDialogOkButton.set_sensitive(False) self.icmptypeDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.icmptypeDialog.set_transient_for(self.mainWindow) self.icmptypeDialog.show_all() self.add_visible_dialog(self.icmptypeDialog) result = self.icmptypeDialog.run() self.icmptypeDialog.hide() self.remove_visible_dialog(self.icmptypeDialog) if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None icmptype = self.icmptypeDialogIcmptypeStore.get_value(iter, 0) if old_icmptype == icmptype: return None return icmptype def on_richRuleDialogSourceChooser_clicked(self, *args): old_address = self.richRuleDialogSourceChooser.get_text() _type = self.richRuleDialogSourceTypeCombobox.get_active_text() combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None if _type == "IP": address = self.address_select_dialog(family, old_address) if address is not None: self.richRuleDialogSourceChooser.set_text(address) elif _type == "MAC": address = self.mac_select_dialog(old_address) if address is not None: self.richRuleDialogSourceChooser.set_text(address.upper()) elif _type == "ipset": address = self.ipset_select_dialog(old_address, family) if address is not None: self.richRuleDialogSourceChooser.set_text(address) def on_richRuleDialogDestinationChooser_clicked(self, *args): combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None old_address = self.richRuleDialogDestinationChooser.get_text() address = self.address_select_dialog(family, old_address) if address is not None: self.richRuleDialogDestinationChooser.set_text(address) def create_fwp_string(self, port, proto, to_port, to_addr): _to_port = "" if to_port != "": _to_port = " >%s" % to_port _to_addr = "" if to_addr != "": _to_addr = " @%s" % to_addr return "%s/%s%s%s" % (port, proto, _to_port, _to_addr) def split_fwp_string(self, text): port = "" proto = "" to_port = "" to_addr = "" if ">" in text: # to_port splits = text.split(">") (port,proto) = splits[0].split("/") if "@" in splits[1]: (to_port,to_addr) = splits[1].split("@") else: to_port = splits[1] elif "@" in text: splits = text.split("@") (port,proto) = splits[0].split("/") to_addr = splits[1] return (port.strip(), proto.strip(), to_port.strip(), to_addr.strip()) def richRuleDialog_getRule(self): smhd = { _("second"): "s", _("minute"): "m", _("hour"): "h", _("day"): "d" } loglevel = { _("emergency"): "emerg", # 0, system is unusable _("alert"): "alert", # 1, action must be taken immediately _("critical"): "crit", # 2, critical conditions _("error"): "error", # 3, error conditions _("warning"): "warning", # 4, warning conditions _("notice"): "notice", # 5, normal but significant condition _("info"): "info", # 6, informational _("debug"): "debug", } # 7, debug-level messages # family combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): rule = rich.Rich_Rule("ipv4") # ipv4 rule elif combolabel == _("ipv6"): rule = rich.Rich_Rule("ipv6") # ipv6 rule else: rule = rich.Rich_Rule() # ipv4+ipv6 rule # priority priority = self.richRuleDialogPriorityEntry.get_value_as_int() if priority != 0: rule.priority = priority # element if self.richRuleDialogElementCheck.get_active(): combolabel = self.richRuleDialogElementCombobox.get_active_text() if combolabel == _("service"): rule.element = rich.Rich_Service( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("port"): text = self.richRuleDialogElementChooser.get_text() port = "" proto = "" try: if '/' in text: (port, proto) = text.split("/") except: return None rule.element = rich.Rich_Port(port, proto) elif combolabel == _("protocol"): rule.element = rich.Rich_Protocol( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("icmp-block"): rule.element = rich.Rich_IcmpBlock( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("icmp-type"): rule.element = rich.Rich_IcmpType( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("forward-port"): text = self.richRuleDialogElementChooser.get_text() try: (port, proto, to_port, to_addr) = \ self.split_fwp_string(text) except: return None rule.element = rich.Rich_ForwardPort(port, proto, to_port, to_addr) elif combolabel == _("masquerade"): rule.element = rich.Rich_Masquerade() elif combolabel == _("source-port"): text = self.richRuleDialogElementChooser.get_text() port = "" proto = "" try: if '/' in text: (port, proto) = text.split("/") except: return None rule.element = rich.Rich_SourcePort(port, proto) # action if self.richRuleDialogActionCheck.is_sensitive() and \ self.richRuleDialogActionCheck.get_active(): limit = None if self.richRuleDialogActionLimitCheck.get_active(): value = self.richRuleDialogActionLimitRateEntry.get_text() value += "/" value += smhd[self.richRuleDialogActionLimitDurationCombobox.get_active_text()] limit = rich.Rich_Limit(value) combolabel = self.richRuleDialogActionCombobox.get_active_text() if combolabel == _("accept"): rule.action = rich.Rich_Accept(limit) elif combolabel == _("reject"): _type = None if self.richRuleDialogActionRejectTypeCheck.get_active(): _type = self.richRuleDialogActionRejectTypeCombobox.get_active_text() rule.action = rich.Rich_Reject(_type, limit) elif combolabel == _("drop"): rule.action = rich.Rich_Drop(limit) elif combolabel == _("mark"): _set = self.richRuleDialogActionMarkChooser.get_text() rule.action = rich.Rich_Mark(_set, limit) # source if self.richRuleDialogSourceChooser.is_sensitive() \ and (self.richRuleDialogSourceChooser.get_text() != "" \ or self.richRuleDialogSourceInvertCheck.get_active()): txt = self.richRuleDialogSourceTypeCombobox.get_active_text() addr = mac = ipset = None if txt == "IP": addr = self.richRuleDialogSourceChooser.get_text() if txt == "MAC": mac = self.richRuleDialogSourceChooser.get_text() if txt == "ipset": ipset = self.richRuleDialogSourceChooser.get_text() rule.source = rich.Rich_Source( addr, mac, ipset, self.richRuleDialogSourceInvertCheck.get_active()) # destination if self.richRuleDialogDestinationBox.is_sensitive() \ and (self.richRuleDialogDestinationChooser.get_text() != "" \ or self.richRuleDialogDestinationInvertCheck.get_active()): rule.destination = rich.Rich_Destination( self.richRuleDialogDestinationChooser.get_text(), self.richRuleDialogDestinationInvertCheck.get_active()) # log if self.richRuleDialogLogCheck.is_sensitive() and \ self.richRuleDialogLogCheck.get_active(): limit = None if self.richRuleDialogLogLimitCheck.get_active(): value = self.richRuleDialogLogLimitRateEntry.get_text() value += "/" value += smhd[self.richRuleDialogLogLimitDurationCombobox.get_active_text()] limit = rich.Rich_Limit(value) level = self.richRuleDialogLogLevelCombobox.get_active_text() rule.log = rich.Rich_Log( self.richRuleDialogLogPrefixEntry.get_text(), loglevel[level], limit) # audit if self.richRuleDialogAuditCheck.is_sensitive() and \ self.richRuleDialogAuditCheck.get_active(): limit = None if self.richRuleDialogAuditLimitCheck.get_active(): value = self.richRuleDialogAuditLimitRateEntry.get_text() value += "/" value += smhd[self.richRuleDialogAuditLimitDurationCombobox.get_active_text()] limit = rich.Rich_Limit(value) rule.audit = rich.Rich_Audit(limit) return rule def on_richRuleDialogFamilyCombobox_changed(self, *args): combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None self.richRuleDialogActionRejectTypeCombobox.remove_all() if family is not None: for icmp in REJECT_TYPES[family]: self.richRuleDialogActionRejectTypeCombobox.append(icmp, icmp) old_obj = self.richRuleDialog.old_obj if old_obj and old_obj.family == family and \ hasattr(old_obj.action, 'type') and old_obj.action.type: self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(old_obj.action.type) else: self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(REJECT_TYPES[family][0]) def on_richRuleDialogElementCombobox_changed(self, *args): self.richRuleDialogElementChooser.set_text("") def on_richRuleDialogActionMarkChooser_clicked(self, *args): old_value = self.richRuleDialogActionMarkChooser.get_text() if "/" in old_value: try: (old_mark, old_mask) = old_value.split("/") except: return else: old_mark = old_value old_mask = "" _value = self.mark_select_dialog(old_mark, old_mask) if _value is None: return (mark, mask) = _value if mask != "": value = "%s/%s" % (mark, mask) else: value = mark self.richRuleDialogActionMarkChooser.set_text(value) def on_richRuleDialog_changed(self, *args): combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None v4v6_source = (self.richRuleDialogSourceTypeCombobox.get_active_text() == "MAC" or \ self.richRuleDialogSourceTypeCombobox.get_active_text() == "ipset") if family is None: self.richRuleDialogSourceChooser.set_sensitive(v4v6_source) self.richRuleDialogSourceInvertCheck.set_sensitive(v4v6_source) self.richRuleDialogDestinationLabel.set_sensitive(False) self.richRuleDialogDestinationBox.set_sensitive(False) else: self.richRuleDialogSourceChooser.set_sensitive(True) self.richRuleDialogSourceInvertCheck.set_sensitive(True) self.richRuleDialogDestinationLabel.set_sensitive(True) self.richRuleDialogDestinationBox.set_sensitive(True) self.richRuleDialogActionCheck.set_sensitive(True) self.richRuleDialogActionBox.set_sensitive( self.richRuleDialogActionCheck.get_active()) self.richRuleDialogElementChooser.set_sensitive(True) self.richRuleDialogElementBox.set_sensitive( self.richRuleDialogElementCheck.get_active()) self.richRuleDialogLogCheck.set_sensitive(True) self.richRuleDialogAuditCheck.set_sensitive(True) self.richRuleDialogActionLimitBox.set_sensitive( self.richRuleDialogActionLimitCheck.get_active()) self.richRuleDialogActionRejectTypeCombobox.set_sensitive( self.richRuleDialogActionRejectTypeCheck.get_active()) self.richRuleDialogActionRejectBox.set_sensitive(family is not None and \ self.richRuleDialogActionCombobox.get_active_text() == _("reject")) self.richRuleDialogActionMarkBox.set_sensitive(self.richRuleDialogActionCombobox.get_active_text() == _("mark")) self.richRuleDialogLogGrid.set_sensitive( self.richRuleDialogLogCheck.get_active()) self.richRuleDialogLogLimitBox.set_sensitive( self.richRuleDialogLogLimitCheck.get_active()) self.richRuleDialogAuditBox.set_sensitive( self.richRuleDialogAuditCheck.get_active()) self.richRuleDialogAuditLimitBox.set_sensitive( self.richRuleDialogAuditLimitCheck.get_active()) if self.richRuleDialogElementCheck.get_active(): combolabel = self.richRuleDialogElementCombobox.get_active_text() if combolabel == _("masquerade"): self.richRuleDialogElementChooser.set_sensitive(False) self.richRuleDialogActionCheck.set_sensitive(False) self.richRuleDialogActionBox.set_sensitive(False) self.richRuleDialogLogCheck.set_sensitive(False) self.richRuleDialogLogGrid.set_sensitive(False) self.richRuleDialogAuditCheck.set_sensitive(False) self.richRuleDialogAuditBox.set_sensitive(False) elif combolabel == _("forward-port"): self.richRuleDialogActionCheck.set_sensitive(False) self.richRuleDialogActionBox.set_sensitive(False) self.richRuleDialogLogCheck.set_sensitive(False) self.richRuleDialogLogGrid.set_sensitive(False) self.richRuleDialogAuditCheck.set_sensitive(False) self.richRuleDialogAuditBox.set_sensitive(False) elif combolabel == _("icmp-block"): self.richRuleDialogActionCheck.set_sensitive(False) self.richRuleDialogActionBox.set_sensitive(False) rule = self.richRuleDialog_getRule() try: rule.check() except Exception as msg: self.richRuleDialogOkButton.set_sensitive(False) self.richRuleDialogOkButton.set_tooltip_text(str(msg)) else: if str(self.richRuleDialog.old_obj) != str(rule): self.richRuleDialogOkButton.set_sensitive(True) else: self.richRuleDialogOkButton.set_sensitive(False) self.richRuleDialogOkButton.set_tooltip_text("") def onAddInterface(self, *args): self.add_edit_interface(True) def onEditInterface(self, *args): selected_zone = self.get_selected_zone() selection = self.interfaceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return interface = self.interfaceStore.get_value(iter, 0) if interface in self.connections: connection = self.connections[interface] connection_name = self.connections_name[connection] if selected_zone == self.default_zone: selected_zone = nm_get_zone_of_connection(connection) editor = ZoneConnectionEditor(self.fw, connection, connection_name, selected_zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) editor.show_all() try: editor.run() except Exception: text = _("Failed to set zone {zone} " "for connection {connection_name}") self._warning(text.format(zone=editor.get_zone(), connection_name=editor.connection_name)) editor.hide() else: self.add_edit_interface(False) self.changes_applied() def onInterfaceClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.onEditInterface() def onRemoveInterface(self, *args): selected_zone = self.get_selected_zone() selection = self.interfaceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return interface = self.interfaceStore.get_value(iter, 0) if self.runtime_view: self.fw.removeInterface(selected_zone, interface) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeInterface(interface) self.changes_applied() def change_interface_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editInterfaceButton.set_sensitive(True) interface = self.interfaceStore.get_value(iter, 0) if interface in self.connections: self.removeInterfaceButton.set_sensitive(False) else: self.removeInterfaceButton.set_sensitive(True) else: self.editInterfaceButton.set_sensitive(False) self.removeInterfaceButton.set_sensitive(False) def add_edit_interface(self, add): selected_zone = self.get_selected_zone() old_interface = None if add: self.interfaceDialogInterfaceEntry.set_text("") else: selection = self.interfaceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_interface = self.interfaceStore.get_value(iter, 0) self.interfaceDialogInterfaceEntry.set_text(old_interface) self.interfaceDialogOkButton.set_sensitive(False) self.interfaceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.interfaceDialog.set_transient_for(self.mainWindow) self.interfaceDialog.show_all() self.add_visible_dialog(self.interfaceDialog) result = self.interfaceDialog.run() self.interfaceDialog.hide() self.remove_visible_dialog(self.interfaceDialog) if result != 1: return interface = self.interfaceDialogInterfaceEntry.get_text() if old_interface == interface: # nothing to change return if self.runtime_view: if not self.fw.queryInterface(selected_zone, interface): self.fw.addInterface(selected_zone, interface) if not add: self.fw.removeInterface(selected_zone, old_interface) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryInterface(interface): if not add: zone.removeInterface(old_interface) zone.addInterface(interface) self.changes_applied() def onInterfaceChanged(self, *args): text = self.interfaceDialogInterfaceEntry.get_text() if text != "" and functions.checkInterface(text): self.interfaceDialogOkButton.set_sensitive(True) else: self.interfaceDialogOkButton.set_sensitive(False) def onAddSource(self, *args): self.add_edit_source(True) def onEditSource(self, *args): self.add_edit_source(False) def onSourceClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_source(False) def onRemoveSource(self, *args): selected_zone = self.get_selected_zone() selection = self.sourceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return source = self.sourceStore.get_value(iter, 0) if self.runtime_view: self.fw.removeSource(selected_zone, source) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeSource(source) self.changes_applied() def change_source_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editSourceButton.set_sensitive(True) self.removeSourceButton.set_sensitive(True) else: self.editSourceButton.set_sensitive(False) self.removeSourceButton.set_sensitive(False) def add_edit_source(self, add): selected_zone = self.get_selected_zone() old_source = "" if not add: selection = self.sourceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_source = self.sourceStore.get_value(iter, 0) #source = self.address_select_dialog(None, old_source, True, True) source = self.source_select_dialog(old_source) if not source: return if self.runtime_view: if not self.fw.querySource(selected_zone, source): self.fw.addSource(selected_zone, source) if not add: self.fw.removeSource(selected_zone, old_source) self.changes_applied() else: self._warning("Source '%s' already bound to zone '%s'" % \ (old_source, selected_zone)) else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.querySource(source): if not add: zone.removeSource(old_source) zone.addSource(source) self.changes_applied() else: self._warning("Source '%s' already bound to zone '%s'" % \ (old_source, selected_zone)) def on_markDialog_changed(self, entry, old_mark, old_mask): mark = self.markDialogMarkEntry.get_text() mask = self.markDialogMaskEntry.get_text() if not functions.checkUINT32(mark): self.markDialogOkButton.set_sensitive(False) else: if mask != "" and not functions.checkUINT32(mask): self.markDialogOkButton.set_sensitive(False) else: if old_mark != mark or old_mask != mask: self.markDialogOkButton.set_sensitive(True) def mark_select_dialog(self, old_mark, old_mask): self.markDialogMarkEntry.set_text(old_mark) self.markDialogMaskEntry.set_text(old_mask) handler_id1 = self.markDialogMarkEntry.connect( "changed", self.on_markDialog_changed, old_mark, old_mask) handler_id2 = self.markDialogMaskEntry.connect( "changed", self.on_markDialog_changed, old_mark, old_mask) self.markDialogOkButton.set_sensitive(False) self.markDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.markDialog.set_transient_for(self.mainWindow) self.markDialog.show_all() self.add_visible_dialog(self.markDialog) result = self.markDialog.run() self.markDialog.hide() self.remove_visible_dialog(self.markDialog) self.markDialogMarkEntry.disconnect(handler_id1) self.markDialogMaskEntry.disconnect(handler_id2) mark = self.markDialogMarkEntry.get_text() mask = self.markDialogMaskEntry.get_text() if result != 1 or (old_mark == mark and old_mask == mask): return None return (mark, mask) def on_macDialog_changed(self, entry, old_mac): text = entry.get_text() if text == "": self.macDialogOkButton.set_sensitive(True) return self.macDialogOkButton.set_sensitive(False) if functions.check_mac(text) and text != old_mac: self.macDialogOkButton.set_sensitive(True) def mac_select_dialog(self, old_mac): self.macDialogMacEntry.set_text(old_mac) handler_id = self.macDialogMacEntry.connect("changed", self.on_macDialog_changed, old_mac) self.macDialogOkButton.set_sensitive(False) self.macDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.macDialog.set_transient_for(self.mainWindow) self.macDialog.show_all() self.add_visible_dialog(self.macDialog) result = self.macDialog.run() self.macDialog.hide() self.remove_visible_dialog(self.macDialog) self.macDialogMacEntry.disconnect(handler_id) mac = self.macDialogMacEntry.get_text() if result != 1 or old_mac == mac: return None return mac.upper() def change_ipset_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.ipsetDialogOkButton.set_sensitive(True) else: self.ipsetDialogOkButton.set_sensitive(False) def ipset_select_dialog(self, old_ipset="", ipv=None): self.ipsetDialogIPSetStore.clear() ipsets = { } if self.runtime_view: for x in self.fw.getIPSets(): self.deactivate_exception_handler() try: settings = self.fw.getIPSetSettings(x) except (DBusException, Exception) as msg: self.activate_exception_handler() if isinstance(msg, DBusException): msg = msg.get_dbus_message() else: msg = str(msg) code = FirewallError.get_code(msg) if code == errors.NOT_APPLIED: continue raise self.activate_exception_handler() if settings.getType() not in SOURCE_IPSET_TYPES: continue ipsets[x] = settings else: for i in self.fw.config().listIPSets(): obj = self.fw.config().getIPSet(i) ipsets[obj.get_property("name")] = obj.getSettings() for i in sorted(ipsets.keys()): # for all hash:ip and hash:net types, ipv has to match the family # of the set ipset_type = ipsets[i].getType() if ipset_type.startswith("hash:ip") or \ ipset_type.startswith("hash:net"): opts = ipsets[i].getOptions() if "family" in opts: if opts["family"] == "inet6" and \ (ipv != "ipv6" and ipv != "all"): continue else: if ipv == "ipv6" or ipv is None: continue self.ipsetDialogIPSetStore.append([i, ipset_type]) selection = self.ipsetDialogIPSetView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) #selection.select_path(0) iter = self.ipsetDialogIPSetStore.get_iter_first() while iter: if self.ipsetDialogIPSetStore.get_value(iter, 0) == old_ipset: selection.select_iter(iter) iter = self.ipsetDialogIPSetStore.iter_next(iter) self.ipsetDialogOkButton.set_sensitive(False) self.ipsetDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.ipsetDialog.set_transient_for(self.mainWindow) self.ipsetDialog.show_all() self.add_visible_dialog(self.ipsetDialog) result = self.ipsetDialog.run() self.ipsetDialog.hide() self.remove_visible_dialog(self.ipsetDialog) #self.ipsetDialogIPSetEntry.disconnect(handler_id) #ipset = self.ipsetDialogIPSetEntry.get_text() if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None ipset = self.ipsetDialogIPSetStore.get_value(iter, 0) if old_ipset == ipset: return None return ipset def change_helper_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.helperDialogOkButton.set_sensitive(True) else: self.helperDialogOkButton.set_sensitive(False) def on_sourceDialog_changed(self, arg, old_type, old_source): _type = self.sourceDialogSourceTypeCombobox.get_active_text() _source = self.sourceDialogSourceChooser.get_text() self.sourceDialogOkButton.set_sensitive(False) if old_source != _source: if _type == "MAC" and functions.check_mac(_source): self.sourceDialogOkButton.set_sensitive(True) elif _type == "IP" and (functions.checkIPnMask(_source) or \ functions.checkIP6nMask(_source)): self.sourceDialogOkButton.set_sensitive(True) elif _type == "ipset": self.sourceDialogOkButton.set_sensitive(True) def on_sourceDialogSourceChooser_clicked(self, *args): old_address = self.sourceDialogSourceChooser.get_text() _type = self.sourceDialogSourceTypeCombobox.get_active_text() if _type == "IP": address = self.address_select_dialog(None, old_address) if address is not None: self.sourceDialogSourceChooser.set_text(address) elif _type == "MAC": address = self.mac_select_dialog(old_address) if address is not None: self.sourceDialogSourceChooser.set_text(address.upper()) elif _type == "ipset": address = self.ipset_select_dialog(old_address, "all") if address is not None: self.sourceDialogSourceChooser.set_text(address) def source_select_dialog(self, old_source): if old_source: if old_source.startswith("ipset:"): old_type = "ipset" old_source = old_source[6:] elif functions.check_mac(old_source): old_type = "MAC" else: old_type = "IP" combobox_select_text(self.sourceDialogSourceTypeCombobox, old_type) else: old_type = None self.sourceDialogSourceTypeCombobox.set_active(0) self.sourceDialogSourceChooser.set_text(old_source) h_type_id = self.sourceDialogSourceTypeCombobox.connect( "changed", self.on_sourceDialog_changed, old_type, old_source) h_addr_id = self.sourceDialogSourceChooser.connect( "clicked", self.on_sourceDialog_changed, old_type, old_source) self.sourceDialogOkButton.set_sensitive(False) self.sourceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.sourceDialog.set_transient_for(self.mainWindow) self.sourceDialog.show_all() self.add_visible_dialog(self.sourceDialog) result = self.sourceDialog.run() self.sourceDialog.hide() self.remove_visible_dialog(self.sourceDialog) self.sourceDialogSourceTypeCombobox.disconnect(h_type_id) self.sourceDialogSourceChooser.disconnect(h_addr_id) source = self.sourceDialogSourceChooser.get_text() if self.sourceDialogSourceTypeCombobox.get_active_text() == "ipset": source = "ipset:%s" % source if result != 1 or old_source == source: return None return source def onAddPort(self, *args): self.add_edit_port(True) def onEditPort(self, *args): self.add_edit_port(False) def onPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_port(False) def onRemovePort(self, *args): selected_zone = self.get_selected_zone() selection = self.portView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.portStore.get_value(iter, 0) proto = self.portStore.get_value(iter, 1) if self.runtime_view: self.fw.removePort(selected_zone, port, proto) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removePort(port, proto) self.changes_applied() def onPortChanged(self, *args): ports = functions.getPortRange(self.portDialogPortEntry.get_text()) if not ports or not (isinstance(ports, list) or \ isinstance(ports, tuple)): self.portDialogOkButton.set_sensitive(False) else: self.portDialogOkButton.set_sensitive(True) def add_edit_port(self, add): selected_zone = self.get_selected_zone() old_port = None old_proto = None if not add: selection = self.portView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.portStore.get_value(iter, 0) old_proto = self.portStore.get_value(iter, 1) self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return if self.runtime_view: if not self.fw.queryPort(selected_zone, port, proto): self.fw.addPort(selected_zone, port, proto) if not add: self.fw.removePort(selected_zone, old_port, old_proto) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryPort(port, proto): if not add: zone.removePort(old_port, old_proto) zone.addPort(port, proto) self.changes_applied() def onPortProtoChanged(self, *args): ports = functions.getPortRange(self.portDialogPortEntry.get_text()) if not ports or not (isinstance(ports, list) or \ isinstance(ports, tuple)): self.portDialogOkButton.set_sensitive(False) else: self.portDialogOkButton.set_sensitive(True) def onPortProtoDialogOtherProtoCheckToggled(self, check, *args): self.portDialogPortEntry.set_sensitive(not check.get_active()) self.portDialogProtoCombobox.set_sensitive(not check.get_active()) def service_conf_add_edit_port(self, add): active_service = self.get_active_service() self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) old_port = None old_proto = None if not add: selection = self.serviceConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.serviceConfPortStore.get_value(iter, 0) old_proto = self.serviceConfPortStore.get_value(iter, 1) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.queryPort(port, proto): if not add: service.removePort(old_port, old_proto) service.addPort(port, proto) self.changes_applied() def port_added_cb(self, zone, port, protocol, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.portStore.get_iter_first() while iter: if self.portStore.get_value(iter, 0) == port and \ self.portStore.get_value(iter, 1) == protocol: # already there return iter = self.portStore.iter_next(iter) # nothing found, so add it self.portStore.append([port, protocol]) def port_removed_cb(self, zone, port, protocol): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.portStore.get_iter_first() while iter: if self.portStore.get_value(iter, 0) == port and \ self.portStore.get_value(iter, 1) == protocol: self.portStore.remove(iter) break iter = self.portStore.iter_next(iter) def onAddSourcePort(self, *args): self.add_edit_source_port(True) def onEditSourcePort(self, *args): self.add_edit_source_port(False) def onSourcePortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_source_port(False) def onRemoveSourcePort(self, *args): selected_zone = self.get_selected_zone() selection = self.sourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.sourcePortStore.get_value(iter, 0) proto = self.sourcePortStore.get_value(iter, 1) if self.runtime_view: self.fw.removeSourcePort(selected_zone, port, proto) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeSourcePort(port, proto) self.changes_applied() def add_edit_source_port(self, add): selected_zone = self.get_selected_zone() old_port = None old_proto = None if not add: selection = self.sourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.sourcePortStore.get_value(iter, 0) old_proto = self.sourcePortStore.get_value(iter, 1) self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return if self.runtime_view: if not self.fw.querySourcePort(selected_zone, port, proto): self.fw.addSourcePort(selected_zone, port, proto) if not add: self.fw.removeSourcePort(selected_zone, old_port, old_proto) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.querySourcePort(port, proto): if not add: zone.removeSourcePort(old_port, old_proto) zone.addSourcePort(port, proto) self.changes_applied() def service_conf_add_edit_source_port(self, add): active_service = self.get_active_service() self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) old_port = None old_proto = None if not add: selection = self.serviceConfSourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.serviceConfSourcePortStore.get_value(iter, 0) old_proto = self.serviceConfSourcePortStore.get_value(iter, 1) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.querySourcePort(port, proto): if not add: service.removeSourcePort(old_port, old_proto) service.addSourcePort(port, proto) self.changes_applied() def source_port_added_cb(self, zone, port, protocol, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourcePortStore.get_iter_first() while iter: if self.sourcePortStore.get_value(iter, 0) == port and \ self.sourcePortStore.get_value(iter, 1) == protocol: # already there return iter = self.sourcePortStore.iter_next(iter) # nothing found, so add it self.sourcePortStore.append([port, protocol]) def source_port_removed_cb(self, zone, port, protocol): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourcePortStore.get_iter_first() while iter: if self.sourcePortStore.get_value(iter, 0) == port and \ self.sourcePortStore.get_value(iter, 1) == protocol: self.sourcePortStore.remove(iter) break iter = self.sourcePortStore.iter_next(iter) def onAddProtocol(self, *args): self.add_edit_protocol(True) def onEditProtocol(self, *args): self.add_edit_protocol(False) def onProtocolClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_protocol(False) def onRemoveProtocol(self, *args): selected_zone = self.get_selected_zone() selection = self.protocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return proto = self.protocolStore.get_value(iter, 0) if self.runtime_view: self.fw.removeProtocol(selected_zone, proto) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeProtocol(proto) self.changes_applied() def add_edit_protocol(self, add): selected_zone = self.get_selected_zone() old_proto = None if not add: selection = self.protocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_proto = self.protocolStore.get_value(iter, 0) self.protoDialogProtoCombobox.set_active(0) self.protoDialogOtherProtoCheck.set_active(False) if old_proto: combobox_select_text(self.protoDialogProtoCombobox, old_proto) self.protoDialogOkButton.set_sensitive(False) self.protoDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.protoDialog.set_transient_for(self.mainWindow) self.protoDialog.show_all() self.add_visible_dialog(self.protoDialog) result = self.protoDialog.run() self.protoDialog.hide() self.remove_visible_dialog(self.protoDialog) if result != 1: return if self.protoDialogOtherProtoCheck.get_active(): proto = self.protoDialogOtherProtoEntry.get_text() else: proto = self.protoDialogProtoCombobox.get_active_text() if old_proto == proto: # nothing to change return if self.runtime_view: if not self.fw.queryProtocol(selected_zone, proto): self.fw.addProtocol(selected_zone, proto) if not add: self.fw.removeProtocol(selected_zone, old_proto) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryProtocol(proto): if not add: zone.removeProtocol(old_proto) zone.addProtocol(proto) self.changes_applied() def service_conf_add_edit_protocol(self, add): active_service = self.get_active_service() old_proto = None if not add: selection = self.serviceConfProtocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_proto = self.serviceConfProtocolStore.get_value(iter, 0) self.protoDialogProtoCombobox.set_active(0) self.protoDialogOtherProtoCheck.set_active(False) if old_proto: combobox_select_text(self.protoDialogProtoCombobox, old_proto) self.protoDialogOkButton.set_sensitive(False) self.protoDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.protoDialog.set_transient_for(self.mainWindow) self.protoDialog.show_all() self.add_visible_dialog(self.protoDialog) result = self.protoDialog.run() self.protoDialog.hide() self.remove_visible_dialog(self.protoDialog) if result != 1: return if self.protoDialogOtherProtoCheck.get_active(): proto = self.protoDialogOtherProtoEntry.get_text() else: proto = self.protoDialogProtoCombobox.get_active_text() if old_proto == proto: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.queryProtocol(proto): if not add: service.removeProtocol(old_proto) service.addProtocol(proto) self.changes_applied() def protocol_added_cb(self, zone, protocol, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.protocolStore.get_iter_first() while iter: if self.protocolStore.get_value(iter, 0) == protocol: # already there return iter = self.protocolStore.iter_next(iter) # nothing found, so add it self.protocolStore.append([protocol]) def protocol_removed_cb(self, zone, protocol): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.protocolStore.get_iter_first() while iter: if self.protocolStore.get_value(iter, 0) == protocol: self.protocolStore.remove(iter) break iter = self.protocolStore.iter_next(iter) def onForwardDialogChecksToggled(self, check, *args): val1 = self.forwardDialogLocalCheck.get_active() val2 = self.forwardDialogToPortCheck.get_active() self.forwardDialogToAddrLabel.set_sensitive(not val1) self.forwardDialogToAddrEntry.set_sensitive(not val1) self.forwardDialogToPortCheck.set_sensitive(not val1) self.forwardDialogToPortLabel.set_sensitive(val1 or val2) self.forwardDialogToPortEntry.set_sensitive(val1 or val2) self.onForwardChanged(None) def onForwardDialogToPortCheckToggled(self, check, *args): toport = check.get_active() self.forwardDialogToPortLabel.set_sensitive(toport) self.forwardDialogToPortEntry.set_sensitive(toport) self.onForwardChanged(None) def _check_forward(self): ports = self.forwardDialogPortEntry.get_text() to_ports = self.forwardDialogToPortEntry.get_text() to_addr = self.forwardDialogToAddrEntry.get_text() local_check = self.forwardDialogLocalCheck.get_active() to_port_check = self.forwardDialogToPortCheck.get_active() ports = functions.getPortRange(ports) to_ports = functions.getPortRange(to_ports) ports_ok = False if ports and (isinstance(ports, list) or \ isinstance(ports, tuple)): ports_ok = True to_ports_ok = False if to_ports and (isinstance(to_ports, list) or \ isinstance(to_ports, tuple)): to_ports_ok = True to_addr_ok = False if to_addr != "": if self.forwardDialog.family == "ipv4" and \ functions.checkIP(to_addr): to_addr_ok = True if self.forwardDialog.family == "ipv6" and \ functions.checkIP6(to_addr): to_addr_ok = True if self.forwardDialog.family is None and \ (functions.checkIP(to_addr) or functions.checkIP6(to_addr)): to_addr_ok = True ok = False if ports_ok: if local_check: if to_ports_ok and ports != to_ports: ok = True elif to_addr_ok: if to_port_check: if to_ports_ok: ok = True else: ok = True return ok def onForwardChanged(self, arg): ok = False if arg == self.forwardDialogProtoCombobox: if self._check_forward(): ok = True else: ok = self._check_forward() self.forwardDialogOkButton.set_sensitive(ok) def onAddForwardPort(self, *args): self.add_edit_forward_port(True) def onEditForwardPort(self, *args): self.add_edit_forward_port(False) def onForwardPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_forward_port(False) def forwardport_select_dialog(self, family, old_value=None): self.forwardDialogOkButton.set_sensitive(False) self.forwardDialogLocalCheck.set_active(True) self.forwardDialogLocalCheck.set_active(False) self.forwardDialogToPortCheck.set_active(False) self.forwardDialog.family = family (old_port, old_proto, old_to_port, old_to_addr) = \ self.split_fwp_string(old_value) self.forwardDialogPortEntry.set_text("") if old_port is not None: self.forwardDialogPortEntry.set_text(old_port) combobox_select_text(self.forwardDialogProtoCombobox, old_proto) self.forwardDialogToPortEntry.set_text("") if old_to_port is not None: self.forwardDialogToPortEntry.set_text(old_to_port) if old_to_addr: if old_to_port: self.forwardDialogToPortCheck.set_active(True) else: self.forwardDialogLocalCheck.set_active(True) self.forwardDialogToAddrEntry.set_text("") if old_to_addr is not None: self.forwardDialogToAddrEntry.set_text(old_to_addr) self.forwardDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.forwardDialog.set_transient_for(self.mainWindow) self.forwardDialog.show_all() self.add_visible_dialog(self.forwardDialog) result = self.forwardDialog.run() self.forwardDialog.hide() self.remove_visible_dialog(self.forwardDialog) if result != 1: return None port = self.forwardDialogPortEntry.get_text() proto = self.forwardDialogProtoCombobox.get_active_text() to_addr = self.forwardDialogToAddrEntry.get_text() to_port = self.forwardDialogToPortEntry.get_text() if not self.forwardDialogLocalCheck.get_active(): if not self.forwardDialogToPortCheck.get_active(): to_port = "" else: to_addr = "" value = self.create_fwp_string(port, proto, to_port, to_addr) if old_value == value: return None return value def add_edit_forward_port(self, add): selected_zone = self.get_selected_zone() self.forwardDialogOkButton.set_sensitive(False) self.forwardDialogLocalCheck.set_active(True) self.forwardDialogLocalCheck.set_active(False) self.forwardDialogToPortCheck.set_active(False) self.forwardDialog.family = None old_port = None old_proto = None old_to_port = None old_to_addr = None iter = None if add: self.forwardDialogPortEntry.set_text("") self.forwardDialogProtoCombobox.set_active(0) self.forwardDialogToPortEntry.set_text("") self.forwardDialogToAddrEntry.set_text("") else: selection = self.forwardView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.forwardStore.get_value(iter, 0) old_proto = self.forwardStore.get_value(iter, 1) old_to_port = self.forwardStore.get_value(iter, 2) old_to_addr = self.forwardStore.get_value(iter, 3) self.forwardDialogPortEntry.set_text(old_port) combobox_select_text(self.forwardDialogProtoCombobox, old_proto) self.forwardDialogToPortEntry.set_text(old_to_port) if old_to_addr: if old_to_port: self.forwardDialogToPortCheck.set_active(True) else: self.forwardDialogLocalCheck.set_active(True) self.forwardDialogToAddrEntry.set_text(old_to_addr) self.forwardDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.forwardDialog.set_transient_for(self.mainWindow) self.forwardDialog.show_all() self.add_visible_dialog(self.forwardDialog) result = self.forwardDialog.run() self.forwardDialog.hide() self.remove_visible_dialog(self.forwardDialog) if result != 1: return port = self.forwardDialogPortEntry.get_text() proto = self.forwardDialogProtoCombobox.get_active_text() to_addr = self.forwardDialogToAddrEntry.get_text() to_port = self.forwardDialogToPortEntry.get_text() if not self.forwardDialogLocalCheck.get_active(): if not self.forwardDialogToPortCheck.get_active(): to_port = "" else: to_addr = "" if not add and (old_port == port and old_proto == proto and \ old_to_port == to_port and old_to_addr == to_addr): # nothing to change return if self.runtime_view: if not self.fw.queryForwardPort(selected_zone, port, proto, to_port, to_addr): self.fw.addForwardPort(selected_zone, port, proto, to_port, to_addr) if not add: self.fw.removeForwardPort(selected_zone, old_port, old_proto, old_to_port, old_to_addr) if add and to_addr and not self.fw.queryMasquerade(selected_zone): if self.masqueradeQueryDialog() == Gtk.ResponseType.YES: self.fw.addMasquerade(selected_zone) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryForwardPort(port, proto, to_port, to_addr): if not add: zone.removeForwardPort(old_port, old_proto, old_to_port, old_to_addr) zone.addForwardPort(port, proto, to_port, to_addr) if add and to_addr and not zone.getMasquerade(): if self.masqueradeQueryDialog() == Gtk.ResponseType.YES: zone.setMasquerade(True) self.changes_applied() def masqueradeQueryDialog(self): text = _("Forwarding to another system is only useful if the interface is masqueraded.\nDo you want to masquerade this zone ?") return self._dialog(text=text, buttons=((Gtk.STOCK_YES, Gtk.ResponseType.YES), (Gtk.STOCK_NO, Gtk.ResponseType.NO))) def forward_port_added_cb(self, zone, port, protocol, to_port, to_address, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return self._forward_port_added_cb(zone, port, protocol, to_port, to_address) def forward_port_removed_cb(self, zone, port, protocol, to_port, to_address): if not self.runtime_view or zone != self.get_selected_zone(): return self._forward_port_removed_cb(zone, port, protocol, to_port, to_address) def _forward_port_added_cb(self, zone, port, protocol, to_port, to_address): iter = self.forwardStore.get_iter_first() while iter: if self.forwardStore.get_value(iter, 0) == port and \ self.forwardStore.get_value(iter, 1) == protocol and \ self.forwardStore.get_value(iter, 2) == to_port and \ self.forwardStore.get_value(iter, 3) == to_address: # already there return iter = self.forwardStore.iter_next(iter) # nothing found, so add it self.forwardStore.append([port, protocol, to_port, to_address]) def _forward_port_removed_cb(self, zone, port, protocol, to_port, to_address): iter = self.forwardStore.get_iter_first() while iter: if self.forwardStore.get_value(iter, 0) == port and \ self.forwardStore.get_value(iter, 1) == protocol and \ self.forwardStore.get_value(iter, 2) == to_port and \ self.forwardStore.get_value(iter, 3) == to_address: self.forwardStore.remove(iter) break iter = self.forwardStore.iter_next(iter) def onRemoveForwardPort(self, *args): selected_zone = self.get_selected_zone() selection = self.forwardView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.forwardStore.get_value(iter, 0) proto = self.forwardStore.get_value(iter, 1) to_port = self.forwardStore.get_value(iter, 2) to_addr = self.forwardStore.get_value(iter, 3) if self.runtime_view: self.fw.removeForwardPort(selected_zone, port, proto, to_port, to_addr) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeForwardPort(port, proto, to_port, to_addr) self.changes_applied() def onChangeService(self, *args): active_service = self.get_active_service() ### load service settings self.serviceConfPortStore.clear() self.serviceConfProtocolStore.clear() self.serviceConfSourcePortStore.clear() self.serviceConfModuleStore.clear() self.serviceConfDestIpv4Chooser.set_text("") self.serviceConfDestIpv6Chooser.set_text("") self.serviceConfPortView.get_selection().set_mode( Gtk.SelectionMode.NONE) self.serviceConfProtocolView.get_selection().set_mode( Gtk.SelectionMode.NONE) self.serviceConfSourcePortView.get_selection().set_mode( Gtk.SelectionMode.NONE) self.serviceConfModuleView.get_selection().set_mode( Gtk.SelectionMode.NONE) if not active_service: self.serviceConfEditServiceButton.set_sensitive(False) self.serviceConfRemoveServiceButton.set_sensitive(False) self.serviceConfLoadDefaultsServiceButton.set_sensitive(False) self.serviceConfServiceNotebook.set_sensitive(False) return self.serviceConfEditServiceButton.set_sensitive(True) self.serviceConfServiceNotebook.set_sensitive(True) ports = [ ] protocols = [ ] source_ports = [ ] modules = [ ] destination = { } if self.runtime_view: # load runtime configuration settings = self.fw.getServiceSettings(active_service) ports = settings.getPorts() protocols = settings.getProtocols() source_ports = settings.getSourcePorts() modules = settings.getModules() destination = settings.getDestinations() default = False builtin = False else: try: service = self.fw.config().getServiceByName(active_service) except: return # load permanent configuration settings = service.getSettings() ports = settings.getPorts() protocols = settings.getProtocols() source_ports = settings.getSourcePorts() modules = settings.getModules() destination = settings.getDestinations() props = service.get_properties() default = props["default"] builtin = props["builtin"] self.serviceConfRemoveServiceButton.set_sensitive(not builtin and default) self.serviceConfLoadDefaultsServiceButton.set_sensitive(not default) # set ports for item in ports: self.serviceConfPortStore.append(item) # set protocols for item in protocols: self.serviceConfProtocolStore.append([item]) # set ports for item in source_ports: self.serviceConfSourcePortStore.append(item) # set modules for item in modules: self.serviceConfModuleStore.append([item]) # set destination if "ipv4" in destination: self.serviceConfDestIpv4Chooser.set_text(destination["ipv4"]) if "ipv6" in destination: self.serviceConfDestIpv6Chooser.set_text(destination["ipv6"]) self.serviceConfPortView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.serviceConfProtocolView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.serviceConfSourcePortView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.serviceConfModuleView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) def conf_service_added_cb(self, service): if self.runtime_view: return # check if service is in store iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) == service: return iter = self.serviceConfServiceStore.iter_next(iter) # not in list, append self.serviceConfServiceStore.append([service]) def conf_service_updated_cb(self, service): self.onChangeService() def conf_service_removed_cb(self, service): if self.runtime_view: return iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) == service: self.serviceConfServiceStore.remove(iter) break iter = self.serviceConfServiceStore.iter_next(iter) def conf_service_renamed_cb(self, service): if self.runtime_view: return # Get all services, renamed the one that is missing. # If more or less than one is missing, update service store. services = self.fw.config().getServiceNames() use_iter = None iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) not in services: if use_iter is not None: return self.load_services() use_iter = iter iter = self.serviceConfServiceStore.iter_next(iter) if use_iter is None: return self.load_services() self.serviceConfServiceStore.set_value(use_iter, 0, service) def onServiceConfAddService(self, *args): self.add_edit_service(True) def onServiceConfRemoveService(self, *args): active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) service.remove() self.changes_applied() self.load_services() self.onChangeService() def onServiceConfEditService(self, *args): self.add_edit_service(False) def onServiceBaseDialogChanged(self, *args): if args and (args[0] == self.serviceBaseDialogNameEntry): additional_chars = "".join(Service.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars self.entry_changed(args[0], allowed_chars) self.serviceBaseDialogOkButton.set_sensitive(True) def onServiceConfAddPort(self, *args): self.service_conf_add_edit_port(True) def onServiceConfEditPort(self, *args): self.service_conf_add_edit_port(False) def onServiceConfPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.service_conf_add_edit_port(False) def onServiceConfRemovePort(self, *args): active_service = self.get_active_service() selection = self.serviceConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.serviceConfPortStore.get_value(iter, 0) proto = self.serviceConfPortStore.get_value(iter, 1) service = self.fw.config().getServiceByName(active_service) service.removePort(port, proto) self.changes_applied() def change_service_dialog_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditPortButton.set_sensitive(True) self.serviceConfRemovePortButton.set_sensitive(True) else: self.serviceConfEditPortButton.set_sensitive(False) self.serviceConfRemovePortButton.set_sensitive(False) def onServiceConfAddProtocol(self, *args): self.service_conf_add_edit_protocol(True) def onServiceConfEditProtocol(self, *args): self.service_conf_add_edit_protocol(False) def onServiceConfProtocolClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.service_conf_add_edit_protocol(False) def onServiceConfRemoveProtocol(self, *args): active_service = self.get_active_service() selection = self.serviceConfProtocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return proto = self.serviceConfProtocolStore.get_value(iter, 0) service = self.fw.config().getServiceByName(active_service) service.removeProtocol(proto) self.changes_applied() def change_service_dialog_protocol_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditProtocolButton.set_sensitive(True) self.serviceConfRemoveProtocolButton.set_sensitive(True) else: self.serviceConfEditProtocolButton.set_sensitive(False) self.serviceConfRemoveProtocolButton.set_sensitive(False) def onServiceConfAddSourcePort(self, *args): self.service_conf_add_edit_source_port(True) def onServiceConfEditSourcePort(self, *args): self.service_conf_add_edit_source_port(False) def onServiceConfSourcePortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.service_conf_add_edit_source_port(False) def onServiceConfRemoveSourcePort(self, *args): active_service = self.get_active_service() selection = self.serviceConfSourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.serviceConfSourcePortStore.get_value(iter, 0) proto = self.serviceConfSourcePortStore.get_value(iter, 1) service = self.fw.config().getServiceByName(active_service) service.removeSourcePort(port, proto) self.changes_applied() def change_service_dialog_source_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditSourcePortButton.set_sensitive(True) self.serviceConfRemoveSourcePortButton.set_sensitive(True) else: self.serviceConfEditSourcePortButton.set_sensitive(False) self.serviceConfRemoveSourcePortButton.set_sensitive(False) def add_edit_service(self, add): if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None self.serviceBaseDialogNameEntry.set_text("") self.serviceBaseDialogVersionEntry.set_text("") self.serviceBaseDialogShortEntry.set_text("") self.serviceBaseDialogDescText.get_buffer().set_text("") else: active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) settings = service.getSettings() props = service.get_properties() default = props["default"] builtin = props["builtin"] old_name = service.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() self.serviceBaseDialogNameEntry.set_text(old_name) self.serviceBaseDialogVersionEntry.set_text(old_version) self.serviceBaseDialogShortEntry.set_text(old_short) self.serviceBaseDialogDescText.get_buffer().set_text(old_desc) self.serviceBaseDialogOkButton.set_sensitive(False) if builtin: self.serviceBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in service, rename not supported.")) else: self.serviceBaseDialogNameEntry.set_tooltip_markup("") self.serviceBaseDialogNameEntry.set_sensitive(not builtin and default) self.serviceBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.serviceBaseDialog.set_transient_for(self.mainWindow) self.serviceBaseDialog.show_all() self.add_visible_dialog(self.serviceBaseDialog) result = self.serviceBaseDialog.run() self.serviceBaseDialog.hide() self.remove_visible_dialog(self.serviceBaseDialog) if result != 1: return name = self.serviceBaseDialogNameEntry.get_text() version = self.serviceBaseDialogVersionEntry.get_text() short = self.serviceBaseDialogShortEntry.get_text() buffer = self.serviceBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc: # no changes return if not add: active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) settings = service.getSettings() else: settings = client.FirewallClientServiceSettings() if old_version != version or old_short != short or \ old_desc != desc: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) if not add: service.update(settings) if not add: if old_name == name: return service.rename(name) else: self.fw.config().addService(name, settings) self.changes_applied() def onServiceConfLoadDefaultsService(self, *args): active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) service.loadDefaults() self.changes_applied() self.onChangeService() def onServiceConfAddModule(self, *args): self.add_edit_module(True) def onServiceConfEditModule(self, *args): self.add_edit_module(False) def onServiceConfModuleClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.add_edit_module(False) def onServiceConfRemoveModule(self, *args): active_service = self.get_active_service() selection = self.serviceConfModuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return module = self.serviceConfModuleStore.get_value(iter, 0) service = self.fw.config().getServiceByName(active_service) service.removeModule(module) self.changes_applied() def change_service_dialog_module_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditModuleButton.set_sensitive(True) self.serviceConfRemoveModuleButton.set_sensitive(True) else: self.serviceConfEditModuleButton.set_sensitive(False) self.serviceConfRemoveModuleButton.set_sensitive(False) def helper_select_dialog(self, old_helper=""): self.helperDialogHelperStore.clear() helpers = [ ] if self.runtime_view: helpers = self.fw.getHelpers() else: helpers = self.fw.config().getHelperNames() for helper in sorted(helpers): self.helperDialogHelperStore.append([helper]) selection = self.helperDialogHelperView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.helperDialogHelperStore.get_iter_first() while iter: if self.helperDialogHelperStore.get_value(iter, 0) == old_helper: selection.select_iter(iter) iter = self.helperDialogHelperStore.iter_next(iter) self.helperDialogOkButton.set_sensitive(False) self.helperDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.helperDialog.set_transient_for(self.mainWindow) self.helperDialog.show_all() self.add_visible_dialog(self.helperDialog) result = self.helperDialog.run() self.helperDialog.hide() self.remove_visible_dialog(self.helperDialog) if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None helper = self.helperDialogHelperStore.get_value(iter, 0) if old_helper == helper: return None return helper def add_edit_module(self, add): active_service = self.get_active_service() old_helper = None if not add: selection = self.serviceConfModuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_helper = self.serviceConfModuleStore.get_value(iter, 0) helper = self.helper_select_dialog(old_helper) if helper is None: return if old_helper == helper: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.queryModule(helper): if not add: service.removeModule(old_helper) service.addModule(helper) self.changes_applied() def onChangeServiceConfDestIpv4(self, *args): old_addr = self.serviceConfDestIpv4Chooser.get_text() addr = self.address_select_dialog("ipv4", old_addr) if addr is None: return active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) if not service.queryDestination("ipv4", addr): if addr != "": service.setDestination("ipv4", addr) else: service.removeDestination("ipv4") self.changes_applied() def onChangeServiceConfDestIpv6(self, *args): old_addr = self.serviceConfDestIpv6Chooser.get_text() addr = self.address_select_dialog("ipv6", old_addr) if addr is None: return active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) if not service.queryDestination("ipv6", addr): if addr != "": service.setDestination("ipv6", addr) else: service.removeDestination("ipv6") self.changes_applied() def onAddressChanged(self, entry, addr_type, old_address): text = entry.get_text() if text == "": self.addressDialogOkButton.set_sensitive(True) return self.addressDialogOkButton.set_sensitive(False) if addr_type == "ipv4": if functions.checkIPnMask(text) and text != old_address: self.addressDialogOkButton.set_sensitive(True) elif addr_type == "ipv6": if functions.checkIP6nMask(text) and text != old_address: self.addressDialogOkButton.set_sensitive(True) else: if (functions.checkIPnMask(text) or functions.checkIP6nMask(text)) \ and text != old_address: self.addressDialogOkButton.set_sensitive(True) def address_select_dialog(self, addr_type, old_address): if addr_type == "ipv4": label1 = _("Please enter an ipv4 address with the form address[/mask].") label2 = _("The mask can be a network mask or a number.") elif addr_type == "ipv6": label1 = _("Please enter an ipv6 address with the form address[/mask].") label2 = _("The mask is a number.") else: label1 = _("Please enter an ipv4 or ipv6 address with the form address[/mask].") label2 = _("The mask can be a network mask or a number for ipv4.\nThe mask is a number for ipv6.") self.addressDialogLabel.set_markup(label1) self.addressDialogLabel2.set_markup(label2) self.addressDialogAddressEntry.set_text(old_address) handler_id = self.addressDialogAddressEntry.connect( "changed", self.onAddressChanged, addr_type, old_address) self.addressDialogOkButton.set_sensitive(False) self.addressDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.addressDialog.set_transient_for(self.mainWindow) self.addressDialog.show_all() self.add_visible_dialog(self.addressDialog) result = self.addressDialog.run() self.addressDialog.hide() self.remove_visible_dialog(self.addressDialog) self.addressDialogAddressEntry.disconnect(handler_id) address = self.addressDialogAddressEntry.get_text() if functions.check_mac(address): address = address.upper() if result != 1 or old_address == address: return None return address def get_active_ipset(self): selection = self.ipsetConfIPSetView.get_selection() (model, iter) = selection.get_selected() if iter: return self.ipsetConfIPSetStore.get_value(iter, 0) return None def load_ipsets(self): if not self.show_ipsets: return active_ipset = self.get_active_ipset() if self.runtime_view: ipsets = self.fw.getIPSets() else: ipsets = self.fw.config().getIPSetNames() selection = self.ipsetConfIPSetView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.ipsetConfIPSetStore.clear() # ipsets for ipset in ipsets: self.ipsetConfIPSetStore.append([ipset]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) == \ active_ipset: selection.select_iter(iter) return iter = self.ipsetConfIPSetStore.iter_next(iter) selection.select_path(0) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) if not self.get_active_ipset(): self.ipsetConfEditIPSetButton.set_sensitive(False) self.ipsetConfRemoveIPSetButton.set_sensitive(False) self.ipsetConfLoadDefaultsIPSetButton.set_sensitive(False) self.ipsetConfEntryBox.set_sensitive(False) def onIPSetConfAddIPSet(self, *args): self.add_edit_ipset(True) def onIPSetConfRemoveIPSet(self, *args): active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) ipset.remove() self.changes_applied() self.load_ipsets() self.onChangeIPSet() def onIPSetConfEditIPSet(self, *args): self.add_edit_ipset(False) def onIPSetConfLoadDefaultsIPSet(self, *args): active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) ipset.loadDefaults() self.changes_applied() self.onChangeIPSet() def onIPSetBaseDialogChanged(self, *args): def check_ipset_name(ipset): return (len(ipset) <= IPSET_MAXNAMELEN, ipset) OK=True if args and (args[0] == self.ipsetBaseDialogNameEntry): additional_chars = "".join(IPSet.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars OK = self.entry_changed(args[0], allowed_chars, check_ipset_name) self.ipsetBaseDialogOkButton.set_sensitive(OK) def add_edit_ipset(self, add): self.ipsetBaseDialogTypeCombobox.remove_all() ipset_types = self.fw.get_property("IPSetTypes") for x in ipset_types: self.ipsetBaseDialogTypeCombobox.append_text(x) self.ipsetBaseDialogBadTypeLabel.set_text("") if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None old_ipset_type = None old_options = { } self.ipsetBaseDialogNameEntry.set_text("") self.ipsetBaseDialogVersionEntry.set_text("") self.ipsetBaseDialogShortEntry.set_text("") self.ipsetBaseDialogDescText.get_buffer().set_text("") combobox_select_text(self.ipsetBaseDialogTypeCombobox, "hash:ip") self.ipsetBaseDialogFamilyCombobox.set_active(0) self.ipsetBaseDialogTimeoutEntry.set_text("") self.ipsetBaseDialogHashsizeEntry.set_text("") self.ipsetBaseDialogMaxelemEntry.set_text("") else: active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() props = ipset.get_properties() default = props["default"] builtin = props["builtin"] old_name = ipset.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() old_ipset_type = settings.getType() old_options = settings.getOptions() self.ipsetBaseDialogNameEntry.set_text(old_name) self.ipsetBaseDialogVersionEntry.set_text(old_version) self.ipsetBaseDialogShortEntry.set_text(old_short) self.ipsetBaseDialogDescText.get_buffer().set_text(old_desc) if old_ipset_type not in ipset_types: self.ipsetBaseDialogBadTypeLabel.set_text(old_ipset_type) else: combobox_select_text(self.ipsetBaseDialogTypeCombobox, old_ipset_type) if "family" in old_options and \ old_options["family"] in [ "inet", "inet6" ]: combobox_select_text(self.ipsetBaseDialogFamilyCombobox, old_options["family"]) else: self.ipsetBaseDialogFamilyCombobox.set_active(0) if "timeout" in old_options: self.ipsetBaseDialogTimeoutEntry.set_text( old_options["timeout"]) else: self.ipsetBaseDialogTimeoutEntry.set_text("") if "hashsize" in old_options: self.ipsetBaseDialogHashsizeEntry.set_text( old_options["hashsize"]) else: self.ipsetBaseDialogHashsizeEntry.set_text("") if "maxelem" in old_options: self.ipsetBaseDialogMaxelemEntry.set_text( old_options["maxelem"]) else: self.ipsetBaseDialogMaxelemEntry.set_text("") self.ipsetBaseDialogOkButton.set_sensitive(False) if builtin: self.ipsetBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in ipset, rename not supported.")) else: self.ipsetBaseDialogNameEntry.set_tooltip_markup("") self.ipsetBaseDialogNameEntry.set_sensitive(not builtin and default) self.ipsetBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.ipsetBaseDialog.set_transient_for(self.mainWindow) self.ipsetBaseDialog.show_all() self.add_visible_dialog(self.ipsetBaseDialog) result = self.ipsetBaseDialog.run() self.ipsetBaseDialog.hide() self.remove_visible_dialog(self.ipsetBaseDialog) if result != 1: return name = self.ipsetBaseDialogNameEntry.get_text() version = self.ipsetBaseDialogVersionEntry.get_text() short = self.ipsetBaseDialogShortEntry.get_text() buffer = self.ipsetBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) ipset_type = self.ipsetBaseDialogBadTypeLabel.get_text() ipset_type = self.ipsetBaseDialogTypeCombobox.get_active_text() options = { } if self.ipsetBaseDialogFamilyCombobox.is_sensitive(): x = self.ipsetBaseDialogFamilyCombobox.get_active_text() if x != "inet": options["family"] = x if self.ipsetBaseDialogTimeoutEntry.is_sensitive(): x = self.ipsetBaseDialogTimeoutEntry.get_text() if x != "": options["timeout"] = x x = self.ipsetBaseDialogHashsizeEntry.get_text() if x != "": options["hashsize"] = x x = self.ipsetBaseDialogMaxelemEntry.get_text() if x != "": options["maxelem"] = x if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc and old_ipset_type == ipset_type and \ old_options == options: # no changes return if not add: active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() else: settings = client.FirewallClientIPSetSettings() if old_version != version or old_short != short or \ old_desc != desc or old_ipset_type != ipset_type or \ old_options != options: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) settings.setType(ipset_type) settings.setOptions(options) if not add: ipset.update(settings) if not add: if old_name == name: return ipset.rename(name) else: self.fw.config().addIPSet(name, settings) self.changes_applied() def onIPSetChanged(self, *args): if self.ipsetBaseDialogTypeCombobox.get_active_text() is None: # unsupported ipset type return if self.ipsetBaseDialogTypeCombobox.get_active_text() == "hash:mac": self.ipsetBaseDialogFamilyLabel.set_sensitive(False) self.ipsetBaseDialogFamilyCombobox.set_sensitive(False) else: self.ipsetBaseDialogFamilyLabel.set_sensitive(True) self.ipsetBaseDialogFamilyCombobox.set_sensitive(True) self.ipsetBaseDialogOkButton.set_sensitive(True) def onIPSetConfAddEntry(self, *args): self.add_edit_ipset_entry(True) def onIPSetConfAddEntriesFromFile(self, *args): dialog = Gtk.FileChooserDialog( _("Please select a file"), None, Gtk.FileChooserAction.OPEN, (Gtk.STOCK_CANCEL, Gtk.ResponseType.CANCEL, Gtk.STOCK_OPEN, Gtk.ResponseType.OK)) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) filefilter = Gtk.FileFilter() filefilter.set_name(_("Text Files")) filefilter.add_mime_type("text/plain") dialog.add_filter(filefilter) filefilter = Gtk.FileFilter() filefilter.set_name(_("All Files")) filefilter.add_pattern("*") dialog.add_filter(filefilter) result = dialog.run() dialog.hide() if result == Gtk.ResponseType.OK: filename = dialog.get_filename() else: return dialog.destroy() entries = self.get_ipset_entries_from_file(filename) active_ipset = self.get_active_ipset() if self.runtime_view: old_entries = self.fw.getEntries(active_ipset) changed = False for entry in entries: if entry not in old_entries: old_entries.append(entry) changed = True if changed: self.fw.setEntries(active_ipset, old_entries) else: ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() changed = False for entry in entries: if not settings.queryEntry(entry): settings.addEntry(entry) changed = True if changed: ipset.update(settings) def onIPSetConfEditEntry(self, *args): self.add_edit_ipset_entry(False) def onIPSetConfEntryClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.add_edit_ipset_entry(False) def onIPSetConfRemoveEntry(self, *args): active_ipset = self.get_active_ipset() selection = self.ipsetConfEntryView.get_selection() (model, iter) = selection.get_selected() if iter is None: return entry = self.ipsetConfEntryStore.get_value(iter, 0) if self.runtime_view: if self.fw.queryEntry(active_ipset, entry): self.fw.removeEntry(active_ipset, entry) self.changes_applied() else: ipset = self.fw.config().getIPSetByName(active_ipset) ipset.removeEntry(entry) self.changes_applied() self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def onIPSetConfRemoveEntriesFromFile(self, *args): dialog = Gtk.FileChooserDialog( _("Please select a file"), None, Gtk.FileChooserAction.OPEN, (Gtk.STOCK_CANCEL, Gtk.ResponseType.CANCEL, Gtk.STOCK_OPEN, Gtk.ResponseType.OK)) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) filefilter = Gtk.FileFilter() filefilter.set_name(_("Text Files")) filefilter.add_mime_type("text/plain") dialog.add_filter(filefilter) filefilter = Gtk.FileFilter() filefilter.set_name(_("All Files")) filefilter.add_pattern("*") dialog.add_filter(filefilter) result = dialog.run() dialog.hide() if result == Gtk.ResponseType.OK: filename = dialog.get_filename() else: return dialog.destroy() entries = self.get_ipset_entries_from_file(filename) active_ipset = self.get_active_ipset() if self.runtime_view: old_entries = self.fw.getEntries(active_ipset) changed = False for entry in entries: if entry in old_entries: old_entries.remove(entry) changed = True if changed: self.fw.setEntries(active_ipset, old_entries) else: ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() changed = False for entry in entries: if settings.queryEntry(entry): settings.removeEntry(entry) changed = True if changed: ipset.update(settings) def onIPSetConfRemoveAllEntries(self, *args): active_ipset = self.get_active_ipset() if self.runtime_view: self.fw.setEntries(active_ipset, [ ]) self.changes_applied() else: ipset = self.fw.config().getIPSetByName(active_ipset) ipset.setEntries([ ]) self.changes_applied() self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def onIPSetEntryChanged(self, *args): settings = self.active_ipset_settings entry = self.ipsetEntryDialogEntryEntry.get_text() try: IPSet.check_entry(entry, settings.getOptions(), settings.getType()) except Exception: self.ipsetEntryDialogOkButton.set_sensitive(False) else: self.ipsetEntryDialogOkButton.set_sensitive(True) def change_ipset_conf_entry_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.ipsetConfEditEntryButton.set_sensitive(True) self.ipsetConfRemoveEntryMenuitem.set_sensitive(True) else: self.ipsetConfEditEntryButton.set_sensitive(False) self.ipsetConfRemoveEntryMenuitem.set_sensitive(False) def add_edit_ipset_entry(self, add): active_ipset = self.get_active_ipset() if self.runtime_view: settings = self.fw.getIPSetSettings(active_ipset) else: settings = self.fw.config().getIPSetByName(active_ipset).getSettings() self.active_ipset_settings = settings self.ipsetEntryDialogTypeLabel.set_text(settings.getType()) self.ipsetEntryDialogEntryEntry.set_text("") old_entry = None if not add: selection = self.ipsetConfEntryView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_entry = self.ipsetConfEntryStore.get_value(iter, 0) if old_entry: self.ipsetEntryDialogEntryEntry.set_text(old_entry) self.ipsetEntryDialogOkButton.set_sensitive(False) self.ipsetEntryDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.ipsetEntryDialog.set_transient_for(self.mainWindow) self.ipsetEntryDialog.show_all() self.add_visible_dialog(self.ipsetEntryDialog) result = self.ipsetEntryDialog.run() self.ipsetEntryDialog.hide() self.active_ipset_settings = None self.remove_visible_dialog(self.ipsetEntryDialog) if result != 1: return entry = self.ipsetEntryDialogEntryEntry.get_text() if old_entry == entry: # nothing to change return if self.runtime_view: if not self.fw.queryEntry(active_ipset, entry): self.fw.addEntry(active_ipset, entry) if not add: self.fw.removeEntry(active_ipset, old_entry) self.changes_applied() else: ipset = self.fw.config().getIPSetByName(active_ipset) if not ipset.queryEntry(entry): if not add: ipset.removeEntry(old_entry) ipset.addEntry(entry) self.changes_applied() def ipset_entry_added_cb(self, ipset, entry): if not self.runtime_view or ipset != self.get_active_ipset(): return iter = self.ipsetConfEntryStore.get_iter_first() while iter: if self.ipsetConfEntryStore.get_value(iter, 0) == entry: # already there return iter = self.ipsetConfEntryStore.iter_next(iter) # nothing found, so add it self.ipsetConfEntryStore.append([entry]) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def ipset_entry_removed_cb(self, ipset, entry): if not self.runtime_view or ipset != self.get_active_ipset(): return iter = self.ipsetConfEntryStore.get_iter_first() while iter: if self.ipsetConfEntryStore.get_value(iter, 0) == entry: self.ipsetConfEntryStore.remove(iter) break iter = self.ipsetConfEntryStore.iter_next(iter) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def conf_ipset_added_cb(self, ipset): if self.runtime_view: return # check if ipset is in store iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) == ipset: return iter = self.ipsetConfIPSetStore.iter_next(iter) # not in list, append self.ipsetConfIPSetStore.append([ipset]) selection = self.ipsetConfIPSetView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_ipset_updated_cb(self, ipset): if self.runtime_view or ipset != self.get_active_ipset(): return self.onChangeIPSet() def conf_ipset_removed_cb(self, ipset): if self.runtime_view: return iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) == ipset: self.ipsetConfIPSetStore.remove(iter) break iter = self.ipsetConfIPSetStore.iter_next(iter) def conf_ipset_renamed_cb(self, ipset): if self.runtime_view: return # Get all ipsets, renamed the one that is missing. # If more or less than one is missing, update ipset store. ipsets = self.fw.config().getIPSetNames() use_iter = None iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) not in ipsets: if use_iter is not None: return self.load_ipsets() use_iter = iter iter = self.ipsetConfIPSetStore.iter_next(iter) if use_iter is None: return self.load_ipsets() self.ipsetConfIPSetStore.set_value(use_iter, 0, ipset) def onChangeIPSet(self, *args): active_ipset = self.get_active_ipset() self.ipsetConfEntryStore.clear() self.ipsetConfEntryView.get_selection().set_mode( Gtk.SelectionMode.NONE) if not active_ipset: self.ipsetConfEditIPSetButton.set_sensitive(False) self.ipsetConfRemoveIPSetButton.set_sensitive(False) self.ipsetConfLoadDefaultsIPSetButton.set_sensitive(False) self.ipsetConfEntryBox.set_sensitive(False) return self.ipsetConfEditIPSetButton.set_sensitive(True) self.ipsetConfEntryBox.set_sensitive(True) entries = [ ] if self.runtime_view: # load runtime configuration self.deactivate_exception_handler() try: settings = self.fw.getIPSetSettings(active_ipset) except (DBusException, Exception) as msg: self.activate_exception_handler() if isinstance(msg, DBusException): msg = msg.get_dbus_message() else: msg = str(msg) code = FirewallError.get_code(msg) if code == errors.NOT_APPLIED: self.ipsetConfNotebook.set_sensitive(False) return raise else: self.ipsetConfNotebook.set_sensitive(True) self.activate_exception_handler() entries = settings.getEntries() options = settings.getOptions() default = False builtin = False else: try: ipset = self.fw.config().getIPSetByName(active_ipset) except: return # load permanent configuration settings = ipset.getSettings() entries = settings.getEntries() options = settings.getOptions() props = ipset.get_properties() default = props["default"] builtin = props["builtin"] if "timeout" in options: self.ipsetConfEntrySW.hide() self.ipsetConfEntryBox.hide() self.ipsetConfEntryLabel.hide() self.ipsetConfTimeoutLabel.show() else: self.ipsetConfEntrySW.show() self.ipsetConfEntryBox.show() self.ipsetConfEntryLabel.show() self.ipsetConfTimeoutLabel.hide() # set entries for item in entries: self.ipsetConfEntryStore.append([item]) self.ipsetConfEntryView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.ipsetConfRemoveIPSetButton.set_sensitive(not builtin and default) self.ipsetConfLoadDefaultsIPSetButton.set_sensitive(not default) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def get_active_helper(self): selection = self.helperConfHelperView.get_selection() (model, iter) = selection.get_selected() if iter: return self.helperConfHelperStore.get_value(iter, 0) return None def load_helpers(self): if not self.show_helpers: return active_helper = self.get_active_helper() if self.runtime_view: helpers = self.fw.getHelpers() else: helpers = self.fw.config().getHelperNames() selection = self.helperConfHelperView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.helperConfHelperStore.clear() # helpers for helper in helpers: self.helperConfHelperStore.append([helper]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) == \ active_helper: selection.select_iter(iter) return iter = self.helperConfHelperStore.iter_next(iter) selection.select_path(0) if not self.get_active_helper(): self.helperConfEditHelperButton.set_sensitive(False) self.helperConfRemoveHelperButton.set_sensitive(False) self.helperConfLoadDefaultsHelperButton.set_sensitive(False) self.helperConfHelperNotebook.set_sensitive(False) def onHelperConfAddHelper(self, *args): self.add_edit_helper(True) def onHelperConfRemoveHelper(self, *args): active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) helper.remove() self.changes_applied() self.load_helpers() self.onChangeHelper() def onHelperConfEditHelper(self, *args): self.add_edit_helper(False) def onHelperConfLoadDefaultsHelper(self, *args): active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) helper.loadDefaults() self.changes_applied() self.onChangeHelper() def onHelperBaseDialogModuleChooserClicked(self, *args): old_module = self.helperBaseDialogModuleChooser.get_text() module = self.module_select_dialog(old_module) if module is not None: self.helperBaseDialogModuleChooser.set_text(module) def onHelperBaseDialogChanged(self, *args): def check_helper_name(helper): return (len(helper) <= HELPER_MAXNAMELEN, helper) OK=True if args and (args[0] == self.helperBaseDialogNameEntry): additional_chars = "".join(Helper.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars OK = self.entry_changed(args[0], allowed_chars, check_helper_name) module = self.helperBaseDialogModuleChooser.get_text() if module is None or not module.startswith("nf_conntrack_") or \ len(module.replace("nf_conntrack_", "")) < 1: OK = False self.helperBaseDialogOkButton.set_sensitive(OK) def add_edit_helper(self, add): if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None old_module = None old_family = None self.helperBaseDialogNameEntry.set_text("") self.helperBaseDialogVersionEntry.set_text("") self.helperBaseDialogShortEntry.set_text("") self.helperBaseDialogDescText.get_buffer().set_text("") self.helperBaseDialogModuleChooser.set_text("") self.helperBaseDialogFamilyCombobox.set_active(0) else: active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) settings = helper.getSettings() props = helper.get_properties() default = props["default"] builtin = props["builtin"] old_name = helper.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() old_module = settings.getModule() old_family = settings.getFamily() self.helperBaseDialogNameEntry.set_text(old_name) self.helperBaseDialogVersionEntry.set_text(old_version) self.helperBaseDialogShortEntry.set_text(old_short) self.helperBaseDialogDescText.get_buffer().set_text(old_desc) self.helperBaseDialogModuleChooser.set_text(old_module) self.helperBaseDialogFamilyCombobox.set_active(0) combobox_select_text(self.helperBaseDialogFamilyCombobox, { "": _("All") , "ipv4": _("IPv4"), "ipv6" : _("IPv6") }[old_family]) self.helperBaseDialogOkButton.set_sensitive(False) if builtin: self.helperBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in helper, rename not supported.")) else: self.helperBaseDialogNameEntry.set_tooltip_markup("") self.helperBaseDialogNameEntry.set_sensitive(not builtin and default) self.helperBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.helperBaseDialog.set_transient_for(self.mainWindow) self.helperBaseDialog.show_all() self.add_visible_dialog(self.helperBaseDialog) result = self.helperBaseDialog.run() self.helperBaseDialog.hide() self.remove_visible_dialog(self.helperBaseDialog) if result != 1: return name = self.helperBaseDialogNameEntry.get_text() version = self.helperBaseDialogVersionEntry.get_text() short = self.helperBaseDialogShortEntry.get_text() buffer = self.helperBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) module = self.helperBaseDialogModuleChooser.get_text() family = { _("All") : "", _("IPv4") : "ipv4", _("IPv6") : "ipv6" } \ [self.helperBaseDialogFamilyCombobox.get_active_text()] if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc and old_module == module and \ old_family == family: # no changes return if not add: active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) settings = helper.getSettings() else: settings = client.FirewallClientHelperSettings() if old_version != version or old_short != short or \ old_desc != desc or old_family != family: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) settings.setModule(module) settings.setFamily(family) if not add: helper.update(settings) if not add: if old_name == name: return helper.rename(name) else: self.fw.config().addHelper(name, settings) self.changes_applied() def onHelperChanged(self, *args): self.helperBaseDialogOkButton.set_sensitive(True) def onHelperConfAddPort(self, *args): self.add_edit_helper_port(True) def onHelperConfEditPort(self, *args): self.add_edit_helper_port(False) def onHelperConfPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.add_edit_helper_port(False) def onHelperConfRemovePort(self, *args): active_helper = self.get_active_helper() selection = self.helperConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.helperConfPortStore.get_value(iter, 0) proto = self.helperConfPortStore.get_value(iter, 1) if self.runtime_view: if self.fw.queryPort(active_helper, port, proto): self.fw.removePort(active_helper, port, proto) self.changes_applied() else: helper = self.fw.config().getHelperByName(active_helper) helper.removePort(port, proto) self.changes_applied() def change_helper_conf_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.helperConfEditPortButton.set_sensitive(True) self.helperConfRemovePortButton.set_sensitive(True) else: self.helperConfEditPortButton.set_sensitive(False) self.helperConfRemovePortButton.set_sensitive(False) def add_edit_helper_port(self, add): active_helper = self.get_active_helper() self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) old_port = None old_proto = None if not add: selection = self.helperConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.helperConfPortStore.get_value(iter, 0) old_proto = self.helperConfPortStore.get_value(iter, 1) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return helper = self.fw.config().getHelperByName(active_helper) if not helper.queryPort(port, proto): if not add: helper.removePort(old_port, old_proto) helper.addPort(port, proto) self.changes_applied() def helper_port_added_cb(self, helper, entry): if not self.runtime_view or helper != self.get_active_helper(): return iter = self.helperConfPortStore.get_iter_first() while iter: if self.helperConfPortStore.get_value(iter, 0) == entry: # already there return iter = self.helperConfPortStore.iter_next(iter) # nothing found, so add it self.helperConfPortStore.append([entry]) def helper_port_removed_cb(self, helper, entry): if not self.runtime_view or helper != self.get_active_helper(): return iter = self.helperConfPortStore.get_iter_first() while iter: if self.helperConfPortStore.get_value(iter, 0) == entry: self.helperConfPortStore.remove(iter) break iter = self.helperConfPortStore.iter_next(iter) def conf_helper_added_cb(self, helper): if self.runtime_view: return # check if helper is in store iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) == helper: return iter = self.helperConfHelperStore.iter_next(iter) # not in list, append self.helperConfHelperStore.append([helper]) selection = self.helperConfHelperView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_helper_updated_cb(self, helper): if self.runtime_view or helper != self.get_active_helper(): return self.onChangeHelper() def conf_helper_removed_cb(self, helper): if self.runtime_view: return iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) == helper: self.helperConfHelperStore.remove(iter) break iter = self.helperConfHelperStore.iter_next(iter) def conf_helper_renamed_cb(self, helper): if self.runtime_view: return # Get all helpers, renamed the one that is missing. # If more or less than one is missing, update helper store. helpers = self.fw.config().getHelperNames() use_iter = None iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) not in helpers: if use_iter is not None: return self.load_helpers() use_iter = iter iter = self.helperConfHelperStore.iter_next(iter) if use_iter is None: return self.load_helpers() self.helperConfHelperStore.set_value(use_iter, 0, helper) def onChangeHelper(self, *args): active_helper = self.get_active_helper() self.helperConfPortStore.clear() self.helperConfPortView.get_selection().set_mode( Gtk.SelectionMode.NONE) if not active_helper: self.helperConfEditHelperButton.set_sensitive(False) self.helperConfRemoveHelperButton.set_sensitive(False) self.helperConfLoadDefaultsHelperButton.set_sensitive(False) self.helperConfHelperNotebook.set_sensitive(False) return self.helperConfEditHelperButton.set_sensitive(True) self.helperConfHelperNotebook.set_sensitive(True) ports = [ ] if self.runtime_view: # load runtime configuration settings = self.fw.getHelperSettings(active_helper) ports = settings.getPorts() default = False builtin = False else: try: helper = self.fw.config().getHelperByName(active_helper) except: return # load permanent configuration settings = helper.getSettings() ports = settings.getPorts() props = helper.get_properties() default = props["default"] builtin = props["builtin"] # set entries for item in ports: self.helperConfPortStore.append(item) self.helperConfPortView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.helperConfRemoveHelperButton.set_sensitive(not builtin and default) self.helperConfLoadDefaultsHelperButton.set_sensitive(not default) def onModuleChanged(self, *args): if self.moduleDialogOtherModuleCheck.get_active(): self.moduleDialogModuleLabel.set_sensitive(False) self.moduleDialogModuleCombobox.set_sensitive(False) self.moduleDialogOtherModuleEntry.set_sensitive(True) module = self.moduleDialogOtherModuleEntry.get_text() else: self.moduleDialogModuleLabel.set_sensitive(True) self.moduleDialogModuleCombobox.set_sensitive(True) self.moduleDialogOtherModuleEntry.set_sensitive(False) module = self.moduleDialogModuleCombobox.get_active_text() if module is not None and module.startswith("nf_conntrack_") and \ len(module.replace("nf_conntrack_", "")) > 1: self.moduleDialogOkButton.set_sensitive(True) else: self.moduleDialogOkButton.set_sensitive(False) def module_select_dialog(self, old_module): self.moduleDialogModuleCombobox.set_active(0) self.moduleDialogOtherModuleCheck.set_active(False) self.moduleDialogOtherModuleEntry.set_text("") if old_module: if not combobox_select_text(self.moduleDialogModuleCombobox, old_module): self.moduleDialogOtherModuleCheck.set_active(True) self.moduleDialogOtherModuleEntry.set_text(old_module) self.moduleDialogOkButton.set_sensitive(False) self.moduleDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.moduleDialog.set_transient_for(self.mainWindow) self.moduleDialog.show_all() self.add_visible_dialog(self.moduleDialog) result = self.moduleDialog.run() self.moduleDialog.hide() self.remove_visible_dialog(self.moduleDialog) if result != 1: return None if self.moduleDialogOtherModuleCheck.get_active(): module = self.moduleDialogOtherModuleEntry.get_text() else: module = self.moduleDialogModuleCombobox.get_active_text() if old_module == module: # nothing to change return None return module def get_active_icmp(self): selection = self.icmpDialogIcmpView.get_selection() (model, iter) = selection.get_selected() if iter: return self.icmpDialogIcmpStore.get_value(iter, 0) return None def load_icmps(self): if not self.show_icmp_types: return active_icmp = self.get_active_icmp() if self.runtime_view: icmps = self.fw.listIcmpTypes() else: icmps = self.fw.config().getIcmpTypeNames() selection = self.icmpDialogIcmpView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.icmpDialogIcmpStore.clear() # icmps for icmp in icmps: self.icmpDialogIcmpStore.append([icmp]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) == \ active_icmp: selection.select_iter(iter) return iter = self.icmpDialogIcmpStore.iter_next(iter) selection.select_path(0) if not self.get_active_icmp(): self.icmpDialogEditIcmpButton.set_sensitive(False) self.icmpDialogRemoveIcmpButton.set_sensitive(False) self.icmpDialogLoadDefaultsIcmpButton.set_sensitive(False) self.icmpDialogIcmpNotebook.set_sensitive(False) def onChangeIcmp(self, *args): active_icmp = self.get_active_icmp() ### load service settings self.icmpDialogDestIpv4Check.set_active(True) self.icmpDialogDestIpv6Check.set_active(True) if not active_icmp: self.icmpDialogEditIcmpButton.set_sensitive(False) self.icmpDialogRemoveIcmpButton.set_sensitive(False) self.icmpDialogLoadDefaultsIcmpButton.set_sensitive(False) self.icmpDialogIcmpNotebook.set_sensitive(False) return self.icmpDialogEditIcmpButton.set_sensitive(True) self.icmpDialogIcmpNotebook.set_sensitive(True) destination = [ ] if self.runtime_view: # load runtime configuration settings = self.fw.getIcmpTypeSettings(active_icmp) destination = settings.getDestinations() default = False builtin = False else: try: icmp = self.fw.config().getIcmpTypeByName(active_icmp) except: return # load permanent configuration settings = icmp.getSettings() destination = settings.getDestinations() props = icmp.get_properties() default = props["default"] builtin = props["builtin"] self.icmpDialogRemoveIcmpButton.set_sensitive(not builtin and default) self.icmpDialogLoadDefaultsIcmpButton.set_sensitive(not default) ipv4 = "ipv4" in destination ipv6 = "ipv6" in destination # set destination if ipv4 != ipv6: if not ipv4: self.icmpDialogDestIpv4Check.set_active(False) if not ipv6: self.icmpDialogDestIpv6Check.set_active(False) def onIcmpDialogAddIcmp(self, *args): self.add_edit_icmp(True) def onIcmpDialogRemoveIcmp(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) icmp.remove() self.load_icmps() self.onChangeIcmp() def onIcmpDialogEditIcmp(self, *args): self.add_edit_icmp(False) def onIcmpBaseDialogChanged(self, *args): if args and (args[0] == self.icmpBaseDialogNameEntry): additional_chars = "".join(IcmpType.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars self.entry_changed(args[0], allowed_chars) self.icmpBaseDialogOkButton.set_sensitive(True) def add_edit_icmp(self, add): if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None self.icmpBaseDialogNameEntry.set_text("") self.icmpBaseDialogVersionEntry.set_text("") self.icmpBaseDialogShortEntry.set_text("") self.icmpBaseDialogDescText.get_buffer().set_text("") else: active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) settings = icmp.getSettings() props = icmp.get_properties() default = props["default"] builtin = props["builtin"] old_name = icmp.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() self.icmpBaseDialogNameEntry.set_text(old_name) self.icmpBaseDialogVersionEntry.set_text(old_version) self.icmpBaseDialogShortEntry.set_text(old_short) self.icmpBaseDialogDescText.get_buffer().set_text(old_desc) self.icmpBaseDialogOkButton.set_sensitive(False) if builtin: self.icmpBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in icmp, rename not supported.")) else: self.icmpBaseDialogNameEntry.set_tooltip_markup("") self.icmpBaseDialogNameEntry.set_sensitive(not builtin and default) self.icmpBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.icmpBaseDialog.set_transient_for(self.mainWindow) self.icmpBaseDialog.show_all() self.add_visible_dialog(self.icmpBaseDialog) result = self.icmpBaseDialog.run() self.icmpBaseDialog.hide() self.remove_visible_dialog(self.icmpBaseDialog) if result != 1: return name = self.icmpBaseDialogNameEntry.get_text() version = self.icmpBaseDialogVersionEntry.get_text() short = self.icmpBaseDialogShortEntry.get_text() buffer = self.icmpBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc: # no changes return if not add: active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) settings = icmp.getSettings() else: settings = client.FirewallClientIcmpTypeSettings() if old_version != version or old_short != short or \ old_desc != desc: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) if not add: icmp.update(settings) if not add: if old_name == name: return icmp.rename(name) else: self.fw.config().addIcmpType(name, settings) self.changes_applied() def onIcmpDialogLoadDefaultsIcmp(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) icmp.loadDefaults() self.changes_applied() self.onChangeIcmp() def icmp_dialog_dest_ipv4_check_cb(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) if self.icmpDialogDestIpv4Check.get_active(): if icmp.queryDestination("ipv4"): icmp.removeDestination("ipv4") self.changes_applied() elif not icmp.queryDestination("ipv4"): icmp.addDestination("ipv4") self.changes_applied() def icmp_dialog_dest_ipv6_check_cb(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) if self.icmpDialogDestIpv6Check.get_active(): if icmp.queryDestination("ipv6"): icmp.removeDestination("ipv6") self.changes_applied() elif not icmp.queryDestination("ipv6"): icmp.addDestination("ipv6") self.changes_applied() def conf_icmp_added_cb(self, icmp): if self.runtime_view: return if not self.show_icmp_types: return # check if icmp is in store iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) == icmp: return iter = self.icmpDialogIcmpStore.iter_next(iter) # not in list, append self.icmpDialogIcmpStore.append([icmp]) selection = self.icmpDialogIcmpView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_icmp_updated_cb(self, zone): if self.runtime_view: return if not self.show_icmp_types: return self.onChangeIcmp() def conf_icmp_removed_cb(self, icmp): if self.runtime_view: return if not self.show_icmp_types: return iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) == icmp: self.icmpDialogIcmpStore.remove(iter) break iter = self.icmpDialogIcmpStore.iter_next(iter) def conf_icmp_renamed_cb(self, icmp): if self.runtime_view: return # Get all icmps, renamed the one that is missing. # If more or less than one is missing, update icmp store. icmps = self.fw.config().getIcmpTypeNames() use_iter = None iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) not in icmps: if use_iter is not None: return self.load_icmps() use_iter = iter iter = self.icmpDialogIcmpStore.iter_next(iter) if use_iter is None: return self.load_icmps() self.icmpDialogIcmpStore.set_value(use_iter, 0, icmp) def lockdown_check_cb(self, *args): if self.fw.queryLockdown(): self.fw.config().set_property("Lockdown", "no") # permanent self.fw.disableLockdown() # runtime else: self.fw.config().set_property("Lockdown", "yes") # permanent self.fw.enableLockdown() # runtime self.changes_applied() def panic_check_cb(self, *args): if self.fw.queryPanicMode(): self.fw.disablePanicMode() else: self.fw.enablePanicMode() self.changes_applied() def load_direct(self): if not self.show_direct: return if self.runtime_view: chains = self.fw.getAllChains() rules = self.fw.getAllRules() passthroughs = self.fw.getAllPassthroughs() else: direct = self.fw.config().direct() settings = direct.getSettings() chains = settings.getAllChains() rules = settings.getAllRules() passthroughs = settings.getAllPassthroughs() self.directChainStore.clear() self.directRuleStore.clear() self.directPassthroughStore.clear() for x in chains: self.directChainStore.append(x) for (ipv, table, chain, priority, args) in rules: self.directRuleStore.append((ipv, table, chain, priority, functions.joinArgs(args))) for (ipv, args) in passthroughs: self.directPassthroughStore.append((ipv, functions.joinArgs(args))) def load_lockdown_whitelist(self): if not self.show_lockdown_whitelist: return if self.runtime_view: contexts = self.fw.getLockdownWhitelistContexts() commands = self.fw.getLockdownWhitelistCommands() users = self.fw.getLockdownWhitelistUsers() uids = self.fw.getLockdownWhitelistUids() else: whitelist = self.fw.config().policies().getLockdownWhitelist() contexts = whitelist.getContexts() commands = whitelist.getCommands() users = whitelist.getUsers() uids = whitelist.getUids() self.lockdownContextStore.clear() self.lockdownCommandStore.clear() self.lockdownUserStore.clear() self.lockdownUidStore.clear() for context in contexts: self.lockdownContextStore.append([context]) self.lockdownContextView.get_selection().select_path(0) for command in commands: self.lockdownCommandStore.append([command]) self.lockdownCommandView.get_selection().select_path(0) for user in users: self.lockdownUserStore.append([user]) self.lockdownUserView.get_selection().select_path(0) for uid in uids: self.lockdownUidStore.append([uid]) self.lockdownUidView.get_selection().select_path(0) def lockdown_enabled_cb(self): self.lockdownLabel.set_text(self.enabled) self.lockdownMenuitem.handler_block(self.lockdown_check_id) self.lockdownMenuitem.set_active(True) self.lockdownMenuitem.handler_unblock(self.lockdown_check_id) def lockdown_disabled_cb(self): self.lockdownLabel.set_text(self.disabled) self.lockdownMenuitem.handler_block(self.lockdown_check_id) self.lockdownMenuitem.set_active(False) self.lockdownMenuitem.handler_unblock(self.lockdown_check_id) def change_lockdown_context_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownContextButton.set_sensitive(True) self.removeLockdownContextButton.set_sensitive(True) else: self.editLockdownContextButton.set_sensitive(False) self.removeLockdownContextButton.set_sensitive(False) def change_lockdown_command_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownCommandButton.set_sensitive(True) self.removeLockdownCommandButton.set_sensitive(True) else: self.editLockdownCommandButton.set_sensitive(False) self.removeLockdownCommandButton.set_sensitive(False) def change_lockdown_user_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownUserButton.set_sensitive(True) self.removeLockdownUserButton.set_sensitive(True) else: self.editLockdownUserButton.set_sensitive(False) self.removeLockdownUserButton.set_sensitive(False) def change_lockdown_uid_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownUidButton.set_sensitive(True) self.removeLockdownUidButton.set_sensitive(True) else: self.editLockdownUidButton.set_sensitive(False) self.removeLockdownUidButton.set_sensitive(False) def onAddContext(self, button): self.add_edit_context(True) def onEditContext(self, button): self.add_edit_context(False) def onContextClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_context(False) def onRemoveContext(self, button): selection = self.lockdownContextView.get_selection() (model, iter) = selection.get_selected() if iter is None: return context = self.lockdownContextStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistContext(context) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeContext(context) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_context_added_cb(self, context): if not self.show_lockdown_whitelist: return iter = self.lockdownContextStore.get_iter_first() while iter: if self.lockdownContextStore.get_value(iter, 0) == context: return iter = self.lockdownContextStore.iter_next(iter) self.lockdownContextStore.append([context]) def lockdown_whitelist_context_removed_cb(self, context): if not self.show_lockdown_whitelist: return iter = self.lockdownContextStore.get_iter_first() while iter: if self.lockdownContextStore.get_value(iter, 0) == context: self.lockdownContextStore.remove(iter) break iter = self.lockdownContextStore.iter_next(iter) def add_edit_context(self, add): if add: old_context = "" else: selection = self.lockdownContextView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_context = self.lockdownContextStore.get_value(iter, 0) self.contextDialogContextEntry.set_text(old_context) self.contextDialogOkButton.set_sensitive(False) self.contextDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.contextDialog.set_transient_for(self.mainWindow) self.contextDialog.show_all() self.add_visible_dialog(self.contextDialog) result = self.contextDialog.run() self.contextDialog.hide() self.remove_visible_dialog(self.contextDialog) if result != 1: return context = self.contextDialogContextEntry.get_text() if old_context == context: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistContext(context): self.fw.addLockdownWhitelistContext(context) if not add: self.fw.removeLockdownWhitelistContext(old_context) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryContext(context): if not add: whitelist.removeContext(old_context) whitelist.addContext(context) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onContextChanged(self, *args): text = self.contextDialogContextEntry.get_text() if text != "" and functions.checkContext(text): self.contextDialogOkButton.set_sensitive(True) else: self.contextDialogOkButton.set_sensitive(False) def onAddCommand(self, button): self.add_edit_command(True) def onEditCommand(self, button): self.add_edit_command(False) def onCommandClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_command(False) def onRemoveCommand(self, button): selection = self.lockdownCommandView.get_selection() (model, iter) = selection.get_selected() if iter is None: return command = self.lockdownCommandStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistCommand(command) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeCommand(command) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_command_added_cb(self, command): if not self.show_lockdown_whitelist: return iter = self.lockdownCommandStore.get_iter_first() while iter: if self.lockdownCommandStore.get_value(iter, 0) == command: return iter = self.lockdownCommandStore.iter_next(iter) self.lockdownCommandStore.append([command]) def lockdown_whitelist_command_removed_cb(self, command): if not self.show_lockdown_whitelist: return iter = self.lockdownCommandStore.get_iter_first() while iter: if self.lockdownCommandStore.get_value(iter, 0) == command: self.lockdownCommandStore.remove(iter) break iter = self.lockdownCommandStore.iter_next(iter) def add_edit_command(self, add): if add: old_command = "" else: selection = self.lockdownCommandView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_command = self.lockdownCommandStore.get_value(iter, 0) self.commandDialogCommandEntry.set_text(old_command) self.commandDialogOkButton.set_sensitive(False) self.commandDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.commandDialog.set_transient_for(self.mainWindow) self.commandDialog.show_all() self.add_visible_dialog(self.commandDialog) result = self.commandDialog.run() self.commandDialog.hide() self.remove_visible_dialog(self.commandDialog) if result != 1: return command = self.commandDialogCommandEntry.get_text() if old_command == command: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistCommand(command): self.fw.addLockdownWhitelistCommand(command) if not add: self.fw.removeLockdownWhitelistCommand(old_command) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryCommand(command): if not add: whitelist.removeCommand(old_command) whitelist.addCommand(command) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onCommandChanged(self, *args): text = self.commandDialogCommandEntry.get_text() if functions.checkCommand(text): self.commandDialogOkButton.set_sensitive(True) else: self.commandDialogOkButton.set_sensitive(False) def onAddUser(self, button): self.add_edit_user(True) def onEditUser(self, button): self.add_edit_user(False) def onUserClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_user(False) def onRemoveUser(self, button): selection = self.lockdownUserView.get_selection() (model, iter) = selection.get_selected() if iter is None: return user = self.lockdownUserStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistUser(user) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeUser(user) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_user_added_cb(self, user): if not self.show_lockdown_whitelist: return iter = self.lockdownUserStore.get_iter_first() while iter: if self.lockdownUserStore.get_value(iter, 0) == user: return iter = self.lockdownUserStore.iter_next(iter) self.lockdownUserStore.append([user]) def lockdown_whitelist_user_removed_cb(self, user): if not self.show_lockdown_whitelist: return iter = self.lockdownUserStore.get_iter_first() while iter: if self.lockdownUserStore.get_value(iter, 0) == user: self.lockdownUserStore.remove(iter) break iter = self.lockdownUserStore.iter_next(iter) def add_edit_user(self, add): if add: old_user = "" else: selection = self.lockdownUserView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_user = self.lockdownUserStore.get_value(iter, 0) self.userDialogUserEntry.set_text(old_user) self.userDialogOkButton.set_sensitive(False) self.userDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.userDialog.set_transient_for(self.mainWindow) self.userDialog.show_all() self.add_visible_dialog(self.userDialog) result = self.userDialog.run() self.userDialog.hide() self.remove_visible_dialog(self.userDialog) if result != 1: return user = self.userDialogUserEntry.get_text() if old_user == user: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistUser(user): self.fw.addLockdownWhitelistUser(user) if not add: self.fw.removeLockdownWhitelistUser(old_user) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryUser(user): if not add: whitelist.removeUser(old_user) whitelist.addUser(user) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onUserChanged(self, *args): text = self.userDialogUserEntry.get_text() if text != "" and functions.checkUser(text): self.userDialogOkButton.set_sensitive(True) else: self.userDialogOkButton.set_sensitive(False) def onAddUid(self, button): self.add_edit_uid(True) def onEditUid(self, button): self.add_edit_uid(False) def onUidClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_uid(False) def onRemoveUid(self, button): selection = self.lockdownUidView.get_selection() (model, iter) = selection.get_selected() if iter is None: return uid = self.lockdownUidStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistUid(uid) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeUid(uid) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_uid_added_cb(self, uid): if not self.show_lockdown_whitelist: return iter = self.lockdownUidStore.get_iter_first() while iter: if self.lockdownUidStore.get_value(iter, 0) == uid: return iter = self.lockdownUidStore.iter_next(iter) self.lockdownUidStore.append([uid]) def lockdown_whitelist_uid_removed_cb(self, uid): if not self.show_lockdown_whitelist: return iter = self.lockdownUidStore.get_iter_first() while iter: if self.lockdownUidStore.get_value(iter, 0) == uid: self.lockdownUidStore.remove(iter) break iter = self.lockdownUidStore.iter_next(iter) def add_edit_uid(self, add): if add: old_uid = "" else: selection = self.lockdownUidView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_uid = self.lockdownUidStore.get_value(iter, 0) self.uidDialogUidEntry.set_text("%s" % old_uid) self.uidDialogOkButton.set_sensitive(False) self.uidDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.uidDialog.set_transient_for(self.mainWindow) self.uidDialog.show_all() self.add_visible_dialog(self.uidDialog) result = self.uidDialog.run() self.uidDialog.hide() self.remove_visible_dialog(self.uidDialog) if result != 1: return uid = int(self.uidDialogUidEntry.get_text()) if old_uid == uid: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistUid(uid): self.fw.addLockdownWhitelistUid(uid) if not add: self.fw.removeLockdownWhitelistUid(old_uid) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryUid(uid): if not add: whitelist.removeUid(old_uid) whitelist.addUid(uid) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onUidChanged(self, *args): text = self.uidDialogUidEntry.get_text() if text != "" and functions.checkUid(text): self.uidDialogOkButton.set_sensitive(True) else: self.uidDialogOkButton.set_sensitive(False) def lockdown_whitelist_updated_cb(self): self.load_lockdown_whitelist() def change_chain_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editDirectChainButton.set_sensitive(True) self.removeDirectChainButton.set_sensitive(True) else: self.editDirectChainButton.set_sensitive(False) self.removeDirectChainButton.set_sensitive(False) def onAddChain(self, button): self.add_edit_direct_chain(True) def onEditChain(self, button): self.add_edit_direct_chain(False) def onChainClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_direct_chain(False) def onRemoveChain(self, button): selection = self.directChainView.get_selection() (model, iter) = selection.get_selected() if iter is None: return ipv = self.directChainStore.get_value(iter, 0) table = self.directChainStore.get_value(iter, 1) chain = self.directChainStore.get_value(iter, 2) if self.runtime_view: self.fw.removeChain(ipv, table, chain) self.changes_applied() else: direct = self.fw.config().direct() if direct.queryChain(ipv, table, chain): direct.removeChain(ipv, table, chain) self.changes_applied() def direct_updated_cb(self): if not self.show_direct: return if self.runtime_view: return self.load_direct() def direct_chain_added_cb(self, ipv, table, chain): if not self.show_direct: return if not self.runtime_view: return iter = self.directChainStore.get_iter_first() while iter: if self.directChainStore.get_value(iter, 0) == ipv and \ self.directChainStore.get_value(iter, 1) == table and \ self.directChainStore.get_value(iter, 2) == chain: return iter = self.directChainStore.iter_next(iter) self.directChainStore.append([ipv, table, chain]) def direct_chain_removed_cb(self, ipv, table, chain): if not self.show_direct: return if not self.runtime_view: return iter = self.directChainStore.get_iter_first() while iter: if self.directChainStore.get_value(iter, 0) == ipv and \ self.directChainStore.get_value(iter, 1) == table and \ self.directChainStore.get_value(iter, 2) == chain: self.directChainStore.remove(iter) break iter = self.directChainStore.iter_next(iter) def add_edit_direct_chain(self, add): if add: old_ipv = "" old_table = "" old_chain = "" else: selection = self.directChainView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_ipv = self.directChainStore.get_value(iter, 0) old_table = self.directChainStore.get_value(iter, 1) old_chain = self.directChainStore.get_value(iter, 2) self.directChainDialogIPVCombobox.set_active(0) combobox_select_text(self.directChainDialogIPVCombobox, old_ipv) combobox_select_text(self.directChainDialogTableCombobox, old_table) self.directChainDialogChainEntry.set_text("%s" % old_chain) self.directChainDialogOkButton.set_sensitive(False) self.directChainDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.directChainDialog.set_transient_for(self.mainWindow) self.directChainDialog.show_all() self.add_visible_dialog(self.directChainDialog) result = self.directChainDialog.run() self.directChainDialog.hide() self.remove_visible_dialog(self.directChainDialog) if result != 1: return ipv = self.directChainDialogIPVCombobox.get_active_text() table = self.directChainDialogTableCombobox.get_active_text() chain = self.directChainDialogChainEntry.get_text() if self.runtime_view: if not self.fw.queryChain(ipv, table, chain): self.fw.addChain(ipv, table, chain) if not add: self.fw.removeChain(old_ipv, old_table, old_chain) self.changes_applied() else: direct = self.fw.config().direct() if not direct.queryChain(ipv, table, chain): if not add: direct.removeChain(old_ipv, old_table, old_chain) direct.addChain(ipv, table, chain) self.changes_applied() def onDirectChainDialogChanged(self, *args): self.directChainDialogOkButton.set_sensitive(True) def onDirectChainDialogIPVChanged(self, *args): old_table = self.directChainDialogTableCombobox.get_active_text() ipv = self.directChainDialogIPVCombobox.get_active_text() self.directChainDialogTableCombobox.remove_all() self.directChainDialogTableCombobox.append_text("filter") if ipv in [ "ipv4", "ipv6" ]: self.directChainDialogTableCombobox.append_text("nat") self.directChainDialogTableCombobox.append_text("mangle") self.directChainDialogTableCombobox.append_text("raw") self.directChainDialogTableCombobox.append_text("security") else: self.directChainDialogTableCombobox.append_text("broute") combobox_select_text(self.directChainDialogTableCombobox, old_table) def change_rule_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editDirectRuleButton.set_sensitive(True) self.removeDirectRuleButton.set_sensitive(True) else: self.editDirectRuleButton.set_sensitive(False) self.removeDirectRuleButton.set_sensitive(False) def onAddRule(self, button): self.add_edit_direct_rule(True) def onEditRule(self, button): self.add_edit_direct_rule(False) def onRuleClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_direct_rule(False) def onRemoveRule(self, button): selection = self.directRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return ipv = self.directRuleStore.get_value(iter, 0) table = self.directRuleStore.get_value(iter, 1) chain = self.directRuleStore.get_value(iter, 2) priority = self.directRuleStore.get_value(iter, 3) args = self.directRuleStore.get_value(iter, 4) split_args = functions.splitArgs(args) if self.runtime_view: self.fw.removeRule(ipv, table, chain, priority, split_args) self.changes_applied() else: direct = self.fw.config().direct() if direct.queryRule(ipv, table, chain, priority, split_args): direct.removeRule(ipv, table, chain, priority, split_args) self.changes_applied() def direct_rule_added_cb(self, ipv, table, chain, priority, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directRuleStore.get_iter_first() while iter: if self.directRuleStore.get_value(iter, 0) == ipv and \ self.directRuleStore.get_value(iter, 1) == table and \ self.directRuleStore.get_value(iter, 2) == chain and \ self.directRuleStore.get_value(iter, 3) == priority and \ self.directRuleStore.get_value(iter, 4) == joined_args: return iter = self.directRuleStore.iter_next(iter) self.directRuleStore.append([ipv, table, chain, priority, joined_args]) def direct_rule_removed_cb(self, ipv, table, chain, priority, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directRuleStore.get_iter_first() while iter: if self.directRuleStore.get_value(iter, 0) == ipv and \ self.directRuleStore.get_value(iter, 1) == table and \ self.directRuleStore.get_value(iter, 2) == chain and \ self.directRuleStore.get_value(iter, 3) == priority and \ self.directRuleStore.get_value(iter, 4) == joined_args: self.directRuleStore.remove(iter) break iter = self.directRuleStore.iter_next(iter) def add_edit_direct_rule(self, add): if add: old_ipv = "" old_table = "" old_chain = "" old_priority = 0 old_args = "" else: selection = self.directRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_ipv = self.directRuleStore.get_value(iter, 0) old_table = self.directRuleStore.get_value(iter, 1) old_chain = self.directRuleStore.get_value(iter, 2) old_priority = self.directRuleStore.get_value(iter, 3) old_args = self.directRuleStore.get_value(iter, 4) self.directRuleDialogIPVCombobox.set_active(0) combobox_select_text(self.directRuleDialogIPVCombobox, old_ipv) combobox_select_text(self.directRuleDialogTableCombobox, old_table) self.directRuleDialogChainEntry.set_text("%s" % old_chain) self.directRuleDialogPrioritySpinbutton.set_value(old_priority) self.directRuleDialogArgsEntry.set_text("%s" % old_args) self.directRuleDialogOkButton.set_sensitive(False) self.directRuleDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.directRuleDialog.set_transient_for(self.mainWindow) self.directRuleDialog.show_all() self.add_visible_dialog(self.directRuleDialog) result = self.directRuleDialog.run() self.directRuleDialog.hide() self.remove_visible_dialog(self.directRuleDialog) if result != 1: return ipv = self.directRuleDialogIPVCombobox.get_active_text() table = self.directRuleDialogTableCombobox.get_active_text() chain = self.directRuleDialogChainEntry.get_text() priority = self.directRuleDialogPrioritySpinbutton.get_value_as_int() args = self.directRuleDialogArgsEntry.get_text() split_args = functions.splitArgs(args) split_old_args = functions.splitArgs(old_args) if self.runtime_view: if not self.fw.queryRule(ipv, table, chain, priority, split_args): self.fw.addRule(ipv, table, chain, priority, split_args) if not add: self.fw.removeRule(old_ipv, old_table, old_chain, old_priority, split_old_args) self.changes_applied() else: direct = self.fw.config().direct() if not direct.queryRule(ipv, table, chain, priority, split_args): if not add: direct.removeRule(old_ipv, old_table, old_chain, old_priority, split_old_args) direct.addRule(ipv, table, chain, priority, split_args) self.changes_applied() def onDirectRuleDialogChanged(self, *args): self.directRuleDialogOkButton.set_sensitive(True) def onDirectRuleDialogIPVChanged(self, *args): old_table = self.directRuleDialogTableCombobox.get_active_text() ipv = self.directRuleDialogIPVCombobox.get_active_text() self.directRuleDialogTableCombobox.remove_all() self.directRuleDialogTableCombobox.append_text("filter") if ipv in [ "ipv4", "ipv6" ]: self.directRuleDialogTableCombobox.append_text("nat") self.directRuleDialogTableCombobox.append_text("mangle") self.directRuleDialogTableCombobox.append_text("raw") self.directRuleDialogTableCombobox.append_text("security") else: self.directRuleDialogTableCombobox.append_text("broute") combobox_select_text(self.directRuleDialogTableCombobox, old_table) def change_passthrough_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editDirectPassthroughButton.set_sensitive(True) self.removeDirectPassthroughButton.set_sensitive(True) else: self.editDirectPassthroughButton.set_sensitive(False) self.removeDirectPassthroughButton.set_sensitive(False) def onAddPassthrough(self, button): self.add_edit_direct_passthrough(True) def onEditPassthrough(self, button): self.add_edit_direct_passthrough(False) def onPassthroughClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_direct_passthrough(False) def onRemovePassthrough(self, button): selection = self.directPassthroughView.get_selection() (model, iter) = selection.get_selected() if iter is None: return ipv = self.directPassthroughStore.get_value(iter, 0) args = self.directPassthroughStore.get_value(iter, 1) split_args = functions.splitArgs(args) if self.runtime_view: self.fw.removePassthrough(ipv, split_args) self.changes_applied() else: direct = self.fw.config().direct() if direct.queryPassthrough(ipv, split_args): direct.removePassthrough(ipv, split_args) self.changes_applied() def direct_passthrough_added_cb(self, ipv, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directPassthroughStore.get_iter_first() while iter: if self.directPassthroughStore.get_value(iter, 0) == ipv and \ self.directPassthroughStore.get_value(iter, 1) == joined_args: return iter = self.directPassthroughStore.iter_next(iter) self.directPassthroughStore.append([ipv, joined_args]) def direct_passthrough_removed_cb(self, ipv, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directPassthroughStore.get_iter_first() while iter: if self.directPassthroughStore.get_value(iter, 0) == ipv and \ self.directPassthroughStore.get_value(iter, 1) == joined_args: self.directPassthroughStore.remove(iter) break iter = self.directPassthroughStore.iter_next(iter) def add_edit_direct_passthrough(self, add): if add: old_ipv = "" old_args = "" else: selection = self.directPassthroughView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_ipv = self.directPassthroughStore.get_value(iter, 0) old_args = self.directPassthroughStore.get_value(iter, 1) self.directPassthroughDialogIPVCombobox.set_active(0) combobox_select_text(self.directPassthroughDialogIPVCombobox, old_ipv) self.directPassthroughDialogArgsEntry.set_text("%s" % old_args) self.directPassthroughDialogOkButton.set_sensitive(False) self.directPassthroughDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.directPassthroughDialog.set_transient_for(self.mainWindow) self.directPassthroughDialog.show_all() self.add_visible_dialog(self.directPassthroughDialog) result = self.directPassthroughDialog.run() self.directPassthroughDialog.hide() self.remove_visible_dialog(self.directPassthroughDialog) if result != 1: return ipv = self.directPassthroughDialogIPVCombobox.get_active_text() args = self.directPassthroughDialogArgsEntry.get_text() split_args = functions.splitArgs(args) split_old_args = functions.splitArgs(old_args) if self.runtime_view: if not self.fw.queryPassthrough(ipv, split_args): self.fw.addPassthrough(ipv, split_args) if not add: self.fw.removePassthrough(old_ipv, split_old_args) self.changes_applied() else: direct = self.fw.config().direct() if not direct.queryPassthrough(ipv, split_args): if not add: direct.removePassthrough(old_ipv, split_old_args) direct.addPassthrough(ipv, split_args) self.changes_applied() def onDirectPassthroughDialogChanged(self, *args): self.directPassthroughDialogOkButton.set_sensitive(True) def get_ipset_entries_from_file(self, filename): entries = [ ] try: f = open(filename) except Exception as ex: self._error(_("Failed to read file '%s': %s") % (filename, ex)) else: for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] in ['#', ';']: continue if line not in entries: entries.append(line) f.close() return entries def combobox_select_text(combobox, value, insensitive=False): model = combobox.get_model() iter = model.get_iter_first() while iter: if (not insensitive and model.get_value(iter, 0) == value) or \ (insensitive and \ model.get_value(iter, 0).lower() == value.lower()): combobox.set_active_iter(iter) return True iter = model.iter_next(iter) combobox.set_active(0) return False class ZoneInterfaceEditor(Gtk.Dialog): def __init__(self, fw, interface, zone): self.fw = fw self.interface = interface self.zone = None self.title = _("Select zone for interface '%s'") % self.interface Gtk.Dialog.__init__(self, self.title) self.create_ui(zone) def create_ui(self, zone): self.set_property("width-request", 100) self.resize_to_geometry(100, 50) self.set_resizable(True) self.add_button("gtk-close", 1) self.ok_button = self.add_button("gtk-ok", 2) self.ok_button.set_sensitive(False) vbox = Gtk.Box(orientation=Gtk.Orientation.VERTICAL, spacing=6) vbox.set_border_width(12) vbox.set_homogeneous(False) label = Gtk.Label() label.set_text(self.title) label.set_line_wrap(True) label.set_justify(Gtk.Justification.LEFT) label.set_alignment(0, 0.5) vbox.pack_start(label, True, True, 0) self.combo = Gtk.ComboBoxText() self.fill_zone_combo() vbox.pack_start(self.combo, True, True, 0) box = self.get_content_area() box.set_border_width(6) box.set_homogeneous(False) box.pack_start(vbox, False, True, 0) self.combo.connect("changed", self.combo_changed) self.set_zone(zone) def combo_changed(self, combo): self.ok_button.set_sensitive(self.get_zone() != self.zone) def set_zone(self, zone): old_zone = self.zone self.zone = zone if self.get_zone() == old_zone: if zone == "": combobox_select_text(self.combo, _("Default Zone")) else: combobox_select_text(self.combo, self.zone) else: self.combo_changed(None) def get_zone(self): text = self.combo.get_active_text() if text == _("Default Zone"): text = "" return text def fill_zone_combo(self): self.combo.remove_all() for zone in self.fw.getZones(): self.combo.append_text(zone) def zones_changed(self): zone = self.get_zone() self.fill_zone_combo() self.set_zone(zone) def run(self): if Gtk.Dialog.run(self) != 2: return self.fw.changeZoneOfInterface(self.get_zone(), self.interface) class ZoneConnectionEditor(ZoneInterfaceEditor): def __init__(self, fw, connection, connection_name, zone): self.fw = fw self.connection = connection self.connection_name = connection_name self.zone = None self.title = _("Select zone for connection '%s'") % self.connection_name Gtk.Dialog.__init__(self, self.title) self.create_ui(zone) def fill_zone_combo(self): self.combo.remove_all() self.combo.append_text(_("Default Zone")) for zone in self.fw.getZones(): self.combo.append_text(zone) def run(self): if Gtk.Dialog.run(self) != 2: return nm_set_zone_of_connection(self.get_zone(), self.connection) class ZoneSourceEditor(ZoneInterfaceEditor): def __init__(self, fw, source, zone): self.fw = fw self.source = source self.zone = None self.title = _("Select zone for source %s") % self.source Gtk.Dialog.__init__(self, self.title) self.create_ui(zone) def run(self): if Gtk.Dialog.run(self) != 2: return self.fw.changeZoneOfSource(self.get_zone(), self.source) # MAIN if len(sys.argv) > 1: print("""Usage: %s [options] Options: -h, --help show this help message and exit """ % sys.argv[0]) sys.exit(1) app = FirewallConfig() sys.exit(0) firewalld-1.1.1/src/firewalld0000755000000000000000000001775614217353157016177 0ustar00rootroot00000000000000#!/usr/bin/python3 # -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # python fork magic derived from setroubleshoot # Copyright (C) 2006,2007,2008,2009 Red Hat, Inc. # Authors: # John Dennis # Dan Walsh import os import sys import dbus import argparse from firewall import config from firewall.functions import firewalld_is_active from firewall.core.logger import log, FileLog def parse_cmdline(): parser = argparse.ArgumentParser() parser.add_argument('--debug', nargs='?', const=1, default=0, type=int, choices=range(1, log.DEBUG_MAX+1), help="""Enable logging of debug messages. Additional argument in range 1..%s can be used to specify log level.""" % log.DEBUG_MAX, metavar="level") parser.add_argument('--debug-gc', help="""Turn on garbage collector leak information. The collector runs every 10 seconds and if there are leaks, it prints information about the leaks.""", action="store_true") parser.add_argument('--nofork', help="""Turn off daemon forking, run as a foreground process.""", action="store_true") parser.add_argument('--nopid', help="""Disable writing pid file and don't check for existing server process.""", action="store_true") parser.add_argument('--system-config', help="""Path to firewalld system configuration""", metavar="path") parser.add_argument('--default-config', help="""Path to firewalld default configuration""", metavar="path") parser.add_argument('--log-file', help="""Path to firewalld log file""", metavar="path") return parser.parse_args() def setup_logging(args): # Set up logging capabilities log.setDateFormat("%Y-%m-%d %H:%M:%S") log.setFormat("%(date)s %(label)s%(message)s") log.setInfoLogging("*", log.syslog, [ log.FATAL, log.ERROR, log.WARNING, log.TRACEBACK ], fmt="%(label)s%(message)s") log.setDebugLogLevel(log.NO_INFO) log.setDebugLogLevel(log.NO_DEBUG) if args.debug: log.setInfoLogLevel(log.INFO_MAX) log.setDebugLogLevel(args.debug) if args.nofork: log.addInfoLogging("*", log.stdout) log.addDebugLogging("*", log.stdout) log_file = FileLog(config.FIREWALLD_LOGFILE, "a") try: log_file.open() except IOError as e: log.error("Failed to open log file '%s': %s", config.FIREWALLD_LOGFILE, str(e)) else: log.addInfoLogging("*", log_file, [ log.FATAL, log.ERROR, log.WARNING, log.TRACEBACK ]) log.addDebugLogging("*", log_file) if args.debug: log.addInfoLogging("*", log_file) log.addDebugLogging("*", log_file) def startup(args): try: if not args.nofork: # do the UNIX double-fork magic, see Stevens' "Advanced # Programming in the UNIX Environment" for details (ISBN 0201563177) pid = os.fork() if pid > 0: # exit first parent sys.exit(0) # decouple from parent environment os.chdir("/") os.setsid() os.umask(os.umask(0o077) | 0o022) # Do not close the file descriptors here anymore # File descriptors are now closed in runProg before execve # Redirect the standard I/O file descriptors to /dev/null if hasattr(os, "devnull"): REDIRECT_TO = os.devnull else: REDIRECT_TO = "/dev/null" fd = os.open(REDIRECT_TO, os.O_RDWR) os.dup2(fd, 0) # standard input (0) os.dup2(fd, 1) # standard output (1) os.dup2(fd, 2) # standard error (2) if not args.nopid: # write the pid file with open(config.FIREWALLD_PIDFILE, "w") as f: f.write(str(os.getpid())) if not os.path.exists(config.FIREWALLD_TEMPDIR): os.mkdir(config.FIREWALLD_TEMPDIR, 0o750) # attempt to drop Linux capabilities to a minimal set: # - CAP_NET_ADMIN # - CAP_NET_RAW # - CAP_SYS_MODULE try: import capng capng.capng_clear(capng.CAPNG_SELECT_BOTH) if capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE | capng.CAPNG_PERMITTED | capng.CAPNG_BOUNDING_SET, capng.CAP_NET_ADMIN) or \ capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE | capng.CAPNG_PERMITTED | capng.CAPNG_BOUNDING_SET, capng.CAP_NET_RAW) or \ capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE | capng.CAPNG_PERMITTED | capng.CAPNG_BOUNDING_SET, capng.CAP_SYS_MODULE) or \ capng.capng_apply(capng.CAPNG_SELECT_BOTH): log.info(log.INFO1, "libcap-ng failed to drop Linux capabilities.") else: log.info(log.INFO1, "Dropped Linux capabilities to NET_ADMIN, NET_RAW, SYS_MODULE.") except ImportError: pass if args.system_config: config.set_system_config_paths(args.system_config) if args.default_config: config.set_default_config_paths(args.default_config) # Start the server mainloop here from firewall.server import server server.run_server(args.debug_gc) # Clean up on exit if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) except OSError as e: log.fatal("Fork #1 failed: %d (%s)" % (e.errno, e.strerror)) log.exception() if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) sys.exit(1) except dbus.exceptions.DBusException as e: log.fatal(str(e)) log.exception() if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) sys.exit(1) except IOError as e: log.fatal(str(e)) log.exception() if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) sys.exit(1) def main(): # firewalld should only be run as the root user if os.getuid() != 0: print("You need to be root to run %s." % sys.argv[0]) sys.exit(-1) # Process the command-line arguments args = parse_cmdline() if args.log_file: config.FIREWALLD_LOGFILE = args.log_file setup_logging(args) # Don't attempt to run two copies of firewalld simultaneously if not args.nopid and firewalld_is_active(): log.fatal("Not starting FirewallD, already running.") sys.exit(1) startup(args) sys.exit(0) if __name__ == '__main__': main() firewalld-1.1.1/src/firewall-config.glade0000644000000000000000000257621614217342322020341 0ustar00rootroot00000000000000 False 5 dialog Glade image-missing False vertical 2 False end False True end 0 False 5 Address True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter an %s address. True 0 0 False False 0 False start True 0 0 False False 1 True False 6 vertical True True start 60 • True 40 60 none False True 0 False True 2 True True 1 addressDialogCancelButton addressDialogOkButton False 5 Automatic Helpers True center-on-parent True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 5 vertical 6 False start start Please select the automatic helpers value: True 0 0 False False 0 True False vertical True False start True 6 False True 0 False True 1 True True 1 automaticHelpersDialogCancelButton automaticHelpersDialogOkButton False 5 Command line True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter the command line. True 0 0 False False 0 True False 6 vertical True True 1024 • True 50 False True 0 False True 1 True True 1 commandDialogCancelButton commandDialogOkButton False 5 Context True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter the context. True 0 0 False False 0 True False 6 vertical True True 1024 • True 50 False True 0 False True 1 True True 1 contextDialogCancelButton contextDialogOkButton 200 350 False 5 Default Zone True center-on-parent 200 350 True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 5 vertical 6 False start start Please select default zone from the list below. True 0 0 False False 0 True True 6 in True True False False True True 1 True True 1 portDialogCancelButton1 defaultZoneDialogOkButton False 5 Direct Chain True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select ipv and table and enter the chain name. True 0 0 False False 0 True False 6 6 6 True False end ipv: 1 0 0 True True start start True 31 ◠20 31 1 2 True False start ipv4 ipv6 eb 1 0 True False end Chain: middle 1 0 2 True False start filter nat mangle raw security 1 1 True False end Table: 1 0 1 True True 1 True True 1 directChainDialogCancelButton directChainDialogOkButton False 5 Direct Passthrough Rule True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select ipv and enter the args. True 0 0 False False 0 True False 6 6 6 True False end ipv: 1 0 0 True False start ipv4 ipv6 eb 1 0 True True start start 1024 ◠50 1 1 True False end Args: 1 0 1 False True 1 True True 1 directPassthroughDialogCancelButton directPassthroughDialogOkButton 200 350 False 5 Port Forwarding 200 350 dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 270 True False start Please select the source and destination options according to your needs. True 0 0 False False 0 True False 6 6 6 True False end Port / Port Range: 1 0 9 True False end IP address: 1 0 8 True False end Port / Port Range: 1 0 2 True False end Protocol: 1 0 1 True False start Source True 0 0 0 0 2 True False start Destination True 0 0 0 4 2 270 True False start If you enable local forwarding, you have to specify a port. This port has to be different to the source port. True True 0 0 0 5 2 Local forwarding True True False False start True 0.5 True 0 6 2 Forward to another port True True False False start True 0.5 True 0 7 2 True False 0 3 2 True False start start True tcp udp sctp dccp 1 1 True True start True 11 ◠11 11 1 2 True True start True 60 • True 25 60 1 8 True True start True 11 ◠11 11 1 9 False True 1 True True 1 button15 forwardDialogOkButton False 5 Base Helper Settings dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please configure base helper settings: True 0 0 False False 0 False start Bold entries are mandatory, all others are optional. True 0 0 False False 1 True False 6 6 6 True False end Name: 1 0 0 True True • True 1 2 250 80 True True True True in True True True word 1 3 True False end Version: 1 0 1 True True • True 1 1 True False end Short: 1 0 2 True False end Description: 1 0 3 True False Family: 1 0 5 True False start True All IPv4 IPv6 1 5 True False end Module: 1 0 4 True True False True True False 4 True False 0 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 1 4 True True • True 1 0 True True 2 True True 1 helperBaseDialogCancelButton helperBaseDialogOkButton 300 False 5 Helper True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select a helper: True 0 0 False False 0 True True 6 in True True False True True 1 True True 1 helperDialogCancelButton helperDialogOkButton False 5 Base ICMP Type Settings dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please configure base ICMP type settings: True 0 0 False False 0 False start Bold entries are mandatory, all others are optional. True 0 0 False False 1 True False 6 6 6 True False end Name: 1 0 0 True True • True 1 0 True True • True 1 2 250 80 True True True True in True True True word 1 3 True False end Version: 1 0 1 True True • True 1 1 True False end Short: 1 0 2 True False end Description: 1 0 3 True True 2 True True 1 icmpBaseDialogCancelButton icmpBaseDialogOkButton 300 False 5 ICMP Type True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select an ICMP type True 0 0 False False 0 True True 6 in True True True True 1 True True 1 icmptypeDialogCancelButton icmptypeDialogOkButton True False gtk-refresh True False gtk-add True False gtk-preferences True False gtk-preferences True False gtk-add True False False Add Entry True False True image13 False Add Entries From File True False True image17 False True False gtk-remove True False gtk-remove True False gtk-preferences True False gtk-remove True False False Remove Selected Entry True False True image20 False Remove All Entries True False True image18 False Remove Entries From File True False True image19 False True False gtk-preferences True False gtk-preferences 870 600 True False Firewall Configuration 870 600 True False vertical True False True False _File True True False gtk-quit True False True True True False _Options True True False Reload Firewalld True False Reloads firewall rules. Current permanent configuration will become new runtime configuration. i.e. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration. image1 False True False True False Change which zone a network connection belongs to. Change Zones of Connections... Change Default Zone True False Change default zone for connections or interfaces. image15 False Change Log Denied True False Change LogDenied value. image16 False Configure Automatic Helper Assigment True False Configure Automatic Helper Assignment setting. image21 False True False True False Panic mode means that all incoming and outgoing packets are dropped. Panic Mode True True False Lockdown locks firewall configuration so that only applications on lockdown whitelist are able to change it. Lockdown True True False True False Make runtime configuration permanent Runtime To Permanent True True False _View True True False True False IPSets True True False ICMP Types True True False Helpers True True False Direct Configuration True True False Lockdown Whitelist True True False Active Bindings True True False _Help True True False gtk-about True False True True False True 0 True False True True True True 200 True True False 6 6 True False True True vertical 6 True True True True out True True False False True 0 True False 6 start Change Zone True True False True True Change zone of binding image8 False True 0 False True 1 1 1 True True True Hide active runtime bindings of connections, interfaces and sources to zones none 0 True False 6 True False down none False True 0 True False Active Bindings False True 1 1 0 True True True Show active runtime bindings of connections, interfaces and sources to zones start True none True False vertical 6 True False False True 0 True False Active Bindings 90 False True 1 0 0 2 False False True False 6 vertical 6 True False 6 True False Configuration: 0 False True 0 True False Currently visible configuration. Runtime configuration is the actual active configuration. Permanent configuration will be active after service or system reload or restart. False True 1 False True 0 True True True True False 6 vertical 6 True False start A firewalld zone defines the level of trust for network connections, interfaces and source addresses bound to the zone. The zone combines services, ports, protocols, masquerading, port/packet forwarding, icmp filters and rich rules. The zone can be bound to interfaces and source addresses. True 0 0 False True 0 True True 6 175 True True False vertical False Zone 0 False True 0 True True in 150 True True False True True 1 True False True True False 1 True False Add Zone True gtk-add False True True False Edit Zone True gtk-edit False True True False Remove Zone True gtk-remove False True True False Load Zone Defaults True gtk-revert-to-saved False True False True 2 False False True True 6 True True False 6 vertical 6 True False start Here you can define which services are trusted in the zone. Trusted services are accessible from all hosts and networks that can reach the machine from connections, interfaces and sources bound to this zone. True True 0 0 False False 0 True False 6 True True out True True True True 0 True True 1 True False Services False True False 6 vertical 6 True False Add additional ports or port ranges, which need to be accessible for all hosts or networks that can connect to the machine. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Port True False True 0 gtk-edit True False True False True True Edit Port True False True 1 gtk-remove True False True False True True Remove Port True False True 2 False True 2 1 True False Ports 1 False True False 6 vertical 6 True False Add protocols, which need to be accessible for all hosts or networks. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Protocol True False True 0 gtk-edit True False True False True True Edit Protocol True False True 1 gtk-remove True False True False True True Remove Protocol True False True 2 False True 2 2 True False Protocols 2 False True False 6 vertical 6 True False Add additional source ports or port ranges, which need to be accessible for all hosts or networks that can connect to the machine. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Port True False True 0 gtk-edit True False True False True True Edit Port True False True 1 gtk-remove True False True False True True Remove Port True False True 2 False True 2 3 True False Source Ports 3 False True False 6 vertical 6 True False Masquerading allows you to set up a host or router that connects your local network to the internet. Your local network will not be visible and the hosts appear as a single address on the internet. Masquerading is IPv4 only. True 0 0 False False 0 True False start False True Masquerade zone True True False start 0 True False True 1 True False If you enable masquerading, IP forwarding will be enabled for your IPv4 networks. True 0 0 False True 2 4 True False Masquerading 4 False True False 6 vertical 6 True False Add entries to forward ports either from one port to another on the local system or from the local system to another system. Forwarding to another system is only useful if the interface is masqueraded. Port forwarding is IPv4 only. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Forward Port True False True 0 gtk-edit True False True False True True Edit Forward Port True False True 1 gtk-remove True False True False True True Remove Forward Port True False True 2 False True 2 5 True False Port Forwarding 5 False True False 6 vertical 6 True False The Internet Control Message Protocol (ICMP) is mainly used to send error messages between networked computers, but additionally for informational messages like ping requests and replies. True 0 0 False False 0 True True 250 True True True out True True False False True False 6 True False vertical 6 True False Mark the ICMP types in the list, which should be rejected. All other ICMP types are allowed to pass the firewall. The default is no limitation. True 0 0 False False 0 True False If Invert Filter is enabled, marked ICMP entries are accepted and the others are rejected. In a zone with the target DROP, they are dropped. True True 0 0 False False 1 True False start False True Invert Filter True True False start 0 True False True 2 True False True True 2 6 True False ICMP Filter 6 False True False 6 vertical 6 True False Here you can set rich language rules for the zone. True True 0 0 False False 0 True False 6 True True out True True True True 0 True True 1 True False 6 start gtk-add True True False True True Add Rich Rule True False True 0 gtk-edit True False True False True True Edit Rich Rule True False True 1 gtk-remove True False True False True True Remove Rich Rule True False True 2 False True 2 7 True False Rich Rules 7 False True False 6 vertical 6 True False Add entries to bind interfaces to the zone. If the interface will be used by a connection, the zone will be set to the zone specified in the connection. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Interface True False True 0 gtk-edit True False True False True True Edit Interface True False True 1 gtk-remove True False True False True True Remove Interface True False True 2 False True 2 8 True False Interfaces 8 False True False 6 vertical 6 True False Add entries to bind source addresses or areas to the zone. You can also bind to a MAC source address, but with limitations. Port forwarding and masquerading will not work for MAC source bindings. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Source True False True 0 gtk-edit True False True False True True Edit Source True False True 1 gtk-remove True False True False True True Remove Source True False True 2 False True 2 9 True False Sources 9 False True False True True 1 True False Zones False True False 6 vertical 6 True False start A firewalld service is a combination of ports, protocols, modules and destination addresses. True 0 0 False True 0 True True 6 175 True True False vertical False Service 0 False True 0 True True in 150 True True False True True 1 True False True True False 1 True False True Add Service Add Service True gtk-add False True True False True Edit Service Edit Service True gtk-edit False True True False True Remove Service Remove Service True gtk-remove False True True False True Load Service Defaults Load Service Defaults True gtk-revert-to-saved False True False True 2 False False True True 6 True True False 6 vertical 6 True False start Add additional ports or port ranges, which need to be accessible for all hosts or networks. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Entry True False True 0 gtk-edit True False True False True True Edit Entry True False True 1 gtk-remove True False True False True True Remove Entry True False True 2 False True 2 True False Ports False True False 6 vertical 6 True False Add protocols, which need to be accessible for all hosts or networks. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Entry True False True 0 gtk-edit True False True False True True Edit Entry True False True 1 gtk-remove True False True False True True Remove Entry True False True 2 False True 2 1 True False Protocols 1 False True False 6 vertical 6 True False start Add additional source ports or port ranges, which need to be accessible for all hosts or networks. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Entry True False True 0 gtk-edit True False True False True True Edit Entry True False True 1 gtk-remove True False True False True True Remove Entry True False True 2 False True 2 2 True False Source Port 2 False True False 6 vertical 6 True False Netfilter helper modules are needed for some services. True 0 0 False False 0 True True out True True False False True True 1 True False 6 start gtk-add True True False True True Add Entry True False True 0 gtk-edit True False True False True True Edit Entry True False True 1 gtk-remove True False True False True True Remove Entry True False True 2 False True 2 3 True False Modules 3 False True False 6 vertical 6 True False If you specify destination addresses, the service entry will be limited to the destination address and type. If both entries are empty, there is no limitation. True 0 0 False False 1 True False 6 6 True False IPv4: 0 0 True False IPv6: 0 1 True True False True True False 4 True False 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 1 0 True True False True True False 4 True False 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 1 1 False True 2 4 True False Destination 4 False True False True True 1 True False Services can only be changed in the permanent configuration view. The runtime configuration of services is fixed. True 0 False True 2 1 True False Services 1 False True False 6 vertical 6 True False start An IPSet can be used to create white or black lists and is able to store for example IP addresses, port numbers or MAC addresses. True 0 0 False True 0 True True 6 175 True True False vertical False IPSet 0 False True 0 True True in 150 True True False True True 1 True False True True False 1 True False True Add IPSet Add IPSet True gtk-add False True True False True Edit IPSet Edit IPSet True gtk-edit False True True False True Remove IPSet Remove IPSet True gtk-remove False True True False True Load IPSet Defaults Load IPSet Defaults True gtk-revert-to-saved False True False True 2 False False True True 6 True True False 6 vertical 6 True False start Entries of the IPSet. You will only be able to see entries of ipsets that are not using the timeout option, also only the entries, that have been added by firewalld. Entries, that have been directly added with the ipset command wil not be listed here. True 0 0 False False 0 True False vertical 6 True True out True True False True True 0 False 12 12 This IPSet uses the timeout option, therefore no entries are visible here. The entries should be taken care directly with the ipset command. True 0 0 False False 1 True True 1 True False 6 start True True True True ipsetConfAddEntryMenu False True False center 3 True False gtk-add False True 0 True False Add False True 1 True False down False True 2 True True 0 gtk-edit True False True False True True Edit Entry True False True 1 True True True True ipsetConfRemoveEntryMenu False True False center 3 True False gtk-remove False True 0 True False Remove False True 1 True False down False True 2 True True 2 False True 2 True False Entries False True False True True 1 True False IPSets can only be created or deleted in the permanent configuration view. True 0 False True 2 2 True False IPSets 2 False True False 6 vertical 6 True False start A firewalld icmptype provides the information for an Internet Control Message Protocol (ICMP) type for firewalld. True 0 0 False True 0 True True 6 175 True True False vertical False ICMP Type 0 False True 0 True True in 150 True True False True True 1 True False True True False 1 True False True Add ICMP Type Add ICMP Type True gtk-add False True True False True Edit ICMP Type Edit ICMP Type True gtk-edit False True True False True Remove ICMP Type Remove ICMP Type True gtk-remove False True True False True Load ICMP Type Defaults Load ICMP Type Defaults True gtk-revert-to-saved False True False True 2 False False True True 6 True True False 6 vertical 6 True False Specify whether this ICMP Type is available for IPv4 and/or IPv6. True 0 0 False False 0 True False False True IPv4 True True False 0 True False True 1 True False False True IPv6 True True False 0 True False False 2 True False Destination False True False True True 1 True False ICMP Types can only be changed in the permanent configuration view. The runtime configuration of ICMP Types is fixed. True 0 False True 2 3 True False ICMP Types 3 False True False 6 vertical 6 True False start A connection tracking helper is assisting to make protocols work that are using different flows for signaling and data transfers. The data transfers are using ports that are unrelated to the signaling connection and are therefore blocked by the firewall without the helper. True 0 0 False True 0 True True 6 175 True True False vertical False Helper 0 False True 0 True True in 150 True True False True True 1 True False True True False 1 True False True Add Service Add Service True gtk-add False True True False True Edit Service Edit Service True gtk-edit False True True False True Remove Service Remove Service True gtk-remove False True True False True Load Service Defaults Load Service Defaults True gtk-revert-to-saved False True False True 2 False False True True 6 True True False 6 vertical 6 True False start Define ports or port ranges, which are monitored by the helper. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Entry True False True 0 gtk-edit True False True False True True Edit Entry True False True 1 gtk-remove True False True False True True Remove Entry True False True 2 False True 2 True False Ports False True False True True 1 True False Services can only be changed in the permanent configuration view. The runtime configuration of services is fixed. True 0 False True 2 4 True False Helpers 4 False False 6 vertical 6 True False start The direct configuration gives a more direct access to the firewall. These options require user to know basic iptables concepts, i.e. tables, chains, commands, parameters and targets. Direct configuration should be used only as a last resort when it is not possible to use other firewalld features. True 0 0 False True 0 True False start The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it will be for iptables, with ipv6 for ip6tables and with eb for ethernet bridges (ebtables). True 0 0 False True 1 True False 6 vertical True True True False 6 vertical 6 True False start Additional chains for use with rules. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Chain True False True 0 gtk-edit True False True False True True Edit Chain True False True 1 gtk-remove True False True False True True Remove Chain True False True 2 False True 2 True False Chains False True False 6 vertical 6 True False start Add a rule with the arguments args to a chain in a table with a priority. True 0 0 False False 1 True False start The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. True 0 0 False False 2 True False 6 True True out True True False True True 0 True True 3 True False 6 start gtk-add True True False True True Add Rule True False True 0 gtk-edit True False True False True True Edit Rule True False True 1 gtk-remove True False True False True True Remove Rule True False True 2 False True 4 1 True False Rules 1 False True False 6 vertical 6 True False start The passthrough rules are directly passed through to the firewall and are not placed in special chains. All iptables, ip6tables and ebtables options can be used. True 0 0 False False 0 True False start Please be careful with passthrough rules to not damage the firewall. True 0 0 False False 2 True False 6 True True out True True False True True 0 True True 3 True False 6 start gtk-add True True False True True Add Passthrough True False True 0 gtk-edit True False True False True True Edit Passthrough True False True 1 gtk-remove True False True False True True Remove Passthrough True False True 2 False True 4 2 True False Passthrough 2 False True True 0 True True 3 5 True False Direct Configuration 5 False False 6 vertical 6 True False The lockdown feature is a light version of user and application policies for firewalld. It limits changes to the firewall. The lockdown whitelist can contain commands, contexts, users and user ids. True 0 0 False True 0 True False 6 vertical True True True False 6 vertical 6 True False The context is the security (SELinux) context of a running application or service. To get the context of a running application use <tt>ps -e --context</tt>. True True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Context True False True 0 gtk-edit True False True False True True Edit Context True False True 1 gtk-remove True False True False True True Remove Context True False True 2 False True 2 True False Contexts False True False 6 vertical 6 True False If a command entry on the whitelist ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the absolute command inclusive arguments must match. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add Command Line True False True 0 gtk-edit True False True False True True Edit Command Line True False True 1 gtk-remove True False True False True True Remove Command Line True False True 2 False True 2 1 True False Command lines 1 False True False 6 vertical 6 True False User names. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add User Name True False True 0 gtk-edit True False True False True True Edit User Name True False True 1 gtk-remove True False True False True True Remove User Name True False True 2 False True 2 2 True False User names 2 False True False 6 vertical 6 True False User ids. True 0 0 False False 0 True False 6 True True out True True False True True 0 True True 1 True False 6 start gtk-add True True False True True Add User Id True False True 0 gtk-edit True False True False True True Edit User Id True False True 1 gtk-remove True False True False True True Remove User Id True False True 2 False True 2 3 True False User Ids 3 False True True 0 True True 2 6 True False Lockdown Whitelist 6 False True True 1 True False -1 True True 1 True False False True 2 True False 6 6 3 3 6 True False True 0 False True 0 True False True 0 False True 1 False True 3 True False 6 6 3 3 3 3 True False True Current default zone of the system. Current default zone of the system. label 0 1 0 True False 6 Log Denied: right 1 2 0 True False True Current default zone of the system. Current default zone of the system. label 0 3 0 True False 6 Panic Mode: right 1 4 0 True False True Current default zone of the system. Current default zone of the system. label 0 5 0 True False 6 Automatic Helpers: right 1 6 0 True False True Current default zone of the system. Current default zone of the system. label 0 7 0 True False 6 Lockdown: right 1 8 0 True False True Current default zone of the system. Current default zone of the system. label 0 9 0 True False Default Zone: right 1 0 0 False True 4 True False False True 6 False 5 Interface True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter an interface name: True 0 0 False False 0 True False 6 vertical True True 60 • True 50 none False True 0 False True 1 True True 1 interfaceDialogCancelButton interfaceDialogOkButton False 5 Base IPSet Settings dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please configure base ipset settings: True 0 0 False False 0 False start Bold entries are mandatory, all others are optional. True 0 0 False False 1 True False True True 6 6 6 True True True • True 1 1 True True True • True 1 2 250 80 True True True True in True True True True word 1 3 True False Name: 1 0 0 True True True • True 1 0 True False Version: 1 0 1 True False Short: 1 0 2 True False Description: 1 0 3 True False Type: 1 0 4 True False start True inet inet6 1 5 True False Timeout: middle 1 0 6 True False Hashsize: middle 1 0 7 True False Maxelem: middle 1 0 8 True True Timeout value in seconds number 1 6 True True Initial hash size, default 1024 number 1 7 True True Max number of elements, default 65536 number 1 8 True False Family: True 1 0 5 True False start 3 True False start True False True 0 True False False True 1 1 4 False True 2 True True 1 ipsetBaseDialogCancelButton ipsetBaseDialogOkButton 300 300 False 5 IPSet True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select an ipset: True 0 0 False False 0 True True 6 in True True True True 1 True True 1 ipsetDialogCancelButton ipsetDialogOkButton False 5 Entry True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter an ipset entry: True 0 0 False False 0 True False start 6 vertical 6 True True start 1024 • True 50 60 none True True 0 True False 3 True False Type: False True 0 True False label False True 1 False True 1 True True 1 True True 1 ipsetEntryDialogCancelButton ipsetEntryDialogOkButton False 5 Log Denied True center-on-parent True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 5 vertical 6 False start start Please select the log denied value: True 0 0 False False 0 True False vertical True False start True 6 False True 0 False True 1 True True 1 logDeniedDialogCancelButton logDeniedDialogOkButton False 5 Address True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter a MAC address. True 0 0 False False 0 True False 6 vertical True True start 17 • True 17 17 none False True 0 False True 1 True True 1 macDialogCancelButton macDialogOkButton False 5 Mark True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter a mark with an optional mask. True 0 0 False False 0 False start The mark and the mask fields are both 32 bits wide unsigned numbers. True 0 0 False False 1 True False 6 6 6 True False end Mark: 1 0 0 True True start 10 • True 10 10 1 0 True False end Mask: 1 0 1 True True start 10 • True 10 10 1 1 False True 2 True True 1 markDialogCancelButton markDialogOkButton False 5 Helper True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select a netfilter conntrack helper: True 0 0 False False 0 True False 6 6 6 True False end Module: 1 0 0 True False start True - Select - 1 0 True True start True 50 ◠25 50 1 1 Other Module: True True False end 0 right True 0 1 True True 1 True True 1 moduleDialogCancelButton moduleDialogOkButton False 5 Port and Protocol True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter a port and protocol. True 0 0 False False 0 True False 6 6 6 True False end Port / Port Range: 1 0 0 True True start 32 • True 11 32 1 0 True False start tcp udp sctp dccp 1 1 True False end Protocol: 1 0 1 False True 1 True True 1 portDialogCancelButton portDialogOkButton -99999999 99999999 1 10 False 5 Direct Rule True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select ipv and table, chain priority and enter the args. True 0 0 False False 0 True False 6 6 6 True False ipv: 1 0 0 True False start 1 1 True True start start 31 ◠31 31 1 2 True False start ipv4 ipv6 eb 1 0 True True start True 1024 ◠50 1 4 True True start 8 ◠8 1 number priority_adjustment 1 True 1 3 True False Table: 1 0 1 True False Chain: 1 0 2 True False Priority: 1 0 3 True False Args: 1 0 4 True True 1 True True 1 directRuleDialogCancelButton directRuleDialogOkButton False 5 Protocol True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 3 False start Please enter a protocol. True 0 0 False False 0 True False 6 6 6 True False end Protocol: 1 0 0 True False start True - Select - ah esp dccp ddp icmp ipv6-icmp igmp mux sctp tcp udp 1 0 True True start True 50 ◠25 50 1 1 Other Protocol: True True False end 0.5 right True 0 1 True True 1 False True 1 protoDialogCancelButton protoDialogOkButton -32768 32767 1 10 False 5 Rich Rule dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter a rich rule. True 0 0 False False 0 False start For host or network allow or denylisting deactivate the element. True 0 0 False False 1 True False 6 6 6 True False end Source: 1 0 7 True False end Destination: 1 0 9 Log: True True False end 1 True 0 11 Audit: True True False end 1 True 0 13 True False start ipv4 and ipv6 ipv4 ipv6 1 0 True False True 3 True False IP MAC ipset False True 0 True True False True True False 4 True False 0 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 True True 1 inverted True True False start 0.5 True False True 2 1 7 True False True 3 True True False True True False 4 True False 0 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 True True 0 inverted True True False start 0.5 True False True 1 1 9 True False True vertical 3 True False 5 True False start start accept reject drop mark False True 0 True False vertical 3 True False To enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' (not both). True 6 with Type: True True False 0.5 True True False True 0 True True start True True 1 False True 0 True False True 6 True True False True True False 4 True False 0 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 True True 0 False True 1 False True 1 True True 0 True False 3 With limit: True True False end 0.5 True True False True 0 True False 3 True True 8 ◠8 False True 0 True False / False True 2 True False second minute hour day False True 3 False True 1 False True 1 1 5 True False True 6 3 True False end Prefix: 1 0 0 True False end Level: 1 0 1 True True True 29 • True 29 1 0 True False start emergency alert critical error warning notice info debug 1 1 True False 3 With limit: True True False end 0.5 True False True 0 True False 3 True True 8 ◠8 False True 0 True False / False True 2 True False second minute hour day False True 3 False True 1 0 2 2 1 11 True False True 3 With limit: True True False end 0.5 True False True 0 True False 3 True True 8 ◠8 False True 0 True False / False True 2 True False second minute hour day False True 3 False True 1 1 13 True False True 6 True False start service port protocol icmp-block icmp-type forward-port source-port masquerade False True 0 True True False True start True False 4 True False 0 0 True True 0 True False vertical False True 1 True False gtk-properties 1 False True 2 True True 1 1 3 True False end Family: 1 0 0 Element: True True False end 1 True 0 3 True False 0 2 2 True False 0 4 2 True False 0 6 2 True False 0 8 2 True False 0 10 2 True False 0 12 2 Action: True True False end 1 True 0 5 True False Priority: 1 0 1 True True number rich_rule_priority_adjustment True 1 1 False True 2 True True 1 richRuleDialogCancelButton richRuleDialogOkButton False 5 Base Service Settings dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please configure base service settings: True 0 0 False False 0 False start Bold entries are mandatory, all others are optional. True 0 0 False False 1 True False True True 6 6 6 True False Name: 1 0 0 True True • True 1 0 True True • True 1 2 250 80 True True True True in True True True True word 1 3 True False Short: 1 0 2 True False Description: 1 0 3 True False Version: 1 0 1 True True • True 1 1 False True 2 True True 1 serviceBaseDialogCancelButton serviceBaseDialogOkButton 300 False 5 Service True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please select a service. True 0 0 False False 0 True True 6 in True True True True 1 True True 1 serviceDialogCancelButton serviceDialogOkButton False 5 Source True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter a source. True 0 0 False False 0 True False True 6 3 True False IP MAC ipset False True 0 True True False True True False 4 True False 0 0 True True 0 True False vertical False True 1 True False gtk-network 1 False True 2 True True 1 False True 1 True True 1 sourceDialogCancelButton sourceDialogOkButton False 5 User ID True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter the user id. True 0 0 False False 0 True False 6 vertical True True start 5 • True 5 5 False True 0 False True 1 True True 1 uidDialogCancelButton uidDialogOkButton False 5 User name True dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please enter the user name. True 0 0 False False 0 True False 6 vertical True True True 256 • True 20 False True 0 False True 1 True True 1 userDialogCancelButton userDialogOkButton False popup popup-menu True False 0 in True False 6 vertical 6 True False label False True 0 200 50 True False True True 1 True True True center gtk-quit True True True True True True False True 0 False True end 2 False 5 Base Zone Settings dialog False vertical 2 False end gtk-cancel True True True True True False True 0 gtk-ok True True True True True True False True 1 False True end 0 True False 6 vertical 6 False start Please configure base zone settings: True 0 0 False False 0 False start Bold entries are mandatory, all others are optional. True 0 0 False False 1 True False True True 6 6 6 True True True • True 1 1 True True True • True 1 2 250 80 True True True True in True True True True word 1 3 Default Target True True False start 0.5 True 1 4 True False start True ACCEPT DROP REJECT 1 5 True False Name: 1 0 0 True True start True 17 • True 17 17 1 0 True False Version: 1 0 1 True False Short: 1 0 2 True False Description: 1 0 3 True False Target: 1 0 4 True False middle 1 0 5 False True 2 True True 1 zoneBaseDialogCancelButton zoneBaseDialogOkButton firewalld-1.1.1/src/gtk3_chooserbutton.py0000755000000000000000000001243214217342322020455 0ustar00rootroot00000000000000#!/usr/bin/python -Es # -*- coding: utf-8 -*- # # Copyright (C) 2008,2012 Red Hat, Inc. # # Authors: # Thomas Woerner # Florian Festi # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import gi gi.require_version('Gtk', '3.0') from gi.repository import Gtk class ChooserButton(object): def __init__(self, button, default_label=""): self.button = button self.default_label = default_label self.label = None self._menu = None self._icon = None children = self.button.get_children() if len(children) == 1 and isinstance(children[0], (Gtk.HBox, Gtk.Box)): children = children[0].get_children() for child in children: if isinstance(child, Gtk.Label): self.label = child break else: for child in list(button.get_children()): button.remove(child) hbox = Gtk.HBox() self.label = Gtk.Label() arrow = Gtk.Arrow(arrow_type=Gtk.ArrowType.DOWN, shadow_type=Gtk.ShadowType.IN) hbox.set_spacing(2) hbox.pack_start(self.label, True, True, 0) hbox.pack_end(arrow, False, False, 0) button.add(hbox) if not self.label: raise ValueError("%s is not a ChooserButton" % button.get_name()) self.connect("clicked", self._show_menu) self.reset() def set_sensitive(self, value): self.button.set_sensitive(value) def get_sensitive(self): return self.button.get_sensitive() def is_sensitive(self): return self.button.is_sensitive() def connect(self, _type, *args): return self.button.connect(_type, *args) def disconnect(self, *args): self.button.disconnect(*args) def get_text(self): return self.text def set_text(self, text): if not text or len(text) < 1: self.reset() self.text = text self.label.set_text(self.text) def set_stock_icon(self, name, size=Gtk.IconSize.MENU): if self._icon is None: self._icon = Gtk.Image() hbox = self.button.get_child() hbox.pack_start(self._icon, True, True, 0) hbox.reorder_child(self._icon, 0) self._icon.set_from_stock(name, size) def reset(self): self.text = None self.label.set_text(self.default_label) def set_menu(self, menu): self._menu = menu if menu: menu.attach_to_widget(self.button, self._detach_menu) def get_menu(self): return self._menu def _detach_menu(self): self._menu = None def _show_menu(self, *dummy): if not self._menu: return self._menu.popup(None, None, self._menu_position_func, 0, 0, 0) def _menu_position_func(self, menu, dummy): allocation = self.button.get_allocation() req = menu.size_request() menu_width = req.width menu_height = req.height if menu_width != allocation.width: menu.set_size_request(-1, -1) req = menu.size_request() if req.width > allocation.width: menu.set_size_request(req.width, req.height) else: menu.set_size_request(allocation.width, -1) (x, y) = self.button.get_parent_window().get_origin()[1:] x += allocation.x y += allocation.y + allocation.height root = self.button.get_root_window() (dummy, dummy, dummy, root_height) = root.get_geometry() if y + menu_height > root_height: y -= menu_height + allocation.height return (x, y, True) class ToolChooserButton(object): def __init__(self, button, default_label=''): self.button = button self.default_label = default_label self._menu = None self._icon = None self.reset() self.set_sensitive = self.button.set_sensitive def get_text(self): return self.text def set_text(self, text): if not text or len(text) < 1: self.reset() self.text = text self.button.set_label(text) def set_stock_icon(self, name, size=Gtk.IconSize.BUTTON): if self._icon is None: self._icon = Gtk.Image() self.button.set_icon_widget(self._icon) self._icon.set_from_stock(name, size) def reset(self): self.text = None self.button.set_label(self.default_label) def set_menu(self, menu): self._menu = menu self.button.set_menu(menu) def get_menu(self): return self._menu def _detach_menu(self): self._menu = None firewalld-1.1.1/src/gtk3_niceexpander.py0000644000000000000000000000576314217342322020232 0ustar00rootroot00000000000000#!/usr/bin/python -Es # -*- coding: utf-8 -*- # # Copyright (C) 2016 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # class NiceExpander(object): def __init__(self, expanded_button, unexpanded_button, paned, child): self.expanded_button = expanded_button self.unexpanded_button = unexpanded_button self.paned = paned self.child = child self.sensitive = True self.expanded = False self.callback = { } self.parent = self.expanded_button.get_parent() self.expanded_button.connect("clicked", self.expand_cb) self.unexpanded_button.connect("clicked", self.unexpand_cb) self.set_expanded(True) def expand_cb(self, *args): self.expanded = False self.expanded_button.hide() self.unexpanded_button.show() self.child.hide() width = self.unexpanded_button.get_allocated_width() width += self.parent.get_border_width()*2 self.paned.set_position(width) self.call_notify_expanded() def unexpand_cb(self, *args): self.expanded = True self.expanded_button.show() self.unexpanded_button.hide() self.child.show() width = self.expanded_button.get_allocated_width() width += self.parent.get_border_width()*2 self.paned.set_position(width) self.call_notify_expanded() def set_expanded(self, flag): self.expanded = flag if flag: self.unexpand_cb() else: self.expand_cb() def get_expanded(self): return self.expanded def connect(self, name, callback, *args): if name == "notify::expanded": self.callback[name] = (callback, args) else: raise ValueError("Unknown callback name '%s'" % name) def call_notify_expanded(self): name = "notify::expanded" if name in self.callback: cb = self.callback[name] try: cb[0](*cb[1]) except Exception as msg: print(msg) def set_sensitive(self, value): self.expanded_button.set_sensitive(value) self.unexpanded_button.set_sensitive(value) self.child.set_sensitive(value) def get_sensitive(self): return self.expanded_button.get_sensitive() def is_sensitive(self): return self.expanded_button.is_sensitive() firewalld-1.1.1/src/Makefile.in0000644000000000000000000007500214217352322016322 0ustar00rootroot00000000000000# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(dist_bin_SCRIPTS) \ $(dist_sbin_SCRIPTS) $(dist_glade_DATA) $(dist_gtkextra_DATA) \ $(nobase_dist_python_DATA) $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = firewall-applet firewall-cmd firewall-offline-cmd \ firewall-config firewalld CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \ "$(DESTDIR)$(gladedir)" "$(DESTDIR)$(gtkextradir)" \ "$(DESTDIR)$(pythondir)" SCRIPTS = $(dist_bin_SCRIPTS) $(dist_sbin_SCRIPTS) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac DATA = $(dist_glade_DATA) $(dist_gtkextra_DATA) \ $(nobase_dist_python_DATA) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ distdir distdir-am am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/firewall-applet.in \ $(srcdir)/firewall-cmd.in $(srcdir)/firewall-config.in \ $(srcdir)/firewall-offline-cmd.in $(srcdir)/firewalld.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = icons tests dist_bin_SCRIPTS_in = firewall-applet.in firewall-cmd.in firewall-offline-cmd.in firewall-config.in dist_sbin_SCRIPTS_in = firewalld.in dist_bin_SCRIPTS = $(dist_bin_SCRIPTS_in:.in=) dist_sbin_SCRIPTS = $(dist_sbin_SCRIPTS_in:.in=) gladedir = $(pkgdatadir) dist_glade_DATA = firewall-config.glade gtkextradir = $(pkgdatadir) dist_gtkextra_DATA = gtk3_chooserbutton.py gtk3_niceexpander.py nobase_dist_python_DATA = \ firewall/client.py \ firewall/command.py \ firewall/config/dbus.py \ firewall/config/__init__.py \ firewall/core/base.py \ firewall/core/ebtables.py \ firewall/core/fw_config.py \ firewall/core/fw_direct.py \ firewall/core/fw_helper.py \ firewall/core/fw_icmptype.py \ firewall/core/fw_ifcfg.py \ firewall/core/fw_ipset.py \ firewall/core/fw_nm.py \ firewall/core/fw_policies.py \ firewall/core/fw_policy.py \ firewall/core/fw.py \ firewall/core/fw_service.py \ firewall/core/fw_transaction.py \ firewall/core/fw_zone.py \ firewall/core/helper.py \ firewall/core/icmp.py \ firewall/core/__init__.py \ firewall/core/io/direct.py \ firewall/core/io/firewalld_conf.py \ firewall/core/io/functions.py \ firewall/core/io/helper.py \ firewall/core/io/icmptype.py \ firewall/core/io/ifcfg.py \ firewall/core/io/__init__.py \ firewall/core/io/io_object.py \ firewall/core/io/ipset.py \ firewall/core/io/lockdown_whitelist.py \ firewall/core/io/policy.py \ firewall/core/io/service.py \ firewall/core/io/zone.py \ firewall/core/ipset.py \ firewall/core/ipXtables.py \ firewall/core/logger.py \ firewall/core/modules.py \ firewall/core/nftables.py \ firewall/core/prog.py \ firewall/core/rich.py \ firewall/core/watcher.py \ firewall/dbus_utils.py \ firewall/errors.py \ firewall/functions.py \ firewall/fw_types.py \ firewall/__init__.py \ firewall/server/config_helper.py \ firewall/server/config_icmptype.py \ firewall/server/config_ipset.py \ firewall/server/config.py \ firewall/server/config_service.py \ firewall/server/config_zone.py \ firewall/server/config_policy.py \ firewall/server/dbus.py \ firewall/server/decorators.py \ firewall/server/firewalld.py \ firewall/server/__init__.py \ firewall/server/server.py EXTRA_DIST = \ firewall/config/__init__.py.in \ $(dist_bin_SCRIPTS_in) $(dist_sbin_SCRIPTS_in) CLEANFILES = *~ *\# .\#* *.py? FLAKE8_IGNORE = E121,E122,E123,E124,E126,E127,E128,E201,E202,E203,E211,E221,E222,E225,E226,E231,E241,E251,E261,E262,E265,E266,W291,W293,E301,E302,E303,E305,E306,W391,E402,E501,E502,W503,W504,E722,E741 all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): firewall-applet: $(top_builddir)/config.status $(srcdir)/firewall-applet.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ firewall-cmd: $(top_builddir)/config.status $(srcdir)/firewall-cmd.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ firewall-offline-cmd: $(top_builddir)/config.status $(srcdir)/firewall-offline-cmd.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ firewall-config: $(top_builddir)/config.status $(srcdir)/firewall-config.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ firewalld: $(top_builddir)/config.status $(srcdir)/firewalld.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-dist_binSCRIPTS: $(dist_bin_SCRIPTS) @$(NORMAL_INSTALL) @list='$(dist_bin_SCRIPTS)'; test -n "$(bindir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n' \ -e 'h;s|.*|.|' \ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) { files[d] = files[d] " " $$1; \ if (++n[d] == $(am__install_max)) { \ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ else { print "f", d "/" $$4, $$1 } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ } \ ; done uninstall-dist_binSCRIPTS: @$(NORMAL_UNINSTALL) @list='$(dist_bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 's,.*/,,;$(transform)'`; \ dir='$(DESTDIR)$(bindir)'; $(am__uninstall_files_from_dir) install-dist_sbinSCRIPTS: $(dist_sbin_SCRIPTS) @$(NORMAL_INSTALL) @list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n' \ -e 'h;s|.*|.|' \ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) { files[d] = files[d] " " $$1; \ if (++n[d] == $(am__install_max)) { \ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ else { print "f", d "/" $$4, $$1 } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ } \ ; done uninstall-dist_sbinSCRIPTS: @$(NORMAL_UNINSTALL) @list='$(dist_sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 's,.*/,,;$(transform)'`; \ dir='$(DESTDIR)$(sbindir)'; $(am__uninstall_files_from_dir) install-dist_gladeDATA: $(dist_glade_DATA) @$(NORMAL_INSTALL) @list='$(dist_glade_DATA)'; test -n "$(gladedir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(gladedir)'"; \ $(MKDIR_P) "$(DESTDIR)$(gladedir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(gladedir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(gladedir)" || exit $$?; \ done uninstall-dist_gladeDATA: @$(NORMAL_UNINSTALL) @list='$(dist_glade_DATA)'; test -n "$(gladedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(gladedir)'; $(am__uninstall_files_from_dir) install-dist_gtkextraDATA: $(dist_gtkextra_DATA) @$(NORMAL_INSTALL) @list='$(dist_gtkextra_DATA)'; test -n "$(gtkextradir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(gtkextradir)'"; \ $(MKDIR_P) "$(DESTDIR)$(gtkextradir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(gtkextradir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(gtkextradir)" || exit $$?; \ done uninstall-dist_gtkextraDATA: @$(NORMAL_UNINSTALL) @list='$(dist_gtkextra_DATA)'; test -n "$(gtkextradir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(gtkextradir)'; $(am__uninstall_files_from_dir) install-nobase_dist_pythonDATA: $(nobase_dist_python_DATA) @$(NORMAL_INSTALL) @list='$(nobase_dist_python_DATA)'; test -n "$(pythondir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(pythondir)'"; \ $(MKDIR_P) "$(DESTDIR)$(pythondir)" || exit 1; \ fi; \ $(am__nobase_list) | while read dir files; do \ xfiles=; for file in $$files; do \ if test -f "$$file"; then xfiles="$$xfiles $$file"; \ else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \ test -z "$$xfiles" || { \ test "x$$dir" = x. || { \ echo " $(MKDIR_P) '$(DESTDIR)$(pythondir)/$$dir'"; \ $(MKDIR_P) "$(DESTDIR)$(pythondir)/$$dir"; }; \ echo " $(INSTALL_DATA) $$xfiles '$(DESTDIR)$(pythondir)/$$dir'"; \ $(INSTALL_DATA) $$xfiles "$(DESTDIR)$(pythondir)/$$dir" || exit $$?; }; \ done uninstall-nobase_dist_pythonDATA: @$(NORMAL_UNINSTALL) @list='$(nobase_dist_python_DATA)'; test -n "$(pythondir)" || list=; \ $(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \ dir='$(DESTDIR)$(pythondir)'; $(am__uninstall_files_from_dir) # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-local check: check-recursive all-am: Makefile $(SCRIPTS) $(DATA) installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(gladedir)" "$(DESTDIR)$(gtkextradir)" "$(DESTDIR)$(pythondir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dist_gladeDATA install-dist_gtkextraDATA \ install-nobase_dist_pythonDATA install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-dist_binSCRIPTS install-dist_sbinSCRIPTS install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-dist_binSCRIPTS uninstall-dist_gladeDATA \ uninstall-dist_gtkextraDATA uninstall-dist_sbinSCRIPTS \ uninstall-nobase_dist_pythonDATA .MAKE: $(am__recursive_targets) check-am install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ check-am check-local clean clean-generic cscopelist-am ctags \ ctags-am distclean distclean-generic distclean-tags distdir \ dvi dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dist_binSCRIPTS \ install-dist_gladeDATA install-dist_gtkextraDATA \ install-dist_sbinSCRIPTS install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man \ install-nobase_dist_pythonDATA install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-dist_binSCRIPTS uninstall-dist_gladeDATA \ uninstall-dist_gtkextraDATA uninstall-dist_sbinSCRIPTS \ uninstall-nobase_dist_pythonDATA .PRECIOUS: Makefile check-local: find . -name '*.py' -or -name '*.py.in' |xargs flake8 --ignore="$(FLAKE8_IGNORE)" flake8 --ignore="$(FLAKE8_IGNORE)" $(dist_bin_SCRIPTS_in) $(dist_sbin_SCRIPTS_in) @echo @for file in $(filter-out $(EXTRA_DIST:.in=),$(nobase_dist_python_DATA) $(dist_bin_SCRIPTS_in) $(dist_sbin_SCRIPTS_in)); do \ if ! grep "$${file}" ${top_srcdir}/po/POTFILES.in > /dev/null; then \ echo "$${file} should be in ${abs_top_srcdir}/po/POTFILES.in"; \ exit 1; \ fi; \ done # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-1.1.1/src/firewall-applet.in0000755000000000000000000012003514217342322017674 0ustar00rootroot00000000000000#!@PYTHON@ # -*- coding: utf-8 -*- # # Copyright (C) 2010-2015 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import sys from PyQt5 import QtGui, QtCore, QtWidgets import gi gi.require_version('Notify', '0.7') from gi.repository import Notify import os from dbus.mainloop.pyqt5 import DBusQtMainLoop import functools from firewall import config from firewall.core.fw_nm import nm_is_imported, nm_get_zone_of_connection, \ nm_set_zone_of_connection, \ nm_get_dbus_interface, \ nm_get_connections from firewall.core.watcher import Watcher from firewall.client import FirewallClient import dbus import signal import gettext gettext.textdomain(config.DOMAIN) _ = gettext.gettext PATH = [ ] for p in os.getenv("PATH").split(":"): if p not in PATH: PATH.append(p) def search_app(app): for p in PATH: _app = "%s/%s" % (p, app) if os.path.exists(_app): return _app return None NM_CONNECTION_EDITOR = "" for binary in [ "/usr/bin/nm-connection-editor", "/bin/nm-connection-editor", "/usr/bin/kde5-nm-connection-editor", "/bin/kde5-nm-connection-editor", "/usr/bin/kde-nm-connection-editor", "/bin/kde-nm-connection-editor" ]: if os.path.exists(binary): NM_CONNECTION_EDITOR = binary break def escape(text): text = text.replace('&', '&') text = text.replace('>', '>') text = text.replace('<', '<') return text # ZoneInterfaceEditor ######################################################### class ZoneInterfaceEditor(QtWidgets.QDialog): def __init__(self, fw, interface, zone): self.fw = fw self.interface = interface self.zone = None self.title = _("Select zone for interface '%s'") % self.interface QtWidgets.QDialog.__init__(self) self.create_ui(zone) def create_ui(self, zone): self.setWindowTitle(escape(self.title)) self.rejected.connect(self.hide) self.resize(100, 50) vbox = QtWidgets.QVBoxLayout() vbox.setSpacing(6) label = QtWidgets.QLabel(escape(self.title)) vbox.addWidget(label) self.combo = QtWidgets.QComboBox() self.fill_zone_combo() vbox.addWidget(self.combo) buttonBox = QtWidgets.QDialogButtonBox(QtWidgets.QDialogButtonBox.Ok | QtWidgets.QDialogButtonBox.Cancel) self.ok_button = buttonBox.button(QtWidgets.QDialogButtonBox.Ok) buttonBox.accepted.connect(self.ok) buttonBox.rejected.connect(self.hide) vbox.addWidget(buttonBox) self.ok_button.setDisabled(True) self.combo.activated.connect(self.combo_changed) self.setLayout(vbox) self.set_zone(zone) def combo_changed(self): self.ok_button.setDisabled(self.get_zone() == self.zone) def set_zone(self, zone): self.zone = zone if zone == "": self.combo.setCurrentIndex(self.combo.findText( escape(_("Default Zone")))) else: self.combo.setCurrentIndex(self.combo.findText(self.zone)) self.combo_changed() def get_zone(self): text = str(self.combo.currentText()) if text == escape(_("Default Zone")): text = "" return text def fill_zone_combo(self): self.combo.clear() self.combo.addItem(escape(_("Default Zone"))) for z in self.fw.getZones(): self.combo.addItem(z) def zones_changed(self): zone = self.get_zone() self.fill_zone_combo() self.set_zone(zone) def ok(self): self.fw.changeZoneOfInterface(self.get_zone(), self.interface) self.hide() # ZoneConnectionEditor ######################################################## class ZoneConnectionEditor(ZoneInterfaceEditor): def __init__(self, fw, connection, connection_name, zone): self.fw = fw self.connection = connection self.connection_name = connection_name self.zone = None self.title = _("Select zone for connection '%s'") % self.connection_name QtWidgets.QDialog.__init__(self) self.create_ui(zone) def ok(self): # apply changes try: nm_set_zone_of_connection(self.get_zone(), self.connection) except Exception: text = _("Failed to set zone {zone} for connection {connection_name}") QtWidgets.QMessageBox.warning(None, escape(self.title), escape(text.format( zone=self.get_zone(), connection_name=self.connection_name))) self.hide() # ZoneSourceEditor ############################################################ class ZoneSourceEditor(ZoneInterfaceEditor): def __init__(self, fw, source, zone): self.fw = fw self.source = source self.zone = None self.title = _("Select zone for source '%s'") % self.source QtWidgets.QDialog.__init__(self) self.create_ui(zone) def ok(self): self.fw.changeZoneOfSource(self.get_zone(), self.source) self.hide() # ShieldsEditor ######################################################### class ShieldsEditor(QtWidgets.QDialog): def __init__(self, fw, settings, shields_up, shields_down): self.fw = fw self.settings = settings self.shields_up = shields_up self.shields_down = shields_down self.title = _("Configure Shields Up/Down Zones") QtWidgets.QDialog.__init__(self) self.create_ui() def create_ui(self): self.setWindowTitle(escape(self.title)) self.rejected.connect(self.hide) vbox = QtWidgets.QVBoxLayout() vbox.setSpacing(6) label = QtWidgets.QLabel(escape( _("Here you can select the zones used for Shields Up and " "Shields Down."))) label.setWordWrap(True) vbox.addWidget(label) label = QtWidgets.QLabel(escape( _("This feature is useful for people using the default zones " "mostly. For users, that are changing zones of connections, it " "might be of limited use."))) label.setWordWrap(True) vbox.addWidget(label) grid = QtWidgets.QGridLayout() grid.setSpacing(6) label = QtWidgets.QLabel(escape(_("Shields Up Zone:"))) label.setWordWrap(True) grid.addWidget(label, 0, 0, 1, 1) self.shields_up_combo = QtWidgets.QComboBox() #self.fill_combo(self.shields_up_combo) #self.set_shields_up(self.shields_up) grid.addWidget(self.shields_up_combo, 0, 1, 1, 1) button = QtWidgets.QPushButton(_("Reset To Default")) button.clicked.connect(self.reset_shields_up) grid.addWidget(button, 0, 2, 1, 1) label = QtWidgets.QLabel(escape(_("Shields Down Zone:"))) label.setWordWrap(True) grid.addWidget(label, 1, 0, 1, 1) self.shields_down_combo = QtWidgets.QComboBox() #self.fill_combo(self.shields_down_combo) #self.set_shields_down(self.shields_down) grid.addWidget(self.shields_down_combo, 1, 1, 1, 1) button = QtWidgets.QPushButton(_("Reset To Default")) button.clicked.connect(self.reset_shields_down) grid.addWidget(button, 1, 2, 1, 1) vbox.addLayout(grid) buttonBox = QtWidgets.QDialogButtonBox(QtWidgets.QDialogButtonBox.Ok | QtWidgets.QDialogButtonBox.Cancel) self.ok_button = buttonBox.button(QtWidgets.QDialogButtonBox.Ok) buttonBox.accepted.connect(self.ok) buttonBox.rejected.connect(self.hide) vbox.addWidget(buttonBox) self.ok_button.setDisabled(True) self.shields_up_combo.activated.connect(self.shields_combo_changed) self.shields_down_combo.activated.connect(self.shields_combo_changed) self.setLayout(vbox) def shields_combo_changed(self): self.ok_button.setDisabled( self.get_shields_up() == self.shields_up and \ self.get_shields_down() == self.shields_down) def set_shields_up(self, zone): self.shields_up = zone if self.shields_up_combo.count() > 0: self.shields_up_combo.setCurrentIndex( self.shields_up_combo.findText(self.shields_up)) self.shields_combo_changed() def set_shields_down(self, zone): self.shields_down = zone if self.shields_down_combo.count() > 0: self.shields_down_combo.setCurrentIndex( self.shields_down_combo.findText(self.shields_down)) self.shields_combo_changed() def reset_shields_up(self): self.set_shields_up(self.shields_up) # remove user key to get fallback again self.settings.remove("shields-up") def reset_shields_down(self): self.set_shields_down(self.shields_down) # remove user key to get fallback again self.settings.remove("shields-down") def get_shields_up(self): return str(self.shields_up_combo.currentText()) def get_shields_down(self): return str(self.shields_down_combo.currentText()) def zones_changed(self): up_zone = self.shields_up if self.get_shields_up(): up_zone = self.get_shields_up() down_zone = self.shields_down if self.get_shields_down(): down_zone = self.get_shields_down() for z in self.fw.getZones(): self.shields_up_combo.addItem(z) self.shields_down_combo.addItem(z) self.set_shields_up(up_zone) self.set_shields_down(down_zone) def ok(self): if self.shields_up != self.get_shields_up(): self.settings.setValue("shields-up", self.get_shields_up()) if self.shields_down != self.get_shields_down(): self.settings.setValue("shields-down", self.get_shields_down()) self.settings.sync() self.hide() # AboutDialog ################################################################# class AboutDialog(QtWidgets.QDialog): def __init__(self, name, icon, version, url, copyright, authors, license): QtWidgets.QDialog.__init__(self) self.setWindowIcon(icon) self.setWindowTitle(escape(_("About %s" % name))) self.resize(500, 250) vbox = QtWidgets.QVBoxLayout() vbox.setSpacing(6) hbox = QtWidgets.QHBoxLayout() hbox.setSpacing(24) label = QtWidgets.QLabel() label.setPixmap(icon.pixmap(96)) label.setMinimumSize(96, 96) label.setMaximumSize(96, 96) hbox.addWidget(label) vbox2 = QtWidgets.QVBoxLayout() vbox2.setSpacing(3) label = QtWidgets.QLabel(name) font = label.font() font.setPointSize(font.pointSize()*2) font.setBold(True) label.setFont(font) vbox2.addWidget(label) vbox2.addWidget(QtWidgets.QLabel(version)) label = QtWidgets.QLabel("%s" % (url, url)) label.setTextFormat(QtCore.Qt.RichText) label.setTextInteractionFlags(QtCore.Qt.TextBrowserInteraction) label.setOpenExternalLinks(True) vbox2.addWidget(label) vbox2.addWidget(QtWidgets.QLabel(copyright)) hbox.addLayout(vbox2) vbox.addLayout(hbox) tabs = QtWidgets.QTabWidget() tabs.setStyleSheet("QTabWidget::tab { padding: 1px 1px 1px 1px; }") tab = QtWidgets.QWidget() vbox3 = QtWidgets.QVBoxLayout() textedit = QtWidgets.QPlainTextEdit() #textedit.setStyleSheet("QPlainTextEdit { border: 0; padding: 0; }") textedit.setReadOnly(True) textedit.setPlainText("\n".join(authors)) vbox3.addWidget(textedit) tab.setLayout(vbox3) tabs.addTab(tab, escape(_("Authors"))) tab = QtWidgets.QWidget() vbox3 = QtWidgets.QVBoxLayout() textedit = QtWidgets.QPlainTextEdit() #textedit.setStyleSheet("QPlainTextEdit { border: 0; padding: 0; }") textedit.setReadOnly(True) textedit.setPlainText(license) vbox3.addWidget(textedit) tab.setLayout(vbox3) tabs.addTab(tab, escape(_("License"))) vbox.addWidget(tabs) buttonBox = QtWidgets.QDialogButtonBox(QtWidgets.QDialogButtonBox.Close) buttonBox.rejected.connect(self.hide) vbox.addWidget(buttonBox) self.setLayout(vbox) # TrayApplet ################################################################## class TrayApplet(QtWidgets.QSystemTrayIcon): def __init__(self): super(TrayApplet, self).__init__() self.name = _("Firewall Applet") self.prog = "firewall-applet" self.icon_name = "firewall-applet" self.icons = { "normal": QtGui.QIcon.fromTheme(self.icon_name), "error": QtGui.QIcon.fromTheme(self.icon_name+"-error"), "panic": QtGui.QIcon.fromTheme(self.icon_name+"-panic"), "normal-shields_up": QtGui.QIcon.fromTheme(self.icon_name+"-shields_up"), "normal-shields_down": QtGui.QIcon.fromTheme(self.icon_name+"-shields_down"), } self.timer = None self.mode = None self.blink = False self.blink_count = 0 self._blink = False self._blink_count = 0 self.show_inactive = False self.tooltip_messages = [ ] self.active_zones = { } self.connections = { } self.connections_name = { } self.default_zone = None self.zone_connection_editors = { } self.zone_interface_editors = { } self.zone_source_editors = { } # settings self.settings = QtCore.QSettings("firewall", "applet") # file system watcher self.watcher = Watcher(self.load_settings, 2) self.watcher.add_watch_file("/etc/firewall/applet.conf") self.watcher.add_watch_file(str(self.settings.fileName())) # about dialog self.about_dialog = AboutDialog(self.name, self.icons["normal"], config.VERSION, config.WEBSITE, config.COPYRIGHT, config.AUTHORS, config.LICENSE) # urgencies self.urgencies = { "noicon": QtWidgets.QSystemTrayIcon.NoIcon, "information": QtWidgets.QSystemTrayIcon.Information, "warning": QtWidgets.QSystemTrayIcon.Warning, "critical": QtWidgets.QSystemTrayIcon.Critical } # actions self.shieldsupAction = QtWidgets.QAction(escape(_("Shields Up")), self) self.shieldsupAction.setCheckable(True) self.shieldsupAction.setChecked(False) self.shieldsupAction.triggered.connect(self.shieldsup_changed_cb) self.notificationsAction = QtWidgets.QAction( escape(_("Enable Notifications")), self) self.notificationsAction.setCheckable(True) self.notificationsAction.setChecked(False) self.notificationsAction.triggered.connect(self.notification_changed_cb) self.settingsAction = QtWidgets.QAction( escape(_("Edit Firewall Settings...")), self) self.settingsAction.triggered.connect(self.configure_cb) self.changeZonesAction = QtWidgets.QAction( escape(_("Change Zones of Connections...")), self) self.changeZonesAction.triggered.connect(self.nm_connection_editor) self.shieldsAction = QtWidgets.QAction( escape(_("Configure Shields UP/Down Zones...")), self) self.shieldsAction.triggered.connect(self.configure_shields) self.panicAction = QtWidgets.QAction( escape(_("Block all network traffic")), self) self.panicAction.setCheckable(True) self.panicAction.setChecked(False) self.panicAction.triggered.connect(self.panic_mode_cb) self.aboutAction = QtWidgets.QAction(escape(_("About")), self) self.aboutAction.triggered.connect(self.about_dialog.exec_) #self.quitAction = QtWidgets.QAction(escape(_("Quit")), self, # triggered=self.quit) self.connectionsAction = QtWidgets.QWidgetAction(self) self.connectionsAction.setDefaultWidget(QtWidgets.QLabel( ""+escape(_("Connections"))+" ")) self.interfacesAction = QtWidgets.QWidgetAction(self) self.interfacesAction.setDefaultWidget(QtWidgets.QLabel( ""+escape(_("Interfaces"))+" ")) self.sourcesAction = QtWidgets.QWidgetAction(self) self.sourcesAction.setDefaultWidget(QtWidgets.QLabel( ""+escape(_("Sources"))+" ")) # init self.left_menu = QtWidgets.QMenu() self.left_menu.setStyleSheet('QMenu { margin: 5px; }') self.right_menu = QtWidgets.QMenu() self.right_menu.addAction(self.shieldsupAction) self.right_menu.addAction(self.notificationsAction) self.right_menu.addSeparator() self.right_menu.addAction(self.settingsAction) self.right_menu.addAction(self.changeZonesAction) self.right_menu.addAction(self.shieldsAction) self.right_menu.addSeparator() self.right_menu.addAction(self.panicAction) self.right_menu.addSeparator() self.right_menu.addAction(self.aboutAction) #self.right_menu.addSeparator() #self.right_menu.addAction(self.quitAction) self.setContextMenu(self.right_menu) self.activated.connect(self.activated_cb) self.set_mode("error") self.set_icon() self.setVisible(self.show_inactive) # init notification Notify.init(self.prog) # connect to firewalld DBusQtMainLoop(set_as_default=True) self.bus = dbus.SystemBus() if nm_is_imported(): self.bus.add_signal_receiver( self.nm_signal_receiver, dbus_interface=nm_get_dbus_interface(), signal_name='PropertiesChanged', member_keyword='member') self.nm_signal_receiver() self.fw = FirewallClient(self.bus, wait=1) self.fw.setExceptionHandler(self._exception_handler) self.fw.connect("connection-established", self.connection_established) self.fw.connect("connection-lost", self.connection_lost) self.fw.connect("reloaded", self.reloaded), self.fw.connect("default-zone-changed", self.default_zone_changed) self.fw.connect("panic-mode-enabled", self.panic_mode_enabled) self.fw.connect("panic-mode-disabled", self.panic_mode_disabled) self.fw.connect("interface-added", self.interface_added) self.fw.connect("interface-removed", self.interface_removed) self.fw.connect("zone-of-interface-changed", self.zone_of_interface_changed) self.fw.connect("source-added", self.source_added) self.fw.connect("source-removed", self.source_removed) self.fw.connect("zone-of-source-changed", self.zone_of_source_changed) self.shields_editor = ShieldsEditor(self.fw, self.settings, None, None) self.load_settings() def _exception_handler(self, exception_message): if "NotAuthorizedException" in exception_message: self.error(escape(_("Authorization failed."))) elif "INVALID_NAME" in exception_message: msg = exception_message.replace("INVALID_NAME", _("Invalid name")) self.warning(escape(msg)) elif "NAME_CONFLICT" in exception_message: msg = exception_message.replace("NAME_CONFLICT", _("Name already exists")) self.warning(escape(msg)) elif "NO_DEFAULTS" in exception_message: pass else: self.error(exception_message) def quit(self): sys.exit(1) def set_icon(self, mode=None): if mode is not None: self.setIcon(self.icons[mode]) elif self.mode != "normal": self.setIcon(self.icons[self.mode]) elif self.default_zone == self.shields_up: self.setIcon(self.icons["normal-shields_up"]) else: self.setIcon(self.icons["normal-shields_down"]) def load_settings(self, name=None): self.settings.sync() notifications = self.settings.value("notifications", False, type=bool) self.notificationsAction.setChecked(notifications) self.show_inactive = self.settings.value("show-inactive", False, type=bool) self.blink = self.settings.value("blink", False, type=bool) self.blink_count = self.settings.value("blink-count", 5, type=int) self.shields_up = self.settings.value("shields-up", "block", type=str) if self.default_zone: self.shieldsupAction.setChecked( self.default_zone == self.shields_up) self.shields_editor.set_shields_up(self.shields_up) self.shields_down = self.settings.value("shields-down", "public", type=str) self.shields_editor.set_shields_down(self.shields_down) #print("shields-up=%s" % self.shields_up) #print("notifications=%s" % notifications) #print("blink=%s" % self.blink) #print("blink-count=%s" % self.blink_count) #print("show-inactive=%s" % self.show_inactive) if not self.fw.connected: self.setVisible(self.show_inactive) else: self.setVisible(True) def activated_cb(self, reason): if reason == QtWidgets.QSystemTrayIcon.Trigger: self.left_menu.popup(QtGui.QCursor.pos()) def update_active_zones(self): self.active_zones.clear() # remove all entries for the left menu self.left_menu.clear() # add connections entry self.left_menu.addAction(self.connectionsAction) if not self.fw.connected: return active_zones = self.fw.getActiveZones() if active_zones: self.active_zones = active_zones # get all active connections (NM) and interfaces connections = { } interfaces = { } sources = { } for zone in sorted(self.active_zones): if "interfaces" in self.active_zones[zone]: for interface in sorted(self.active_zones[zone]["interfaces"]): if interface not in self.connections: interfaces[interface] = zone if "sources" in self.active_zones[zone]: for source in sorted(self.active_zones[zone]["sources"]): sources[source] = zone # NM controlled connections for interface in self.connections: connection = self.connections[interface] if connection not in self.connections_name: connection_name = None else: connection_name = self.connections_name[connection] zone = nm_get_zone_of_connection(connection) connections[connection] = [ zone, connection_name ] binding = _("{entry} (Zone: {zone})") # add NM controlled bindings for connection in sorted(connections): zone = connections[connection][0] connection_name = connections[connection][1] if zone == "": _binding = _("{entry} (Default Zone: {default_zone})") action = QtWidgets.QAction( escape( _binding.format(default_zone=self.default_zone, entry=connection_name)), self) else: action = QtWidgets.QAction( escape(binding.format(zone=zone, entry=connection_name)), self) action.triggered.connect(functools.partial( self.zone_connection_editor, connection, connection_name, zone)) self.left_menu.addAction(action) # add interfaces entry self.left_menu.addAction(self.interfacesAction) # add other interfaces for interface in sorted(interfaces): zone = interfaces[interface] action = QtWidgets.QAction( escape(binding.format(zone=zone, entry=interface)), self) action.triggered.connect(functools.partial( self.zone_interface_editor, interface, zone)) self.left_menu.addAction(action) # add interfaces entry self.left_menu.addAction(self.sourcesAction) for source in sorted(sources): zone = sources[source] action = QtWidgets.QAction( escape(binding.format(zone=zone, entry=source)), self) action.triggered.connect(functools.partial( self.zone_source_editor, source, zone)) self.left_menu.addAction(action) def zone_interface_editor(self, interface, zone): if interface in self.zone_interface_editors: self.zone_interface_editors[interface].set_zone(zone) self.zone_interface_editors[interface].show() return self.zone_interface_editors[interface].raise_() editor = ZoneInterfaceEditor(self.fw, interface, zone) self.zone_interface_editors[interface] = editor editor.show() editor.raise_() editor.show() def zone_connection_editor(self, connection, connection_name, zone): if connection in self.zone_connection_editors: self.zone_connection_editors[connection].set_zone(zone) self.zone_connection_editors[connection].show() return self.zone_connection_editors[connection].raise_() editor = ZoneConnectionEditor(self.fw, connection, connection_name, zone) self.zone_connection_editors[connection] = editor editor.show() editor.raise_() editor.show() def zone_source_editor(self, source, zone): if source in self.zone_source_editors: self.zone_source_editors[source].set_zone(zone) self.zone_source_editors[source].show() return self.zone_source_editors[source].raise_() editor = ZoneSourceEditor(self.fw, source, zone) self.zone_source_editors[source] = editor editor.show() editor.raise_() editor.show() def nm_signal_receiver(self, *args, **kwargs): self.connections.clear() self.connections_name.clear() # do not use NMClient could result in python core dump if nm_is_imported(): text = _("Failed to get connections from NetworkManager") try: nm_get_connections(self.connections, self.connections_name) except Exception: self.notify(escape(text), urgency=Notify.Urgency.CRITICAL) if text not in self.tooltip_messages: self.tooltip_messages.append(text) else: if text in self.tooltip_messages: self.tooltip_messages.remove(text) else: text = _("No NetworkManager imports available") self.notify(escape(text), urgency=Notify.Urgency.CRITICAL) if text not in self.tooltip_messages: self.tooltip_messages.append(text) self.update_tooltip() def notify(self, msg, urgency="noicon", timeout=5): #self.showMessage(escape(self.name), msg, self.urgencies[urgency], timeout*1000) n = Notify.Notification.new(escape(self.name), msg, self.icon_name) n.set_urgency(Notify.Urgency.NORMAL) try: n.show() except: return def shieldsup_changed_cb(self): if self.shieldsupAction.isChecked(): zone = str(self.shields_up) else: zone = str(self.shields_down) if self.fw.connected and self.default_zone != zone: try: self.fw.setDefaultZone(zone) except dbus.exceptions.DBusException as e: print("Error: %s" % e.get_dbus_message()) def notification_changed_cb(self): self.settings.setValue("notifications", self.notificationsAction.isChecked()) self.settings.sync() def __blink(self, arg=None): if self._blink_count != 0: if self._blink_count > 0 and self._blink: self._blink_count -= 1 self._blink = not self._blink if not self.timer: self.timer = QtCore.QTimer(self) self.timer.timeout.connect(self.__blink) self.timer.setInterval(1000) self.timer.start() if not self._blink: self.set_icon() else: self.set_icon("normal") def get_mode(self): return self.mode def set_mode(self, mode): if self.mode != mode: if self.timer and self.timer.isActive(): self.timer.stop() self._blink = False self.mode = mode elif self.mode == mode and self.timer: if self._blink_count == 0: self._blink_count += 1 return if mode == "normal": self.set_icon() return if self.blink: if self.blink_count != 0: self._blink = True self._blink_count = self.blink_count self.__blink() else: self.set_icon() def update_tooltip(self): if self.get_mode() == "error": self.setToolTip(_("No connection to firewall daemon")) return messages = [ ] if self.panicAction.isChecked(): messages.append(_("All network traffic is blocked.")) if self.default_zone: messages.append(_("Default Zone: '%s'") % self.default_zone) for interface in self.connections: connection = self.connections[interface] zone = nm_get_zone_of_connection(connection) if zone == "": text = _("Default Zone '{default_zone}' active for connection " "'{connection}' on interface '{interface}'") else: text = _("Zone '{zone}' active for connection " "'{connection}' on interface '{interface}'") messages.append(text.format(zone=zone, default_zone=self.default_zone, connection=connection, interface=interface)) if len(self.active_zones) > 0: for zone in sorted(self.active_zones): if "interfaces" in self.active_zones[zone]: for interface in sorted(self.active_zones[zone]["interfaces"]): if interface not in self.connections: text = _("Zone '{zone}' active for interface " "'{interface}'") connection = None messages.append(text.format(zone=zone, connection=connection, interface=interface)) if "sources" in self.active_zones[zone]: for source in sorted(self.active_zones[zone]["sources"]): text = _("Zone '{zone}' active for source {source}") connection = None messages.append(text.format(zone=zone, source=source)) else: messages.append(_("No Active Zones.")) messages.extend(self.tooltip_messages) tooltip = "\n".join(messages) self.setToolTip(tooltip) self.set_icon() def show(self): # do not automatically show the applet pass def panic_mode_cb(self): if not self.fw or not self.fw.connected: return if self.panicAction.isChecked(): self.fw.enablePanicMode() else: self.fw.disablePanicMode() self.panicAction.setChecked(not self.panicAction.isChecked()) def configure_shields(self): self.shields_editor.show() self.shields_editor.raise_() def nm_connection_editor(self, item, uuid=None): if NM_CONNECTION_EDITOR == "": self.warning("NetworkManager connection editor is missing.") return if uuid: if "kde-" in NM_CONNECTION_EDITOR: os.system("%s %s &" % (NM_CONNECTION_EDITOR, uuid)) else: os.system("%s --edit=%s &" % (NM_CONNECTION_EDITOR, uuid)) else: os.system("%s &" % NM_CONNECTION_EDITOR) def warning(self, text): QtWidgets.QMessageBox.warning(None, escape(self.name), text) def error(self, text): QtWidgets.QMessageBox.critical(None, escape(self.name), text) def configure_cb(self, widget): os.system("firewall-config &") # firewallClient signal receivers def connection_established(self, first=False): self.default_zone = self.fw.getDefaultZone() self.panicAction.setChecked(self.fw.queryPanicMode()) self.update_active_zones() self.shields_editor.zones_changed() if self.shields_up: self.shieldsupAction.setChecked( self.default_zone == self.shields_up) if self.notificationsAction.isChecked(): self.notify(escape(_("Connection to FirewallD established."))) self.setVisible(True) self.set_mode("normal") self.update_tooltip() def connection_lost(self): self.default_zone = None self.set_mode("error") self.update_active_zones() self.update_tooltip() self.panicAction.setChecked(False) if self.notificationsAction.isChecked(): self.notify(escape(_("Connection to FirewallD lost."))) self.setVisible(self.show_inactive) def reloaded(self): if self.notificationsAction.isChecked(): self.notify(escape(_("FirewallD has been reloaded."))) self.update_active_zones() self.update_tooltip() def default_zone_changed(self, zone): self.default_zone = zone if self.notificationsAction.isChecked(): self.notify(escape(_("Default zone changed to '%s'.") % zone)) if self.shields_up: self.shieldsupAction.setChecked( self.default_zone == self.shields_up) self.update_active_zones() self.update_tooltip() def _panic_mode(self, enable): self.panicAction.setChecked(enable) self.update_tooltip() if enable: self.set_mode("panic") else: self.set_mode("normal") if self.notificationsAction.isChecked(): ed = { 1: _("All network traffic is blocked."), 0: _("Network traffic is not blocked anymore.") } self.notify(escape(ed[enable])) def panic_mode_enabled(self): self._panic_mode(True) def panic_mode_disabled(self): self._panic_mode(False) def _interface(self, zone, interface, enable): self.update_active_zones() self.update_tooltip() # close dialog of removed interface if not enable: if interface in self.connections: connection = self.connections[interface] if connection in self.zone_connection_editors: self.zone_connection_editors[connection].hide() del self.zone_connection_editors[connection] elif interface in self.zone_interface_editors: self.zone_interface_editors[interface].hide() del self.zone_interface_editors[interface] # send notification if enabled if self.notificationsAction.isChecked(): ed = { 1: _("activated"), 0: _("deactivated") } if interface in self.connections: connection = self.connections[interface] zone = nm_get_zone_of_connection(connection) if zone == "": text = _("Default zone '{default_zone}' " "{activated_deactivated} for " "connection '{connection}' on " "interface '{interface}'") else: text = _("Zone '{zone}' {activated_deactivated} for " "connection '{connection}' on " "interface '{interface}'") else: connection = None text = _("Zone '{zone}' {activated_deactivated} for " "interface '{interface}'") self.notify(escape(text.format( zone=zone, default_zone=self.default_zone, activated_deactivated=ed[enable], connection=connection, interface=interface))) def interface_added(self, zone, interface): self._interface(zone, interface, True) def interface_removed(self, zone, interface): self._interface(zone, interface, False) def zone_of_interface_changed(self, zone, interface): # update zone editor if interface in self.zone_interface_editors: self.zone_interface_editors[interface].set_zone(zone) self.update_active_zones() self.update_tooltip() if self.notificationsAction.isChecked(): self.notify(escape(_("Zone '%s' activated for interface '%s'") % \ (zone, interface))) def _source(self, zone, source, enable): self.update_active_zones() self.update_tooltip() # close dialog of removed source if not enable: if source in self.zone_source_editors: self.zone_source_editors[source].hide() del self.zone_source_editors[source] # send notification if enabled if self.notificationsAction.isChecked(): ed = { 1: _("activated"), 0: _("deactivated") } text = _("Zone '{zone}' {activated_deactivated} for " "source '{source}'") self.notify(escape(text.format( zone=zone, activated_deactivated=ed[enable], source=source))) def source_added(self, zone, source): self._source(zone, source, True) def source_removed(self, zone, source): self._source(zone, source, False) def zone_of_source_changed(self, zone, source): index = source if source in self.zone_source_editors: self.zone_source_editors[source].set_zone(zone) # update zone editor if index in self.zone_interface_editors: self.zone_interface_editors[index].set_zone(zone) self.update_active_zones() self.update_tooltip() if self.notificationsAction.isChecked(): self.notify(escape(_("Zone '%s' activated for source '%s'") % \ (zone, source))) # MAIN ######################################################################## if len(sys.argv) > 1: print("""Usage: %s [options] Options: -h, --help show this help message and exit """ % sys.argv[0]) sys.exit(1) # reset SIGINT signal to default signal.signal(signal.SIGINT, signal.SIG_DFL) app = QtWidgets.QApplication(sys.argv) app.setQuitOnLastWindowClosed(False) applet = TrayApplet() applet.show() sys.exit(app.exec_()) firewalld-1.1.1/src/firewall-cmd.in0000755000000000000000000042712514217342322017164 0ustar00rootroot00000000000000#!@PYTHON@ # -*- coding: utf-8 -*- # # Copyright (C) 2009-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from gi.repository import GObject import sys sys.modules['gobject'] = GObject import argparse import os from firewall.client import FirewallClient, FirewallClientIPSetSettings, \ FirewallClientZoneSettings, FirewallClientServiceSettings, \ FirewallClientIcmpTypeSettings, FirewallClientHelperSettings, \ FirewallClientPolicySettings from firewall.errors import FirewallError from firewall import errors from firewall.functions import joinArgs, splitArgs, getPortRange from firewall.core.fw_nm import nm_is_imported, \ nm_get_connection_of_interface, nm_get_zone_of_connection, \ nm_set_zone_of_connection, nm_get_interfaces_in_zone from firewall.core.io.zone import zone_reader from firewall.core.io.policy import policy_reader from firewall.core.io.service import service_reader from firewall.core.io.ipset import ipset_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.helper import helper_reader from firewall.command import FirewallCommand def __usage(): sys.stdout.write(""" Usage: firewall-cmd [OPTIONS...] General Options -h, --help Prints a short help text and exists -V, --version Print the version string of firewalld -q, --quiet Do not print status messages Status Options --state Return and print firewalld state --reload Reload firewall and keep state information --complete-reload Reload firewall and lose state information --runtime-to-permanent Create permanent from runtime configuration --check-config Check permanent configuration for errors Log Denied Options --get-log-denied Print the log denied value --set-log-denied= Set log denied value Permanent Options --permanent Set an option permanently Usable for options marked with [P] Zone Options --get-default-zone Print default zone for connections and interfaces --set-default-zone= Set default zone --get-active-zones Print currently active zones --get-zones Print predefined zones [P] --get-services Print predefined services [P] --get-icmptypes Print predefined icmptypes [P] --get-zone-of-interface= Print name of the zone the interface is bound to [P] --get-zone-of-source=[/]||ipset: Print name of the zone the source is bound to [P] --list-all-zones List everything added for or enabled in all zones [P] --new-zone= Add a new zone [P only] --new-zone-from-file= [--name=] Add a new zone from file with optional name [P only] --delete-zone= Delete an existing zone [P only] --load-zone-defaults= Load zone default settings [P only] --zone= Use this zone to set or query options, else default zone Usable for options marked with [Z] --info-zone= Print information about a zone --path-zone= Print file path of a zone [P only] Policy Options --get-policies Print predefined policies --get-active-policies Print currently active policies --list-all-policies List everything added for or enabled in all policies --new-policy= Add a new empty policy --new-policy-from-file= [--name=] Add a new policy from file with optional name override [P only] --delete-policy= Delete an existing policy --load-policy-defaults= Load policy default settings --policy= Use this policy to set or query options Usable for options marked with [O] --info-policy= Print information about a policy --path-policy= Print file path of a policy IPSet Options --get-ipset-types Print the supported ipset types --new-ipset= --type= [--option=[=]].. Add a new ipset [P only] --new-ipset-from-file= [--name=] Add a new ipset from file with optional name [P only] --delete-ipset= Delete an existing ipset [P only] --load-ipset-defaults= Load ipset default settings [P only] --info-ipset= Print information about an ipset --path-ipset= Print file path of an ipset [P only] --get-ipsets Print predefined ipsets --ipset= --set-description= Set new description to ipset [P only] --ipset= --get-description Print description for ipset [P only] --ipset= --set-short= Set new short description to ipset [P only] --ipset= --get-short Print short description for ipset [P only] --ipset= --add-entry= Add a new entry to an ipset [P] --ipset= --remove-entry= Remove an entry from an ipset [P] --ipset= --query-entry= Return whether ipset has an entry [P] --ipset= --get-entries List entries of an ipset [P] --ipset= --add-entries-from-file= Add a new entries to an ipset [P] --ipset= --remove-entries-from-file= Remove entries from an ipset [P] IcmpType Options --new-icmptype= Add a new icmptype [P only] --new-icmptype-from-file= [--name=] Add a new icmptype from file with optional name [P only] --delete-icmptype= Delete an existing icmptype [P only] --load-icmptype-defaults= Load icmptype default settings [P only] --info-icmptype= Print information about an icmptype --path-icmptype= Print file path of an icmptype [P only] --icmptype= --set-description= Set new description to icmptype [P only] --icmptype= --get-description Print description for icmptype [P only] --icmptype= --set-short= Set new short description to icmptype [P only] --icmptype= --get-short Print short description for icmptype [P only] --icmptype= --add-destination= Enable destination for ipv in icmptype [P only] --icmptype= --remove-destination= Disable destination for ipv in icmptype [P only] --icmptype= --query-destination= Return whether destination ipv is enabled in icmptype [P only] --icmptype= --get-destinations List destinations in icmptype [P only] Service Options --new-service= Add a new service [P only] --new-service-from-file= [--name=] Add a new service from file with optional name [P only] --delete-service= Delete an existing service [P only] --load-service-defaults= Load icmptype default settings [P only] --info-service= Print information about a service --path-service= Print file path of a service [P only] --service= --set-description= Set new description to service [P only] --service= --get-description Print description for service [P only] --service= --set-short= Set new short description to service [P only] --service= --get-short Print short description for service [P only] --service= --add-port=[-]/ Add a new port to service [P only] --service= --remove-port=[-]/ Remove a port from service [P only] --service= --query-port=[-]/ Return whether the port has been added for service [P only] --service= --get-ports List ports of service [P only] --service= --add-protocol= Add a new protocol to service [P only] --service= --remove-protocol= Remove a protocol from service [P only] --service= --query-protocol= Return whether the protocol has been added for service [P only] --service= --get-protocols List protocols of service [P only] --service= --add-source-port=[-]/ Add a new source port to service [P only] --service= --remove-source-port=[-]/ Remove a source port from service [P only] --service= --query-source-port=[-]/ Return whether the source port has been added for service [P only] --service= --get-source-ports List source ports of service [P only] --service= --add-helper= Add a new helper to service [P only] --service= --remove-helper= Remove a helper from service [P only] --service= --query-helper= Return whether the helper has been added for service [P only] --service= --get-service-helpers List helpers of service [P only] --service= --set-destination=:
[/] Set destination for ipv to address in service [P only] --service= --remove-destination= Disable destination for ipv i service [P only] --service= --query-destination=:
[/] Return whether destination ipv is set for service [P only] --service= --get-destinations List destinations in service [P only] --service= --add-include= Add a new include to service [P only] --service= --remove-include= Remove a include from service [P only] --service= --query-include= Return whether the include has been added for service [P only] --service= --get-includes List includes of service [P only] Options to Adapt and Query Zones and Policies --list-all List everything added for or enabled [P] [Z] [O] --timeout= Enable an option for timeval time, where timeval is a number followed by one of letters 's' or 'm' or 'h' Usable for options marked with [T] --set-description= Set new description [P only] [Z] [O] --get-description Print description [P only] [Z] [O] --get-target Get the target [P only] [Z] [O] --set-target= Set the target [P only] [Z] [O] --set-short= Set new short description [Z] [O] --get-short Print short description [P only] [Z] [O] --list-services List services added [P] [Z] --add-service= Add a service [P] [Z] [O] [T] --remove-service= Remove a service [P] [Z] [O] --query-service= Return whether service has been added [P] [Z] [O] --list-ports List ports added [P] [Z] [O] --add-port=[-]/ Add the port [P] [Z] [O] [T] --remove-port=[-]/ Remove the port [P] [Z] [O] --query-port=[-]/ Return whether the port has been added [P] [Z] [O] --list-protocols List protocols added [P] [Z] [O] --add-protocol= Add the protocol [P] [Z] [O] [T] --remove-protocol= Remove the protocol [P] [Z] [O] --query-protocol= Return whether the protocol has been added [P] [Z] [O] --list-source-ports List source ports added [P] [Z] [O] --add-source-port=[-]/ Add the source port [P] [Z] [O] [T] --remove-source-port=[-]/ Remove the source port [P] [Z] [O] --query-source-port=[-]/ Return whether the source port has been added [P] [Z] [O] --list-icmp-blocks List Internet ICMP type blocks added [P] [Z] [O] --add-icmp-block= Add an ICMP block [P] [Z] [O] [T] --remove-icmp-block= Remove the ICMP block [P] [Z] [O] --query-icmp-block= Return whether an ICMP block has been added [P] [Z] [O] --list-forward-ports List IPv4 forward ports added [P] [Z] [O] --add-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Add the IPv4 forward port [P] [Z] [O] [T] --remove-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Remove the IPv4 forward port [P] [Z] [O] --query-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Return whether the IPv4 forward port has been added [P] [Z] [O] --add-masquerade Enable IPv4 masquerade [P] [Z] [O] [T] --remove-masquerade Disable IPv4 masquerade [P] [Z] [O] --query-masquerade Return whether IPv4 masquerading has been enabled [P] [Z] [O] --list-rich-rules List rich language rules added [P] [Z] [O] --add-rich-rule= Add rich language rule 'rule' [P] [Z] [O] [T] --remove-rich-rule= Remove rich language rule 'rule' [P] [Z] [O] --query-rich-rule= Return whether a rich language rule 'rule' has been added [P] [Z] [O] Options to Adapt and Query Zones --add-icmp-block-inversion Enable inversion of icmp blocks for a zone [P] [Z] --remove-icmp-block-inversion Disable inversion of icmp blocks for a zone [P] [Z] --query-icmp-block-inversion Return whether inversion of icmp blocks has been enabled for a zone [P] [Z] --add-forward Enable forwarding of packets between interfaces and sources in a zone [P] [Z] [T] --remove-forward Disable forwarding of packets between interfaces and sources in a zone [P] [Z] --query-forward Return whether forwarding of packets between interfaces and sources has been enabled for a zone [P] [Z] Options to Adapt and Query Policies --get-priority Get the priority [P only] [O] --set-priority= Set the priority [P only] [O] --list-ingress-zones List ingress zones that are bound to a policy [P] [O] --add-ingress-zone= Add the ingress zone to a policy [P] [O] --remove-ingress-zone= Remove the ingress zone from a policy [P] [O] --query-ingress-zone= Query whether the ingress zone has been adedd to a policy [P] [O] --list-egress-zones List egress zones that are bound to a policy [P] [O] --add-egress-zone= Add the egress zone to a policy [P] [O] --remove-egress-zone= Remove the egress zone from a policy [P] [O] --query-egress-zone= Query whether the egress zone has been adedd to a policy [P] [O] Options to Handle Bindings of Interfaces --list-interfaces List interfaces that are bound to a zone [P] [Z] --add-interface= Bind the to a zone [P] [Z] --change-interface= Change zone the is bound to [P] [Z] --query-interface= Query whether is bound to a zone [P] [Z] --remove-interface= Remove binding of from a zone [P] [Z] Options to Handle Bindings of Sources --list-sources List sources that are bound to a zone [P] [Z] --add-source=[/]||ipset: Bind the source to a zone [P] [Z] --change-source=[/]||ipset: Change zone the source is bound to [Z] --query-source=[/]||ipset: Query whether the source is bound to a zone [P] [Z] --remove-source=[/]||ipset: Remove binding of the source from a zone [P] [Z] Helper Options --new-helper= --module= [--family=] Add a new helper [P only] --new-helper-from-file= [--name=] Add a new helper from file with optional name [P only] --delete-helper= Delete an existing helper [P only] --load-helper-defaults= Load helper default settings [P only] --info-helper= Print information about an helper --path-helper= Print file path of an helper [P only] --get-helpers Print predefined helpers --helper= --set-description= Set new description to helper [P only] --helper= --get-description Print description for helper [P only] --helper= --set-short= Set new short description to helper [P only] --helper= --get-short Print short description for helper [P only] --helper= --add-port=[-]/ Add a new port to helper [P only] --helper= --remove-port=[-]/ Remove a port from helper [P only] --helper= --query-port=[-]/ Return whether the port has been added for helper [P only] --helper= --get-ports List ports of helper [P only] --helper= --set-module= Set module to helper [P only] --helper= --get-module Get module from helper [P only] --helper= --set-family={ipv4|ipv6|} Set family for helper [P only] --helper= --get-family Get module from helper [P only] Direct Options --direct First option for all direct options --get-all-chains Get all chains [P] --get-chains {ipv4|ipv6|eb}
Get all chains added to the table [P] --add-chain {ipv4|ipv6|eb}
Add a new chain to the table [P] --remove-chain {ipv4|ipv6|eb}
Remove the chain from the table [P] --query-chain {ipv4|ipv6|eb}
Return whether the chain has been added to the table [P] --get-all-rules Get all rules [P] --get-rules {ipv4|ipv6|eb}
Get all rules added to chain in table [P] --add-rule {ipv4|ipv6|eb}
... Add rule to chain in table [P] --remove-rule {ipv4|ipv6|eb}
... Remove rule with priority from chain in table [P] --remove-rules {ipv4|ipv6|eb}
Remove rules from chain in table [P] --query-rule {ipv4|ipv6|eb}
... Return whether a rule with priority has been added to chain in table [P] --passthrough {ipv4|ipv6|eb} ... Pass a command through (untracked by firewalld) --get-all-passthroughs Get all tracked passthrough rules [P] --get-passthroughs {ipv4|ipv6|eb} ... Get tracked passthrough rules [P] --add-passthrough {ipv4|ipv6|eb} ... Add a new tracked passthrough rule [P] --remove-passthrough {ipv4|ipv6|eb} ... Remove a tracked passthrough rule [P] --query-passthrough {ipv4|ipv6|eb} ... Return whether the tracked passthrough rule has been added [P] Lockdown Options --lockdown-on Enable lockdown. --lockdown-off Disable lockdown. --query-lockdown Query whether lockdown is enabled Lockdown Whitelist Options --list-lockdown-whitelist-commands List all command lines that are on the whitelist [P] --add-lockdown-whitelist-command= Add the command to the whitelist [P] --remove-lockdown-whitelist-command= Remove the command from the whitelist [P] --query-lockdown-whitelist-command= Query whether the command is on the whitelist [P] --list-lockdown-whitelist-contexts List all contexts that are on the whitelist [P] --add-lockdown-whitelist-context= Add the context context to the whitelist [P] --remove-lockdown-whitelist-context= Remove the context from the whitelist [P] --query-lockdown-whitelist-context= Query whether the context is on the whitelist [P] --list-lockdown-whitelist-uids List all user ids that are on the whitelist [P] --add-lockdown-whitelist-uid= Add the user id uid to the whitelist [P] --remove-lockdown-whitelist-uid= Remove the user id uid from the whitelist [P] --query-lockdown-whitelist-uid= Query whether the user id uid is on the whitelist [P] --list-lockdown-whitelist-users List all user names that are on the whitelist [P] --add-lockdown-whitelist-user= Add the user name user to the whitelist [P] --remove-lockdown-whitelist-user= Remove the user name user from the whitelist [P] --query-lockdown-whitelist-user= Query whether the user name user is on the whitelist [P] Panic Options --panic-on Enable panic mode --panic-off Disable panic mode --query-panic Query whether panic mode is enabled """) def try_set_zone_of_interface(_zone, interface): if nm_is_imported(): try: connection = nm_get_connection_of_interface(interface) except Exception: pass else: if connection is not None: if _zone == nm_get_zone_of_connection(connection): if _zone == "": cmd.print_warning("The interface is under control of NetworkManager and already bound to the default zone") else: cmd.print_warning("The interface is under control of NetworkManager and already bound to '%s'" % _zone) if _zone == "": cmd.print_msg("The interface is under control of NetworkManager, setting zone to default.") else: cmd.print_msg("The interface is under control of NetworkManager, setting zone to '%s'." % _zone) nm_set_zone_of_connection(_zone, connection) return True return False def try_get_zone_of_interface(interface): if nm_is_imported(): try: connection = nm_get_connection_of_interface(interface) except Exception: pass else: if connection is not None: return nm_get_zone_of_connection(connection) return False def try_nm_get_interfaces_in_zone(zone): if nm_is_imported(): try: return nm_get_interfaces_in_zone(zone) except Exception: pass return [] parser = argparse.ArgumentParser(usage="see firewall-cmd man page", add_help=False) parser_group_output = parser.add_mutually_exclusive_group() parser_group_output.add_argument("-v", "--verbose", action="store_true") parser_group_output.add_argument("-q", "--quiet", action="store_true") parser_group_standalone = parser.add_mutually_exclusive_group() parser_group_standalone.add_argument("-h", "--help", action="store_true") parser_group_standalone.add_argument("-V", "--version", action="store_true") parser_group_standalone.add_argument("--state", action="store_true") parser_group_standalone.add_argument("--reload", action="store_true") parser_group_standalone.add_argument("--complete-reload", action="store_true") parser_group_standalone.add_argument("--runtime-to-permanent", action="store_true") parser_group_standalone.add_argument("--check-config", action="store_true") parser_group_standalone.add_argument("--get-ipset-types", action="store_true") parser_group_standalone.add_argument("--get-log-denied", action="store_true") parser_group_standalone.add_argument("--set-log-denied", metavar="") parser_group_standalone.add_argument("--get-automatic-helpers", action="store_true") parser_group_standalone.add_argument("--set-automatic-helpers", metavar="") parser_group_standalone.add_argument("--panic-on", action="store_true") parser_group_standalone.add_argument("--panic-off", action="store_true") parser_group_standalone.add_argument("--query-panic", action="store_true") parser_group_standalone.add_argument("--lockdown-on", action="store_true") parser_group_standalone.add_argument("--lockdown-off", action="store_true") parser_group_standalone.add_argument("--query-lockdown", action="store_true") parser_group_standalone.add_argument("--get-default-zone", action="store_true") parser_group_standalone.add_argument("--set-default-zone", metavar="") parser_group_standalone.add_argument("--get-zones", action="store_true") parser_group_standalone.add_argument("--get-policies", action="store_true") parser_group_standalone.add_argument("--get-services", action="store_true") parser_group_standalone.add_argument("--get-icmptypes", action="store_true") parser_group_standalone.add_argument("--get-active-zones", action="store_true") parser_group_standalone.add_argument("--get-active-policies", action="store_true") parser_group_standalone.add_argument("--get-zone-of-interface", metavar="", action='append') parser_group_standalone.add_argument("--get-zone-of-source", metavar="", action='append') parser_group_standalone.add_argument("--list-all-zones", action="store_true") parser_group_standalone.add_argument("--list-all-policies", action="store_true") parser_group_standalone.add_argument("--info-zone", metavar="") parser_group_standalone.add_argument("--info-policy", metavar="") parser_group_standalone.add_argument("--info-service", metavar="") parser_group_standalone.add_argument("--info-icmptype", metavar="") parser_group_standalone.add_argument("--info-ipset", metavar="") parser_group_standalone.add_argument("--info-helper", metavar="") parser_group_config = parser.add_mutually_exclusive_group() parser_group_config.add_argument("--new-icmptype", metavar="") parser_group_config.add_argument("--new-icmptype-from-file", metavar="") parser_group_config.add_argument("--delete-icmptype", metavar="") parser_group_config.add_argument("--load-icmptype-defaults", metavar="") parser_group_config.add_argument("--new-service", metavar="") parser_group_config.add_argument("--new-service-from-file", metavar="") parser_group_config.add_argument("--delete-service", metavar="") parser_group_config.add_argument("--load-service-defaults", metavar="") parser_group_config.add_argument("--new-zone", metavar="") parser_group_config.add_argument("--new-zone-from-file", metavar="") parser_group_config.add_argument("--delete-zone", metavar="") parser_group_config.add_argument("--load-zone-defaults", metavar="") parser_group_config.add_argument("--new-policy", metavar="") parser_group_config.add_argument("--new-policy-from-file", metavar="") parser_group_config.add_argument("--delete-policy", metavar="") parser_group_config.add_argument("--load-policy-defaults", metavar="") parser_group_config.add_argument("--new-ipset", metavar="") parser_group_config.add_argument("--new-ipset-from-file", metavar="") parser_group_config.add_argument("--delete-ipset", metavar="") parser_group_config.add_argument("--load-ipset-defaults", metavar="") parser_group_config.add_argument("--new-helper", metavar="") parser_group_config.add_argument("--new-helper-from-file", metavar="") parser_group_config.add_argument("--delete-helper", metavar="") parser_group_config.add_argument("--load-helper-defaults", metavar="") parser_group_config.add_argument("--path-zone", metavar="") parser_group_config.add_argument("--path-policy", metavar="") parser_group_config.add_argument("--path-service", metavar="") parser_group_config.add_argument("--path-icmptype", metavar="") parser_group_config.add_argument("--path-ipset", metavar="") parser_group_config.add_argument("--path-helper", metavar="") parser.add_argument("--name", default="", metavar="") parser_group_lockdown_whitelist = parser.add_mutually_exclusive_group() parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-commands", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-contexts", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-uids", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-users", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-user", metavar="", action='append') parser.add_argument("--permanent", action="store_true") parser.add_argument("--zone", default="", metavar="") parser.add_argument("--policy", default="", metavar="") parser.add_argument("--timeout", default="0", metavar="") parser_group_zone_or_policy = parser.add_mutually_exclusive_group() parser_group_zone_or_policy.add_argument("--add-interface", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-interface", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-interface", metavar="", action='append') parser_group_zone_or_policy.add_argument("--change-interface", "--change-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-interfaces", action="store_true") parser_group_zone_or_policy.add_argument("--add-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--change-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-sources", action="store_true") parser_group_zone_or_policy.add_argument("--add-ingress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-ingress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-ingress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-ingress-zones", action="store_true") parser_group_zone_or_policy.add_argument("--add-egress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-egress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-egress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-egress-zones", action="store_true") parser_group_zone_or_policy.add_argument("--add-rich-rule", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-rich-rule", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-rich-rule", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-service", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-service", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-service", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-protocol", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-protocol", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-protocol", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-source-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-source-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-source-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-forward", action="store_true") parser_group_zone_or_policy.add_argument("--remove-forward", action="store_true") parser_group_zone_or_policy.add_argument("--query-forward", action="store_true") parser_group_zone_or_policy.add_argument("--add-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--remove-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--query-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--add-icmp-block", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-icmp-block", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-icmp-block", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--remove-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--query-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--add-forward-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-forward-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-forward-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-rich-rules", action="store_true") parser_group_zone_or_policy.add_argument("--list-services", action="store_true") parser_group_zone_or_policy.add_argument("--list-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-protocols", action="store_true") parser_group_zone_or_policy.add_argument("--list-icmp-blocks", action="store_true") parser_group_zone_or_policy.add_argument("--list-forward-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-source-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-all", action="store_true") parser_group_zone_or_policy.add_argument("--get-target", action="store_true") parser_group_zone_or_policy.add_argument("--set-target", metavar="") parser_group_zone_or_policy.add_argument("--get-priority", action="store_true") parser_group_zone_or_policy.add_argument("--set-priority", metavar="") parser.add_argument("--option", metavar="[=]", action='append') parser.add_argument("--type", metavar="") parser.add_argument("--ipset", metavar="") parser_ipset = parser.add_mutually_exclusive_group() #parser_ipset.add_argument("--add-option", metavar="[=]") #parser_ipset.add_argument("--remove-option", metavar="[=]") #parser_ipset.add_argument("--query-option", metavar="[=]") #parser_ipset.add_argument("--get-options", action="store_true") parser_ipset.add_argument("--get-ipsets", action="store_true") parser_ipset.add_argument("--add-entry", metavar="", action='append') parser_ipset.add_argument("--remove-entry", metavar="", action='append') parser_ipset.add_argument("--query-entry", metavar="", action='append') parser_ipset.add_argument("--get-entries", action="store_true") parser_ipset.add_argument("--add-entries-from-file", metavar="", action='append') parser_ipset.add_argument("--remove-entries-from-file", metavar="", action='append') parser.add_argument("--icmptype", metavar="") parser_icmptype = parser.add_mutually_exclusive_group() parser_icmptype.add_argument("--add-destination", metavar="", action='append') parser_icmptype.add_argument("--remove-destination", metavar="", action='append') parser_icmptype.add_argument("--query-destination", metavar="", action='append') parser_icmptype.add_argument("--get-destinations", action="store_true") parser.add_argument("--service", metavar="") parser_service = parser.add_mutually_exclusive_group() parser_service.add_argument("--get-ports", action="store_true") parser_service.add_argument("--get-source-ports", action="store_true") parser_service.add_argument("--get-protocols", action="store_true") parser_service.add_argument("--add-module", metavar="", action='append') parser_service.add_argument("--remove-module", metavar="", action='append') parser_service.add_argument("--query-module", metavar="", action='append') parser_service.add_argument("--get-modules", action="store_true") parser_service.add_argument("--add-helper", metavar="", action='append') parser_service.add_argument("--remove-helper", metavar="", action='append') parser_service.add_argument("--query-helper", metavar="", action='append') parser_service.add_argument("--get-service-helpers", action="store_true") parser_service.add_argument("--add-include", metavar="", action='append') parser_service.add_argument("--remove-include", metavar="", action='append') parser_service.add_argument("--query-include", metavar="", action='append') parser_service.add_argument("--get-includes", action="store_true") parser_service.add_argument("--set-destination", metavar="", action='append') parser_service.add_argument("--get-destination", action="store_true") parser_service.add_argument("--set-description", metavar="") parser_service.add_argument("--get-description", action="store_true") parser_service.add_argument("--set-short", metavar="") parser_service.add_argument("--get-short", action="store_true") parser.add_argument("--helper", metavar="") parser.add_argument("--family", metavar="") parser.add_argument("--module", metavar="") parser_helper = parser.add_mutually_exclusive_group() #parser_helper.add_argument("--get-ports", action="store_true") parser_helper.add_argument("--get-helpers", action="store_true") parser_helper.add_argument("--set-module", metavar="") parser_helper.add_argument("--get-module", action="store_true") #parser_helper.add_argument("--query-module", metavar="") parser_helper.add_argument("--set-family", metavar="|''", nargs="*") parser_helper.add_argument("--get-family", action="store_true") parser.add_argument("--direct", action="store_true") # not possible to have sequences of options here parser_direct = parser.add_mutually_exclusive_group() parser_direct.add_argument("--passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--add-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--remove-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--query-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--get-passthroughs", nargs=1, metavar=("{ ipv4 | ipv6 | eb }")) parser_direct.add_argument("--get-all-passthroughs", action="store_true") parser_direct.add_argument("--add-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--remove-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--query-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-chains", action="store_true") parser_direct.add_argument("--get-chains", nargs=2, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--add-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--query-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--get-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-rules", action="store_true") ############################################################################## args = sys.argv[1:] if len(sys.argv) > 1: i = -1 if '--passthrough' in args: i = args.index('--passthrough') + 1 elif '--add-passthrough' in args: i = args.index('--add-passthrough') + 1 elif '--remove-passthrough' in args: i = args.index('--remove-passthrough') + 1 elif '--query-passthrough' in args: i = args.index('--query-passthrough') + 1 elif '--add-rule' in args: i = args.index('--add-rule') + 4 elif '--remove-rule' in args: i = args.index('--remove-rule') + 4 elif '--query-rule' in args: i = args.index('--query-rule') + 4 # join into one argument to prevent parser from parsing each iptables # option, because they can conflict with firewall-cmd options # # e.g. --delete (iptables) and --delete-* (firewall-cmd) if (i > -1) and (i < len(args) - 1): aux_args = args[:] args = aux_args[:i+1] # all but not args.append(joinArgs(aux_args[i+1:])) # add as one arg a = parser.parse_args(args) options_standalone = a.help or a.version or \ a.state or a.reload or a.complete_reload or a.runtime_to_permanent or \ a.panic_on or a.panic_off or a.query_panic or \ a.lockdown_on or a.lockdown_off or a.query_lockdown or \ a.get_default_zone or a.set_default_zone or \ a.get_active_zones or a.get_ipset_types or \ a.get_log_denied or a.set_log_denied or \ a.get_automatic_helpers or a.set_automatic_helpers or a.check_config or \ a.get_active_policies options_desc_xml_file = a.set_description or a.get_description or \ a.set_short or a.get_short options_lockdown_whitelist = \ a.list_lockdown_whitelist_commands or a.add_lockdown_whitelist_command or \ a.remove_lockdown_whitelist_command or \ a.query_lockdown_whitelist_command or \ a.list_lockdown_whitelist_contexts or a.add_lockdown_whitelist_context or \ a.remove_lockdown_whitelist_context or \ a.query_lockdown_whitelist_context or \ a.list_lockdown_whitelist_uids or a.add_lockdown_whitelist_uid is not None or \ a.remove_lockdown_whitelist_uid is not None or \ a.query_lockdown_whitelist_uid is not None or \ a.list_lockdown_whitelist_users or a.add_lockdown_whitelist_user or \ a.remove_lockdown_whitelist_user or \ a.query_lockdown_whitelist_user options_config = a.get_zones or a.get_services or a.get_icmptypes or \ options_lockdown_whitelist or a.list_all_zones or \ a.get_zone_of_interface or a.get_zone_of_source or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.info_policy or a.get_ipsets or a.info_helper or \ a.get_helpers or a.get_policies or a.list_all_policies options_zone_and_policy_adapt_query = \ a.add_service or a.remove_service or a.query_service or \ a.add_port or a.remove_port or a.query_port or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.add_source_port or a.remove_source_port or a.query_source_port or \ a.add_icmp_block or a.remove_icmp_block or a.query_icmp_block or \ a.add_forward_port or a.remove_forward_port or a.query_forward_port or \ a.add_rich_rule or a.remove_rich_rule or a.query_rich_rule or \ a.add_masquerade or a.remove_masquerade or a.query_masquerade or \ a.list_services or a.list_ports or a.list_protocols or \ a.list_source_ports or \ a.list_icmp_blocks or a.list_forward_ports or a.list_rich_rules or \ a.list_all or a.get_target or a.set_target options_zone_unique = \ a.add_icmp_block_inversion or a.remove_icmp_block_inversion or \ a.query_icmp_block_inversion or \ a.add_forward or a.remove_forward or a.query_forward or \ a.list_interfaces or a.change_interface or \ a.add_interface or a.remove_interface or a.query_interface or \ a.list_sources or a.change_source or \ a.add_source or a.remove_source or a.query_source options_zone_ops = options_zone_unique or options_zone_and_policy_adapt_query options_policy_unique = \ a.list_ingress_zones or a.add_ingress_zone or \ a.remove_ingress_zone or a.query_ingress_zone or \ a.list_egress_zones or a.add_egress_zone or \ a.remove_egress_zone or a.query_egress_zone or \ a.set_priority or a.get_priority options_policy_ops = options_policy_unique or options_zone_and_policy_adapt_query options_zone = a.zone or a.timeout != "0" or options_zone_ops or \ options_desc_xml_file options_policy = a.policy or a.timeout != "0" or options_policy_ops or \ options_desc_xml_file options_ipset = a.add_entry or a.remove_entry or a.query_entry or \ a.get_entries or a.add_entries_from_file or \ a.remove_entries_from_file or options_desc_xml_file options_icmptype = a.add_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file options_service = a.add_port or a.remove_port or a.query_port or \ a.get_ports or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.get_protocols or \ a.add_source_port or a.remove_source_port or \ a.query_source_port or a.get_source_ports or \ a.add_module or a.remove_module or a.query_module or \ a.get_modules or \ a.set_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file or \ a.add_include or a.remove_include or a.query_include or \ a.get_includes or \ a.add_helper or a.remove_helper or a.query_helper or \ a.get_service_helpers options_helper = a.add_port or a.remove_port or a.query_port or \ a.get_ports or a.set_module or a.get_module or \ a.set_family or a.get_family or \ options_desc_xml_file options_permanent = a.permanent or options_config or \ a.zone or options_zone_ops or \ a.policy or options_policy_ops or \ a.ipset or options_ipset or \ a.helper or options_helper options_permanent_only = a.new_icmptype or a.delete_icmptype or \ a.new_icmptype_from_file or \ a.load_icmptype_defaults or \ a.new_service or a.delete_service or \ a.new_service_from_file or \ a.load_service_defaults or \ a.new_zone or a.delete_zone or \ a.new_zone_from_file or \ a.load_zone_defaults or \ a.new_policy or a.delete_policy or \ a.new_policy_from_file or \ a.load_policy_defaults or \ a.new_ipset or a.delete_ipset or \ a.new_ipset_from_file or \ a.load_ipset_defaults or \ a.new_helper or a.delete_helper or \ a.new_helper_from_file or \ a.load_helper_defaults or \ (a.icmptype and options_icmptype) or \ (a.service and options_service) or \ (a.helper and options_helper) or \ a.path_zone or a.path_icmptype or a.path_service or \ a.path_ipset or a.path_helper or options_desc_xml_file or \ a.path_policy options_direct = a.passthrough or \ a.add_chain or a.remove_chain or a.query_chain or \ a.get_chains or a.get_all_chains or \ a.add_rule or a.remove_rule or a.remove_rules or a.query_rule or \ a.get_rules or a.get_all_rules or \ a.add_passthrough or a.remove_passthrough or a.query_passthrough or \ a.get_passthroughs or a.get_all_passthroughs options_require_permanent = options_permanent_only or \ a.get_target or a.set_target # these are supposed to only write out some output options_list_get = a.help or a.version or a.list_all or a.list_all_zones or \ a.list_lockdown_whitelist_commands or a.list_lockdown_whitelist_contexts or \ a.list_lockdown_whitelist_uids or a.list_lockdown_whitelist_users or \ a.list_services or a.list_ports or a.list_protocols or a.list_icmp_blocks or \ a.list_forward_ports or a.list_rich_rules or a.list_interfaces or \ a.list_sources or a.get_default_zone or a.get_active_zones or \ a.get_zone_of_interface or a.get_zone_of_source or a.get_zones or \ a.get_services or a.get_icmptypes or a.get_target or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.get_entries or \ a.info_helper or a.get_helpers or \ a.get_destinations or a.get_description or \ a.list_all_policies or a.info_policy or a.get_policies or \ a.get_active_policies # Set quiet and verbose cmd = FirewallCommand(a.quiet, a.verbose) def myexcepthook(exctype, value, traceback): cmd.exception_handler(str(value)) sys.excepthook = myexcepthook # Check various impossible combinations of options if not (options_standalone or options_ipset or \ options_icmptype or options_service or options_helper or \ options_config or options_zone_ops or options_policy or \ options_direct or options_permanent_only): cmd.fail(parser.format_usage() + "No option specified.") if options_standalone and (options_zone or options_permanent or \ options_direct or options_permanent_only or \ options_ipset or options_policy): cmd.fail(parser.format_usage() + "Can't use stand-alone options with other options.") if options_ipset and not options_desc_xml_file and not a.ipset: cmd.fail(parser.format_usage() + "No ipset specified.") if (options_icmptype and not a.icmptype) and \ not (options_service and a.service) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No icmptype specified.") if (options_helper and not a.helper) and \ not (options_service and a.service) and \ not options_zone and not options_desc_xml_file and not options_policy: cmd.fail(parser.format_usage() + "No helper specified.") if (options_direct or options_permanent_only) and \ (options_zone and not a.zone) and (options_service and not a.service) and \ (options_icmptype and a.icmptype) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "Can't be used with --zone.") if (a.direct and not options_direct) or (options_direct and not a.direct): cmd.fail(parser.format_usage() + "Wrong usage of 'direct' options.") if a.zone and a.direct: cmd.fail(parser.format_usage() + "--zone is an invalid option with --direct") if a.name and not (a.new_zone_from_file or a.new_service_from_file or \ a.new_ipset_from_file or a.new_icmptype_from_file or \ a.new_helper_from_file or a.new_policy_from_file): cmd.fail(parser.format_usage() + "Wrong usage of '--name' option.") if options_require_permanent and not a.permanent: cmd.fail(parser.format_usage() + "Option can be used only with --permanent.") if options_config and (options_zone or options_policy): cmd.fail(parser.format_usage() + "Wrong usage of --get-zones | --get-services | --get-icmptypes | --get-policies.") if a.timeout != "0": value = 0 unit = 's' if len(a.timeout) < 1: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) elif len(a.timeout) == 1: if a.timeout.isdigit(): value = int (a.timeout[0]) else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) elif len(a.timeout) > 1: if a.timeout.isdigit(): value = int(a.timeout) unit = 's' else: if a.timeout[:-1].isdigit(): value = int (a.timeout[:-1]) else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) unit = a.timeout[-1:].lower() if unit == 's': a.timeout = value elif unit == 'm': a.timeout = value * 60 elif unit == 'h': a.timeout = value * 60 * 60 else: cmd.fail(parser.format_usage() + "'%s' is wrong timeout value. Use for example '2m' or '1h'" % a.timeout) else: a.timeout = 0 if a.timeout and not (a.add_service or a.add_port or a.add_protocol or \ a.add_icmp_block or a.add_forward_port or \ a.add_source_port or a.add_forward or \ a.add_masquerade or a.add_rich_rule): cmd.fail(parser.format_usage() + "Wrong --timeout usage") if a.permanent: if a.timeout: cmd.fail(parser.format_usage() + "Can't specify timeout for permanent action.") if options_config and not a.zone: pass elif options_permanent: pass else: cmd.fail(parser.format_usage() + "Wrong --permanent usage.") if a.quiet and options_list_get: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.zone and a.policy: cmd.fail(parser.format_usage() + "Can't use --zone with --policy.") if a.policy and options_zone_unique: cmd.fail(parser.format_usage() + "Can't use --policy with zone only options.") if a.zone and options_policy_unique: cmd.fail(parser.format_usage() + "Can't use --zone with policy only options.") if not a.policy and options_policy_unique: cmd.fail(parser.format_usage() + "Must use --policy with policy only options.") if a.help: __usage() sys.exit(0) zone = a.zone try: fw = FirewallClient() except FirewallError as msg: code = FirewallError.get_code(str(msg)) cmd.print_and_exit("Error: %s" % msg, code) fw.setExceptionHandler(cmd.exception_handler) if not fw.connected: if a.state: cmd.print_and_exit ("not running", errors.NOT_RUNNING) else: cmd.print_and_exit ("FirewallD is not running", errors.NOT_RUNNING) cmd.set_fw(fw) if options_zone_ops and not zone and not a.policy and not \ (a.service and options_service) and not \ (a.helper and options_helper): default = fw.getDefaultZone() cmd.print_if_verbose("No zone specified, using default zone, i.e. '%s'" % default) active = list(fw.getActiveZones().keys()) if active and default not in active: cmd.print_msg("""You're performing an operation over default zone ('%s'), but your connections/interfaces are in zone '%s' (see --get-active-zones) You most likely need to use --zone=%s option.\n""" % (default, ",".join(active), active[0])) if a.permanent: if a.get_ipsets: cmd.print_and_exit(" ".join(fw.config().getIPSetNames())) elif a.new_ipset: if not a.type: cmd.fail(parser.format_usage() + "No type specified.") if a.type=='hash:mac' and a.family: cmd.fail(parser.format_usage()+ "--family is not compatible with the hash:mac type") settings = FirewallClientIPSetSettings() settings.setType(a.type) if a.option: for opt in a.option: settings.addOption(*cmd.parse_ipset_option(opt)) if a.family: settings.addOption("family", a.family) config = fw.config() config.addIPSet(a.new_ipset, settings) elif a.new_ipset_from_file: filename = os.path.basename(a.new_ipset_from_file) dirname = os.path.dirname(a.new_ipset_from_file) if dirname == "": dirname = "./" try: obj = ipset_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load ipset file '%s': %s" % \ (a.new_ipset_from_file, msg)) except IOError as msg: cmd.fail("Failed to load ipset file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addIPSet(obj.name, obj.export_config()) elif a.delete_ipset: ipset = fw.config().getIPSetByName(a.delete_ipset) ipset.remove() elif a.load_ipset_defaults: ipset = fw.config().getIPSetByName(a.load_ipset_defaults) ipset.loadDefaults() elif a.info_ipset: ipset = fw.config().getIPSetByName(a.info_ipset) cmd.print_ipset_info(a.info_ipset, ipset.getSettings()) sys.exit(0) elif a.path_ipset: ipset = fw.config().getIPSetByName(a.path_ipset) cmd.print_and_exit("%s/%s" % (ipset.get_property("path"), ipset.get_property("filename"))) elif a.ipset: ipset = fw.config().getIPSetByName(a.ipset) settings = ipset.getSettings() if a.add_entry: cmd.add_sequence(a.add_entry, settings.addEntry, settings.queryEntry, None, "'%s'") ipset.update(settings) elif a.remove_entry: cmd.remove_sequence(a.remove_entry, settings.removeEntry, settings.queryEntry, None, "'%s'") ipset.update(settings) elif a.query_entry: cmd.query_sequence(a.query_entry, settings.queryEntry, None, "'%s'") elif a.get_entries: l = settings.getEntries() cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose( "Warning: ALREADY_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: ipset.update(settings) elif a.remove_entries_from_file: changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: ipset.update(settings) elif a.set_description: settings.setDescription(a.set_description) ipset.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) ipset.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.get_zones: cmd.print_and_exit(" ".join(fw.config().getZoneNames())) elif a.new_zone: config = fw.config() config.addZone(a.new_zone, FirewallClientZoneSettings()) elif a.new_zone_from_file: filename = os.path.basename(a.new_zone_from_file) dirname = os.path.dirname(a.new_zone_from_file) if dirname == "": dirname = "./" try: obj = zone_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load zone file '%s': %s" % \ (a.new_zone_from_file, msg)) except IOError as msg: cmd.fail("Failed to load zone file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addZone(obj.name, obj.export_config()) elif a.delete_zone: zone = fw.config().getZoneByName(a.delete_zone) zone.remove() elif a.load_zone_defaults: zone = fw.config().getZoneByName(a.load_zone_defaults) zone.loadDefaults() elif a.info_zone: zone = fw.config().getZoneByName(a.info_zone) cmd.print_zone_info(a.info_zone, zone.getSettings(), True) sys.exit(0) elif a.path_zone: zone = fw.config().getZoneByName(a.path_zone) cmd.print_and_exit("%s/%s" % (zone.get_property("path"), zone.get_property("filename"))) elif a.get_policies: cmd.print_and_exit(" ".join(fw.config().getPolicyNames())) elif a.new_policy: config = fw.config() config.addPolicy(a.new_policy, FirewallClientPolicySettings()) elif a.new_policy_from_file: filename = os.path.basename(a.new_policy_from_file) dirname = os.path.dirname(a.new_policy_from_file) if dirname == "": dirname = "./" try: obj = policy_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load policy file '%s': %s" % \ (a.new_policy_from_file, msg)) except IOError as msg: cmd.fail("Failed to load policy file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addPolicy(obj.name, obj.export_config_dict()) elif a.delete_policy: policy = fw.config().getPolicyByName(a.delete_policy) policy.remove() elif a.load_policy_defaults: policy = fw.config().getPolicyByName(a.load_policy_defaults) policy.loadDefaults() elif a.info_policy: policy = fw.config().getPolicyByName(a.info_policy) cmd.print_policy_info(a.info_policy, policy.getSettings()) sys.exit(0) elif a.path_policy: policy = fw.config().getPolicyByName(a.path_policy) cmd.print_and_exit("%s/%s" % (policy.get_property("path"), policy.get_property("filename"))) elif a.get_services: cmd.print_and_exit(" ".join(fw.config().getServiceNames())) elif a.new_service: config = fw.config() config.addService(a.new_service, FirewallClientServiceSettings()) elif a.new_service_from_file: filename = os.path.basename(a.new_service_from_file) dirname = os.path.dirname(a.new_service_from_file) if dirname == "": dirname = "./" try: obj = service_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load service file '%s': %s" % \ (a.new_service_from_file, msg)) except IOError as msg: cmd.fail("Failed to load service file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addService(obj.name, obj.export_config()) elif a.delete_service: service = fw.config().getServiceByName(a.delete_service) service.remove() elif a.load_service_defaults: service = fw.config().getServiceByName(a.load_service_defaults) service.loadDefaults() elif a.info_service: service = fw.config().getServiceByName(a.info_service) cmd.print_service_info(a.info_service, service.getSettings()) sys.exit(0) elif a.path_service: service = fw.config().getServiceByName(a.path_service) cmd.print_and_exit("%s/%s" % (service.get_property("path"), service.get_property("filename"))) elif a.get_helpers: cmd.print_and_exit(" ".join(fw.config().getHelperNames())) elif a.new_helper: if not a.module: cmd.fail(parser.format_usage() + "No module specified.") settings = FirewallClientHelperSettings() settings.setModule(a.module) if a.family: settings.setFamily(a.family) config = fw.config() config.addHelper(a.new_helper, settings) elif a.new_helper_from_file: filename = os.path.basename(a.new_helper_from_file) dirname = os.path.dirname(a.new_helper_from_file) if dirname == "": dirname = "./" try: obj = helper_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load helper file '%s': %s" % \ (a.new_helper_from_file, msg)) except IOError as msg: cmd.fail("Failed to load helper file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addHelper(obj.name, obj.export_config()) elif a.delete_helper: helper = fw.config().getHelperByName(a.delete_helper) helper.remove() elif a.load_helper_defaults: helper = fw.config().getHelperByName(a.load_helper_defaults) helper.loadDefaults() elif a.info_helper: helper = fw.config().getHelperByName(a.info_helper) cmd.print_helper_info(a.info_helper, helper.getSettings()) sys.exit(0) elif a.path_helper: helper = fw.config().getHelperByName(a.path_helper) cmd.print_and_exit("%s/%s" % (helper.get_property("path"), helper.get_property("filename"))) elif a.helper: helper = fw.config().getHelperByName(a.helper) settings = helper.getSettings() if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") helper.update(settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") helper.update(settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = helper.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.get_module: cmd.print_and_exit(settings.getModule()) elif a.set_module: settings.setModule(cmd.check_module(a.set_module)) helper.update(settings) elif a.get_family: cmd.print_and_exit(settings.getFamily()) elif a.set_family: settings.setFamily(cmd.check_helper_family(a.set_family[0])) helper.update(settings) elif a.set_description: settings.setDescription(a.set_description) helper.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) helper.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.get_icmptypes: cmd.print_and_exit(" ".join(fw.config().getIcmpTypeNames())) elif a.new_icmptype: config = fw.config() config.addIcmpType(a.new_icmptype, FirewallClientIcmpTypeSettings()) elif a.new_icmptype_from_file: filename = os.path.basename(a.new_icmptype_from_file) dirname = os.path.dirname(a.new_icmptype_from_file) if dirname == "": dirname = "./" try: obj = icmptype_reader(filename, dirname) except FirewallError as msg: cmd.fail("Failed to load icmptype file '%s': %s" % \ (a.new_icmptype_from_file, msg)) except IOError as msg: cmd.fail("Failed to load icmptype file: %s" % msg) if a.name: obj.name = a.name config = fw.config() config.addIcmpType(obj.name, obj.export_config()) elif a.delete_icmptype: icmptype = fw.config().getIcmpTypeByName(a.delete_icmptype) icmptype.remove() elif a.load_icmptype_defaults: icmptype = fw.config().getIcmpTypeByName(a.load_icmptype_defaults) icmptype.loadDefaults() elif a.info_icmptype: icmptype = fw.config().getIcmpTypeByName(a.info_icmptype) cmd.print_icmptype_info(a.info_icmptype, icmptype.getSettings()) sys.exit(0) elif a.path_icmptype: icmptype = fw.config().getIcmpTypeByName(a.path_icmptype) cmd.print_and_exit("%s/%s" % (icmptype.get_property("path"), icmptype.get_property("filename"))) elif a.icmptype: icmptype = fw.config().getIcmpTypeByName(a.icmptype) settings = icmptype.getSettings() if a.add_destination: cmd.add_sequence(a.add_destination, settings.addDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") icmptype.update(settings) elif a.remove_destination: cmd.remove_sequence(a.remove_destination, settings.removeDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") icmptype.update(settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.check_destination_ipv , "'%s'") elif a.get_destinations: l = settings.getDestinations() if len(l) == 0: l = [ "ipv4", "ipv6" ] cmd.print_and_exit("\n".join(l)) elif a.set_description: settings.setDescription(a.set_description) icmptype.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) icmptype.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") elif a.service: service = fw.config().getServiceByName(a.service) settings = service.getSettings() if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") service.update(settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") service.update(settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") service.update(settings) elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") service.update(settings) elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") elif a.get_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") service.update(settings) elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") service.update(settings) elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.get_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_module: cmd.add_sequence(a.add_module, settings.addModule, settings.queryModule, None, "'%s'") service.update(settings) elif a.remove_module: cmd.remove_sequence(a.remove_module, settings.removeModule, settings.queryModule, None, "'%s'") service.update(settings) elif a.query_module: cmd.query_sequence(a.query_module, settings.queryModule, None, "'%s'") elif a.get_modules: l = settings.getModules() cmd.print_and_exit(" ".join(["%s" % module for module in l])) elif a.set_destination: cmd.add_sequence(a.set_destination, settings.setDestination, settings.queryDestination, cmd.parse_service_destination, "%s:%s") service.update(settings) elif a.remove_destination: # special case for removeDestination: Only ipv, no address for ipv in a.remove_destination: cmd.check_destination_ipv(ipv) if ipv not in settings.getDestinations(): if len(a.remove_destination) > 1: cmd.print_warning("Warning: NOT_ENABLED: '%s'" % ipv) else: code = FirewallError.get_code("NOT_ENABLED") cmd.print_and_exit("Error: NOT_ENABLED: '%s'" % ipv, code) else: settings.removeDestination(ipv) service.update(settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.parse_service_destination, "'%s'") elif a.get_destinations: l = settings.getDestinations() cmd.print_and_exit(" ".join(["%s:%s" % (dest[0], dest[1]) for dest in l.items()])) elif a.add_include: cmd.add_sequence(a.add_include, settings.addInclude, settings.queryInclude, None, "'%s'") service.update(settings) elif a.remove_include: cmd.remove_sequence(a.remove_include, settings.removeInclude, settings.queryInclude, None, "'%s'") service.update(settings) elif a.query_include: cmd.query_sequence(a.query_include, settings.queryInclude, None, "'%s'") elif a.get_includes: l = settings.getIncludes() cmd.print_and_exit(" ".join(["%s" % include for include in sorted(l)])) elif a.add_helper: cmd.add_sequence(a.add_helper, settings.addHelper, settings.queryHelper, None, "'%s'") service.update(settings) elif a.remove_helper: cmd.remove_sequence(a.remove_helper, settings.removeHelper, settings.queryHelper, None, "'%s'") service.update(settings) elif a.query_helper: cmd.query_sequence(a.query_helper, settings.queryHelper, None, "'%s'") elif a.get_service_helpers: l = settings.getHelpers() cmd.print_and_exit(" ".join(["%s" % helper for helper in sorted(l)])) elif a.set_description: settings.setDescription(a.set_description) service.update(settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) service.update(settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") # lockdown whitelist elif options_lockdown_whitelist: policies = fw.config().policies() # commands if a.list_lockdown_whitelist_commands: l = policies.getLockdownWhitelistCommands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, policies.addLockdownWhitelistCommand, policies.queryLockdownWhitelistCommand, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, policies.removeLockdownWhitelistCommand, policies.queryLockdownWhitelistCommand, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, policies.queryLockdownWhitelistCommand, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = policies.getLockdownWhitelistContexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, policies.addLockdownWhitelistContext, policies.queryLockdownWhitelistContext, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, policies.removeLockdownWhitelistContext, policies.queryLockdownWhitelistContext, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, policies.queryLockdownWhitelistContext, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = policies.getLockdownWhitelistUids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid is not None: cmd.add_sequence(a.add_lockdown_whitelist_uid, policies.addLockdownWhitelistUid, policies.queryLockdownWhitelistUid, None, "%s") elif a.remove_lockdown_whitelist_uid is not None: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, policies.removeLockdownWhitelistUid, policies.queryLockdownWhitelistUid, None, "%s") elif a.query_lockdown_whitelist_uid is not None: cmd.query_sequence(a.query_lockdown_whitelist_uid, policies.queryLockdownWhitelistUid, None, "%s") # users elif a.list_lockdown_whitelist_users: l = policies.getLockdownWhitelistUsers() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, policies.addLockdownWhitelistUser, policies.queryLockdownWhitelistUser, None, "%s") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, policies.removeLockdownWhitelistUser, policies.queryLockdownWhitelistUser, None, "%s") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, policies.queryLockdownWhitelistUser, None, "'%s'") elif options_direct: direct = fw.config().direct() if a.passthrough: if len(a.passthrough) < 2: cmd.fail("usage: --permanent --direct --passthrough { ipv4 | ipv6 | eb } ") cmd.print_msg(direct.addPassthrough(cmd.check_ipv(a.passthrough[0]), splitArgs(a.passthrough[1]))) if a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --permanent --direct --add-passthrough { ipv4 | ipv6 | eb } ") cmd.print_msg(direct.addPassthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1]))) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --permanent --direct --remove-passthrough { ipv4 | ipv6 | eb } ") direct.removePassthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --permanent --direct --query-passthrough { ipv4 | ipv6 | eb } ") cmd.print_query_result( direct.queryPassthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) sys.exit(0) elif a.get_passthroughs: rules = direct.getPassthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: for (ipv, rule) in direct.getAllPassthroughs(): cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: direct.addChain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: direct.removeChain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result( direct.queryChain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) sys.exit(0) elif a.get_chains: cmd.print_and_exit( " ".join(direct.getChains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) sys.exit(0) elif a.get_all_chains: chains = direct.getAllChains() for (ipv, table, chain) in chains: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --permanent --direct --add-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --add-rule { ipv4 | ipv6 | eb }
") direct.addRule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --permanent --direct --remove-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --remove-rule { ipv4 | ipv6 | eb }
") direct.removeRule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --permanent --direct --remove-rules { ipv4 | ipv6 | eb }
") direct.removeRules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --permanent --direct --query-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --permanent --direct --query-rule { ipv4 | ipv6 | eb }
") cmd.print_query_result( direct.queryRule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) sys.exit(0) elif a.get_rules: rules = direct.getRules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = direct.getAllRules() for (ipv, table, chain, priority, rule) in rules: cmd.print_msg("%s %s %s %d %s" % (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) elif a.list_all_policies: names = fw.config().getPolicyNames() for policy in sorted(names): settings = fw.config().getPolicyByName(policy).getSettings() cmd.print_policy_info(policy, settings) cmd.print_msg("") sys.exit(0) elif a.policy: fw_policy = fw.config().getPolicyByName(a.policy) settings = fw_policy.getSettings() # list all policy settings if a.list_all: cmd.print_policy_info(a.policy, settings) sys.exit(0) # ingress zones elif a.list_ingress_zones: l = settings.getIngressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_ingress_zone: cmd.add_sequence(a.add_ingress_zone, settings.addIngressZone, settings.queryIngressZone, None, "'%s'") elif a.remove_ingress_zone: cmd.remove_sequence(a.remove_ingress_zone, settings.removeIngressZone, settings.queryIngressZone, None, "'%s'") elif a.query_ingress_zone: cmd.query_sequence(a.query_ingress_zone, settings.queryIngressZone, None, "'%s'") # egress zones elif a.list_egress_zones: l = settings.getEgressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_egress_zone: cmd.add_sequence(a.add_egress_zone, settings.addEgressZone, settings.queryEgressZone, None, "'%s'") elif a.remove_egress_zone: cmd.remove_sequence(a.remove_egress_zone, settings.removeEgressZone, settings.queryEgressZone, None, "'%s'") elif a.query_egress_zone: cmd.query_sequence(a.query_egress_zone, settings.queryEgressZone, None, "'%s'") # priority elif a.get_priority: cmd.print_and_exit(str(settings.getPriority())) elif a.set_priority: settings.setPriority(a.set_priority) # rich rules elif a.list_rich_rules: l = settings.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, settings.addRichRule, settings.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, settings.removeRichRule, settings.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, settings.queryRichRule, None, "'%s'") # service elif a.list_services: l = settings.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, settings.addService, settings.queryService, None, "'%s'") elif a.remove_service: cmd.remove_sequence(a.remove_service, settings.removeService, settings.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, settings.queryService, None, "'%s'") # port elif a.list_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") # masquerade elif a.add_masquerade: settings.addMasquerade() elif a.remove_masquerade: settings.removeMasquerade() elif a.query_masquerade: cmd.print_query_result(settings.queryMasquerade()) # forward port elif a.list_forward_ports: l = settings.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, settings.addForwardPort, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, settings.removeForwardPort, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = settings.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, settings.addIcmpBlock, settings.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, settings.removeIcmpBlock, settings.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, settings.queryIcmpBlock, None, "'%s'") # target elif a.get_target: target = settings.getTarget() cmd.print_and_exit(target) elif a.set_target: settings.setTarget(a.set_target) # set description elif a.set_description: settings = fw.config().getPolicyByName(a.policy).getSettings() settings.setDescription(a.set_description) # get description elif a.get_description: settings = fw.config().getPolicyByName(a.policy).getSettings() cmd.print_and_exit(settings.getDescription()) # set short description elif a.set_short: settings = fw.config().getPolicyByName(a.policy).getSettings() settings.setShort(a.set_short) # get short description elif a.get_short: settings = fw.config().getPolicyByName(a.policy).getSettings() cmd.print_and_exit(settings.getShort()) fw_policy.update(settings) else: if zone == "": zone = fw.getDefaultZone() fw_zone = fw.config().getZoneByName(zone) # interface if a.list_interfaces: interfaces = sorted(set(try_nm_get_interfaces_in_zone(zone)) | set(fw_zone.getInterfaces())) cmd.print_and_exit(" ".join(interfaces)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: # ask NM before checking our config zone = try_get_zone_of_interface(interface) if not zone: zone = fw.config().getZoneOfInterface(interface) if zone: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.fail("no zone") elif a.change_interface: interfaces = [ ] for interface in a.change_interface: if not try_set_zone_of_interface(zone, interface): interfaces.append(interface) for interface in interfaces: old_zone_name = fw.config().getZoneOfInterface(interface) if old_zone_name != zone: if old_zone_name: old_zone_obj = fw.config().getZoneByName(old_zone_name) old_zone_obj.removeInterface(interface)# remove from old fw_zone.addInterface(interface) # add to new elif a.add_interface: interfaces = [ ] for interface in a.add_interface: if not try_set_zone_of_interface(a.zone, interface): interfaces.append(interface) cmd.add_sequence(interfaces, fw_zone.addInterface, fw_zone.queryInterface, None, "'%s'") elif a.remove_interface: interfaces = [ ] for interface in a.remove_interface: if not try_set_zone_of_interface("", interface): interfaces.append(interface) cmd.remove_sequence(interfaces, fw_zone.removeInterface, fw_zone.queryInterface, None, "'%s'") elif a.query_interface: cmd.query_sequence(a.query_interface, fw_zone.queryInterface, None, "'%s'") # source if a.list_sources: sources = fw_zone.getSources() cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: zone = fw.config().getZoneOfSource(source) if zone: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.fail("no zone") elif a.change_source: for source in a.change_source: old_zone_name = fw.config().getZoneOfSource(source) if old_zone_name != zone: if old_zone_name: old_zone_obj = fw.config().getZoneByName(old_zone_name) old_zone_obj.removeSource(source) # remove from old fw_zone.addSource(source) # add to new elif a.add_source: cmd.add_sequence(a.add_source, fw_zone.addSource, fw_zone.querySource, None, "'%s'") elif a.remove_source: cmd.remove_sequence(a.remove_source, fw_zone.removeSource, fw_zone.querySource, None, "'%s'") elif a.query_source: cmd.query_sequence(a.query_source, fw_zone.querySource, None, "'%s'") # rich rules if a.list_rich_rules: l = fw_zone.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, fw_zone.addRichRule, fw_zone.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, fw_zone.removeRichRule, fw_zone.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, fw_zone.queryRichRule, None, "'%s'") # service if a.list_services: l = fw_zone.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, fw_zone.addService, fw_zone.queryService, None, "'%s'") elif a.remove_service: cmd.remove_sequence(a.remove_service, fw_zone.removeService, fw_zone.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, fw_zone.queryService, None, "'%s'") # port elif a.list_ports: l = fw_zone.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.add_sequence(a.add_port, fw_zone.addPort, fw_zone.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, fw_zone.removePort, fw_zone.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, fw_zone.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = fw_zone.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, fw_zone.addProtocol, fw_zone.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, fw_zone.removeProtocol, fw_zone.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, fw_zone.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw_zone.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, fw_zone.addSourcePort, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, fw_zone.removeSourcePort, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, fw_zone.querySourcePort, cmd.parse_port, "%s/%s") # forward elif a.add_forward: fw_zone.addForward() elif a.remove_forward: fw_zone.removeForward() elif a.query_forward: cmd.print_query_result(fw_zone.queryForward()) # masquerade elif a.add_masquerade: fw_zone.addMasquerade() elif a.remove_masquerade: fw_zone.removeMasquerade() elif a.query_masquerade: cmd.print_query_result(fw_zone.queryMasquerade()) # forward port elif a.list_forward_ports: l = fw_zone.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, fw_zone.addForwardPort, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, fw_zone.removeForwardPort, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, fw_zone.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = fw_zone.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, fw_zone.addIcmpBlock, fw_zone.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, fw_zone.removeIcmpBlock, fw_zone.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, fw_zone.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw_zone.addIcmpBlockInversion() elif a.remove_icmp_block_inversion: fw_zone.removeIcmpBlockInversion() elif a.query_icmp_block_inversion: cmd.print_query_result(fw_zone.queryIcmpBlockInversion()) # zone target elif a.get_target: target = fw_zone.getTarget() cmd.print_and_exit(target if target != "%%REJECT%%" else "REJECT") elif a.set_target: fw_zone.setTarget(a.set_target if a.set_target != "REJECT" else "%%REJECT%%") # list all zone settings elif a.list_all: interfaces = try_nm_get_interfaces_in_zone(zone) cmd.print_zone_info(zone, fw_zone.getSettings(), extra_interfaces=interfaces) sys.exit(0) # list everything elif a.list_all_zones: names = fw.config().getZoneNames() for zone in sorted(names): interfaces = try_nm_get_interfaces_in_zone(zone) settings = fw.config().getZoneByName(zone).getSettings() cmd.print_zone_info(zone, settings, extra_interfaces=interfaces) cmd.print_msg("") sys.exit(0) # set zone description elif a.set_description: settings = fw.config().getZoneByName(zone).getSettings() settings.setDescription(a.set_description) fw_zone.update(settings) # get zone description elif a.get_description: settings = fw.config().getZoneByName(zone).getSettings() cmd.print_and_exit(settings.getDescription()) # set zone short description elif a.set_short: settings = fw.config().getZoneByName(zone).getSettings() settings.setShort(a.set_short) fw_zone.update(settings) # get zone short description elif a.get_short: settings = fw.config().getZoneByName(zone).getSettings() cmd.print_and_exit(settings.getShort()) elif a.version: cmd.print_and_exit(fw.get_property("version")) elif a.state: state = fw.get_property("state") if state == "RUNNING": cmd.print_and_exit ("running") elif state == "FAILED": cmd.print_and_exit("failed", errors.RUNNING_BUT_FAILED) else: cmd.print_and_exit ("not running", errors.NOT_RUNNING) elif a.get_log_denied: cmd.print_and_exit(fw.getLogDenied()) elif a.set_log_denied: fw.setLogDenied(a.set_log_denied) elif a.get_automatic_helpers: cmd.print_and_exit(fw.getAutomaticHelpers()) elif a.set_automatic_helpers: fw.setAutomaticHelpers(a.set_automatic_helpers) elif a.get_ipset_types: types = fw.get_property("IPSetTypes") cmd.print_and_exit(" ".join(sorted(types))) elif a.reload: fw.reload() elif a.complete_reload: fw.complete_reload() elif a.runtime_to_permanent: fw.runtimeToPermanent() elif a.check_config: fw.checkPermanentConfig() elif a.direct: if a.passthrough: if len(a.passthrough) < 2: cmd.fail("usage: --direct --passthrough { ipv4 | ipv6 | eb } ") msg = fw.passthrough(cmd.check_ipv(a.passthrough[0]), splitArgs(a.passthrough[1])) if msg: sys.stdout.write(msg + "\n") elif a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --direct --add-passthrough { ipv4 | ipv6 | eb } ") fw.addPassthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1])) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --direct --remove-passthrough { ipv4 | ipv6 | eb } ") fw.removePassthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --direct --query-passthrough { ipv4 | ipv6 | eb } ") cmd.print_query_result( fw.queryPassthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) elif a.get_passthroughs: rules = fw.getPassthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: for (ipv, rule) in fw.getAllPassthroughs(): cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: fw.addChain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: fw.removeChain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result(fw.queryChain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) elif a.get_chains: cmd.print_and_exit(" ".join(fw.getChains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) elif a.get_all_chains: chains = fw.getAllChains() for (ipv, table, chain) in chains: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb }
") fw.addRule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") fw.removeRule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --direct --remove-rules { ipv4 | ipv6 | eb }
") fw.removeRules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") cmd.print_query_result( fw.queryRule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) elif a.get_rules: rules = fw.getRules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = fw.getAllRules() for (ipv, table, chain, priority, rule) in rules: cmd.print_msg("%s %s %s %d %s" % (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) elif a.get_default_zone: cmd.print_and_exit(fw.getDefaultZone()) elif a.set_default_zone: fw.setDefaultZone(a.set_default_zone) elif a.get_zones: cmd.print_and_exit(" ".join(fw.getZones())) elif a.get_active_zones: zones = fw.getActiveZones() for zone in zones: cmd.print_msg("%s" % zone) for x in [ "interfaces", "sources" ]: if x in zones[zone]: cmd.print_msg(" %s: %s" % (x, " ".join(zones[zone][x]))) sys.exit(0) elif a.get_policies: cmd.print_and_exit(" ".join(fw.getPolicies())) elif a.get_active_policies: policies = fw.getActivePolicies() for policy in policies: cmd.print_msg("%s" % policy) for x in [ "ingress_zones", "egress_zones" ]: if x in policies[policy]: cmd.print_msg(" %s: %s" % (x.replace("_", "-"), " ".join(policies[policy][x]))) sys.exit(0) elif a.get_services: l = fw.listServices() cmd.print_and_exit(" ".join(l)) elif a.get_icmptypes: l = fw.listIcmpTypes() cmd.print_and_exit(" ".join(l)) # panic elif a.panic_on: fw.enablePanicMode() elif a.panic_off: fw.disablePanicMode() elif a.query_panic: cmd.print_query_result(fw.queryPanicMode()) # ipset elif a.get_ipsets: ipsets = fw.getIPSets() cmd.print_and_exit(" ".join(sorted(ipsets))) elif a.info_ipset: cmd.print_ipset_info(a.info_ipset, fw.getIPSetSettings(a.info_ipset)) sys.exit(0) elif a.add_entry: cmd.x_add_sequence(a.ipset, a.add_entry, fw.addEntry, fw.queryEntry, None, "'%s'") elif a.remove_entry: cmd.x_remove_sequence(a.ipset, a.remove_entry, fw.removeEntry, fw.queryEntry, None, "'%s'") elif a.query_entry: cmd.x_query_sequence(a.ipset, a.query_entry, fw.queryEntry, None, "'%s'") elif a.get_entries: l = fw.getEntries(a.ipset) cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: old_entries = fw.getEntries(a.ipset) changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose("Warning: ALREADY_ENABLED: %s" % entry) if changed: fw.setEntries(a.ipset, old_entries) elif a.remove_entries_from_file: old_entries = fw.getEntries(a.ipset) changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % entry) if changed: fw.setEntries(a.ipset, old_entries) # helper elif a.get_helpers: helpers = fw.getHelpers() cmd.print_and_exit(" ".join(sorted(helpers))) elif a.info_helper: cmd.print_helper_info(a.info_helper, fw.getHelperSettings(a.info_helper)) sys.exit(0) # lockdown elif a.lockdown_on: fw.config().set_property("Lockdown", "yes") # permanent fw.enableLockdown() # runtime elif a.lockdown_off: fw.config().set_property("Lockdown", "no") # permanent fw.disableLockdown() # runtime elif a.query_lockdown: cmd.print_query_result(fw.queryLockdown()) # runtime #lockdown = fw.config().get_property("Lockdown") #cmd.print_query_result(lockdown.lower() in [ "yes", "true" ]) # lockdown whitelist # commands elif a.list_lockdown_whitelist_commands: l = fw.getLockdownWhitelistCommands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, fw.addLockdownWhitelistCommand, fw.queryLockdownWhitelistCommand, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, fw.removeLockdownWhitelistCommand, fw.queryLockdownWhitelistCommand, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, fw.queryLockdownWhitelistCommand, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = fw.getLockdownWhitelistContexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, fw.addLockdownWhitelistContext, fw.queryLockdownWhitelistContext, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, fw.removeLockdownWhitelistContext, fw.queryLockdownWhitelistContext, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, fw.queryLockdownWhitelistContext, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = fw.getLockdownWhitelistUids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid is not None: cmd.add_sequence(a.add_lockdown_whitelist_uid, fw.addLockdownWhitelistUid, fw.queryLockdownWhitelistUid, None, "'%s'") elif a.remove_lockdown_whitelist_uid is not None: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, fw.removeLockdownWhitelistUid, fw.queryLockdownWhitelistUid, None, "'%s'") elif a.query_lockdown_whitelist_uid is not None: cmd.query_sequence(a.query_lockdown_whitelist_uid, fw.queryLockdownWhitelistUid, None, "'%s'") # users elif a.list_lockdown_whitelist_users: l = fw.getLockdownWhitelistUsers() cmd.print_and_exit(" ".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, fw.addLockdownWhitelistUser, fw.queryLockdownWhitelistUser, None, "'%s'") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, fw.removeLockdownWhitelistUser, fw.queryLockdownWhitelistUser, None, "'%s'") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, fw.queryLockdownWhitelistUser, None, "'%s'") # interface elif a.list_interfaces: l = fw.getInterfaces(zone) cmd.print_and_exit(" ".join(l)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: zone = fw.getZoneOfInterface(interface) if zone: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.fail("no zone") elif a.add_interface: interfaces = [ ] for interface in a.add_interface: interfaces.append(interface) cmd.x_add_sequence(zone, interfaces, fw.addInterface, fw.queryInterface, None, "'%s'") elif a.change_interface: interfaces = [ ] for interface in a.change_interface: interfaces.append(interface) cmd.x_add_sequence(zone, interfaces, fw.changeZoneOfInterface, fw.queryInterface, None, "'%s'") elif a.remove_interface: interfaces = [ ] for interface in a.remove_interface: interfaces.append(interface) cmd.x_remove_sequence(zone, interfaces, fw.removeInterface, fw.queryInterface, None, "'%s'") elif a.query_interface: cmd.x_query_sequence(zone, a.query_interface, fw.queryInterface, None, "'%s'") # source elif a.list_sources: sources = fw.getSources(zone) cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: zone = fw.getZoneOfSource(source) if zone: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, zone)) else: cmd.print_and_exit(zone) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.fail("no zone") sys.exit(0) elif a.add_source: cmd.x_add_sequence(zone, a.add_source, fw.addSource, fw.querySource, None, "'%s'") elif a.change_source: cmd.x_add_sequence(zone, a.change_source, fw.changeZoneOfSource, fw.querySource, None, "'%s'") elif a.remove_source: cmd.x_remove_sequence(zone, a.remove_source, fw.removeSource, fw.querySource, None, "'%s'") elif a.query_source: cmd.x_query_sequence(zone, a.query_source, fw.querySource, None, "'%s'") # policy elif a.policy: settings = fw.getPolicySettings(a.policy) if a.list_all: cmd.print_policy_info(a.policy, settings) sys.exit(0) # ingress zones elif a.list_ingress_zones: l = settings.getIngressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_ingress_zone: cmd.add_sequence(a.add_ingress_zone, settings.addIngressZone, settings.queryIngressZone, None, "'%s'") elif a.remove_ingress_zone: cmd.remove_sequence(a.remove_ingress_zone, settings.removeIngressZone, settings.queryIngressZone, None, "'%s'") elif a.query_ingress_zone: cmd.query_sequence(a.query_ingress_zone, settings.queryIngressZone, None, "'%s'") # egress zones elif a.list_egress_zones: l = settings.getEgressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_egress_zone: cmd.add_sequence(a.add_egress_zone, settings.addEgressZone, settings.queryEgressZone, None, "'%s'") elif a.remove_egress_zone: cmd.remove_sequence(a.remove_egress_zone, settings.removeEgressZone, settings.queryEgressZone, None, "'%s'") elif a.query_egress_zone: cmd.query_sequence(a.query_egress_zone, settings.queryEgressZone, None, "'%s'") # rich rules elif a.list_rich_rules: l = settings.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, settings.addRichRule, settings.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, settings.removeRichRule, settings.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, settings.queryRichRule, None, "'%s'") # service if a.list_services: l = settings.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, settings.addService, settings.queryService, None, "'%s'") elif a.remove_service: cmd.remove_sequence(a.remove_service, settings.removeService, settings.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, settings.queryService, None, "'%s'") # port elif a.list_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") # masquerade elif a.add_masquerade: settings.addMasquerade() elif a.remove_masquerade: settings.removeMasquerade() elif a.query_masquerade: cmd.print_query_result(settings.queryMasquerade()) # forward port elif a.list_forward_ports: l = settings.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, settings.addForwardPort, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, settings.removeForwardPort, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = settings.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, settings.addIcmpBlock, settings.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, settings.removeIcmpBlock, settings.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, settings.queryIcmpBlock, None, "'%s'") fw.setPolicySettings(a.policy, settings) # endif a.policy # # else zone: # rich rules elif a.list_rich_rules: l = fw.getRichRules(zone) cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.zone_add_timeout_sequence(zone, a.add_rich_rule, fw.addRichRule, fw.queryRichRule, None, "'%s'", a.timeout) elif a.remove_rich_rule: cmd.x_remove_sequence(zone, a.remove_rich_rule, fw.removeRichRule, fw.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.x_query_sequence(zone, a.query_rich_rule, fw.queryRichRule, None, "'%s'") # service elif a.list_services: l = fw.getServices(zone) cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.zone_add_timeout_sequence(zone, a.add_service, fw.addService, fw.queryService, None, "'%s'", a.timeout) elif a.remove_service: cmd.x_remove_sequence(zone, a.remove_service, fw.removeService, fw.queryService, None, "'%s'") elif a.query_service: cmd.x_query_sequence(zone, a.query_service, fw.queryService, None, "'%s'") # port elif a.list_ports: l = fw.getPorts(zone) cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.zone_add_timeout_sequence(zone, a.add_port, fw.addPort, fw.queryPort, cmd.parse_port, "'%s/%s'", a.timeout) elif a.remove_port: cmd.x_remove_sequence(zone, a.remove_port, fw.removePort, fw.queryPort, cmd.parse_port, "'%s/%s'") elif a.query_port: cmd.x_query_sequence(zone, a.query_port, fw.queryPort, cmd.parse_port, "'%s/%s'") # protocol elif a.list_protocols: l = fw.getProtocols(zone) cmd.print_and_exit(" ".join(["%s" % protocol for protocol in sorted(l)])) elif a.add_protocol: cmd.zone_add_timeout_sequence(zone, a.add_protocol, fw.addProtocol, fw.queryProtocol, None, "'%s'", a.timeout) elif a.remove_protocol: cmd.x_remove_sequence(zone, a.remove_protocol, fw.removeProtocol, fw.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.x_query_sequence(zone, a.query_protocol, fw.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw.getSourcePorts(zone) cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.zone_add_timeout_sequence(zone, a.add_source_port, fw.addSourcePort, fw.querySourcePort, cmd.parse_port, "'%s/%s'", a.timeout) elif a.remove_source_port: cmd.x_remove_sequence(zone, a.remove_source_port, fw.removeSourcePort, fw.querySourcePort, cmd.parse_port, "'%s/%s'") elif a.query_source_port: cmd.x_query_sequence(zone, a.query_source_port, fw.querySourcePort, cmd.parse_port, "'%s/%s'") # forward elif a.add_forward: fw.addForward(zone) elif a.remove_forward: fw.removeForward(zone) elif a.query_forward: cmd.print_query_result(fw.queryForward(zone)) # masquerade elif a.add_masquerade: fw.addMasquerade(zone, a.timeout) elif a.remove_masquerade: fw.removeMasquerade(zone) elif a.query_masquerade: cmd.print_query_result(fw.queryMasquerade(zone)) # forward port elif a.list_forward_ports: l = fw.getForwardPorts(zone) cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (port, protocol, toport, toaddr) for (port, protocol, toport, toaddr) in l])) elif a.add_forward_port: cmd.zone_add_timeout_sequence(zone, a.add_forward_port, fw.addForwardPort, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'", a.timeout) elif a.remove_forward_port: cmd.x_remove_sequence(zone, a.remove_forward_port, fw.removeForwardPort, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'") elif a.query_forward_port: cmd.x_query_sequence(zone, a.query_forward_port, fw.queryForwardPort, cmd.parse_forward_port, "'port=%s:proto=%s:toport=%s:toaddr=%s'") # block icmp elif a.list_icmp_blocks: l = fw.getIcmpBlocks(zone) cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.zone_add_timeout_sequence(zone, a.add_icmp_block, fw.addIcmpBlock, fw.queryIcmpBlock, None, "'%s'", a.timeout) elif a.remove_icmp_block: cmd.x_remove_sequence(zone, a.remove_icmp_block, fw.removeIcmpBlock, fw.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.x_query_sequence(zone, a.query_icmp_block, fw.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw.addIcmpBlockInversion(zone) elif a.remove_icmp_block_inversion: fw.removeIcmpBlockInversion(zone) elif a.query_icmp_block_inversion: cmd.print_query_result(fw.queryIcmpBlockInversion(zone)) # list all elif a.list_all: z = zone if zone else fw.getDefaultZone() cmd.print_zone_info(z, fw.getZoneSettings(z)) sys.exit(0) # list everything elif a.list_all_zones: for zone in fw.getZones(): cmd.print_zone_info(zone, fw.getZoneSettings(zone)) cmd.print_msg("") sys.exit(0) elif a.list_all_policies: for policy in fw.getPolicies(): cmd.print_policy_info(policy, fw.getPolicySettings(policy)) cmd.print_msg("") sys.exit(0) elif a.info_zone: cmd.print_zone_info(a.info_zone, fw.getZoneSettings(a.info_zone), True) sys.exit(0) elif a.info_policy: cmd.print_policy_info(a.info_policy, fw.getPolicySettings(a.info_policy)) sys.exit(0) elif a.info_service: cmd.print_service_info(a.info_service, fw.getServiceSettings(a.info_service)) sys.exit(0) elif a.info_icmptype: cmd.print_icmptype_info(a.info_icmptype, fw.getIcmpTypeSettings(a.info_icmptype)) sys.exit(0) cmd.print_and_exit("success") firewalld-1.1.1/src/firewall-config.in0000755000000000000000000121225214217342322017660 0ustar00rootroot00000000000000#!@PYTHON@ # -*- coding: utf-8 -*- # # Copyright (C) 2011-2015 Red Hat, Inc. # # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import sys import string import gi try: gi.require_version('Gtk', '3.0') from gi.repository import Gtk, Gdk, Pango, Gio Gtk.init(sys.argv) except RuntimeError as e: print("firewall-config: %s" % e) print("This is a graphical application and requires DISPLAY to be set.") sys.exit(1) from gi.repository import GObject, GLib sys.modules['gobject'] = GObject import os datadir = None if os.getenv("FIREWALLD_DEVEL_ENV") is not None: datadir = os.getenv("FIREWALLD_DEVEL_ENV") sys.path.insert(0, datadir) from dbus.exceptions import DBusException from firewall import config from firewall import client from firewall import functions from firewall.core.base import DEFAULT_ZONE_TARGET, REJECT_TYPES, \ SOURCE_IPSET_TYPES from firewall.core.ipset import IPSET_MAXNAMELEN from firewall.core.helper import HELPER_MAXNAMELEN from firewall.core.io.zone import Zone from firewall.core.io.service import Service from firewall.core.io.icmptype import IcmpType from firewall.core.io.ipset import IPSet from firewall.core.io.helper import Helper from firewall.core import rich from firewall.core.fw_nm import nm_is_imported, nm_get_dbus_interface, \ nm_get_connections, nm_get_zone_of_connection, \ nm_set_zone_of_connection from firewall import errors from firewall.errors import FirewallError import gettext gettext.textdomain(config.DOMAIN) _ = gettext.gettext if not datadir: datadir = config.DATADIR sys.path.insert(0, datadir) from gtk3_chooserbutton import ChooserButton from gtk3_niceexpander import NiceExpander def escape(text): text = text.replace('&', '&') text = text.replace('>', '>') text = text.replace('<', '<') return text FIREWALL_CONFIG_SCHEMA = "org.fedoraproject.FirewallConfig" class FirewallConfig(object): def __init__(self): builder = Gtk.Builder() builder.set_translation_domain("firewalld") builder.add_from_file("%s/%s" % (datadir, config.CONFIG_GLADE_NAME)) builder.connect_signals(self) self.connected_label = _("Connection to firewalld established.") self.trying_to_connect_label = \ _("Trying to connect to firewalld, waiting...") self.failed_to_connect_label = \ _("Failed to connect to firewalld. Please make sure that the " "service has been started correctly and try again.") self.changes_applied_label = _("Changes applied.") self.used_by_label = _("Used by network connection '%s'") self.default_zone_used_by_label = _("Default zone used by network " "connection '%s'") self.enabled = _("enabled") self.disabled = _("disabled") self.settings = Gio.Settings.new(FIREWALL_CONFIG_SCHEMA) self.modified_timer = None self.connection_timer = None self.zone_connection_editors = { } self.zone_interface_editors = { } self.zone_source_editors = { } self.default_zone = "" self.nf_conntrack_helpers = { } # point to the visible dialogs self.visible_dialogs = [ ] self.connection_lost = False # get icon and logo (foo, width, height) = Gtk.icon_size_lookup(Gtk.IconSize.BUTTON) size = min(width, height) self.icon_theme = Gtk.IconTheme.get_default() try: self.icon = self.icon_theme.load_icon(config.CONFIG_NAME, size, 0) self.logo = self.icon_theme.load_icon(config.CONFIG_NAME, 48, 0) except: print(_("Failed to load icons.")) self.icon = self.logo = None # get widgets self.mainWindow = builder.get_object("mainWindow") self.mainWindow.set_icon(self.icon) self.mainOverlay = builder.get_object("mainOverlay") self.mainPaned = builder.get_object("mainPaned") self.statusLabel = builder.get_object("statusLabel") self.modifiedLabel = builder.get_object("modifiedLabel") self.lockdownLabel = builder.get_object("lockdownLabel") self.panicLabel = builder.get_object("panicLabel") self.waitingWindow = builder.get_object("waitingWindow") self.waitingWindowLabel = builder.get_object("waitingWindowLabel") self.waitingWindowSpinner = builder.get_object("waitingWindowSpinner") self.waitingWindowQuitButton = \ builder.get_object("waitingWindowQuitButton") self.mainOverlay.add_overlay(self.waitingWindow) self.waitingWindow.set_valign(Gtk.Align.CENTER) self.waitingWindow.set_halign(Gtk.Align.CENTER) self.mainNotebook = builder.get_object("mainNotebook") self.ipsetsBox = builder.get_object("ipsetsBox") self.ipsetsMenuitem = builder.get_object("ipsetsMenuitem") self.icmpTypesBox = builder.get_object("icmpTypesBox") self.icmpTypesMenuitem = builder.get_object("icmpTypesMenuitem") self.helpersBox = builder.get_object("helpersBox") self.helpersMenuitem = builder.get_object("helpersMenuitem") self.directBox = builder.get_object("directBox") self.directMenuitem = builder.get_object("directMenuitem") self.lockdownWhitelistBox = builder.get_object("lockdownWhitelistBox") self.lockdownWhitelistMenuitem = \ builder.get_object("lockdownWhitelistMenuitem") self.activeBindingsMenuitem = \ builder.get_object("activeBindingsMenuitem") self.changeZonesConnectionMenuitem = \ builder.get_object("changeZonesConnectionMenuitem") self.left_menu = Gtk.Menu.new() self.left_menu.set_reserve_toggle_size(False) self.changeZonesConnectionMenuitem.set_submenu(self.left_menu) self.changeZonesConnectionMenuitem.connect( "activate", self.left_menu_cb, self.left_menu) self.active_zones = { } self.panicMenuitem = builder.get_object("panicMenuitem") self.panic_check_id = \ self.panicMenuitem.connect_after("toggled", self.panic_check_cb) self.lockdownMenuitem = builder.get_object("lockdownMenuitem") self.lockdown_check_id = \ self.lockdownMenuitem.connect_after("toggled", self.lockdown_check_cb) self.lockdownContextView = builder.get_object("lockdownContextView") self.lockdownContextStore = Gtk.ListStore(GObject.TYPE_STRING) self.lockdownContextView.append_column( Gtk.TreeViewColumn(_("Context"), Gtk.CellRendererText(), text=0)) self.lockdownContextView.set_model(self.lockdownContextStore) self.lockdownContextView.get_selection().connect( \ "changed", self.change_lockdown_context_selection_cb) self.editLockdownContextButton = \ builder.get_object("editLockdownContextButton") self.removeLockdownContextButton = \ builder.get_object("removeLockdownContextButton") self.contextDialog = builder.get_object("contextDialog") self.contextDialogOkButton = builder.get_object("contextDialogOkButton") self.contextDialogCancelButton = \ builder.get_object("contextDialogCancelButton") self.contextDialogContextEntry = \ builder.get_object("contextDialogContextEntry") self.lockdownCommandView = builder.get_object("lockdownCommandView") self.lockdownCommandStore = Gtk.ListStore(GObject.TYPE_STRING) self.lockdownCommandView.append_column( Gtk.TreeViewColumn(_("Command line"), Gtk.CellRendererText(), text=0)) self.lockdownCommandView.set_model(self.lockdownCommandStore) self.lockdownCommandView.get_selection().connect( \ "changed", self.change_lockdown_command_selection_cb) self.editLockdownCommandButton = \ builder.get_object("editLockdownCommandButton") self.removeLockdownCommandButton = \ builder.get_object("removeLockdownCommandButton") self.commandDialog = builder.get_object("commandDialog") self.commandDialogOkButton = builder.get_object("commandDialogOkButton") self.commandDialogCancelButton = \ builder.get_object("commandDialogCancelButton") self.commandDialogCommandEntry = \ builder.get_object("commandDialogCommandEntry") self.lockdownUserView = builder.get_object("lockdownUserView") self.lockdownUserStore = Gtk.ListStore(GObject.TYPE_STRING) self.lockdownUserView.append_column( Gtk.TreeViewColumn(_("User name"), Gtk.CellRendererText(), text=0)) self.lockdownUserView.set_model(self.lockdownUserStore) self.lockdownUserView.get_selection().connect( \ "changed", self.change_lockdown_user_selection_cb) self.editLockdownUserButton = \ builder.get_object("editLockdownUserButton") self.removeLockdownUserButton = \ builder.get_object("removeLockdownUserButton") self.userDialog = builder.get_object("userDialog") self.userDialogOkButton = builder.get_object("userDialogOkButton") self.userDialogCancelButton = \ builder.get_object("userDialogCancelButton") self.userDialogUserEntry = \ builder.get_object("userDialogUserEntry") self.lockdownUidView = builder.get_object("lockdownUidView") self.lockdownUidStore = Gtk.ListStore(GObject.TYPE_INT) self.lockdownUidView.append_column( Gtk.TreeViewColumn(_("User id"), Gtk.CellRendererText(), text=0)) self.lockdownUidView.set_model(self.lockdownUidStore) self.lockdownUidView.get_selection().connect( \ "changed", self.change_lockdown_uid_selection_cb) self.editLockdownUidButton = \ builder.get_object("editLockdownUidButton") self.removeLockdownUidButton = \ builder.get_object("removeLockdownUidButton") self.uidDialog = builder.get_object("uidDialog") self.uidDialogOkButton = builder.get_object("uidDialogOkButton") self.uidDialogCancelButton = \ builder.get_object("uidDialogCancelButton") self.uidDialogUidEntry = \ builder.get_object("uidDialogUidEntry") self.serviceConfServicesEditBox = \ builder.get_object("serviceConfServicesEditBox") self.serviceConfPortBox = \ builder.get_object("serviceConfPortBox") self.serviceConfProtocolBox = \ builder.get_object("serviceConfProtocolBox") self.serviceConfSourcePortBox = \ builder.get_object("serviceConfSourcePortBox") self.serviceConfModuleBox = \ builder.get_object("serviceConfModuleBox") self.serviceConfDestinationGrid = \ builder.get_object("serviceConfDestinationGrid") self.icmpDialogIcmpEditBox = \ builder.get_object("icmpDialogIcmpEditBox") self.directChainView = builder.get_object("directChainView") self.directChainStore = Gtk.ListStore(GObject.TYPE_STRING, # ipv GObject.TYPE_STRING, # table GObject.TYPE_STRING) # chain self.directChainView.append_column( Gtk.TreeViewColumn("ipv", Gtk.CellRendererText(), text=0)) self.directChainView.append_column( Gtk.TreeViewColumn(_("Table"), Gtk.CellRendererText(), text=1)) self.directChainView.append_column( Gtk.TreeViewColumn(_("Chain"), Gtk.CellRendererText(), text=2)) self.directChainView.set_model(self.directChainStore) self.directChainView.get_selection().connect( \ "changed", self.change_chain_selection_cb) self.editDirectChainButton = \ builder.get_object("editDirectChainButton") self.removeDirectChainButton = \ builder.get_object("removeDirectChainButton") self.directChainDialog = builder.get_object("directChainDialog") self.directChainDialogOkButton = \ builder.get_object("directChainDialogOkButton") self.directChainDialogCancelButton = \ builder.get_object("directChainDialogCancelButton") self.directChainDialogIPVCombobox = \ builder.get_object("directChainDialogIPVCombobox") self.directChainDialogTableCombobox = \ builder.get_object("directChainDialogTableCombobox") self.directChainDialogChainEntry = \ builder.get_object("directChainDialogChainEntry") self.directRuleView = builder.get_object("directRuleView") self.directRuleStore = Gtk.ListStore(GObject.TYPE_STRING, # ipv GObject.TYPE_STRING, # table GObject.TYPE_STRING, # chain GObject.TYPE_INT, # priority GObject.TYPE_STRING) # args self.directRuleView.append_column( Gtk.TreeViewColumn("ipv", Gtk.CellRendererText(), text=0)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Table"), Gtk.CellRendererText(), text=1)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Chain"), Gtk.CellRendererText(), text=2)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Priority"), Gtk.CellRendererText(), text=3)) self.directRuleView.append_column( Gtk.TreeViewColumn(_("Args"), Gtk.CellRendererText(), text=4)) self.directRuleView.set_model(self.directRuleStore) self.directRuleView.get_selection().connect( \ "changed", self.change_rule_selection_cb) self.editDirectRuleButton = \ builder.get_object("editDirectRuleButton") self.removeDirectRuleButton = \ builder.get_object("removeDirectRuleButton") self.directRuleDialog = builder.get_object("directRuleDialog") self.directRuleDialogOkButton = \ builder.get_object("directRuleDialogOkButton") self.directRuleDialogCancelButton = \ builder.get_object("directRuleDialogCancelButton") self.directRuleDialogIPVCombobox = \ builder.get_object("directRuleDialogIPVCombobox") self.directRuleDialogTableCombobox = \ builder.get_object("directRuleDialogTableCombobox") self.directRuleDialogChainEntry = \ builder.get_object("directRuleDialogChainEntry") self.directRuleDialogPrioritySpinbutton = \ builder.get_object("directRuleDialogPrioritySpinbutton") self.directRuleDialogArgsEntry = \ builder.get_object("directRuleDialogArgsEntry") self.directPassthroughBox = builder.get_object("directPassthroughBox") self.directPassthroughView = builder.get_object("directPassthroughView") self.directPassthroughStore = Gtk.ListStore( GObject.TYPE_STRING, # ipv GObject.TYPE_STRING) # passthrough self.directPassthroughView.append_column( Gtk.TreeViewColumn("ipv", Gtk.CellRendererText(), text=0)) self.directPassthroughView.append_column( Gtk.TreeViewColumn(_("Args"), Gtk.CellRendererText(), text=1)) self.directPassthroughView.set_model(self.directPassthroughStore) self.directPassthroughView.get_selection().connect( \ "changed", self.change_passthrough_selection_cb) self.editDirectPassthroughButton = \ builder.get_object("editDirectPassthroughButton") self.removeDirectPassthroughButton = \ builder.get_object("removeDirectPassthroughButton") self.directPassthroughDialog = \ builder.get_object("directPassthroughDialog") self.directPassthroughDialogOkButton = \ builder.get_object("directPassthroughDialogOkButton") self.directPassthroughDialogCancelButton = \ builder.get_object("directPassthroughDialogCancelButton") self.directPassthroughDialogIPVCombobox = \ builder.get_object("directPassthroughDialogIPVCombobox") self.directPassthroughDialogArgsEntry = \ builder.get_object("directPassthroughDialogArgsEntry") self.mainVBox = builder.get_object("mainVBox") self.optionsMenuitem = builder.get_object("optionsMenuitem") self.viewMenuitem = builder.get_object("viewMenuitem") self.aboutDialog = builder.get_object("aboutDialog") self.aboutDialog.set_program_name(config.CONFIG_NAME) self.aboutDialog.set_version(config.VERSION) self.aboutDialog.set_authors(config.AUTHORS) self.aboutDialog.set_license(config.LICENSE) self.aboutDialog.set_wrap_license(True) self.aboutDialog.set_copyright(config.COPYRIGHT) self.aboutDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.aboutDialog.set_transient_for(self.mainWindow) self.aboutDialog.set_modal(True) self.aboutDialog.set_icon(self.icon) self.aboutDialog.set_logo(self.logo) self.aboutDialog.set_website(config.WEBSITE) self.currentViewCombobox = builder.get_object("currentViewCombobox") self.currentViewCombobox.append_text(_("Runtime")) self.currentViewCombobox.append_text(_("Permanent")) self.runtime_view = True self.zoneView = builder.get_object("zoneView") self.zoneStore = Gtk.ListStore(GObject.TYPE_STRING, # name GObject.TYPE_INT) # weight self.zoneView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0, weight=1)) self.zoneView.set_model(self.zoneStore) self.zoneStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.zoneView.get_selection().connect("changed", self.onChangeZone) self.zoneNotebook = builder.get_object("zoneNotebook") self.defaultZoneLabel = builder.get_object("defaultZoneLabel") self.defaultZoneDialog = builder.get_object("defaultZoneDialog") self.defaultZoneDialogOkButton = \ builder.get_object("defaultZoneDialogOkButton") self.defaultZoneView = builder.get_object("defaultZoneView") self.defaultZoneStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_INT) self.defaultZoneView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0, weight=1)) self.defaultZoneView.set_model(self.defaultZoneStore) self.defaultZoneView.get_selection().connect(\ "changed", self.on_defaultZoneViewSelection_changed) self.logDeniedLabel = builder.get_object("logDeniedLabel") self.logDeniedDialog = builder.get_object("logDeniedDialog") self.logDeniedDialogOkButton = \ builder.get_object("logDeniedDialogOkButton") self.logDeniedDialogValueCombobox = \ builder.get_object("logDeniedDialogValueCombobox") for value in config.LOG_DENIED_VALUES: self.logDeniedDialogValueCombobox.append_text(value) self.automaticHelpersLabel = builder.get_object("automaticHelpersLabel") self.automaticHelpersDialog = builder.get_object("automaticHelpersDialog") self.automaticHelpersDialogOkButton = \ builder.get_object("automaticHelpersDialogOkButton") self.automaticHelpersDialogValueCombobox = \ builder.get_object("automaticHelpersDialogValueCombobox") for value in config.AUTOMATIC_HELPERS_VALUES: self.automaticHelpersDialogValueCombobox.append_text(value) self.zoneEditBox = builder.get_object("zoneEditBox") self.zoneEditBox.hide() self.zoneEditLoadDefaultsButton = \ builder.get_object("zoneEditLoadDefaultsButton") self.zoneEditEditButton = builder.get_object("zoneEditEditButton") self.zoneEditRemoveButton = builder.get_object("zoneEditRemoveButton") self.zoneBaseDialog = builder.get_object("zoneBaseDialog") self.zoneBaseDialogOkButton = \ builder.get_object("zoneBaseDialogOkButton") self.zoneBaseDialogNameEntry = \ builder.get_object("zoneBaseDialogNameEntry") self.zoneBaseDialogVersionEntry = \ builder.get_object("zoneBaseDialogVersionEntry") self.zoneBaseDialogShortEntry = \ builder.get_object("zoneBaseDialogShortEntry") self.zoneBaseDialogDescText = \ builder.get_object("zoneBaseDialogDescText") self.zoneBaseDialogDescText.get_buffer().connect(\ "changed", self.onZoneBaseDialogChanged) self.zoneBaseDialogTargetCheck = \ builder.get_object("zoneBaseDialogTargetCheck") self.zoneBaseDialogTargetCombobox = \ builder.get_object("zoneBaseDialogTargetCombobox") self.serviceView = builder.get_object("serviceView") self.serviceStore = Gtk.ListStore(GObject.TYPE_BOOLEAN, # checked GObject.TYPE_STRING) # name toggle = Gtk.CellRendererToggle() toggle.connect("toggled", self.service_toggle_cb, self.serviceStore, 0) self.serviceView.append_column(Gtk.TreeViewColumn("", toggle, active=0)) self.serviceView.append_column( Gtk.TreeViewColumn(_("Service"), Gtk.CellRendererText(), text=1)) self.serviceView.set_model(self.serviceStore) self.serviceStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.portView = builder.get_object("portView") self.portStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.portView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.portView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.portView.set_model(self.portStore) self.portStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.portView.get_selection().connect("changed", self.change_port_selection_cb) self.editPortButton = builder.get_object("editPortButton") self.removePortButton = builder.get_object("removePortButton") self.portDialog = builder.get_object("portDialog") self.portDialogOkButton = builder.get_object("portDialogOkButton") self.portDialogCancelButton = \ builder.get_object("portDialogCancelButton") self.portDialogPortEntry = builder.get_object("portDialogPortEntry") self.portDialogProtoCombobox = \ builder.get_object("portDialogProtoCombobox") self.protocolView = builder.get_object("protocolView") self.protocolStore = Gtk.ListStore(GObject.TYPE_STRING) self.protocolView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=0)) self.protocolView.set_model(self.protocolStore) self.protocolStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.protocolView.get_selection().connect( "changed", self.change_protocol_selection_cb) self.editProtocolButton = builder.get_object("editProtocolButton") self.removeProtocolButton = builder.get_object("removeProtocolButton") self.protoDialog = builder.get_object("protoDialog") self.protoDialogOkButton = builder.get_object("protoDialogOkButton") self.protoDialogCancelButton = \ builder.get_object("protoDialogCancelButton") self.protoDialogProtoLabel = builder.get_object("protoDialogProtoLabel") self.protoDialogProtoCombobox = \ builder.get_object("protoDialogProtoCombobox") self.protoDialogOtherProtoCheck = \ builder.get_object("protoDialogOtherProtoCheck") self.protoDialogOtherProtoEntry = \ builder.get_object("protoDialogOtherProtoEntry") self.sourcePortView = builder.get_object("sourcePortView") self.sourcePortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.sourcePortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.sourcePortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.sourcePortView.set_model(self.sourcePortStore) self.sourcePortStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.sourcePortView.get_selection().connect( "changed", self.change_source_port_selection_cb) self.editSourcePortButton = builder.get_object("editSourcePortButton") self.removeSourcePortButton = \ builder.get_object("removeSourcePortButton") self.masqueradeCheck = builder.get_object("masqueradeCheck") self.masqueradeEventbox = builder.get_object("masqueradeEventbox") self.masqueradeEventbox.connect("button-press-event", self.masquerade_check_cb) self.forwardView = builder.get_object("forwardView") self.forwardStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING, GObject.TYPE_STRING) self.forwardView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.forwardView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.forwardView.append_column( Gtk.TreeViewColumn(_("To Port"), Gtk.CellRendererText(), text=2)) self.forwardView.append_column( Gtk.TreeViewColumn(_("To Address"), Gtk.CellRendererText(), text=3)) self.forwardView.set_model(self.forwardStore) self.forwardStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.forwardView.get_selection().connect(\ "changed", self.change_forward_selection_cb) self.editForwardButton = builder.get_object("editForwardButton") self.removeForwardButton = builder.get_object("removeForwardButton") self.forwardDialog = builder.get_object("forwardDialog") self.forwardDialogOkButton = builder.get_object("forwardDialogOkButton") self.forwardDialogCancelButton = \ builder.get_object("forwardDialogCancelButton") self.forwardDialogPortEntry = \ builder.get_object("forwardDialogPortEntry") self.forwardDialogProtoCombobox = \ builder.get_object("forwardDialogProtoCombobox") self.forwardDialogLocalCheck = \ builder.get_object("forwardDialogLocalCheck") self.forwardDialogToPortCheck = \ builder.get_object("forwardDialogToPortCheck") self.forwardDialogToPortLabel = \ builder.get_object("forwardDialogToPortLabel") self.forwardDialogToPortEntry = \ builder.get_object("forwardDialogToPortEntry") self.forwardDialogToAddrLabel = \ builder.get_object("forwardDialogToAddrLabel") self.forwardDialogToAddrEntry = \ builder.get_object("forwardDialogToAddrEntry") # bindings Expander self.bindingsBox = builder.get_object("bindingsBox") self.bindingsExpanderButton = \ builder.get_object("bindingsExpanderButton") self.bindingsUnexpanderButton = \ builder.get_object("bindingsUnexpanderButton") self.bindingsExpander = NiceExpander( self.bindingsExpanderButton, self.bindingsUnexpanderButton, self.mainPaned, self.bindingsBox) self.bindingsExpander.connect("notify::expanded", self.bindings_expander_changed) # bindings View self.bindingsView = builder.get_object("bindingsView") self.bindingsStore = Gtk.TreeStore(GObject.TYPE_STRING, # label GObject.TYPE_STRING, # connection/interface/source GObject.TYPE_STRING) # real zone self.bindingsView.set_model(self.bindingsStore) self.bindingsView.append_column( Gtk.TreeViewColumn(_("Bindings"), Gtk.CellRendererText(), markup=0)) self.connectionsIter = self.bindingsStore.append( None, [ _("Connections"), "", "" ]) self.interfacesIter = self.bindingsStore.append( None, [ _("Interfaces"), "", "" ]) self.sourcesIter = self.bindingsStore.append( None, [ _("Sources"), "", "" ]) self.bindingsView.get_selection().connect("changed", self.onSelectBinding) self.bindingsView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.bindingsView.set_show_expanders(False) self.bindingsView.set_level_indentation(10) self.changeBindingsButton = builder.get_object("changeBindingsButton") self.changeBindingsButton.connect("clicked", self.onChangeBinding) #self.editBindingsButton = builder.get_object("editBindingsButton") #self.editBindingsButton.connect("clicked", self.onEditBinding) self.ipsetConfIPSetView = builder.get_object("ipsetConfIPSetView") self.ipsetConfIPSetStore = Gtk.ListStore(GObject.TYPE_STRING) # name self.ipsetConfIPSetView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.ipsetConfIPSetView.set_model(self.ipsetConfIPSetStore) self.ipsetConfIPSetStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.ipsetConfIPSetView.get_selection().connect("changed", self.onChangeIPSet) self.ipsetConfNotebook = builder.get_object("ipsetConfNotebook") self.ipsetConfEntryLabel = builder.get_object("ipsetConfEntryLabel") self.ipsetConfTimeoutLabel = builder.get_object("ipsetConfTimeoutLabel") self.ipsetConfEntrySW = builder.get_object("ipsetConfEntrySW") self.ipsetConfEntryView = builder.get_object("ipsetConfEntryView") self.ipsetConfEntryStore = Gtk.ListStore(GObject.TYPE_STRING) self.ipsetConfEntryView.append_column( Gtk.TreeViewColumn(_("Entry"), Gtk.CellRendererText(), text=0)) self.ipsetConfEntryView.set_model(self.ipsetConfEntryStore) self.ipsetConfEntryStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.ipsetConfEntryView.get_selection().connect(\ "changed", self.change_ipset_conf_entry_selection_cb) self.ipsetConfIPSetEditBox = \ builder.get_object("ipsetConfIPSetEditBox") self.ipsetConfEntryBox = \ builder.get_object("ipsetConfEntryBox") self.ipsetConfEditIPSetButton = \ builder.get_object("ipsetConfEditIPSetButton") self.ipsetConfRemoveIPSetButton = \ builder.get_object("ipsetConfRemoveIPSetButton") self.ipsetConfLoadDefaultsIPSetButton = \ builder.get_object("ipsetConfLoadDefaultsIPSetButton") self.ipsetConfAddEntryBox = \ builder.get_object("ipsetConfAddEntryBox") self.ipsetConfAddEntryMenu = \ builder.get_object("ipsetConfAddEntryMenu") self.ipsetConfAddEntryMenubutton = \ builder.get_object("ipsetConfAddEntryMenubutton") self.ipsetConfEditEntryButton = \ builder.get_object("ipsetConfEditEntryButton") self.ipsetConfRemoveEntryBox = \ builder.get_object("ipsetConfRemoveEntryBox") self.ipsetConfRemoveEntryMenu = \ builder.get_object("ipsetConfRemoveEntryMenu") self.ipsetConfRemoveEntryMenubutton = \ builder.get_object("ipsetConfRemoveEntryMenubutton") self.ipsetConfRemoveEntryMenuitem = \ builder.get_object("ipsetConfRemoveEntryMenuitem") self.ipsetConfRemoveEntryMenuitem.set_sensitive(False) self.ipsetEntryDialog = \ builder.get_object("ipsetEntryDialog") self.ipsetEntryDialogCancelButton = \ builder.get_object("ipsetEntryDialogCancelButton") self.ipsetEntryDialogOkButton = \ builder.get_object("ipsetEntryDialogOkButton") self.ipsetEntryDialogEntryEntry = \ builder.get_object("ipsetEntryDialogEntryEntry") self.ipsetEntryDialogTypeLabel = \ builder.get_object("ipsetEntryDialogTypeLabel") self.ipsetBaseDialog = builder.get_object("ipsetBaseDialog") self.ipsetBaseDialogOkButton = \ builder.get_object("ipsetBaseDialogOkButton") self.ipsetBaseDialogNameEntry = \ builder.get_object("ipsetBaseDialogNameEntry") self.ipsetBaseDialogVersionEntry = \ builder.get_object("ipsetBaseDialogVersionEntry") self.ipsetBaseDialogShortEntry = \ builder.get_object("ipsetBaseDialogShortEntry") self.ipsetBaseDialogDescText = \ builder.get_object("ipsetBaseDialogDescText") self.ipsetBaseDialogDescText.get_buffer().connect(\ "changed", self.onIPSetBaseDialogChanged) self.ipsetBaseDialogTypeCombobox = \ builder.get_object("ipsetBaseDialogTypeCombobox") self.ipsetBaseDialogBadTypeLabel = \ builder.get_object("ipsetBaseDialogBadTypeLabel") self.ipsetBaseDialogFamilyLabel = \ builder.get_object("ipsetBaseDialogFamilyLabel") self.ipsetBaseDialogFamilyCombobox = \ builder.get_object("ipsetBaseDialogFamilyCombobox") self.ipsetBaseDialogTimeoutEntry = \ builder.get_object("ipsetBaseDialogTimeoutEntry") self.ipsetBaseDialogHashsizeEntry = \ builder.get_object("ipsetBaseDialogHashsizeEntry") self.ipsetBaseDialogMaxelemEntry = \ builder.get_object("ipsetBaseDialogMaxelemEntry") self.helperConfHelperNotebook = \ builder.get_object("helperConfHelperNotebook") self.helperConfHelperEditBox = \ builder.get_object("helperConfHelperEditBox") self.helperConfPortBox = \ builder.get_object("helperConfPortBox") self.helperConfEditHelperButton = \ builder.get_object("helperConfEditHelperButton") self.helperConfRemoveHelperButton = \ builder.get_object("helperConfRemoveHelperButton") self.helperConfLoadDefaultsHelperButton = \ builder.get_object("helperConfLoadDefaultsHelperButton") self.helperConfAddPortButton = \ builder.get_object("helperConfAddPortButton") self.helperConfEditPortButton = \ builder.get_object("helperConfEditPortButton") self.helperConfRemovePortButton = \ builder.get_object("helperConfRemovePortButton") self.helperBaseDialog = builder.get_object("helperBaseDialog") self.helperBaseDialogOkButton = \ builder.get_object("helperBaseDialogOkButton") self.helperBaseDialogNameEntry = \ builder.get_object("helperBaseDialogNameEntry") self.helperBaseDialogVersionEntry = \ builder.get_object("helperBaseDialogVersionEntry") self.helperBaseDialogShortEntry = \ builder.get_object("helperBaseDialogShortEntry") self.helperBaseDialogDescText = \ builder.get_object("helperBaseDialogDescText") self.helperBaseDialogDescText.get_buffer().connect(\ "changed", self.onHelperBaseDialogChanged) self.helperBaseDialogModuleChooser = \ ChooserButton(builder.get_object("helperBaseDialogModuleChooser")) self.helperBaseDialogFamilyCombobox = \ builder.get_object("helperBaseDialogFamilyCombobox") self.icmpView = builder.get_object("icmpView") self.icmpStore = Gtk.ListStore(GObject.TYPE_BOOLEAN, # checked GObject.TYPE_STRING) # name toggle = Gtk.CellRendererToggle() toggle.connect("toggled", self.icmp_toggle_cb, self.icmpStore, 0) self.icmpView.append_column(Gtk.TreeViewColumn("", toggle, active=0)) self.icmpView.append_column( Gtk.TreeViewColumn(_("Icmp Type"), Gtk.CellRendererText(), text=1)) self.icmpView.set_model(self.icmpStore) self.icmpStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.icmpBlockInversionCheck = \ builder.get_object("icmpBlockInversionCheck") self.icmpBlockInversionEventbox = \ builder.get_object("icmpBlockInversionEventbox") self.icmpBlockInversionEventbox.connect( "button-press-event", self.icmp_block_inversion_check_cb) self.helperConfHelperView = builder.get_object("helperConfHelperView") self.helperConfHelperStore = Gtk.ListStore(GObject.TYPE_STRING) # name self.helperConfHelperView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.helperConfHelperView.set_model(self.helperConfHelperStore) self.helperConfHelperStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.helperConfHelperView.get_selection().connect("changed", self.onChangeHelper) self.helperConfPortView = builder.get_object("helperConfPortView") self.helperConfPortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.helperConfPortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.helperConfPortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.helperConfPortView.set_model(self.helperConfPortStore) self.helperConfPortStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.helperConfPortView.get_selection().connect(\ "changed", self.change_helper_conf_port_selection_cb) self.richRuleView = builder.get_object("richRuleView") self.richRuleStore = Gtk.ListStore(GObject.TYPE_PYOBJECT, # the rule obj GObject.TYPE_STRING, # ipv4/ipv6 GObject.TYPE_INT, # priority GObject.TYPE_STRING, # action GObject.TYPE_STRING, # element GObject.TYPE_STRING, # source GObject.TYPE_STRING, # destination GObject.TYPE_STRING, # log GObject.TYPE_STRING) # audit self.richRuleView.append_column( Gtk.TreeViewColumn(_("Family"), Gtk.CellRendererText(), text=1)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Priority"), Gtk.CellRendererText(), text=2)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Action"), Gtk.CellRendererText(), text=3)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Element"), Gtk.CellRendererText(), text=4)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Src"), Gtk.CellRendererText(), text=5)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Dest"), Gtk.CellRendererText(), text=6)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("log"), Gtk.CellRendererText(), text=7)) self.richRuleView.append_column( Gtk.TreeViewColumn(_("Audit"), Gtk.CellRendererText(), text=8)) self.richRuleView.set_model(self.richRuleStore) self.richRuleStore.set_sort_column_id(2, Gtk.SortType.ASCENDING) self.richRuleView.get_selection().connect( \ "changed", self.change_rich_rule_selection_cb) self.addRichRuleButton = builder.get_object("addRichRuleButton") self.editRichRuleButton = builder.get_object("editRichRuleButton") self.removeRichRuleButton = builder.get_object("removeRichRuleButton") self.richRuleDialog = builder.get_object("richRuleDialog") self.richRuleDialogOkButton = builder.get_object( \ "richRuleDialogOkButton") self.richRuleDialogCancelButton = builder.get_object( \ "richRuleDialogCancelButton") self.richRuleDialogFamilyCombobox = builder.get_object( \ "richRuleDialogFamilyCombobox") self.richRuleDialogPriorityEntry = builder.get_object( \ "richRuleDialogPriorityEntry") self.richRuleDialogElementCheck = builder.get_object( \ "richRuleDialogElementCheck") self.richRuleDialogElementBox = builder.get_object( \ "richRuleDialogElementBox") self.richRuleDialogElementCombobox = builder.get_object( \ "richRuleDialogElementCombobox") self.richRuleDialogElementChooser = ChooserButton(builder.get_object( \ "richRuleDialogElementChooser")) self.richRuleDialogActionCheck = builder.get_object( \ "richRuleDialogActionCheck") self.richRuleDialogActionBox = builder.get_object( \ "richRuleDialogActionBox") self.richRuleDialogActionCombobox = builder.get_object( \ "richRuleDialogActionCombobox") self.richRuleDialogActionRejectBox = builder.get_object( \ "richRuleDialogActionRejectBox") self.richRuleDialogActionRejectTypeCheck = builder.get_object( \ "richRuleDialogActionRejectTypeCheck") self.richRuleDialogActionRejectTypeCombobox = builder.get_object( \ "richRuleDialogActionRejectTypeCombobox") self.richRuleDialogActionMarkBox = builder.get_object( \ "richRuleDialogActionMarkBox") self.richRuleDialogActionMarkChooser = ChooserButton(builder.get_object( \ "richRuleDialogActionMarkChooser")) self.richRuleDialogActionLimitCheck = builder.get_object( \ "richRuleDialogActionLimitCheck") self.richRuleDialogActionLimitBox = builder.get_object( \ "richRuleDialogActionLimitBox") self.richRuleDialogActionLimitRateEntry = builder.get_object( \ "richRuleDialogActionLimitRateEntry") self.richRuleDialogActionLimitDurationCombobox = builder.get_object( \ "richRuleDialogActionLimitDurationCombobox") self.richRuleDialogSourceLabel = builder.get_object( \ "richRuleDialogSourceLabel") self.richRuleDialogSourceInvertCheck = builder.get_object( \ "richRuleDialogSourceInvertCheck") self.richRuleDialogSourceTypeCombobox = builder.get_object( \ "richRuleDialogSourceTypeCombobox") self.richRuleDialogSourceChooser = ChooserButton(builder.get_object( \ "richRuleDialogSourceChooser")) self.richRuleDialogDestinationLabel = builder.get_object( \ "richRuleDialogDestinationLabel") self.richRuleDialogDestinationBox = builder.get_object( \ "richRuleDialogDestinationBox") self.richRuleDialogDestinationInvertCheck = builder.get_object( \ "richRuleDialogDestinationInvertCheck") self.richRuleDialogDestinationChooser = \ ChooserButton(builder.get_object( \ "richRuleDialogDestinationChooser")) self.richRuleDialogLogCheck = builder.get_object( \ "richRuleDialogLogCheck") self.richRuleDialogLogGrid = builder.get_object( \ "richRuleDialogLogGrid") self.richRuleDialogLogPrefixEntry = builder.get_object( \ "richRuleDialogLogPrefixEntry") self.richRuleDialogLogLevelCombobox = builder.get_object( \ "richRuleDialogLogLevelCombobox") self.richRuleDialogLogLimitCheck = builder.get_object( \ "richRuleDialogLogLimitCheck") self.richRuleDialogLogLimitBox = builder.get_object( \ "richRuleDialogLogLimitBox") self.richRuleDialogLogLimitRateEntry = builder.get_object( \ "richRuleDialogLogLimitRateEntry") self.richRuleDialogLogLimitDurationCombobox = builder.get_object( \ "richRuleDialogLogLimitDurationCombobox") self.richRuleDialogAuditCheck = builder.get_object( \ "richRuleDialogAuditCheck") self.richRuleDialogAuditBox = builder.get_object( \ "richRuleDialogAuditBox") self.richRuleDialogAuditLimitBox = builder.get_object( \ "richRuleDialogAuditLimitBox") self.richRuleDialogAuditLimitCheck = builder.get_object( \ "richRuleDialogAuditLimitCheck") self.richRuleDialogAuditLimitRateEntry = builder.get_object( \ "richRuleDialogAuditLimitRateEntry") self.richRuleDialogAuditLimitDurationCombobox = builder.get_object( \ "richRuleDialogAuditLimitDurationCombobox") self.interfaceView = builder.get_object("interfaceView") self.interfaceStore = Gtk.ListStore(GObject.TYPE_STRING, # interface GObject.TYPE_STRING) # comment self.interfaceView.append_column( Gtk.TreeViewColumn(_("Interface"), Gtk.CellRendererText(), text=0)) self.interfaceView.append_column( Gtk.TreeViewColumn(_("Comment"), Gtk.CellRendererText(), text=1)) self.interfaceView.set_model(self.interfaceStore) self.interfaceView.get_selection().connect( "changed", self.change_interface_selection_cb) self.interfaceDialog = builder.get_object("interfaceDialog") self.interfaceDialogOkButton = builder.get_object( "interfaceDialogOkButton") self.interfaceDialogCancelButton = builder.get_object( "interfaceDialogCancelButton") self.interfaceDialogInterfaceEntry = builder.get_object( "interfaceDialogInterfaceEntry") self.editInterfaceButton = builder.get_object("editInterfaceButton") self.removeInterfaceButton = builder.get_object("removeInterfaceButton") self.sourceView = builder.get_object("sourceView") self.sourceStore = Gtk.ListStore(GObject.TYPE_STRING) # source self.sourceView.append_column( Gtk.TreeViewColumn(_("Source"), Gtk.CellRendererText(), text=0)) self.sourceView.set_model(self.sourceStore) self.sourceView.get_selection().connect( "changed", self.change_source_selection_cb) self.editSourceButton = builder.get_object("editSourceButton") self.removeSourceButton = builder.get_object("removeSourceButton") self.serviceConfServiceNotebook = \ builder.get_object("serviceConfServiceNotebook") self.serviceConfServiceEditBox = \ builder.get_object("serviceConfServiceEditBox") self.serviceConfEditServiceButton = \ builder.get_object("serviceConfEditServiceButton") self.serviceConfRemoveServiceButton = \ builder.get_object("serviceConfRemoveServiceButton") self.serviceConfLoadDefaultsServiceButton = \ builder.get_object("serviceConfLoadDefaultsServiceButton") self.serviceConfServiceView = \ builder.get_object("serviceConfServiceView") self.serviceConfServiceStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceConfServiceView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.serviceConfServiceView.set_model(self.serviceConfServiceStore) self.serviceConfServiceStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.serviceConfServiceView.get_selection().connect(\ "changed", self.onChangeService) self.serviceConfPortView = builder.get_object("serviceConfPortView") self.serviceConfPortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.serviceConfPortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.serviceConfPortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.serviceConfPortView.set_model(self.serviceConfPortStore) self.serviceConfPortStore.set_sort_column_id(1, Gtk.SortType.ASCENDING) self.serviceConfPortView.get_selection().connect(\ "changed", self.change_service_dialog_port_selection_cb) self.serviceConfEditPortButton = \ builder.get_object("serviceConfEditPortButton") self.serviceConfRemovePortButton = \ builder.get_object("serviceConfRemovePortButton") self.serviceConfProtocolView = \ builder.get_object("serviceConfProtocolView") self.serviceConfProtocolStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceConfProtocolView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=0)) self.serviceConfProtocolView.set_model(self.serviceConfProtocolStore) self.serviceConfProtocolStore.set_sort_column_id(0, Gtk.SortType.ASCENDING) self.serviceConfProtocolView.get_selection().connect(\ "changed", self.change_service_dialog_protocol_selection_cb) self.serviceConfEditProtocolButton = \ builder.get_object("serviceConfEditProtocolButton") self.serviceConfRemoveProtocolButton = \ builder.get_object("serviceConfRemoveProtocolButton") self.serviceConfSourcePortView = \ builder.get_object("serviceConfSourcePortView") self.serviceConfSourcePortStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.serviceConfSourcePortView.append_column( Gtk.TreeViewColumn(_("Port"), Gtk.CellRendererText(), text=0)) self.serviceConfSourcePortView.append_column( Gtk.TreeViewColumn(_("Protocol"), Gtk.CellRendererText(), text=1)) self.serviceConfSourcePortView.set_model(self.serviceConfSourcePortStore) self.serviceConfSourcePortStore.set_sort_column_id( 1, Gtk.SortType.ASCENDING) self.serviceConfSourcePortView.get_selection().connect(\ "changed", self.change_service_dialog_source_port_selection_cb) self.serviceConfEditSourcePortButton = \ builder.get_object("serviceConfEditSourcePortButton") self.serviceConfRemoveSourcePortButton = \ builder.get_object("serviceConfRemoveSourcePortButton") self.serviceConfModuleView = \ builder.get_object("serviceConfModuleView") self.serviceConfModuleStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceConfModuleView.append_column( Gtk.TreeViewColumn("Module", Gtk.CellRendererText(), text=0)) self.serviceConfModuleView.set_model(self.serviceConfModuleStore) self.serviceConfModuleStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.serviceConfModuleView.get_selection().connect(\ "changed", self.change_service_dialog_module_selection_cb) self.serviceConfEditModuleButton = \ builder.get_object("serviceConfEditModuleButton") self.serviceConfRemoveModuleButton = \ builder.get_object("serviceConfRemoveModuleButton") self.serviceConfDestIpv4Chooser = ChooserButton( builder.get_object("serviceConfDestIpv4Chooser"), "") self.serviceConfDestIpv6Chooser = ChooserButton( builder.get_object("serviceConfDestIpv6Chooser"), "") self.addressDialog = builder.get_object("addressDialog") self.addressDialogLabel = builder.get_object("addressDialogLabel") self.addressDialogLabel2 = builder.get_object("addressDialogLabel2") self.addressDialogOkButton = \ builder.get_object("addressDialogOkButton") self.addressDialogCancelButton = \ builder.get_object("addressDialogCancelButton") self.addressDialogAddressEntry = \ builder.get_object("addressDialogAddressEntry") self.macDialog = builder.get_object("macDialog") self.macDialogOkButton = \ builder.get_object("macDialogOkButton") self.macDialogCancelButton = \ builder.get_object("macDialogCancelButton") self.macDialogMacEntry = \ builder.get_object("macDialogMacEntry") self.ipsetDialog = builder.get_object("ipsetDialog") self.ipsetDialogOkButton = \ builder.get_object("ipsetDialogOkButton") self.ipsetDialogCancelButton = \ builder.get_object("ipsetDialogCancelButton") self.ipsetDialogIPSetView = \ builder.get_object("ipsetDialogIPSetView") self.ipsetDialogIPSetStore = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING) self.ipsetDialogIPSetView.append_column( Gtk.TreeViewColumn("IPSet", Gtk.CellRendererText(), text=0)) self.ipsetDialogIPSetView.append_column( Gtk.TreeViewColumn("Type", Gtk.CellRendererText(), text=1)) self.ipsetDialogIPSetView.set_model(self.ipsetDialogIPSetStore) self.ipsetDialogIPSetView.get_selection().connect( \ "changed", self.change_ipset_selection_cb) self.helperDialog = builder.get_object("helperDialog") self.helperDialogOkButton = \ builder.get_object("helperDialogOkButton") self.helperDialogCancelButton = \ builder.get_object("helperDialogCancelButton") self.helperDialogHelperView = \ builder.get_object("helperDialogHelperView") self.helperDialogHelperStore = Gtk.ListStore(GObject.TYPE_STRING) self.helperDialogHelperView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.helperDialogHelperView.set_model(self.helperDialogHelperStore) self.helperDialogHelperView.get_selection().connect( \ "changed", self.change_helper_selection_cb) self.moduleDialog = builder.get_object("moduleDialog") self.moduleDialogOkButton = builder.get_object("moduleDialogOkButton") self.moduleDialogCancelButton = \ builder.get_object("moduleDialogCancelButton") self.moduleDialogModuleLabel = builder.get_object("moduleDialogModuleLabel") self.moduleDialogModuleCombobox = \ builder.get_object("moduleDialogModuleCombobox") self.moduleDialogOtherModuleCheck = \ builder.get_object("moduleDialogOtherModuleCheck") self.moduleDialogOtherModuleEntry = \ builder.get_object("moduleDialogOtherModuleEntry") self.sourceDialog = builder.get_object("sourceDialog") self.sourceDialogOkButton = \ builder.get_object("sourceDialogOkButton") self.sourceDialogCancelButton = \ builder.get_object("sourceDialogCancelButton") self.sourceDialogSourceTypeCombobox = \ builder.get_object("sourceDialogSourceTypeCombobox") self.sourceDialogSourceChooser = ChooserButton(builder.get_object( \ "sourceDialogSourceChooser")) self.markDialog = builder.get_object("markDialog") self.markDialogOkButton = \ builder.get_object("markDialogOkButton") self.markDialogCancelButton = \ builder.get_object("markDialogCancelButton") self.markDialogMarkEntry = \ builder.get_object("markDialogMarkEntry") self.markDialogMaskEntry = \ builder.get_object("markDialogMaskEntry") self.serviceBaseDialog = builder.get_object("serviceBaseDialog") self.serviceBaseDialogOkButton = \ builder.get_object("serviceBaseDialogOkButton") self.serviceBaseDialogNameEntry = \ builder.get_object("serviceBaseDialogNameEntry") self.serviceBaseDialogVersionEntry = \ builder.get_object("serviceBaseDialogVersionEntry") self.serviceBaseDialogShortEntry = \ builder.get_object("serviceBaseDialogShortEntry") self.serviceBaseDialogDescText = \ builder.get_object("serviceBaseDialogDescText") self.serviceBaseDialogDescText.get_buffer().connect(\ "changed", self.onServiceBaseDialogChanged) self.icmpDialogIcmpNotebook = \ builder.get_object("icmpDialogIcmpNotebook") self.icmpDialogIcmpEditBox = \ builder.get_object("icmpDialogIcmpEditBox") self.icmpDialogEditIcmpButton = \ builder.get_object("icmpDialogEditIcmpButton") self.icmpDialogRemoveIcmpButton = \ builder.get_object("icmpDialogRemoveIcmpButton") self.icmpDialogLoadDefaultsIcmpButton = \ builder.get_object("icmpDialogLoadDefaultsIcmpButton") self.icmpDialogIcmpView = \ builder.get_object("icmpDialogIcmpView") self.icmpDialogIcmpStore = Gtk.ListStore(GObject.TYPE_STRING) self.icmpDialogIcmpView.append_column( Gtk.TreeViewColumn("", Gtk.CellRendererText(), text=0)) self.icmpDialogIcmpView.set_model(self.icmpDialogIcmpStore) self.icmpDialogIcmpStore.set_sort_column_id( 0, Gtk.SortType.ASCENDING) self.icmpDialogIcmpView.get_selection().connect(\ "changed", self.onChangeIcmp) self.icmpDialogDestIpv4Check = \ builder.get_object("icmpDialogDestIpv4Check") self.icmpDialogDestIpv6Check = \ builder.get_object("icmpDialogDestIpv6Check") self.icmpDialogDestIpv4Eventbox = \ builder.get_object("icmpDialogDestIpv4Eventbox") self.icmpDialogDestIpv4Eventbox.connect(\ "button-press-event", self.icmp_dialog_dest_ipv4_check_cb) self.icmpDialogDestIpv6Eventbox = \ builder.get_object("icmpDialogDestIpv6Eventbox") self.icmpDialogDestIpv6Eventbox.connect(\ "button-press-event", self.icmp_dialog_dest_ipv6_check_cb) self.icmpBaseDialog = builder.get_object("icmpBaseDialog") self.icmpBaseDialogOkButton = \ builder.get_object("icmpBaseDialogOkButton") self.icmpBaseDialogNameEntry = \ builder.get_object("icmpBaseDialogNameEntry") self.icmpBaseDialogVersionEntry = \ builder.get_object("icmpBaseDialogVersionEntry") self.icmpBaseDialogShortEntry = \ builder.get_object("icmpBaseDialogShortEntry") self.icmpBaseDialogDescText = \ builder.get_object("icmpBaseDialogDescText") self.icmpBaseDialogDescText.get_buffer().connect(\ "changed", self.onIcmpBaseDialogChanged) # service dialog self.serviceDialog = builder.get_object("serviceDialog") self.serviceDialogOkButton = builder.get_object("serviceDialogOkButton") self.serviceDialogCancelButton = \ builder.get_object("serviceDialogCancelButton") self.serviceDialogServiceView = \ builder.get_object("serviceDialogServiceView") self.serviceDialogServiceStore = Gtk.ListStore(GObject.TYPE_STRING) self.serviceDialogServiceView.append_column( Gtk.TreeViewColumn("Service", Gtk.CellRendererText(), text=0)) self.serviceDialogServiceView.set_model(self.serviceDialogServiceStore) self.serviceDialogServiceView.get_selection().connect( \ "changed", self.change_service_selection_cb) # icmptype dialog self.icmptypeDialog = builder.get_object("icmptypeDialog") self.icmptypeDialogOkButton = \ builder.get_object("icmptypeDialogOkButton") self.icmptypeDialogCancelButton = \ builder.get_object("icmptypeDialogCancelButton") self.icmptypeDialogIcmptypeView = \ builder.get_object("icmptypeDialogIcmptypeView") self.icmptypeDialogIcmptypeStore = Gtk.ListStore(GObject.TYPE_STRING) self.icmptypeDialogIcmptypeView.append_column( Gtk.TreeViewColumn("ICMP Type", Gtk.CellRendererText(), text=0)) self.icmptypeDialogIcmptypeView.set_model( self.icmptypeDialogIcmptypeStore) self.icmptypeDialogIcmptypeView.get_selection().connect( \ "changed", self.change_icmptype_selection_cb) # firewall client self.fw = client.FirewallClient(wait=1) self.__use_exception_handler = True self.fw.setExceptionHandler(self._exception_handler) self.fw.setNotAuthorizedLoop(True) self.fw.connect("panic-mode-enabled", self.panic_mode_enabled_cb) self.fw.connect("panic-mode-disabled", self.panic_mode_disabled_cb) self.fw.connect("connection-changed", self.connection_changed) self.fw.connect("default-zone-changed", self.default_zone_changed_cb) self.fw.connect("reloaded", self.reload_cb) self.fw.connect("lockdown-enabled", self.lockdown_enabled_cb) self.fw.connect("lockdown-disabled", self.lockdown_disabled_cb) self.fw.connect("log-denied-changed", self.log_denied_changed_cb) self.fw.connect("service-added", self.service_added_cb) self.fw.connect("service-removed", self.service_removed_cb) self.fw.connect("port-added", self.port_added_cb) self.fw.connect("port-removed", self.port_removed_cb) self.fw.connect("protocol-added", self.protocol_added_cb) self.fw.connect("protocol-removed", self.protocol_removed_cb) self.fw.connect("source-port-added", self.source_port_added_cb) self.fw.connect("source-port-removed", self.source_port_removed_cb) self.fw.connect("masquerade-added", self.masquerade_added_cb) self.fw.connect("masquerade-removed", self.masquerade_removed_cb) self.fw.connect("forward-port-added", self.forward_port_added_cb) self.fw.connect("forward-port-removed", self.forward_port_removed_cb) self.fw.connect("icmp-block-added", self.icmp_added_cb) self.fw.connect("icmp-block-removed", self.icmp_removed_cb) self.fw.connect("icmp-block-inversion-added", self.icmp_inversion_added_cb) self.fw.connect("icmp-block-inversion-removed", self.icmp_inversion_removed_cb) self.fw.connect("richrule-added", self.richrule_added_cb) self.fw.connect("richrule-removed", self.richrule_removed_cb) self.fw.connect("interface-added", self.interface_added_cb) self.fw.connect("interface-removed", self.interface_removed_cb) self.fw.connect("zone-of-interface-changed", self.zone_of_interface_changed_cb) self.fw.connect("source-added", self.source_added_cb) self.fw.connect("source-removed", self.source_removed_cb) self.fw.connect("zone-of-source-changed", self.zone_of_source_changed_cb) self.fw.connect("ipset-entry-added", self.ipset_entry_added_cb) self.fw.connect("ipset-entry-removed", self.ipset_entry_removed_cb) self.fw.connect("lockdown-whitelist-command-added", self.lockdown_whitelist_command_added_cb) self.fw.connect("lockdown-whitelist-command-removed", self.lockdown_whitelist_command_removed_cb) self.fw.connect("lockdown-whitelist-context-added", self.lockdown_whitelist_context_added_cb) self.fw.connect("lockdown-whitelist-context-removed", self.lockdown_whitelist_context_removed_cb) self.fw.connect("lockdown-whitelist-uid-added", self.lockdown_whitelist_uid_added_cb) self.fw.connect("lockdown-whitelist-uid-removed", self.lockdown_whitelist_uid_removed_cb) self.fw.connect("lockdown-whitelist-user-added", self.lockdown_whitelist_user_added_cb) self.fw.connect("lockdown-whitelist-user-removed", self.lockdown_whitelist_user_removed_cb) self.fw.connect("direct:chain-added", self.direct_chain_added_cb) self.fw.connect("direct:chain-removed", self.direct_chain_removed_cb) self.fw.connect("direct:rule-added", self.direct_rule_added_cb) self.fw.connect("direct:rule-removed", self.direct_rule_removed_cb) self.fw.connect("direct:passthrough-added", self.direct_passthrough_added_cb) self.fw.connect("direct:passthrough-removed", self.direct_passthrough_removed_cb) self.fw.connect("config:direct:updated", self.direct_updated_cb) self.fw.connect("config:zone-added", self.conf_zone_added_cb) self.fw.connect("config:zone-updated", self.conf_zone_updated_cb) self.fw.connect("config:zone-removed", self.conf_zone_removed_cb) self.fw.connect("config:zone-renamed", self.conf_zone_renamed_cb) self.fw.connect("config:ipset-added", self.conf_ipset_added_cb) self.fw.connect("config:ipset-updated", self.conf_ipset_updated_cb) self.fw.connect("config:ipset-removed", self.conf_ipset_removed_cb) self.fw.connect("config:ipset-renamed", self.conf_ipset_renamed_cb) self.fw.connect("config:service-added", self.conf_service_added_cb) self.fw.connect("config:service-updated", self.conf_service_updated_cb) self.fw.connect("config:service-removed", self.conf_service_removed_cb) self.fw.connect("config:service-renamed", self.conf_service_renamed_cb) self.fw.connect("config:icmptype-added", self.conf_icmp_added_cb) self.fw.connect("config:icmptype-updated", self.conf_icmp_updated_cb) self.fw.connect("config:icmptype-removed", self.conf_icmp_removed_cb) self.fw.connect("config:icmptype-renamed", self.conf_icmp_renamed_cb) self.fw.connect("config:helper-added", self.conf_helper_added_cb) self.fw.connect("config:helper-updated", self.conf_helper_updated_cb) self.fw.connect("config:helper-removed", self.conf_helper_removed_cb) self.fw.connect("config:helper-renamed", self.conf_helper_renamed_cb) self.fw.connect("config:policies:lockdown-whitelist-updated", self.lockdown_whitelist_updated_cb) # settings self.settings.connect("changed::show-ipsets", self.settings_show_ipsets_changed) self.settings_show_ipsets_changed(self.settings, "show-ipsets") self.settings.connect("changed::show-icmp-types", self.settings_show_icmp_types_changed) self.settings_show_icmp_types_changed(self.settings, "show-icmp-types") self.settings.connect("changed::show-direct", self.settings_show_direct_changed) self.settings_show_direct_changed(self.settings, "show-direct") self.settings.connect("changed::show-helpers", self.settings_show_helpers_changed) self.settings_show_helpers_changed(self.settings, "show-helpers") self.settings.connect("changed::show-lockdown-whitelist", self.settings_show_lockdown_whitelist_changed) self.settings_show_lockdown_whitelist_changed(self.settings, "show-lockdown-whitelist") self.settings.connect("changed::show-active-bindings", self.settings_show_active_bindings_changed) self.settings_show_active_bindings_changed(self.settings, "show-active-bindings") # connect self.connections = { } self.connections_name = { } if nm_is_imported(): self.fw.bus.add_signal_receiver( self.nm_signal_receiver, dbus_interface=nm_get_dbus_interface(), signal_name='PropertiesChanged', member_keyword='member') else: text = _("No NetworkManager imports available") self._warning(text) self.nm_signal_receiver() # start with no connection self.connection_changed() # mainloop self.mainWindow.show() self.mainloop = GLib.MainLoop() try: self.mainloop.run() except KeyboardInterrupt: self.onQuit() def add_visible_dialog(self, dialog): self.visible_dialogs.append(dialog) def remove_visible_dialog(self, dialog): self.visible_dialogs.append(dialog) def hide_and_remove_visible_dialogs(self): while len(self.visible_dialogs) > 0: dialog = self.visible_dialogs.pop() dialog.hide() def left_menu_cb(self, widget, menu): menu.show_all() def no_select(self, item): item.deselect() def change_zone_interface_editor(self, item, interface, zone): if interface in self.zone_interface_editors: return self.zone_interface_editors[interface].present() editor = ZoneInterfaceEditor(self.fw, interface, zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) self.zone_interface_editors[interface] = editor editor.show_all() result = editor.run() editor.hide() if result == 2: self.fw.changeZoneOfInterface(editor.get_zone(), interface) del self.zone_interface_editors[interface] def change_zone_connection_editor(self, item, connection, connection_name, zone): if connection in self.zone_connection_editors: return self.zone_connection_editors[connection].present() editor = ZoneConnectionEditor(self.fw, connection, connection_name, zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) self.zone_connection_editors[connection] = editor editor.show_all() editor.run() editor.hide() del self.zone_connection_editors[connection] def change_zone_source_editor(self, item, source, zone): if source in self.zone_source_editors: return self.zone_source_editors[source].present() editor = ZoneSourceEditor(self.fw, source, zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) self.zone_source_editors[source] = editor editor.show_all() result = editor.run() editor.hide() if result == 2: self.fw.changeZoneOfSource(editor.get_zone(), source) del self.zone_source_editors[source] def onViewIPSet_toggled(self, button): self.settings.set_boolean("show-ipsets", button.get_active()) def settings_show_ipsets_changed(self, settings, key): self.show_ipsets = settings.get_boolean(key) self.ipsetsBox.set_visible(self.show_ipsets) self.ipsetsMenuitem.set_active(self.show_ipsets) if self.show_ipsets: if self.fw.connected: self.load_ipsets() else: self.ipsetConfIPSetStore.clear() def onViewICMPTypes_toggled(self, button): self.settings.set_boolean("show-icmp-types", button.get_active()) def settings_show_icmp_types_changed(self, settings, key): self.show_icmp_types = settings.get_boolean(key) self.icmpTypesBox.set_visible(self.show_icmp_types) self.icmpTypesMenuitem.set_active(self.show_icmp_types) if self.show_icmp_types: if self.fw.connected: self.load_icmps() else: self.icmpDialogIcmpStore.clear() def onViewHelpers_toggled(self, button): self.settings.set_boolean("show-helpers", button.get_active()) def settings_show_helpers_changed(self, settings, key): self.show_helpers = settings.get_boolean(key) self.helpersBox.set_visible(self.show_helpers) self.helpersMenuitem.set_active(self.show_helpers) if self.show_helpers: if self.fw.connected: self.load_helpers() else: self.helperConfHelperStore.clear() def onViewDirect_toggled(self, button): self.settings.set_boolean("show-direct", button.get_active()) def settings_show_direct_changed(self, settings, key): self.show_direct = settings.get_boolean(key) self.directBox.set_visible(self.show_direct) self.directMenuitem.set_active(self.show_direct) if self.show_direct: if self.fw.connected: self.load_direct() else: self.directChainStore.clear() self.directRuleStore.clear() self.directPassthroughStore.clear() def onViewLockdownWhitelist_toggled(self, button): self.settings.set_boolean("show-lockdown-whitelist", button.get_active()) def settings_show_lockdown_whitelist_changed(self, settings, key): self.show_lockdown_whitelist = settings.get_boolean(key) self.lockdownWhitelistBox.set_visible(self.show_lockdown_whitelist) self.lockdownWhitelistMenuitem.set_active(self.show_lockdown_whitelist) if self.show_lockdown_whitelist: if self.fw.connected: self.load_lockdown_whitelist() else: self.lockdownContextStore.clear() self.lockdownCommandStore.clear() self.lockdownUserStore.clear() self.lockdownUidStore.clear() def settings_show_active_bindings_changed(self, settings, key): self.show_active_bindings = settings.get_boolean(key) self.activeBindingsMenuitem.set_active(self.show_active_bindings) if self.show_active_bindings != self.bindingsExpander.get_expanded(): self.bindingsExpander.set_expanded(self.show_active_bindings) def onViewActiveBindings_toggled(self, button): self.settings.set_boolean("show-active-bindings", button.get_active()) def bindings_expander_changed(self, *args): self.show_active_bindings = self.bindingsExpander.get_expanded() self.settings.set_boolean("show-active-bindings", self.show_active_bindings) self.activeBindingsMenuitem.set_active(self.show_active_bindings) def nm_signal_receiver(self, *args, **kwargs): #print("nm_signal_receiver", args, kwargs) self.update_active_zones() self.connections.clear() self.connections_name.clear() # do not use NMClient could result in python core dump if nm_is_imported(): try: nm_get_connections(self.connections, self.connections_name) except Exception: text = _("Failed to get connections from NetworkManager") self._warning(text) iter = self.interfaceStore.get_iter_first() while iter: interface = self.interfaceStore.get_value(iter, 0) if interface in self.connections: connection = self.connections[interface] connection_name = self.connections_name[connection] zone = nm_get_zone_of_connection(connection) if zone == "": comment = self.default_zone_used_by_label % \ connection_name else: comment = self.used_by_label % connection_name self.interfaceStore.set_value(iter, 1, comment) iter = self.interfaceStore.iter_next(iter) self.change_interface_selection_cb(self.interfaceView.get_selection()) def _dialog(self, text, msg=None, title=None, message_type=Gtk.MessageType.INFO, buttons=[("gtk-close", 1)]): dialog = Gtk.MessageDialog(parent=None, flags=0, message_type=message_type) dialog.set_markup(text) if title: dialog.set_title(title) if msg: dialog.format_secondary_markup(msg) if len(buttons) > 0: for button,id in buttons: dialog.add_button(button, id) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) result = dialog.run() dialog.hide() return result def _warning(self, msg): dialog = Gtk.MessageDialog(parent=None, flags=0, message_type=Gtk.MessageType.WARNING) dialog.set_markup("" + _("Warning") + "") dialog.format_secondary_markup(msg) dialog.add_button("gtk-close", 1) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) dialog.run() dialog.hide() def _error(self, msg): if self._dialog(""+_("Error")+"", message_type=Gtk.MessageType.ERROR, msg=msg, buttons=(("gtk-ok", 0),("gtk-quit", 1))) == 1: self.onQuit() def connection_failed(self, msg): if self._dialog(""+_("Error")+"", message_type=Gtk.MessageType.ERROR, msg=msg, buttons=[("gtk-quit", 1)]) == 1: self.onQuit() def connection_changed(self): if self.connection_timer: GLib.source_remove(self.connection_timer) self.connection_timer = None if self.fw.connected: self.fw.authorizeAll() self.statusLabel.set_text(self.connected_label) self.default_zone = self.fw.getDefaultZone() self.defaultZoneLabel.set_text(self.default_zone) self.log_denied = self.fw.getLogDenied() self.logDeniedLabel.set_text(self.log_denied) self.automatic_helpers = self.fw.getAutomaticHelpers() self.set_automaticHelpersLabel(self.automatic_helpers) lockdown = self.fw.queryLockdown() if lockdown: self.lockdownLabel.set_text(self.enabled) else: self.lockdownLabel.set_text(self.disabled) panic = self.fw.queryPanicMode() if panic: self.panicLabel.set_text(self.enabled) else: self.panicLabel.set_text(self.disabled) self.modifiedLabel.set_text("") self.lockdownMenuitem.handler_block(self.lockdown_check_id) self.lockdownMenuitem.set_active(lockdown) self.lockdownMenuitem.handler_unblock(self.lockdown_check_id) self.panicMenuitem.handler_block(self.panic_check_id) self.panicMenuitem.set_active(panic) self.panicMenuitem.handler_unblock(self.panic_check_id) self.nf_conntrack_helpers = \ self.fw.get_property("nf_conntrack_helpers") for x in self.nf_conntrack_helpers.keys(): self.moduleDialogModuleCombobox.append_text(x) if self.connection_lost: self.onChangeView() else: self.currentViewCombobox.set_active(0) self.waitingWindow.hide() self.waitingWindowSpinner.stop() else: if self.statusLabel.get_text() == self.connected_label: self.connection_lost = True self.statusLabel.set_text(self.trying_to_connect_label) self.defaultZoneLabel.set_text("-") self.lockdownLabel.set_text("-") self.panicLabel.set_text("-") self.moduleDialogModuleCombobox.remove_all() self.nf_conntrack_helpers.clear() self.hide_and_remove_visible_dialogs() self.waitingWindow.show() self.waitingWindowLabel.set_text(self.trying_to_connect_label) self.waitingWindowSpinner.start() self.connection_timer = GLib.timeout_add_seconds( 15, self.connection_failed, self.failed_to_connect_label) self.update_active_zones() self.mainPaned.set_sensitive(self.fw.connected) # make all entries in options menu (in)sensitive for child in self.optionsMenuitem.get_submenu().get_children(): child.set_sensitive(self.fw.connected) # make all entries in view menu (in)sensitive for child in self.viewMenuitem.get_submenu().get_children(): child.set_sensitive(self.fw.connected) def changes_applied(self): self.modifiedLabel.set_text(self.changes_applied_label) if self.modified_timer: GLib.source_remove(self.modified_timer) self.modified_timer = GLib.timeout_add_seconds( 5, self.clear_changes_applied, None) def clear_changes_applied(self, *args): self.modifiedLabel.set_text("") self.modified_timer = None def panic_mode_enabled_cb(self): self.panicLabel.set_text(self.enabled) self.panicMenuitem.handler_block(self.panic_check_id) self.panicMenuitem.set_active(True) self.panicMenuitem.handler_unblock(self.panic_check_id) def panic_mode_disabled_cb(self): self.panicLabel.set_text(self.disabled) self.panicMenuitem.handler_block(self.panic_check_id) self.panicMenuitem.set_active(False) self.panicMenuitem.handler_unblock(self.panic_check_id) def reload_cb(self): self.default_zone = self.fw.getDefaultZone() self.defaultZoneLabel.set_text(self.default_zone) self.log_denied = self.fw.getLogDenied() self.logDeniedLabel.set_text(self.log_denied) self.automatic_helpers = self.fw.getAutomaticHelpers() self.set_automaticHelpersLabel(self.automatic_helpers) self.load_ipsets() self.load_zones() self.load_services() self.load_icmps() self.load_helpers() self.load_direct() self.load_lockdown_whitelist() self.update_active_zones() def load_zones(self): selected_zone = self.get_selected_zone() if self.runtime_view: zones = self.fw.getZones() else: zones = self.fw.config().getZoneNames() # reset and fill notebook content according to view selection = self.zoneView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) self.zoneStore.clear() self.serviceStore.clear() self.portStore.clear() self.protocolStore.clear() self.forwardStore.clear() self.icmpStore.clear() self.richRuleStore.clear() self.interfaceStore.clear() self.sourceStore.clear() if self.runtime_view: for item in self.fw.listServices(): self.serviceStore.append([False, item]) for item in self.fw.listIcmpTypes(): self.icmpStore.append([False, item]) else: for item in self.fw.config().getServiceNames(): self.serviceStore.append([False, item]) for item in self.fw.config().getIcmpTypeNames(): self.icmpStore.append([False, item]) # zones active_zones = self.active_zones.keys() for zone in zones: if zone in active_zones: self.zoneStore.append([zone, Pango.Weight.BOLD]) else: self.zoneStore.append([zone, Pango.Weight.NORMAL]) if selected_zone in zones: _zone = selected_zone else: _zone = self.defaultZoneLabel.get_text() selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) == _zone: selection.select_iter(iter) return iter = self.zoneStore.iter_next(iter) # fallback selection.select_path(0) if not self.get_selected_zone(): self.zoneEditEditButton.set_sensitive(False) self.zoneEditRemoveButton.set_sensitive(False) self.zoneEditLoadDefaultsButton.set_sensitive(False) self.zoneNotebook.set_sensitive(False) def get_active_service(self): selection = self.serviceConfServiceView.get_selection() (model, iter) = selection.get_selected() if iter: return self.serviceConfServiceStore.get_value(iter, 0) return None def load_services(self): active_service = self.get_active_service() if self.runtime_view: services = self.fw.listServices() else: services = self.fw.config().getServiceNames() selection = self.serviceConfServiceView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.serviceConfServiceStore.clear() # services for service in services: self.serviceConfServiceStore.append([service]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) == \ active_service: selection.select_iter(iter) return iter = self.serviceConfServiceStore.iter_next(iter) selection.select_path(0) if not self.get_active_service(): self.serviceConfEditServiceButton.set_sensitive(False) self.serviceConfRemoveServiceButton.set_sensitive(False) self.serviceConfLoadDefaultsServiceButton.set_sensitive(False) self.serviceConfServiceNotebook.set_sensitive(False) def change_rich_rule_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editRichRuleButton.set_sensitive(True) self.removeRichRuleButton.set_sensitive(True) else: self.editRichRuleButton.set_sensitive(False) self.removeRichRuleButton.set_sensitive(False) def service_added_cb(self, zone, service, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.serviceStore.get_iter_first() while iter: if self.serviceStore.get_value(iter, 1) == service: self.serviceStore.set_value(iter, 0, True) break iter = self.serviceStore.iter_next(iter) def service_removed_cb(self, zone, service): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.serviceStore.get_iter_first() while iter: if self.serviceStore.get_value(iter, 1) == service: self.serviceStore.set_value(iter, 0, False) break iter = self.serviceStore.iter_next(iter) def service_toggle_cb(self, toggle, row, model, col): iter = model.get_iter(row) old_val = model.get(iter, col)[0] name = model.get(iter, 1)[0] selected_zone = self.get_selected_zone() if self.runtime_view: if not old_val: self.fw.addService(selected_zone, name) else: self.fw.removeService(selected_zone, name) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not old_val: zone.addService(name) else: zone.removeService(name) self.changes_applied() def change_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editPortButton.set_sensitive(True) self.removePortButton.set_sensitive(True) else: self.editPortButton.set_sensitive(False) self.removePortButton.set_sensitive(False) def change_source_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editSourcePortButton.set_sensitive(True) self.removeSourcePortButton.set_sensitive(True) else: self.editSourcePortButton.set_sensitive(False) self.removeSourcePortButton.set_sensitive(False) def change_protocol_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editProtocolButton.set_sensitive(True) self.removeProtocolButton.set_sensitive(True) else: self.editProtocolButton.set_sensitive(False) self.removeProtocolButton.set_sensitive(False) def change_forward_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editForwardButton.set_sensitive(True) self.removeForwardButton.set_sensitive(True) else: self.editForwardButton.set_sensitive(False) self.removeForwardButton.set_sensitive(False) def masquerade_check_cb(self, *args): selected_zone = self.get_selected_zone() if self.runtime_view: if not self.masqueradeCheck.get_active(): if not self.fw.queryMasquerade(selected_zone): self.fw.addMasquerade(selected_zone) self.changes_applied() else: if self.fw.queryMasquerade(selected_zone): self.fw.removeMasquerade(selected_zone) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) zone.setMasquerade(not self.masqueradeCheck.get_active()) self.changes_applied() def masquerade_added_cb(self, zone, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return self.masqueradeCheck.set_active(True) def masquerade_removed_cb(self, zone): if not self.runtime_view or zone != self.get_selected_zone(): return self.masqueradeCheck.set_active(False) def icmp_toggle_cb(self, toggle, row, model, col): iter = model.get_iter(row) old_val = model.get(iter, col)[0] name = model.get(iter, 1)[0] selected_zone = self.get_selected_zone() if self.runtime_view: if not old_val: self.fw.addIcmpBlock(selected_zone, name) else: self.fw.removeIcmpBlock(selected_zone, name) else: zone = self.fw.config().getZoneByName(selected_zone) if not old_val: zone.addIcmpBlock(name) else: zone.removeIcmpBlock(name) self.changes_applied() def icmp_added_cb(self, zone, icmp, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.icmpStore.get_iter_first() while iter: if self.icmpStore.get_value(iter, 1) == icmp: self.icmpStore.set_value(iter, 0, True) break iter = self.icmpStore.iter_next(iter) def icmp_removed_cb(self, zone, icmp): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.icmpStore.get_iter_first() while iter: if self.icmpStore.get_value(iter, 1) == icmp: self.icmpStore.set_value(iter, 0, False) break iter = self.icmpStore.iter_next(iter) def icmp_block_inversion_check_cb(self, *args): selected_zone = self.get_selected_zone() if self.runtime_view: if not self.icmpBlockInversionCheck.get_active(): if not self.fw.queryIcmpBlockInversion(selected_zone): self.fw.addIcmpBlockInversion(selected_zone) self.changes_applied() else: if self.fw.queryIcmpBlockInversion(selected_zone): self.fw.removeIcmpBlockInversion(selected_zone) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) zone.setIcmpBlockInversion(not self.icmpBlockInversionCheck.get_active()) self.changes_applied() def icmp_inversion_added_cb(self, zone): if not self.runtime_view or zone != self.get_selected_zone(): return self.icmpBlockInversionCheck.set_active(True) def icmp_inversion_removed_cb(self, zone): if not self.runtime_view or zone != self.get_selected_zone(): return self.icmpBlockInversionCheck.set_active(False) def _add_rich_rule(self, obj): family = "all" priority = 0 src = "" dest = "" elem = "" log = "" audit = "" action = "" if obj.family: family = obj.family if obj.priority: priority = obj.priority if obj.action: if type(obj.action) == rich.Rich_Accept: action = _("accept") elif type(obj.action) == rich.Rich_Reject: action = _("reject") if obj.action.type is not None: action += "\n" + obj.action.type elif type(obj.action) == rich.Rich_Drop: action = _("drop") elif type(obj.action) == rich.Rich_Mark: action = _("mark") action += "\nset " + obj.action.set if obj.action.limit: action += "\n" + _("limit") + " " + obj.action.limit.value if obj.source: if obj.source.invert: src = "! " if obj.source.addr: src += "IP: %s" % obj.source.addr elif obj.source.mac: src += "MAC: %s" % obj.source.mac elif obj.source.ipset: src += "ipset:%s" % obj.source.ipset if obj.destination: dest = obj.destination.addr if obj.destination.invert: dest = "! %s" % dest if obj.element: if type(obj.element) == rich.Rich_Service: elem = _("service") + "\n" + obj.element.name elif type(obj.element) == rich.Rich_Port: elem = _("port") + "\n%s/%s" % (obj.element.port, obj.element.protocol) elif type(obj.element) == rich.Rich_Protocol: elem = _("protocol") + "\n" + obj.element.value elif type(obj.element) == rich.Rich_Masquerade: elem = _("masquerade") elif type(obj.element) == rich.Rich_IcmpBlock: elem = _("icmp-block") + "\n%s" % obj.element.name elif type(obj.element) == rich.Rich_IcmpType: elem = _("icmp-type") + "\n%s" % obj.element.name elif type(obj.element) == rich.Rich_ForwardPort: elem = _("forward-port") + "\n%s" % self.create_fwp_string( obj.element.port, obj.element.protocol, obj.element.to_port, obj.element.to_address) elif type(obj.element) == rich.Rich_SourcePort: elem = _("source-port") + "\n%s/%s" % (obj.element.port, obj.element.protocol) else: elem = str(obj.element) if obj.log: if obj.log.prefix: log = '"%s"' % obj.log.prefix if obj.log.level: log += "\n" + _("level") + " " + obj.log.level if obj.log.limit: log += "\n" + _("limit") + " " + obj.log.limit.value if log == "": log = _("yes") if obj.audit: if obj.audit.limit: audit += "\n" + _("limit") + " " + obj.audit.limit.value if audit == "": audit = _("yes") self.richRuleStore.append([obj, family, priority, action, elem, src, dest, log, audit]) def richrule_added_cb(self, zone, rule, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return obj = rich.Rich_Rule(rule_str=rule) iter = self.richRuleStore.get_iter_first() while iter: if str(self.richRuleStore.get_value(iter, 0)) == str(obj): # already there return iter = self.richRuleStore.iter_next(iter) # nothing found, so add it self._add_rich_rule(obj) def richrule_removed_cb(self, zone, rule): if not self.runtime_view or zone != self.get_selected_zone(): return obj = rich.Rich_Rule(rule_str=rule) iter = self.richRuleStore.get_iter_first() while iter: if str(self.richRuleStore.get_value(iter, 0)) == str(obj): self.richRuleStore.remove(iter) break iter = self.richRuleStore.iter_next(iter) def _add_interface(self, interface): comment = "" if interface in self.connections: zone = nm_get_zone_of_connection(self.connections[interface]) if zone == "": comment = self.default_zone_used_by_label % \ self.connections[interface] else: comment = self.used_by_label % self.connections[interface] self.interfaceStore.append([interface, comment]) def interface_added_cb(self, zone, interface): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.interfaceStore.get_iter_first() while iter: if self.interfaceStore.get_value(iter, 0) == interface: # already there return iter = self.interfaceStore.iter_next(iter) # nothing found, so add it self._add_interface(interface) def interface_removed_cb(self, zone, interface): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.interfaceStore.get_iter_first() while iter: if self.interfaceStore.get_value(iter, 0) == interface: self.interfaceStore.remove(iter) break iter = self.interfaceStore.iter_next(iter) def zone_of_interface_changed_cb(self, zone, interface): self.update_active_zones() if not self.runtime_view: return iter = self.interfaceStore.get_iter_first() while iter: if self.interfaceStore.get_value(iter, 0) == interface: # it is here, remove it self.interfaceStore.remove(iter) iter = self.interfaceStore.iter_next(iter) # add if zone is active_zone if zone == self.get_selected_zone(): self._add_interface(interface) def source_added_cb(self, zone, source): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourceStore.get_iter_first() while iter: if self.sourceStore.get_value(iter, 0) == source: # already there return iter = self.sourceStore.iter_next(iter) # nothing found, so add it self.sourceStore.append([source]) def source_removed_cb(self, zone, source): self.update_active_zones() if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourceStore.get_iter_first() while iter: if self.sourceStore.get_value(iter, 0) == source: self.sourceStore.remove(iter) break iter = self.sourceStore.iter_next(iter) def zone_of_source_changed_cb(self, zone, source): self.update_active_zones() if not self.runtime_view: return iter = self.sourceStore.get_iter_first() while iter: if self.sourceStore.get_value(iter, 0) == source: # it is here, remove it self.sourceStore.remove(iter) iter = self.sourceStore.iter_next(iter) # add if zone is active_zone if zone == self.get_selected_zone(): self.sourceStore.append([source]) def conf_zone_added_cb(self, zone): if self.runtime_view: return # check if zone is in store iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) == zone: return iter = self.zoneStore.iter_next(iter) # not in list, append if zone in self.active_zones: self.zoneStore.append([zone, Pango.Weight.BOLD]) else: self.zoneStore.append([zone, Pango.Weight.NORMAL]) selection = self.zoneView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_zone_updated_cb(self, zone): if self.runtime_view or zone != self.get_selected_zone(): return self.onChangeZone() def conf_zone_removed_cb(self, zone): if self.runtime_view: return iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) == zone: self.zoneStore.remove(iter) break iter = self.zoneStore.iter_next(iter) def conf_zone_renamed_cb(self, zone): if self.runtime_view: return # Get all zones, renamed the one that is missing. # If more or less than one is missing, update zone store. zones = self.fw.config().getZoneNames() use_iter = None iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) not in zones: if use_iter is not None: return self.load_zones() use_iter = iter iter = self.zoneStore.iter_next(iter) if use_iter is None: return self.load_zones() self.zoneStore.set_value(use_iter, 0, zone) def deactivate_exception_handler(self): self.__use_exception_handler = False def activate_exception_handler(self): self.__use_exception_handler = True def _exception_handler(self, exception_message): if not self.__use_exception_handler: raise if "NotAuthorizedException" in exception_message: self._error(_("Authorization failed.")) elif "INVALID_NAME" in exception_message: msg = exception_message.replace("INVALID_NAME", _("Invalid name")) self._warning(msg) elif "NAME_CONFLICT" in exception_message: msg = exception_message.replace("NAME_CONFLICT", _("Name already exists")) self._warning(msg) elif "NO_DEFAULTS" in exception_message: pass else: self._error(exception_message) def get_selected_zone(self): selection = self.zoneView.get_selection() (model, iter) = selection.get_selected() if iter: return self.zoneStore.get_value(iter, 0) return None def onQuit(self, *args): self.mainloop.quit() sys.exit() def onAbout(self, *args): self.aboutDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.aboutDialog.set_transient_for(self.mainWindow) self.aboutDialog.show_all() self.aboutDialog.run() self.aboutDialog.hide() def onReloadFirewalld(self, *args): self.fw.reload() def onChangeView(self, *args): # Fix interaction problem of changed event of gtk combobox with # polkit-kde by processing all remaining events. # # The changed callback is signaled before the popup window has been # destroyed and before the focus (keyboard and mouse) has been reset. # This results in a deadlock in KDE and Qt, because the polkit KDE # agent can not get the focus and the user has no chance to enter the # desired password into the agent and is also not able to close the # agent with the mouse. The focus is still on the combobox popup. Gdk.DisplayManager.get().get_default_display().flush() self.fw.authorizeAll() self.runtime_view = (self.currentViewCombobox.get_active_text() == \ _("Runtime")) self.zoneEditBox.set_sensitive(not self.runtime_view) self.serviceConfDestinationGrid.set_sensitive(not self.runtime_view) self.icmpDialogDestIpv4Check.set_sensitive(not self.runtime_view) self.icmpDialogDestIpv6Check.set_sensitive(not self.runtime_view) self.ipsetConfEntryBox.set_sensitive(False) if self.runtime_view: self.zoneEditBox.hide() self.ipsetConfIPSetEditBox.hide() self.serviceConfServiceEditBox.hide() self.serviceConfPortBox.hide() self.serviceConfProtocolBox.hide() self.serviceConfSourcePortBox.hide() self.serviceConfModuleBox.hide() self.icmpDialogIcmpEditBox.hide() self.helperConfHelperEditBox.hide() self.helperConfPortBox.hide() else: self.zoneEditBox.show() self.ipsetConfIPSetEditBox.show() self.serviceConfServiceEditBox.show() self.serviceConfPortBox.show() self.serviceConfProtocolBox.show() self.serviceConfSourcePortBox.show() self.serviceConfModuleBox.show() self.icmpDialogIcmpEditBox.show() self.helperConfHelperEditBox.show() self.helperConfPortBox.show() self.load_ipsets() self.load_zones() self.load_services() self.load_icmps() self.load_helpers() self.load_direct() self.load_lockdown_whitelist() def update_active_zones(self): self.active_zones.clear() # remove all entries for the left menu left_menu_children = self.left_menu.get_children() for child in left_menu_children: self.left_menu.remove(child) child.destroy() # add connecitons entry item = Gtk.MenuItem.new() label = Gtk.Label() label.set_markup(escape(_("Connections"))) label.set_alignment(0, 0.5) item.add(label) item.connect("select", self.no_select) self.left_menu.append(item) if self.fw.connected: self.active_zones = self.fw.getActiveZones() else: self.active_zones = { } # clean bindingsView, leave connections, interfaces and sources entries self.bindingsView.get_selection().set_mode(Gtk.SelectionMode.NONE) iter = self.bindingsStore.iter_children(self.connectionsIter) while iter: self.bindingsStore.remove(iter) iter = self.bindingsStore.iter_children(self.connectionsIter) iter = self.bindingsStore.iter_children(self.interfacesIter) while iter: self.bindingsStore.remove(iter) iter = self.bindingsStore.iter_children(self.interfacesIter) iter = self.bindingsStore.iter_children(self.sourcesIter) while iter: self.bindingsStore.remove(iter) iter = self.bindingsStore.iter_children(self.sourcesIter) self.changeBindingsButton.set_sensitive(False) # get all active connections (NM) and interfaces connections = { } interfaces = { } sources = { } for zone in sorted(self.active_zones): if "interfaces" in self.active_zones[zone]: for interface in sorted(self.active_zones[zone]["interfaces"]): if interface not in self.connections: interfaces[interface] = zone if "sources" in self.active_zones[zone]: for source in sorted(self.active_zones[zone]["sources"]): sources[source] = zone # NM controlled connections for interface in self.connections: connection = self.connections[interface] if connection not in connections: zone = nm_get_zone_of_connection(connection) connections[connection] = [ zone, [ interface, ] ] else: connections[connection][1].append(interface) # add NM controlled entries for connection in sorted(connections): [ zone, _interfaces ] = connections[connection] connection_name = self.connections_name[connection] item = Gtk.MenuItem.new() hbox = Gtk.Box(orientation=Gtk.Orientation.HORIZONTAL, spacing=6) label = Gtk.Label() if zone == "": label.set_markup("%s (%s)\n%s: %s" % \ (connection_name, ",".join(_interfaces), escape(_("Default Zone")), self.default_zone)) else: label.set_markup("%s (%s)\n%s: %s" % \ (connection_name, ",".join(_interfaces), escape(_("Zone")), zone)) label.set_alignment(0, 0.5) label.set_padding(12, 0) hbox.pack_start(label, True, True, 0) item.add(hbox) item.connect("activate", self.change_zone_connection_editor, connection, connection_name, zone) self.left_menu.append(item) if zone == "": self.bindingsStore.append( self.connectionsIter, [ "%s (%s)\n%s" % ( connection_name, ",".join(_interfaces), _("Default Zone: %s") % self.default_zone), connection, zone ]) else: self.bindingsStore.append( self.connectionsIter, [ "%s (%s)\n%s" % ( connection_name, ",".join(_interfaces), _("Zone: %s") % zone), connection, zone ]) item = Gtk.MenuItem.new() label = Gtk.Label() label.set_markup(escape(_("Interfaces"))) label.set_alignment(0, 0.5) item.add(label) item.connect("select", self.no_select) self.left_menu.append(item) if len(interfaces) > 0: # add other interfaces for interface in sorted(interfaces): zone = interfaces[interface] item = Gtk.MenuItem.new() hbox = Gtk.Box(orientation=Gtk.Orientation.HORIZONTAL, spacing=6) label = Gtk.Label() label.set_markup("%s\n%s: %s" % \ (interface, escape(_("Zone")), zone)) label.set_alignment(0, 0.5) label.set_padding(12, 0) hbox.pack_start(label, True, True, 0) item.add(hbox) item.connect("activate", self.change_zone_interface_editor, interface, zone) self.left_menu.append(item) self.bindingsStore.append( self.interfacesIter, [ "%s\n%s" % (interface, _("Zone: %s") % zone), interface, zone ]) item = Gtk.MenuItem.new() label = Gtk.Label() label.set_markup(escape(_("Sources"))) label.set_alignment(0, 0.5) item.add(label) item.connect("select", self.no_select) self.left_menu.append(item) if len(sources) > 0: for source in sorted(sources): zone = sources[source] item = Gtk.MenuItem.new() hbox = Gtk.Box(orientation=Gtk.Orientation.HORIZONTAL, spacing=6) label = Gtk.Label() label.set_markup("%s\n%s: %s" % \ (source, escape(_("Zone")), zone)) label.set_alignment(0, 0.5) label.set_padding(12, 0) hbox.pack_start(label, True, True, 0) item.add(hbox) item.connect("activate", self.change_zone_source_editor, source, zone) self.left_menu.append(item) self.bindingsStore.append( self.sourcesIter, [ "%s\n%s" % (source, _("Zone: %s") % zone), source, zone ]) self.bindingsView.expand_all() self.bindingsView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) iter = self.zoneStore.get_iter_first() while iter: if self.zoneStore.get_value(iter, 0) in self.active_zones.keys(): self.zoneStore.set_value(iter, 1, Pango.Weight.BOLD) else: self.zoneStore.set_value(iter, 1, Pango.Weight.NORMAL) iter = self.zoneStore.iter_next(iter) def onChangeDefaultZone(self, *args): self.defaultZoneStore.clear() zones = self.fw.getZones() # self.default_zone = self.fw.getDefaultZone() for zone in zones: if zone == self.default_zone: self.defaultZoneStore.append([zone, Pango.Weight.BOLD]) else: self.defaultZoneStore.append([zone, Pango.Weight.NORMAL]) selection = self.defaultZoneView.get_selection() if self.default_zone in zones: selection.select_path(zones.index(self.default_zone)) else: selection.set_mode(Gtk.SelectionMode.NONE) self.defaultZoneDialogOkButton.set_sensitive(False) self.defaultZoneDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.defaultZoneDialog.set_transient_for(self.mainWindow) self.defaultZoneDialog.show_all() self.add_visible_dialog(self.defaultZoneDialog) result = self.defaultZoneDialog.run() self.defaultZoneDialog.hide() self.remove_visible_dialog(self.defaultZoneDialog) if result == 1: (model, iter) = selection.get_selected() if not iter: return new_default_zone = model.get(iter, 0)[0] if new_default_zone != self.default_zone: self.fw.setDefaultZone(new_default_zone) self.default_zone = new_default_zone self.changes_applied() def on_logDeniedDialogValueCombobox_changed(self, combo): self.logDeniedDialogOkButton.set_sensitive( combo.get_active_text() != self.log_denied) def onChangeLogDenied(self, *args): combobox_select_text(self.logDeniedDialogValueCombobox, self.fw.getLogDenied()) self.logDeniedDialogOkButton.set_sensitive(False) self.logDeniedDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.logDeniedDialog.set_transient_for(self.mainWindow) self.logDeniedDialog.show_all() self.add_visible_dialog(self.logDeniedDialog) result = self.logDeniedDialog.run() self.logDeniedDialog.hide() self.remove_visible_dialog(self.logDeniedDialog) if result == 1: value = self.logDeniedDialogValueCombobox.get_active_text() if value != self.log_denied: self.fw.setLogDenied(value) self.log_denied = value self.changes_applied() def log_denied_changed_cb(self, value): self.logDeniedLabel.set_text(value) combobox_select_text(self.logDeniedDialogValueCombobox, value) def set_automaticHelpersLabel(self, value): if value == "system": self.automaticHelpersLabel.set_text( "%s (%s)" % (value, { 0:"off", 1:"on" }[ self.fw.get_property("nf_conntrack_helper_setting")])) else: self.automaticHelpersLabel.set_text(value) def on_automaticHelpersDialogValueCombobox_changed(self, combo): self.automaticHelpersDialogOkButton.set_sensitive( combo.get_active_text() != self.automatic_helpers) def onChangeAutomaticHelpers(self, *args): combobox_select_text(self.automaticHelpersDialogValueCombobox, self.fw.getAutomaticHelpers()) self.automaticHelpersDialogOkButton.set_sensitive(False) self.automaticHelpersDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.automaticHelpersDialog.set_transient_for(self.mainWindow) self.automaticHelpersDialog.show_all() self.add_visible_dialog(self.automaticHelpersDialog) result = self.automaticHelpersDialog.run() self.automaticHelpersDialog.hide() self.remove_visible_dialog(self.automaticHelpersDialog) if result == 1: value = self.automaticHelpersDialogValueCombobox.get_active_text() if value != self.automatic_helpers: self.fw.setAutomaticHelpers(value) self.automatic_helpers = value self.changes_applied() def automatic_helpers_changed_cb(self, value): self.set_automaticHelpersLabel(value) combobox_select_text(self.automaticHelpersDialogValueCombobox, value) def onRuntimeToPermanent(self, *args): self.fw.runtimeToPermanent() def on_defaultZoneViewSelection_changed(self, selection): (model, iter) = selection.get_selected() if not iter: return new_default_zone = model.get(iter, 0)[0] self.defaultZoneDialogOkButton.set_sensitive( \ new_default_zone != self.default_zone) def default_zone_changed_cb(self, zone): self.default_zone = zone self.defaultZoneLabel.set_text(zone) self.update_active_zones() def onSelectBinding(self, *args): selection = self.bindingsView.get_selection() (model, iter) = selection.get_selected() if not iter: self.changeBindingsButton.set_sensitive(False) return parent_iter = self.bindingsStore.iter_parent(iter) if parent_iter is None: selection.unselect_all() self.changeBindingsButton.set_sensitive(False) #self.editBindingsButton.set_sensitive(False) return if self.bindingsStore.get_value(parent_iter, 0) == _("Connections"): self.changeBindingsButton.set_sensitive(True) #self.editBindingsButton.set_sensitive(False) elif self.bindingsStore.get_value(parent_iter, 0) == _("Interfaces"): self.changeBindingsButton.set_sensitive(True) #self.editBindingsButton.set_sensitive(True) elif self.bindingsStore.get_value(parent_iter, 0) == _("Sources"): self.changeBindingsButton.set_sensitive(True) #self.editBindingsButton.set_sensitive(True) def onBindingClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.onChangeBinding() def onChangeBinding(self, *args): selection = self.bindingsView.get_selection() (model, iter) = selection.get_selected() if not iter: return parent_iter = self.bindingsStore.iter_parent(iter) if parent_iter is None: return item = self.bindingsStore.get_value(iter, 1) zone = self.bindingsStore.get_value(iter, 2) if self.bindingsStore.get_value(parent_iter, 0) == _("Connections"): self.change_zone_connection_editor(None, item, self.connections_name[item], zone) elif self.bindingsStore.get_value(parent_iter, 0) == _("Interfaces"): self.change_zone_interface_editor(None, item, zone) elif self.bindingsStore.get_value(parent_iter, 0) == _("Sources"): self.change_zone_source_editor(None, item, zone) #def onEditBindingClicked(self, widget, event): # if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: # self.onEditBinding() #def onEditBinding(self, *args): # return def onChangeZone(self, *args): selected_zone = self.get_selected_zone() ### load zone settings self.portStore.clear() self.protocolStore.clear() self.forwardStore.clear() self.sourcePortStore.clear() self.richRuleStore.clear() self.interfaceStore.clear() self.sourceStore.clear() self.serviceView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.portView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.protocolView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.forwardView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.sourcePortView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.icmpView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.richRuleView.get_selection().set_mode(Gtk.SelectionMode.NONE) self.zoneNotebook.set_tooltip_markup("") if not selected_zone: self.zoneEditEditButton.set_sensitive(False) self.zoneEditRemoveButton.set_sensitive(False) self.zoneEditLoadDefaultsButton.set_sensitive(False) self.zoneNotebook.set_sensitive(False) iter = self.serviceStore.get_iter_first() while iter: self.serviceStore.set_value(iter, 0, False) iter = self.serviceStore.iter_next(iter) self.masqueradeCheck.set_active(False) iter = self.icmpStore.get_iter_first() while iter: self.icmpStore.set_value(iter, 0, False) iter = self.icmpStore.iter_next(iter) self.icmpBlockInversionCheck.set_active(False) return self.zoneEditEditButton.set_sensitive(True) self.zoneNotebook.set_sensitive(True) if self.runtime_view: # load runtime configuration try: settings = self.fw.getZoneSettings(selected_zone) except: return default = False builtin = False else: # load permanent configuration try: zone = self.fw.config().getZoneByName(selected_zone) except: return settings = zone.getSettings() props = zone.get_properties() default = props["default"] builtin = props["builtin"] services = settings.getServices() ports = settings.getPorts() protocols = settings.getProtocols() masquerade = settings.getMasquerade() forward_ports = settings.getForwardPorts() source_ports = settings.getSourcePorts() icmpblocks = settings.getIcmpBlocks() rules = settings.getRichRules() interfaces = settings.getInterfaces() sources = settings.getSources() icmp_block_inversion = settings.getIcmpBlockInversion() self.zoneNotebook.set_sensitive(True) self.zoneEditRemoveButton.set_sensitive(not builtin and default) self.zoneEditLoadDefaultsButton.set_sensitive(not default) # set services _services = services[:] iter = self.serviceStore.get_iter_first() while iter: name = self.serviceStore.get_value(iter, 1) if name in _services: self.serviceStore.set_value(iter, 0, True) _services.remove(name) else: self.serviceStore.set_value(iter, 0, False) iter = self.serviceStore.iter_next(iter) # handle unknown services for name in _services: text = _("Zone '%s': Service '%s' is not available.") % \ (selected_zone, name) result = self._dialog(text, message_type=Gtk.MessageType.WARNING, title=_("Warning"), buttons=((_("Remove"), 1), (_("Ignore"), 2))) if result == 1: if self.runtime_view: self.fw.removeService(selected_zone, name) else: settings.removeService(name) zone.update(settings) self.changes_applied() # set ports for item in ports: self.portStore.append(item) # set protocols for item in protocols: self.protocolStore.append([item]) # set masquerade self.masqueradeCheck.set_active(masquerade) # set forward ports for item in forward_ports: self.forwardStore.append(item) # set source ports for item in source_ports: self.sourcePortStore.append(item) # set icmpblocks _icmpblocks = icmpblocks[:] iter = self.icmpStore.get_iter_first() while iter: name = self.icmpStore.get_value(iter, 1) if name in _icmpblocks: self.icmpStore.set_value(iter, 0, True) _icmpblocks.remove(name) else: self.icmpStore.set_value(iter, 0, False) iter = self.icmpStore.iter_next(iter) self.icmpBlockInversionCheck.set_active(icmp_block_inversion) # handle unknown icmpblocks for name in _icmpblocks: text = _("Zone '%s': ICMP type '%s' is not available.") % \ (selected_zone, name) result = self._dialog(text, message_type=Gtk.MessageType.WARNING, title=_("Warning"), buttons=((_("Remove"), 1),(_("Ignore"), 2))) if result == 1: if self.runtime_view: self.fw.removeIcmpBlock(selected_zone, name) else: settings.removeIcmpBlock(name) zone.update(settings) self.changes_applied() # set rich rules for item in rules: rule = rich.Rich_Rule(rule_str=item) self._add_rich_rule(rule) # set interfaces for item in interfaces: self._add_interface(item) # set sources for item in sources: self.sourceStore.append([item]) self.serviceView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.portView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.protocolView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.forwardView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.sourcePortView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.icmpView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.richRuleView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.interfaceView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) self.sourceView.get_selection().set_mode(Gtk.SelectionMode.SINGLE) def onAddZone(self, *args): if self.runtime_view: return self.add_edit_zone(True) def onRemoveZone(self, *args): if self.runtime_view: return selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) zone.remove() self.changes_applied() self.load_zones() self.onChangeZone() def onEditZone(self, *args): if self.runtime_view: return self.add_edit_zone(False) def onLoadDefaultsZone(self, *args): if self.runtime_view: return selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) zone.loadDefaults() self.changes_applied() self.onChangeZone() def entry_changed(self, entry, allowed_chars, modify=None): "Remove all disallowed characters and truncate length." origtext = entry.get_text() newtext = origtext for char in origtext: if char not in allowed_chars: newtext = newtext.replace(char, "") OK = len(newtext) > 0 if modify: OK, newtext = modify(newtext) if newtext != origtext: entry.set_text(newtext) return OK def onZoneBaseDialogChanged(self, *args): def check_zone_name(zone): max_len = functions.max_zone_name_len() parts = zone.split('/') if len(parts) < 2: return (True, zone) if len(parts[0]) > max_len: parts[0] = parts[0][:max_len] zone = '/'.join(parts[:2]) OK = len(zone) > 1 and zone[0] != '/' and zone[-1] != '/' return (OK, zone) OK=True if args and (args[0] == self.zoneBaseDialogNameEntry): additional_chars = "".join(Zone.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars OK = self.entry_changed(args[0], allowed_chars, check_zone_name) self.zoneBaseDialogOkButton.set_sensitive(OK) def onZoneBaseDialogTargetCheckToggled(self, check): val = check.get_active() self.zoneBaseDialogTargetCombobox.set_sensitive(not val) def add_edit_zone(self, add): l = functions.max_zone_name_len() self.zoneBaseDialogNameEntry.set_max_length(l) self.zoneBaseDialogNameEntry.set_width_chars(l) self.zoneBaseDialogNameEntry.set_max_width_chars(l) if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None old_target = None self.zoneBaseDialogNameEntry.set_text("") self.zoneBaseDialogVersionEntry.set_text("") self.zoneBaseDialogShortEntry.set_text("") self.zoneBaseDialogDescText.get_buffer().set_text("") self.zoneBaseDialogTargetCheck.set_active(True) self.zoneBaseDialogTargetCombobox.set_active(0) else: selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) settings = zone.getSettings() props = zone.get_properties() default = props["default"] builtin = props["builtin"] old_name = zone.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() old_target = settings.getTarget() self.zoneBaseDialogNameEntry.set_text(old_name) self.zoneBaseDialogVersionEntry.set_text(old_version) self.zoneBaseDialogShortEntry.set_text(old_short) self.zoneBaseDialogDescText.get_buffer().set_text(old_desc) if old_target == "default" or \ old_target == DEFAULT_ZONE_TARGET: self.zoneBaseDialogTargetCheck.set_active(True) self.zoneBaseDialogTargetCombobox.set_active(0) else: self.zoneBaseDialogTargetCheck.set_active(False) combobox_select_text(self.zoneBaseDialogTargetCombobox, old_target if old_target != "%%REJECT%%" else "REJECT") self.zoneBaseDialogOkButton.set_sensitive(False) if builtin: self.zoneBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in zone, rename not supported.")) else: self.zoneBaseDialogNameEntry.set_tooltip_markup("") self.zoneBaseDialogNameEntry.set_sensitive(not builtin and default) self.zoneBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.zoneBaseDialog.set_transient_for(self.mainWindow) self.zoneBaseDialog.show_all() self.add_visible_dialog(self.zoneBaseDialog) result = self.zoneBaseDialog.run() self.zoneBaseDialog.hide() self.remove_visible_dialog(self.zoneBaseDialog) if result != 1: return name = self.zoneBaseDialogNameEntry.get_text() version = self.zoneBaseDialogVersionEntry.get_text() short = self.zoneBaseDialogShortEntry.get_text() buffer = self.zoneBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) target = "default" # this has been DEFAULT_ZONE_TARGET before if not self.zoneBaseDialogTargetCheck.get_active(): target = self.zoneBaseDialogTargetCombobox.get_active_text() if target == "REJECT": target = "%%REJECT%%" if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc and old_target == target: # no changes return if not add: selected_zone = self.get_selected_zone() zone = self.fw.config().getZoneByName(selected_zone) settings = zone.getSettings() else: settings = client.FirewallClientZoneSettings() if old_version != version or old_short != short or \ old_desc != desc or old_target != target: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) settings.setTarget(target) if not add: zone.update(settings) if not add: if old_name == name: return zone.rename(name) else: self.fw.config().addZone(name, settings) self.changes_applied() def onAddRichRule(self, *args): self.add_edit_rich_rule(True) def onEditRichRule(self, *args): self.add_edit_rich_rule(False) def onRichRuleClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_rich_rule(False) def onRemoveRichRule(self, *args): selected_zone = self.get_selected_zone() selection = self.richRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return obj = self.richRuleStore.get_value(iter, 0) if self.runtime_view: self.fw.removeRichRule(selected_zone, str(obj)) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeRichRule(str(obj)) self.changes_applied() def add_edit_rich_rule(self, add): self.richRuleDialogFamilyCombobox.set_active(0) self.richRuleDialogPriorityEntry.set_value(0) self.richRuleDialogElementCheck.set_active(False) self.richRuleDialogElementCombobox.set_active(0) self.richRuleDialogElementChooser.set_text("") self.richRuleDialogActionCheck.set_active(False) self.richRuleDialogActionCombobox.set_active(0) self.richRuleDialogActionRejectTypeCheck.set_active(False) self.richRuleDialogActionRejectTypeCombobox.set_active(0) self.richRuleDialogActionMarkChooser.set_text("") self.richRuleDialogActionLimitCheck.set_active(False) self.richRuleDialogActionLimitRateEntry.set_text("") self.richRuleDialogActionLimitDurationCombobox.set_active(0) self.richRuleDialogSourceInvertCheck.set_active(False) self.richRuleDialogSourceTypeCombobox.set_active(0) self.richRuleDialogSourceChooser.set_text("") self.richRuleDialogDestinationInvertCheck.set_active(False) self.richRuleDialogDestinationChooser.set_text("") self.richRuleDialogLogCheck.set_active(False) self.richRuleDialogLogPrefixEntry.set_text("") self.richRuleDialogLogLevelCombobox.set_active(4) self.richRuleDialogLogLimitCheck.set_active(False) self.richRuleDialogLogLimitRateEntry.set_text("") self.richRuleDialogLogLimitDurationCombobox.set_active(0) self.richRuleDialogAuditCheck.set_active(False) self.richRuleDialogAuditLimitCheck.set_active(False) self.richRuleDialogAuditLimitRateEntry.set_text("") self.richRuleDialogAuditLimitDurationCombobox.set_active(0) smhd = { "s": _("second"), "m": _("minute"), "h": _("hour"), "d": _("day") } loglevel = { "emerg": _("emergency"), "alert": _("alert"), "crit": _("critical"), "error": _("error"), "warning": _("warning"), "notice": _("notice"), "info": _("info"), "debug": _("debug"), } selected_zone = self.get_selected_zone() old_obj = None iter = None if not add: selection = self.richRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_obj = self.richRuleStore.get_value(iter, 0) self.richRuleDialog.old_obj = old_obj if old_obj: if old_obj.family in [ "ipv4", "ipv6" ]: combobox_select_text(self.richRuleDialogFamilyCombobox, old_obj.family, insensitive=True) if old_obj.priority != 0: self.richRuleDialogPriorityEntry.set_value(old_obj.priority) if old_obj.element: self.richRuleDialogElementCheck.set_active(True) # element if type(old_obj.element) == rich.Rich_Service: combobox_select_text(self.richRuleDialogElementCombobox, _("service")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.name) elif type(old_obj.element) == rich.Rich_Port: combobox_select_text(self.richRuleDialogElementCombobox, _("port")) self.richRuleDialogElementChooser.set_text( \ "%s/%s" % (old_obj.element.port, old_obj.element.protocol)) elif type(old_obj.element) == rich.Rich_Protocol: combobox_select_text(self.richRuleDialogElementCombobox, _("protocol")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.value) elif type(old_obj.element) == rich.Rich_Masquerade: combobox_select_text(self.richRuleDialogElementCombobox, _("masquerade")) elif type(old_obj.element) == rich.Rich_IcmpBlock: combobox_select_text(self.richRuleDialogElementCombobox, _("icmp-block")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.name) elif type(old_obj.element) == rich.Rich_IcmpType: combobox_select_text(self.richRuleDialogElementCombobox, _("icmp-type")) self.richRuleDialogElementChooser.set_text( \ old_obj.element.name) elif type(old_obj.element) == rich.Rich_ForwardPort: combobox_select_text(self.richRuleDialogElementCombobox, _("forward-port")) s = "%s/%s" % (old_obj.element.port, old_obj.element.protocol) if old_obj.element.to_port != "": s += " >%s" % old_obj.element.to_port if old_obj.element.to_address != "": s += " @%s" % old_obj.element.to_address self.richRuleDialogElementChooser.set_text(s) elif type(old_obj.element) == rich.Rich_SourcePort: combobox_select_text(self.richRuleDialogElementCombobox, _("source-port")) self.richRuleDialogElementChooser.set_text( \ "%s/%s" % (old_obj.element.port, old_obj.element.protocol)) # action if old_obj.action: self.richRuleDialogActionCheck.set_active(True) action = None if type(old_obj.action) == rich.Rich_Accept: action = _("accept") elif type(old_obj.action) == rich.Rich_Reject: action = _("reject") self.richRuleDialogActionRejectTypeCombobox.remove_all() if old_obj.family is not None: for icmp in REJECT_TYPES[old_obj.family]: self.richRuleDialogActionRejectTypeCombobox. \ append(icmp, icmp) if old_obj.action.type: self.richRuleDialogActionRejectTypeCheck. \ set_active(True) self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(old_obj.action.type) else: self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(REJECT_TYPES[old_obj.family][0]) elif type(old_obj.action) == rich.Rich_Drop: action = _("drop") elif type(old_obj.action) == rich.Rich_Mark: action = _("mark") self.richRuleDialogActionMarkChooser.set_text(old_obj.action.set) combobox_select_text(self.richRuleDialogActionCombobox, action) if old_obj.action.limit: self.richRuleDialogActionLimitCheck.set_active(True) (rate, duration) = old_obj.action.limit.value.split("/") self.richRuleDialogActionLimitRateEntry.set_text(rate) combobox_select_text( \ self.richRuleDialogActionLimitDurationCombobox, smhd[duration], insensitive=True) # source if old_obj.source: if old_obj.source.addr: combobox_select_text(self.richRuleDialogSourceTypeCombobox, "IP") self.richRuleDialogSourceChooser.set_text(old_obj.source.addr) elif old_obj.source.mac: combobox_select_text(self.richRuleDialogSourceTypeCombobox, "MAC") self.richRuleDialogSourceChooser.set_text(old_obj.source.mac) elif old_obj.source.ipset: combobox_select_text(self.richRuleDialogSourceTypeCombobox, "ipset") self.richRuleDialogSourceChooser.set_text(old_obj.source.ipset) self.richRuleDialogSourceInvertCheck.set_active( \ old_obj.source.invert) # destination if old_obj.destination: self.richRuleDialogDestinationChooser.set_text( \ old_obj.destination.addr) self.richRuleDialogDestinationInvertCheck.set_active( \ old_obj.destination.invert) # log if old_obj.log: self.richRuleDialogLogCheck.set_active(True) if old_obj.log.prefix: self.richRuleDialogLogPrefixEntry.set_text( \ old_obj.log.prefix) log_level = "warning" if old_obj.log.level and old_obj.log.level != log_level: log_level = old_obj.log.level combobox_select_text(self.richRuleDialogLogLevelCombobox, loglevel[log_level]) if old_obj.log.limit: self.richRuleDialogLogLimitCheck.set_active(True) (rate, duration) = old_obj.log.limit.value.split("/") self.richRuleDialogLogLimitRateEntry.set_text(rate) combobox_select_text( \ self.richRuleDialogLogLimitDurationCombobox, smhd[duration], insensitive=True) # audit if old_obj.audit: self.richRuleDialogAuditCheck.set_active(True) if old_obj.audit.limit: self.richRuleDialogAuditLimitCheck.set_active(True) (rate, duration) = old_obj.audit.limit.value.split("/") self.richRuleDialogAuditLimitRateEntry.set_text(rate) combobox_select_text( \ self.richRuleDialogAuditLimitDurationCombobox, smhd[duration], insensitive=True) self.richRuleDialogOkButton.set_sensitive(False) self.on_richRuleDialog_changed() self.richRuleDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.richRuleDialog.set_transient_for(self.mainWindow) self.richRuleDialog.show_all() self.add_visible_dialog(self.richRuleDialog) result = self.richRuleDialog.run() self.richRuleDialog.hide() self.remove_visible_dialog(self.richRuleDialog) if result != 1: return obj = self.richRuleDialog_getRule() old_rule = str(old_obj) rule = str(obj) if old_rule == rule: # nothing to change return if self.runtime_view: if not self.fw.queryRichRule(selected_zone, rule): self.fw.addRichRule(selected_zone, rule) if not add: self.fw.removeRichRule(selected_zone, old_rule) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryRichRule(rule): if not add: zone.removeRichRule(old_rule) zone.addRichRule(rule) self.changes_applied() def on_richRuleDialogElementChooser_clicked(self, *args): combolabel = self.richRuleDialogElementCombobox.get_active_text() old_value = self.richRuleDialogElementChooser.get_text() familylabel = self.richRuleDialogFamilyCombobox.get_active_text() if familylabel == _("ipv4"): family = "ipv4" elif familylabel == _("ipv6"): family = "ipv6" else: family = None value = None if combolabel == _("service"): value = self.service_select_dialog(old_value) elif combolabel == _("port"): old_port = None old_proto = None if old_value != "": try: (old_port,old_proto) = old_value.split("/") except: pass value = self.port_select_dialog(old_port, old_proto) elif combolabel == _("protocol"): value = self.protocol_select_dialog(old_value) elif combolabel == _("icmp-block"): value = self.icmptype_select_dialog(old_value) elif combolabel == _("icmp-type"): value = self.icmptype_select_dialog(old_value) elif combolabel == _("forward-port"): value = self.forwardport_select_dialog(family, old_value) elif combolabel == _("source-port"): old_port = None old_proto = None if old_value != "": try: (old_port,old_proto) = old_value.split("/") except: pass value = self.port_select_dialog(old_port, old_proto) if value is None: return self.richRuleDialogElementChooser.set_text(value) def port_select_dialog(self, old_port, old_proto): self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return None port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return None return "%s/%s" % (port, proto) def onProtoChanged(self, *args): if self.protoDialogOtherProtoCheck.get_active(): self.protoDialogProtoLabel.set_sensitive(False) self.protoDialogProtoCombobox.set_sensitive(False) self.protoDialogOtherProtoEntry.set_sensitive(True) proto = self.protoDialogOtherProtoEntry.get_text() else: self.protoDialogProtoLabel.set_sensitive(True) self.protoDialogProtoCombobox.set_sensitive(True) self.protoDialogOtherProtoEntry.set_sensitive(False) proto = self.protoDialogProtoCombobox.get_active_text() if functions.checkProtocol(proto): self.protoDialogOkButton.set_sensitive(True) else: self.protoDialogOkButton.set_sensitive(False) def protocol_select_dialog(self, old_proto): self.protoDialogProtoCombobox.set_active(0) self.protoDialogOtherProtoCheck.set_active(False) self.protoDialogOtherProtoEntry.set_text("") if old_proto: if not combobox_select_text(self.protoDialogProtoCombobox, old_proto): self.protoDialogOtherProtoCheck.set_active(True) self.protoDialogOtherProtoEntry.set_text(old_proto) self.protoDialogOkButton.set_sensitive(False) self.protoDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.protoDialog.set_transient_for(self.mainWindow) self.protoDialog.show_all() self.add_visible_dialog(self.protoDialog) result = self.protoDialog.run() self.protoDialog.hide() self.remove_visible_dialog(self.protoDialog) if result != 1: return None if self.protoDialogOtherProtoCheck.get_active(): proto = self.protoDialogOtherProtoEntry.get_text() else: proto = self.protoDialogProtoCombobox.get_active_text() if old_proto == proto: # nothing to change return None return proto def change_service_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceDialogOkButton.set_sensitive(True) else: self.serviceDialogOkButton.set_sensitive(False) def service_select_dialog(self, old_service=""): self.serviceDialogServiceStore.clear() if self.runtime_view: services = self.fw.listServices() else: services = self.fw.config().getServiceNames() for service in services: self.serviceDialogServiceStore.append([service]) selection = self.serviceDialogServiceView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) selection.select_path(0) iter = self.serviceDialogServiceStore.get_iter_first() while iter: if self.serviceDialogServiceStore.get_value(iter, 0) == \ old_service: selection.select_iter(iter) iter = self.serviceDialogServiceStore.iter_next(iter) self.serviceDialogOkButton.set_sensitive(False) self.serviceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.serviceDialog.set_transient_for(self.mainWindow) self.serviceDialog.show_all() self.add_visible_dialog(self.serviceDialog) result = self.serviceDialog.run() self.serviceDialog.hide() self.remove_visible_dialog(self.serviceDialog) if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None service = self.serviceDialogServiceStore.get_value(iter, 0) if old_service == service: return None return service def change_icmptype_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.icmptypeDialogOkButton.set_sensitive(True) else: self.icmptypeDialogOkButton.set_sensitive(False) def icmptype_select_dialog(self, old_icmptype=""): self.icmptypeDialogIcmptypeStore.clear() if self.runtime_view: icmptypes = self.fw.listIcmpTypes() else: icmptypes = self.fw.config().getIcmpTypeNames() for icmptype in icmptypes: self.icmptypeDialogIcmptypeStore.append([icmptype]) selection = self.icmptypeDialogIcmptypeView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) selection.select_path(0) iter = self.icmptypeDialogIcmptypeStore.get_iter_first() while iter: if self.icmptypeDialogIcmptypeStore.get_value(iter, 0) == \ old_icmptype: selection.select_iter(iter) iter = self.icmptypeDialogIcmptypeStore.iter_next(iter) self.icmptypeDialogOkButton.set_sensitive(False) self.icmptypeDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.icmptypeDialog.set_transient_for(self.mainWindow) self.icmptypeDialog.show_all() self.add_visible_dialog(self.icmptypeDialog) result = self.icmptypeDialog.run() self.icmptypeDialog.hide() self.remove_visible_dialog(self.icmptypeDialog) if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None icmptype = self.icmptypeDialogIcmptypeStore.get_value(iter, 0) if old_icmptype == icmptype: return None return icmptype def on_richRuleDialogSourceChooser_clicked(self, *args): old_address = self.richRuleDialogSourceChooser.get_text() _type = self.richRuleDialogSourceTypeCombobox.get_active_text() combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None if _type == "IP": address = self.address_select_dialog(family, old_address) if address is not None: self.richRuleDialogSourceChooser.set_text(address) elif _type == "MAC": address = self.mac_select_dialog(old_address) if address is not None: self.richRuleDialogSourceChooser.set_text(address.upper()) elif _type == "ipset": address = self.ipset_select_dialog(old_address, family) if address is not None: self.richRuleDialogSourceChooser.set_text(address) def on_richRuleDialogDestinationChooser_clicked(self, *args): combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None old_address = self.richRuleDialogDestinationChooser.get_text() address = self.address_select_dialog(family, old_address) if address is not None: self.richRuleDialogDestinationChooser.set_text(address) def create_fwp_string(self, port, proto, to_port, to_addr): _to_port = "" if to_port != "": _to_port = " >%s" % to_port _to_addr = "" if to_addr != "": _to_addr = " @%s" % to_addr return "%s/%s%s%s" % (port, proto, _to_port, _to_addr) def split_fwp_string(self, text): port = "" proto = "" to_port = "" to_addr = "" if ">" in text: # to_port splits = text.split(">") (port,proto) = splits[0].split("/") if "@" in splits[1]: (to_port,to_addr) = splits[1].split("@") else: to_port = splits[1] elif "@" in text: splits = text.split("@") (port,proto) = splits[0].split("/") to_addr = splits[1] return (port.strip(), proto.strip(), to_port.strip(), to_addr.strip()) def richRuleDialog_getRule(self): smhd = { _("second"): "s", _("minute"): "m", _("hour"): "h", _("day"): "d" } loglevel = { _("emergency"): "emerg", # 0, system is unusable _("alert"): "alert", # 1, action must be taken immediately _("critical"): "crit", # 2, critical conditions _("error"): "error", # 3, error conditions _("warning"): "warning", # 4, warning conditions _("notice"): "notice", # 5, normal but significant condition _("info"): "info", # 6, informational _("debug"): "debug", } # 7, debug-level messages # family combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): rule = rich.Rich_Rule("ipv4") # ipv4 rule elif combolabel == _("ipv6"): rule = rich.Rich_Rule("ipv6") # ipv6 rule else: rule = rich.Rich_Rule() # ipv4+ipv6 rule # priority priority = self.richRuleDialogPriorityEntry.get_value_as_int() if priority != 0: rule.priority = priority # element if self.richRuleDialogElementCheck.get_active(): combolabel = self.richRuleDialogElementCombobox.get_active_text() if combolabel == _("service"): rule.element = rich.Rich_Service( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("port"): text = self.richRuleDialogElementChooser.get_text() port = "" proto = "" try: if '/' in text: (port, proto) = text.split("/") except: return None rule.element = rich.Rich_Port(port, proto) elif combolabel == _("protocol"): rule.element = rich.Rich_Protocol( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("icmp-block"): rule.element = rich.Rich_IcmpBlock( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("icmp-type"): rule.element = rich.Rich_IcmpType( self.richRuleDialogElementChooser.get_text()) elif combolabel == _("forward-port"): text = self.richRuleDialogElementChooser.get_text() try: (port, proto, to_port, to_addr) = \ self.split_fwp_string(text) except: return None rule.element = rich.Rich_ForwardPort(port, proto, to_port, to_addr) elif combolabel == _("masquerade"): rule.element = rich.Rich_Masquerade() elif combolabel == _("source-port"): text = self.richRuleDialogElementChooser.get_text() port = "" proto = "" try: if '/' in text: (port, proto) = text.split("/") except: return None rule.element = rich.Rich_SourcePort(port, proto) # action if self.richRuleDialogActionCheck.is_sensitive() and \ self.richRuleDialogActionCheck.get_active(): limit = None if self.richRuleDialogActionLimitCheck.get_active(): value = self.richRuleDialogActionLimitRateEntry.get_text() value += "/" value += smhd[self.richRuleDialogActionLimitDurationCombobox.get_active_text()] limit = rich.Rich_Limit(value) combolabel = self.richRuleDialogActionCombobox.get_active_text() if combolabel == _("accept"): rule.action = rich.Rich_Accept(limit) elif combolabel == _("reject"): _type = None if self.richRuleDialogActionRejectTypeCheck.get_active(): _type = self.richRuleDialogActionRejectTypeCombobox.get_active_text() rule.action = rich.Rich_Reject(_type, limit) elif combolabel == _("drop"): rule.action = rich.Rich_Drop(limit) elif combolabel == _("mark"): _set = self.richRuleDialogActionMarkChooser.get_text() rule.action = rich.Rich_Mark(_set, limit) # source if self.richRuleDialogSourceChooser.is_sensitive() \ and (self.richRuleDialogSourceChooser.get_text() != "" \ or self.richRuleDialogSourceInvertCheck.get_active()): txt = self.richRuleDialogSourceTypeCombobox.get_active_text() addr = mac = ipset = None if txt == "IP": addr = self.richRuleDialogSourceChooser.get_text() if txt == "MAC": mac = self.richRuleDialogSourceChooser.get_text() if txt == "ipset": ipset = self.richRuleDialogSourceChooser.get_text() rule.source = rich.Rich_Source( addr, mac, ipset, self.richRuleDialogSourceInvertCheck.get_active()) # destination if self.richRuleDialogDestinationBox.is_sensitive() \ and (self.richRuleDialogDestinationChooser.get_text() != "" \ or self.richRuleDialogDestinationInvertCheck.get_active()): rule.destination = rich.Rich_Destination( self.richRuleDialogDestinationChooser.get_text(), self.richRuleDialogDestinationInvertCheck.get_active()) # log if self.richRuleDialogLogCheck.is_sensitive() and \ self.richRuleDialogLogCheck.get_active(): limit = None if self.richRuleDialogLogLimitCheck.get_active(): value = self.richRuleDialogLogLimitRateEntry.get_text() value += "/" value += smhd[self.richRuleDialogLogLimitDurationCombobox.get_active_text()] limit = rich.Rich_Limit(value) level = self.richRuleDialogLogLevelCombobox.get_active_text() rule.log = rich.Rich_Log( self.richRuleDialogLogPrefixEntry.get_text(), loglevel[level], limit) # audit if self.richRuleDialogAuditCheck.is_sensitive() and \ self.richRuleDialogAuditCheck.get_active(): limit = None if self.richRuleDialogAuditLimitCheck.get_active(): value = self.richRuleDialogAuditLimitRateEntry.get_text() value += "/" value += smhd[self.richRuleDialogAuditLimitDurationCombobox.get_active_text()] limit = rich.Rich_Limit(value) rule.audit = rich.Rich_Audit(limit) return rule def on_richRuleDialogFamilyCombobox_changed(self, *args): combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None self.richRuleDialogActionRejectTypeCombobox.remove_all() if family is not None: for icmp in REJECT_TYPES[family]: self.richRuleDialogActionRejectTypeCombobox.append(icmp, icmp) old_obj = self.richRuleDialog.old_obj if old_obj and old_obj.family == family and \ hasattr(old_obj.action, 'type') and old_obj.action.type: self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(old_obj.action.type) else: self.richRuleDialogActionRejectTypeCombobox. \ set_active_id(REJECT_TYPES[family][0]) def on_richRuleDialogElementCombobox_changed(self, *args): self.richRuleDialogElementChooser.set_text("") def on_richRuleDialogActionMarkChooser_clicked(self, *args): old_value = self.richRuleDialogActionMarkChooser.get_text() if "/" in old_value: try: (old_mark, old_mask) = old_value.split("/") except: return else: old_mark = old_value old_mask = "" _value = self.mark_select_dialog(old_mark, old_mask) if _value is None: return (mark, mask) = _value if mask != "": value = "%s/%s" % (mark, mask) else: value = mark self.richRuleDialogActionMarkChooser.set_text(value) def on_richRuleDialog_changed(self, *args): combolabel = self.richRuleDialogFamilyCombobox.get_active_text() if combolabel == _("ipv4"): family = "ipv4" elif combolabel == _("ipv6"): family = "ipv6" else: family = None v4v6_source = (self.richRuleDialogSourceTypeCombobox.get_active_text() == "MAC" or \ self.richRuleDialogSourceTypeCombobox.get_active_text() == "ipset") if family is None: self.richRuleDialogSourceChooser.set_sensitive(v4v6_source) self.richRuleDialogSourceInvertCheck.set_sensitive(v4v6_source) self.richRuleDialogDestinationLabel.set_sensitive(False) self.richRuleDialogDestinationBox.set_sensitive(False) else: self.richRuleDialogSourceChooser.set_sensitive(True) self.richRuleDialogSourceInvertCheck.set_sensitive(True) self.richRuleDialogDestinationLabel.set_sensitive(True) self.richRuleDialogDestinationBox.set_sensitive(True) self.richRuleDialogActionCheck.set_sensitive(True) self.richRuleDialogActionBox.set_sensitive( self.richRuleDialogActionCheck.get_active()) self.richRuleDialogElementChooser.set_sensitive(True) self.richRuleDialogElementBox.set_sensitive( self.richRuleDialogElementCheck.get_active()) self.richRuleDialogLogCheck.set_sensitive(True) self.richRuleDialogAuditCheck.set_sensitive(True) self.richRuleDialogActionLimitBox.set_sensitive( self.richRuleDialogActionLimitCheck.get_active()) self.richRuleDialogActionRejectTypeCombobox.set_sensitive( self.richRuleDialogActionRejectTypeCheck.get_active()) self.richRuleDialogActionRejectBox.set_sensitive(family is not None and \ self.richRuleDialogActionCombobox.get_active_text() == _("reject")) self.richRuleDialogActionMarkBox.set_sensitive(self.richRuleDialogActionCombobox.get_active_text() == _("mark")) self.richRuleDialogLogGrid.set_sensitive( self.richRuleDialogLogCheck.get_active()) self.richRuleDialogLogLimitBox.set_sensitive( self.richRuleDialogLogLimitCheck.get_active()) self.richRuleDialogAuditBox.set_sensitive( self.richRuleDialogAuditCheck.get_active()) self.richRuleDialogAuditLimitBox.set_sensitive( self.richRuleDialogAuditLimitCheck.get_active()) if self.richRuleDialogElementCheck.get_active(): combolabel = self.richRuleDialogElementCombobox.get_active_text() if combolabel == _("masquerade"): self.richRuleDialogElementChooser.set_sensitive(False) self.richRuleDialogActionCheck.set_sensitive(False) self.richRuleDialogActionBox.set_sensitive(False) self.richRuleDialogLogCheck.set_sensitive(False) self.richRuleDialogLogGrid.set_sensitive(False) self.richRuleDialogAuditCheck.set_sensitive(False) self.richRuleDialogAuditBox.set_sensitive(False) elif combolabel == _("forward-port"): self.richRuleDialogActionCheck.set_sensitive(False) self.richRuleDialogActionBox.set_sensitive(False) self.richRuleDialogLogCheck.set_sensitive(False) self.richRuleDialogLogGrid.set_sensitive(False) self.richRuleDialogAuditCheck.set_sensitive(False) self.richRuleDialogAuditBox.set_sensitive(False) elif combolabel == _("icmp-block"): self.richRuleDialogActionCheck.set_sensitive(False) self.richRuleDialogActionBox.set_sensitive(False) rule = self.richRuleDialog_getRule() try: rule.check() except Exception as msg: self.richRuleDialogOkButton.set_sensitive(False) self.richRuleDialogOkButton.set_tooltip_text(str(msg)) else: if str(self.richRuleDialog.old_obj) != str(rule): self.richRuleDialogOkButton.set_sensitive(True) else: self.richRuleDialogOkButton.set_sensitive(False) self.richRuleDialogOkButton.set_tooltip_text("") def onAddInterface(self, *args): self.add_edit_interface(True) def onEditInterface(self, *args): selected_zone = self.get_selected_zone() selection = self.interfaceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return interface = self.interfaceStore.get_value(iter, 0) if interface in self.connections: connection = self.connections[interface] connection_name = self.connections_name[connection] if selected_zone == self.default_zone: selected_zone = nm_get_zone_of_connection(connection) editor = ZoneConnectionEditor(self.fw, connection, connection_name, selected_zone) editor.set_icon(self.icon) editor.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) editor.set_transient_for(self.mainWindow) editor.show_all() try: editor.run() except Exception: text = _("Failed to set zone {zone} " "for connection {connection_name}") self._warning(text.format(zone=editor.get_zone(), connection_name=editor.connection_name)) editor.hide() else: self.add_edit_interface(False) self.changes_applied() def onInterfaceClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.onEditInterface() def onRemoveInterface(self, *args): selected_zone = self.get_selected_zone() selection = self.interfaceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return interface = self.interfaceStore.get_value(iter, 0) if self.runtime_view: self.fw.removeInterface(selected_zone, interface) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeInterface(interface) self.changes_applied() def change_interface_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editInterfaceButton.set_sensitive(True) interface = self.interfaceStore.get_value(iter, 0) if interface in self.connections: self.removeInterfaceButton.set_sensitive(False) else: self.removeInterfaceButton.set_sensitive(True) else: self.editInterfaceButton.set_sensitive(False) self.removeInterfaceButton.set_sensitive(False) def add_edit_interface(self, add): selected_zone = self.get_selected_zone() old_interface = None if add: self.interfaceDialogInterfaceEntry.set_text("") else: selection = self.interfaceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_interface = self.interfaceStore.get_value(iter, 0) self.interfaceDialogInterfaceEntry.set_text(old_interface) self.interfaceDialogOkButton.set_sensitive(False) self.interfaceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.interfaceDialog.set_transient_for(self.mainWindow) self.interfaceDialog.show_all() self.add_visible_dialog(self.interfaceDialog) result = self.interfaceDialog.run() self.interfaceDialog.hide() self.remove_visible_dialog(self.interfaceDialog) if result != 1: return interface = self.interfaceDialogInterfaceEntry.get_text() if old_interface == interface: # nothing to change return if self.runtime_view: if not self.fw.queryInterface(selected_zone, interface): self.fw.addInterface(selected_zone, interface) if not add: self.fw.removeInterface(selected_zone, old_interface) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryInterface(interface): if not add: zone.removeInterface(old_interface) zone.addInterface(interface) self.changes_applied() def onInterfaceChanged(self, *args): text = self.interfaceDialogInterfaceEntry.get_text() if text != "" and functions.checkInterface(text): self.interfaceDialogOkButton.set_sensitive(True) else: self.interfaceDialogOkButton.set_sensitive(False) def onAddSource(self, *args): self.add_edit_source(True) def onEditSource(self, *args): self.add_edit_source(False) def onSourceClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_source(False) def onRemoveSource(self, *args): selected_zone = self.get_selected_zone() selection = self.sourceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return source = self.sourceStore.get_value(iter, 0) if self.runtime_view: self.fw.removeSource(selected_zone, source) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeSource(source) self.changes_applied() def change_source_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editSourceButton.set_sensitive(True) self.removeSourceButton.set_sensitive(True) else: self.editSourceButton.set_sensitive(False) self.removeSourceButton.set_sensitive(False) def add_edit_source(self, add): selected_zone = self.get_selected_zone() old_source = "" if not add: selection = self.sourceView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_source = self.sourceStore.get_value(iter, 0) #source = self.address_select_dialog(None, old_source, True, True) source = self.source_select_dialog(old_source) if not source: return if self.runtime_view: if not self.fw.querySource(selected_zone, source): self.fw.addSource(selected_zone, source) if not add: self.fw.removeSource(selected_zone, old_source) self.changes_applied() else: self._warning("Source '%s' already bound to zone '%s'" % \ (old_source, selected_zone)) else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.querySource(source): if not add: zone.removeSource(old_source) zone.addSource(source) self.changes_applied() else: self._warning("Source '%s' already bound to zone '%s'" % \ (old_source, selected_zone)) def on_markDialog_changed(self, entry, old_mark, old_mask): mark = self.markDialogMarkEntry.get_text() mask = self.markDialogMaskEntry.get_text() if not functions.checkUINT32(mark): self.markDialogOkButton.set_sensitive(False) else: if mask != "" and not functions.checkUINT32(mask): self.markDialogOkButton.set_sensitive(False) else: if old_mark != mark or old_mask != mask: self.markDialogOkButton.set_sensitive(True) def mark_select_dialog(self, old_mark, old_mask): self.markDialogMarkEntry.set_text(old_mark) self.markDialogMaskEntry.set_text(old_mask) handler_id1 = self.markDialogMarkEntry.connect( "changed", self.on_markDialog_changed, old_mark, old_mask) handler_id2 = self.markDialogMaskEntry.connect( "changed", self.on_markDialog_changed, old_mark, old_mask) self.markDialogOkButton.set_sensitive(False) self.markDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.markDialog.set_transient_for(self.mainWindow) self.markDialog.show_all() self.add_visible_dialog(self.markDialog) result = self.markDialog.run() self.markDialog.hide() self.remove_visible_dialog(self.markDialog) self.markDialogMarkEntry.disconnect(handler_id1) self.markDialogMaskEntry.disconnect(handler_id2) mark = self.markDialogMarkEntry.get_text() mask = self.markDialogMaskEntry.get_text() if result != 1 or (old_mark == mark and old_mask == mask): return None return (mark, mask) def on_macDialog_changed(self, entry, old_mac): text = entry.get_text() if text == "": self.macDialogOkButton.set_sensitive(True) return self.macDialogOkButton.set_sensitive(False) if functions.check_mac(text) and text != old_mac: self.macDialogOkButton.set_sensitive(True) def mac_select_dialog(self, old_mac): self.macDialogMacEntry.set_text(old_mac) handler_id = self.macDialogMacEntry.connect("changed", self.on_macDialog_changed, old_mac) self.macDialogOkButton.set_sensitive(False) self.macDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.macDialog.set_transient_for(self.mainWindow) self.macDialog.show_all() self.add_visible_dialog(self.macDialog) result = self.macDialog.run() self.macDialog.hide() self.remove_visible_dialog(self.macDialog) self.macDialogMacEntry.disconnect(handler_id) mac = self.macDialogMacEntry.get_text() if result != 1 or old_mac == mac: return None return mac.upper() def change_ipset_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.ipsetDialogOkButton.set_sensitive(True) else: self.ipsetDialogOkButton.set_sensitive(False) def ipset_select_dialog(self, old_ipset="", ipv=None): self.ipsetDialogIPSetStore.clear() ipsets = { } if self.runtime_view: for x in self.fw.getIPSets(): self.deactivate_exception_handler() try: settings = self.fw.getIPSetSettings(x) except (DBusException, Exception) as msg: self.activate_exception_handler() if isinstance(msg, DBusException): msg = msg.get_dbus_message() else: msg = str(msg) code = FirewallError.get_code(msg) if code == errors.NOT_APPLIED: continue raise self.activate_exception_handler() if settings.getType() not in SOURCE_IPSET_TYPES: continue ipsets[x] = settings else: for i in self.fw.config().listIPSets(): obj = self.fw.config().getIPSet(i) ipsets[obj.get_property("name")] = obj.getSettings() for i in sorted(ipsets.keys()): # for all hash:ip and hash:net types, ipv has to match the family # of the set ipset_type = ipsets[i].getType() if ipset_type.startswith("hash:ip") or \ ipset_type.startswith("hash:net"): opts = ipsets[i].getOptions() if "family" in opts: if opts["family"] == "inet6" and \ (ipv != "ipv6" and ipv != "all"): continue else: if ipv == "ipv6" or ipv is None: continue self.ipsetDialogIPSetStore.append([i, ipset_type]) selection = self.ipsetDialogIPSetView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) #selection.select_path(0) iter = self.ipsetDialogIPSetStore.get_iter_first() while iter: if self.ipsetDialogIPSetStore.get_value(iter, 0) == old_ipset: selection.select_iter(iter) iter = self.ipsetDialogIPSetStore.iter_next(iter) self.ipsetDialogOkButton.set_sensitive(False) self.ipsetDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.ipsetDialog.set_transient_for(self.mainWindow) self.ipsetDialog.show_all() self.add_visible_dialog(self.ipsetDialog) result = self.ipsetDialog.run() self.ipsetDialog.hide() self.remove_visible_dialog(self.ipsetDialog) #self.ipsetDialogIPSetEntry.disconnect(handler_id) #ipset = self.ipsetDialogIPSetEntry.get_text() if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None ipset = self.ipsetDialogIPSetStore.get_value(iter, 0) if old_ipset == ipset: return None return ipset def change_helper_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.helperDialogOkButton.set_sensitive(True) else: self.helperDialogOkButton.set_sensitive(False) def on_sourceDialog_changed(self, arg, old_type, old_source): _type = self.sourceDialogSourceTypeCombobox.get_active_text() _source = self.sourceDialogSourceChooser.get_text() self.sourceDialogOkButton.set_sensitive(False) if old_source != _source: if _type == "MAC" and functions.check_mac(_source): self.sourceDialogOkButton.set_sensitive(True) elif _type == "IP" and (functions.checkIPnMask(_source) or \ functions.checkIP6nMask(_source)): self.sourceDialogOkButton.set_sensitive(True) elif _type == "ipset": self.sourceDialogOkButton.set_sensitive(True) def on_sourceDialogSourceChooser_clicked(self, *args): old_address = self.sourceDialogSourceChooser.get_text() _type = self.sourceDialogSourceTypeCombobox.get_active_text() if _type == "IP": address = self.address_select_dialog(None, old_address) if address is not None: self.sourceDialogSourceChooser.set_text(address) elif _type == "MAC": address = self.mac_select_dialog(old_address) if address is not None: self.sourceDialogSourceChooser.set_text(address.upper()) elif _type == "ipset": address = self.ipset_select_dialog(old_address, "all") if address is not None: self.sourceDialogSourceChooser.set_text(address) def source_select_dialog(self, old_source): if old_source: if old_source.startswith("ipset:"): old_type = "ipset" old_source = old_source[6:] elif functions.check_mac(old_source): old_type = "MAC" else: old_type = "IP" combobox_select_text(self.sourceDialogSourceTypeCombobox, old_type) else: old_type = None self.sourceDialogSourceTypeCombobox.set_active(0) self.sourceDialogSourceChooser.set_text(old_source) h_type_id = self.sourceDialogSourceTypeCombobox.connect( "changed", self.on_sourceDialog_changed, old_type, old_source) h_addr_id = self.sourceDialogSourceChooser.connect( "clicked", self.on_sourceDialog_changed, old_type, old_source) self.sourceDialogOkButton.set_sensitive(False) self.sourceDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.sourceDialog.set_transient_for(self.mainWindow) self.sourceDialog.show_all() self.add_visible_dialog(self.sourceDialog) result = self.sourceDialog.run() self.sourceDialog.hide() self.remove_visible_dialog(self.sourceDialog) self.sourceDialogSourceTypeCombobox.disconnect(h_type_id) self.sourceDialogSourceChooser.disconnect(h_addr_id) source = self.sourceDialogSourceChooser.get_text() if self.sourceDialogSourceTypeCombobox.get_active_text() == "ipset": source = "ipset:%s" % source if result != 1 or old_source == source: return None return source def onAddPort(self, *args): self.add_edit_port(True) def onEditPort(self, *args): self.add_edit_port(False) def onPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_port(False) def onRemovePort(self, *args): selected_zone = self.get_selected_zone() selection = self.portView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.portStore.get_value(iter, 0) proto = self.portStore.get_value(iter, 1) if self.runtime_view: self.fw.removePort(selected_zone, port, proto) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removePort(port, proto) self.changes_applied() def onPortChanged(self, *args): ports = functions.getPortRange(self.portDialogPortEntry.get_text()) if not ports or not (isinstance(ports, list) or \ isinstance(ports, tuple)): self.portDialogOkButton.set_sensitive(False) else: self.portDialogOkButton.set_sensitive(True) def add_edit_port(self, add): selected_zone = self.get_selected_zone() old_port = None old_proto = None if not add: selection = self.portView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.portStore.get_value(iter, 0) old_proto = self.portStore.get_value(iter, 1) self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return if self.runtime_view: if not self.fw.queryPort(selected_zone, port, proto): self.fw.addPort(selected_zone, port, proto) if not add: self.fw.removePort(selected_zone, old_port, old_proto) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryPort(port, proto): if not add: zone.removePort(old_port, old_proto) zone.addPort(port, proto) self.changes_applied() def onPortProtoChanged(self, *args): ports = functions.getPortRange(self.portDialogPortEntry.get_text()) if not ports or not (isinstance(ports, list) or \ isinstance(ports, tuple)): self.portDialogOkButton.set_sensitive(False) else: self.portDialogOkButton.set_sensitive(True) def onPortProtoDialogOtherProtoCheckToggled(self, check, *args): self.portDialogPortEntry.set_sensitive(not check.get_active()) self.portDialogProtoCombobox.set_sensitive(not check.get_active()) def service_conf_add_edit_port(self, add): active_service = self.get_active_service() self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) old_port = None old_proto = None if not add: selection = self.serviceConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.serviceConfPortStore.get_value(iter, 0) old_proto = self.serviceConfPortStore.get_value(iter, 1) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.queryPort(port, proto): if not add: service.removePort(old_port, old_proto) service.addPort(port, proto) self.changes_applied() def port_added_cb(self, zone, port, protocol, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.portStore.get_iter_first() while iter: if self.portStore.get_value(iter, 0) == port and \ self.portStore.get_value(iter, 1) == protocol: # already there return iter = self.portStore.iter_next(iter) # nothing found, so add it self.portStore.append([port, protocol]) def port_removed_cb(self, zone, port, protocol): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.portStore.get_iter_first() while iter: if self.portStore.get_value(iter, 0) == port and \ self.portStore.get_value(iter, 1) == protocol: self.portStore.remove(iter) break iter = self.portStore.iter_next(iter) def onAddSourcePort(self, *args): self.add_edit_source_port(True) def onEditSourcePort(self, *args): self.add_edit_source_port(False) def onSourcePortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_source_port(False) def onRemoveSourcePort(self, *args): selected_zone = self.get_selected_zone() selection = self.sourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.sourcePortStore.get_value(iter, 0) proto = self.sourcePortStore.get_value(iter, 1) if self.runtime_view: self.fw.removeSourcePort(selected_zone, port, proto) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeSourcePort(port, proto) self.changes_applied() def add_edit_source_port(self, add): selected_zone = self.get_selected_zone() old_port = None old_proto = None if not add: selection = self.sourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.sourcePortStore.get_value(iter, 0) old_proto = self.sourcePortStore.get_value(iter, 1) self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return if self.runtime_view: if not self.fw.querySourcePort(selected_zone, port, proto): self.fw.addSourcePort(selected_zone, port, proto) if not add: self.fw.removeSourcePort(selected_zone, old_port, old_proto) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.querySourcePort(port, proto): if not add: zone.removeSourcePort(old_port, old_proto) zone.addSourcePort(port, proto) self.changes_applied() def service_conf_add_edit_source_port(self, add): active_service = self.get_active_service() self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) old_port = None old_proto = None if not add: selection = self.serviceConfSourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.serviceConfSourcePortStore.get_value(iter, 0) old_proto = self.serviceConfSourcePortStore.get_value(iter, 1) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.querySourcePort(port, proto): if not add: service.removeSourcePort(old_port, old_proto) service.addSourcePort(port, proto) self.changes_applied() def source_port_added_cb(self, zone, port, protocol, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourcePortStore.get_iter_first() while iter: if self.sourcePortStore.get_value(iter, 0) == port and \ self.sourcePortStore.get_value(iter, 1) == protocol: # already there return iter = self.sourcePortStore.iter_next(iter) # nothing found, so add it self.sourcePortStore.append([port, protocol]) def source_port_removed_cb(self, zone, port, protocol): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.sourcePortStore.get_iter_first() while iter: if self.sourcePortStore.get_value(iter, 0) == port and \ self.sourcePortStore.get_value(iter, 1) == protocol: self.sourcePortStore.remove(iter) break iter = self.sourcePortStore.iter_next(iter) def onAddProtocol(self, *args): self.add_edit_protocol(True) def onEditProtocol(self, *args): self.add_edit_protocol(False) def onProtocolClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_protocol(False) def onRemoveProtocol(self, *args): selected_zone = self.get_selected_zone() selection = self.protocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return proto = self.protocolStore.get_value(iter, 0) if self.runtime_view: self.fw.removeProtocol(selected_zone, proto) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeProtocol(proto) self.changes_applied() def add_edit_protocol(self, add): selected_zone = self.get_selected_zone() old_proto = None if not add: selection = self.protocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_proto = self.protocolStore.get_value(iter, 0) self.protoDialogProtoCombobox.set_active(0) self.protoDialogOtherProtoCheck.set_active(False) if old_proto: combobox_select_text(self.protoDialogProtoCombobox, old_proto) self.protoDialogOkButton.set_sensitive(False) self.protoDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.protoDialog.set_transient_for(self.mainWindow) self.protoDialog.show_all() self.add_visible_dialog(self.protoDialog) result = self.protoDialog.run() self.protoDialog.hide() self.remove_visible_dialog(self.protoDialog) if result != 1: return if self.protoDialogOtherProtoCheck.get_active(): proto = self.protoDialogOtherProtoEntry.get_text() else: proto = self.protoDialogProtoCombobox.get_active_text() if old_proto == proto: # nothing to change return if self.runtime_view: if not self.fw.queryProtocol(selected_zone, proto): self.fw.addProtocol(selected_zone, proto) if not add: self.fw.removeProtocol(selected_zone, old_proto) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryProtocol(proto): if not add: zone.removeProtocol(old_proto) zone.addProtocol(proto) self.changes_applied() def service_conf_add_edit_protocol(self, add): active_service = self.get_active_service() old_proto = None if not add: selection = self.serviceConfProtocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_proto = self.serviceConfProtocolStore.get_value(iter, 0) self.protoDialogProtoCombobox.set_active(0) self.protoDialogOtherProtoCheck.set_active(False) if old_proto: combobox_select_text(self.protoDialogProtoCombobox, old_proto) self.protoDialogOkButton.set_sensitive(False) self.protoDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.protoDialog.set_transient_for(self.mainWindow) self.protoDialog.show_all() self.add_visible_dialog(self.protoDialog) result = self.protoDialog.run() self.protoDialog.hide() self.remove_visible_dialog(self.protoDialog) if result != 1: return if self.protoDialogOtherProtoCheck.get_active(): proto = self.protoDialogOtherProtoEntry.get_text() else: proto = self.protoDialogProtoCombobox.get_active_text() if old_proto == proto: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.queryProtocol(proto): if not add: service.removeProtocol(old_proto) service.addProtocol(proto) self.changes_applied() def protocol_added_cb(self, zone, protocol, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.protocolStore.get_iter_first() while iter: if self.protocolStore.get_value(iter, 0) == protocol: # already there return iter = self.protocolStore.iter_next(iter) # nothing found, so add it self.protocolStore.append([protocol]) def protocol_removed_cb(self, zone, protocol): if not self.runtime_view or zone != self.get_selected_zone(): return iter = self.protocolStore.get_iter_first() while iter: if self.protocolStore.get_value(iter, 0) == protocol: self.protocolStore.remove(iter) break iter = self.protocolStore.iter_next(iter) def onForwardDialogChecksToggled(self, check, *args): val1 = self.forwardDialogLocalCheck.get_active() val2 = self.forwardDialogToPortCheck.get_active() self.forwardDialogToAddrLabel.set_sensitive(not val1) self.forwardDialogToAddrEntry.set_sensitive(not val1) self.forwardDialogToPortCheck.set_sensitive(not val1) self.forwardDialogToPortLabel.set_sensitive(val1 or val2) self.forwardDialogToPortEntry.set_sensitive(val1 or val2) self.onForwardChanged(None) def onForwardDialogToPortCheckToggled(self, check, *args): toport = check.get_active() self.forwardDialogToPortLabel.set_sensitive(toport) self.forwardDialogToPortEntry.set_sensitive(toport) self.onForwardChanged(None) def _check_forward(self): ports = self.forwardDialogPortEntry.get_text() to_ports = self.forwardDialogToPortEntry.get_text() to_addr = self.forwardDialogToAddrEntry.get_text() local_check = self.forwardDialogLocalCheck.get_active() to_port_check = self.forwardDialogToPortCheck.get_active() ports = functions.getPortRange(ports) to_ports = functions.getPortRange(to_ports) ports_ok = False if ports and (isinstance(ports, list) or \ isinstance(ports, tuple)): ports_ok = True to_ports_ok = False if to_ports and (isinstance(to_ports, list) or \ isinstance(to_ports, tuple)): to_ports_ok = True to_addr_ok = False if to_addr != "": if self.forwardDialog.family == "ipv4" and \ functions.checkIP(to_addr): to_addr_ok = True if self.forwardDialog.family == "ipv6" and \ functions.checkIP6(to_addr): to_addr_ok = True if self.forwardDialog.family is None and \ (functions.checkIP(to_addr) or functions.checkIP6(to_addr)): to_addr_ok = True ok = False if ports_ok: if local_check: if to_ports_ok and ports != to_ports: ok = True elif to_addr_ok: if to_port_check: if to_ports_ok: ok = True else: ok = True return ok def onForwardChanged(self, arg): ok = False if arg == self.forwardDialogProtoCombobox: if self._check_forward(): ok = True else: ok = self._check_forward() self.forwardDialogOkButton.set_sensitive(ok) def onAddForwardPort(self, *args): self.add_edit_forward_port(True) def onEditForwardPort(self, *args): self.add_edit_forward_port(False) def onForwardPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_forward_port(False) def forwardport_select_dialog(self, family, old_value=None): self.forwardDialogOkButton.set_sensitive(False) self.forwardDialogLocalCheck.set_active(True) self.forwardDialogLocalCheck.set_active(False) self.forwardDialogToPortCheck.set_active(False) self.forwardDialog.family = family (old_port, old_proto, old_to_port, old_to_addr) = \ self.split_fwp_string(old_value) self.forwardDialogPortEntry.set_text("") if old_port is not None: self.forwardDialogPortEntry.set_text(old_port) combobox_select_text(self.forwardDialogProtoCombobox, old_proto) self.forwardDialogToPortEntry.set_text("") if old_to_port is not None: self.forwardDialogToPortEntry.set_text(old_to_port) if old_to_addr: if old_to_port: self.forwardDialogToPortCheck.set_active(True) else: self.forwardDialogLocalCheck.set_active(True) self.forwardDialogToAddrEntry.set_text("") if old_to_addr is not None: self.forwardDialogToAddrEntry.set_text(old_to_addr) self.forwardDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.forwardDialog.set_transient_for(self.mainWindow) self.forwardDialog.show_all() self.add_visible_dialog(self.forwardDialog) result = self.forwardDialog.run() self.forwardDialog.hide() self.remove_visible_dialog(self.forwardDialog) if result != 1: return None port = self.forwardDialogPortEntry.get_text() proto = self.forwardDialogProtoCombobox.get_active_text() to_addr = self.forwardDialogToAddrEntry.get_text() to_port = self.forwardDialogToPortEntry.get_text() if not self.forwardDialogLocalCheck.get_active(): if not self.forwardDialogToPortCheck.get_active(): to_port = "" else: to_addr = "" value = self.create_fwp_string(port, proto, to_port, to_addr) if old_value == value: return None return value def add_edit_forward_port(self, add): selected_zone = self.get_selected_zone() self.forwardDialogOkButton.set_sensitive(False) self.forwardDialogLocalCheck.set_active(True) self.forwardDialogLocalCheck.set_active(False) self.forwardDialogToPortCheck.set_active(False) self.forwardDialog.family = None old_port = None old_proto = None old_to_port = None old_to_addr = None iter = None if add: self.forwardDialogPortEntry.set_text("") self.forwardDialogProtoCombobox.set_active(0) self.forwardDialogToPortEntry.set_text("") self.forwardDialogToAddrEntry.set_text("") else: selection = self.forwardView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.forwardStore.get_value(iter, 0) old_proto = self.forwardStore.get_value(iter, 1) old_to_port = self.forwardStore.get_value(iter, 2) old_to_addr = self.forwardStore.get_value(iter, 3) self.forwardDialogPortEntry.set_text(old_port) combobox_select_text(self.forwardDialogProtoCombobox, old_proto) self.forwardDialogToPortEntry.set_text(old_to_port) if old_to_addr: if old_to_port: self.forwardDialogToPortCheck.set_active(True) else: self.forwardDialogLocalCheck.set_active(True) self.forwardDialogToAddrEntry.set_text(old_to_addr) self.forwardDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.forwardDialog.set_transient_for(self.mainWindow) self.forwardDialog.show_all() self.add_visible_dialog(self.forwardDialog) result = self.forwardDialog.run() self.forwardDialog.hide() self.remove_visible_dialog(self.forwardDialog) if result != 1: return port = self.forwardDialogPortEntry.get_text() proto = self.forwardDialogProtoCombobox.get_active_text() to_addr = self.forwardDialogToAddrEntry.get_text() to_port = self.forwardDialogToPortEntry.get_text() if not self.forwardDialogLocalCheck.get_active(): if not self.forwardDialogToPortCheck.get_active(): to_port = "" else: to_addr = "" if not add and (old_port == port and old_proto == proto and \ old_to_port == to_port and old_to_addr == to_addr): # nothing to change return if self.runtime_view: if not self.fw.queryForwardPort(selected_zone, port, proto, to_port, to_addr): self.fw.addForwardPort(selected_zone, port, proto, to_port, to_addr) if not add: self.fw.removeForwardPort(selected_zone, old_port, old_proto, old_to_port, old_to_addr) if add and to_addr and not self.fw.queryMasquerade(selected_zone): if self.masqueradeQueryDialog() == Gtk.ResponseType.YES: self.fw.addMasquerade(selected_zone) self.changes_applied() else: zone = self.fw.config().getZoneByName(selected_zone) if not zone.queryForwardPort(port, proto, to_port, to_addr): if not add: zone.removeForwardPort(old_port, old_proto, old_to_port, old_to_addr) zone.addForwardPort(port, proto, to_port, to_addr) if add and to_addr and not zone.getMasquerade(): if self.masqueradeQueryDialog() == Gtk.ResponseType.YES: zone.setMasquerade(True) self.changes_applied() def masqueradeQueryDialog(self): text = _("Forwarding to another system is only useful if the interface is masqueraded.\nDo you want to masquerade this zone ?") return self._dialog(text=text, buttons=((Gtk.STOCK_YES, Gtk.ResponseType.YES), (Gtk.STOCK_NO, Gtk.ResponseType.NO))) def forward_port_added_cb(self, zone, port, protocol, to_port, to_address, timeout): if not self.runtime_view or zone != self.get_selected_zone(): return self._forward_port_added_cb(zone, port, protocol, to_port, to_address) def forward_port_removed_cb(self, zone, port, protocol, to_port, to_address): if not self.runtime_view or zone != self.get_selected_zone(): return self._forward_port_removed_cb(zone, port, protocol, to_port, to_address) def _forward_port_added_cb(self, zone, port, protocol, to_port, to_address): iter = self.forwardStore.get_iter_first() while iter: if self.forwardStore.get_value(iter, 0) == port and \ self.forwardStore.get_value(iter, 1) == protocol and \ self.forwardStore.get_value(iter, 2) == to_port and \ self.forwardStore.get_value(iter, 3) == to_address: # already there return iter = self.forwardStore.iter_next(iter) # nothing found, so add it self.forwardStore.append([port, protocol, to_port, to_address]) def _forward_port_removed_cb(self, zone, port, protocol, to_port, to_address): iter = self.forwardStore.get_iter_first() while iter: if self.forwardStore.get_value(iter, 0) == port and \ self.forwardStore.get_value(iter, 1) == protocol and \ self.forwardStore.get_value(iter, 2) == to_port and \ self.forwardStore.get_value(iter, 3) == to_address: self.forwardStore.remove(iter) break iter = self.forwardStore.iter_next(iter) def onRemoveForwardPort(self, *args): selected_zone = self.get_selected_zone() selection = self.forwardView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.forwardStore.get_value(iter, 0) proto = self.forwardStore.get_value(iter, 1) to_port = self.forwardStore.get_value(iter, 2) to_addr = self.forwardStore.get_value(iter, 3) if self.runtime_view: self.fw.removeForwardPort(selected_zone, port, proto, to_port, to_addr) else: zone = self.fw.config().getZoneByName(selected_zone) zone.removeForwardPort(port, proto, to_port, to_addr) self.changes_applied() def onChangeService(self, *args): active_service = self.get_active_service() ### load service settings self.serviceConfPortStore.clear() self.serviceConfProtocolStore.clear() self.serviceConfSourcePortStore.clear() self.serviceConfModuleStore.clear() self.serviceConfDestIpv4Chooser.set_text("") self.serviceConfDestIpv6Chooser.set_text("") self.serviceConfPortView.get_selection().set_mode( Gtk.SelectionMode.NONE) self.serviceConfProtocolView.get_selection().set_mode( Gtk.SelectionMode.NONE) self.serviceConfSourcePortView.get_selection().set_mode( Gtk.SelectionMode.NONE) self.serviceConfModuleView.get_selection().set_mode( Gtk.SelectionMode.NONE) if not active_service: self.serviceConfEditServiceButton.set_sensitive(False) self.serviceConfRemoveServiceButton.set_sensitive(False) self.serviceConfLoadDefaultsServiceButton.set_sensitive(False) self.serviceConfServiceNotebook.set_sensitive(False) return self.serviceConfEditServiceButton.set_sensitive(True) self.serviceConfServiceNotebook.set_sensitive(True) ports = [ ] protocols = [ ] source_ports = [ ] modules = [ ] destination = { } if self.runtime_view: # load runtime configuration settings = self.fw.getServiceSettings(active_service) ports = settings.getPorts() protocols = settings.getProtocols() source_ports = settings.getSourcePorts() modules = settings.getModules() destination = settings.getDestinations() default = False builtin = False else: try: service = self.fw.config().getServiceByName(active_service) except: return # load permanent configuration settings = service.getSettings() ports = settings.getPorts() protocols = settings.getProtocols() source_ports = settings.getSourcePorts() modules = settings.getModules() destination = settings.getDestinations() props = service.get_properties() default = props["default"] builtin = props["builtin"] self.serviceConfRemoveServiceButton.set_sensitive(not builtin and default) self.serviceConfLoadDefaultsServiceButton.set_sensitive(not default) # set ports for item in ports: self.serviceConfPortStore.append(item) # set protocols for item in protocols: self.serviceConfProtocolStore.append([item]) # set ports for item in source_ports: self.serviceConfSourcePortStore.append(item) # set modules for item in modules: self.serviceConfModuleStore.append([item]) # set destination if "ipv4" in destination: self.serviceConfDestIpv4Chooser.set_text(destination["ipv4"]) if "ipv6" in destination: self.serviceConfDestIpv6Chooser.set_text(destination["ipv6"]) self.serviceConfPortView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.serviceConfProtocolView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.serviceConfSourcePortView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.serviceConfModuleView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) def conf_service_added_cb(self, service): if self.runtime_view: return # check if service is in store iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) == service: return iter = self.serviceConfServiceStore.iter_next(iter) # not in list, append self.serviceConfServiceStore.append([service]) def conf_service_updated_cb(self, service): self.onChangeService() def conf_service_removed_cb(self, service): if self.runtime_view: return iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) == service: self.serviceConfServiceStore.remove(iter) break iter = self.serviceConfServiceStore.iter_next(iter) def conf_service_renamed_cb(self, service): if self.runtime_view: return # Get all services, renamed the one that is missing. # If more or less than one is missing, update service store. services = self.fw.config().getServiceNames() use_iter = None iter = self.serviceConfServiceStore.get_iter_first() while iter: if self.serviceConfServiceStore.get_value(iter, 0) not in services: if use_iter is not None: return self.load_services() use_iter = iter iter = self.serviceConfServiceStore.iter_next(iter) if use_iter is None: return self.load_services() self.serviceConfServiceStore.set_value(use_iter, 0, service) def onServiceConfAddService(self, *args): self.add_edit_service(True) def onServiceConfRemoveService(self, *args): active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) service.remove() self.changes_applied() self.load_services() self.onChangeService() def onServiceConfEditService(self, *args): self.add_edit_service(False) def onServiceBaseDialogChanged(self, *args): if args and (args[0] == self.serviceBaseDialogNameEntry): additional_chars = "".join(Service.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars self.entry_changed(args[0], allowed_chars) self.serviceBaseDialogOkButton.set_sensitive(True) def onServiceConfAddPort(self, *args): self.service_conf_add_edit_port(True) def onServiceConfEditPort(self, *args): self.service_conf_add_edit_port(False) def onServiceConfPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.service_conf_add_edit_port(False) def onServiceConfRemovePort(self, *args): active_service = self.get_active_service() selection = self.serviceConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.serviceConfPortStore.get_value(iter, 0) proto = self.serviceConfPortStore.get_value(iter, 1) service = self.fw.config().getServiceByName(active_service) service.removePort(port, proto) self.changes_applied() def change_service_dialog_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditPortButton.set_sensitive(True) self.serviceConfRemovePortButton.set_sensitive(True) else: self.serviceConfEditPortButton.set_sensitive(False) self.serviceConfRemovePortButton.set_sensitive(False) def onServiceConfAddProtocol(self, *args): self.service_conf_add_edit_protocol(True) def onServiceConfEditProtocol(self, *args): self.service_conf_add_edit_protocol(False) def onServiceConfProtocolClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.service_conf_add_edit_protocol(False) def onServiceConfRemoveProtocol(self, *args): active_service = self.get_active_service() selection = self.serviceConfProtocolView.get_selection() (model, iter) = selection.get_selected() if iter is None: return proto = self.serviceConfProtocolStore.get_value(iter, 0) service = self.fw.config().getServiceByName(active_service) service.removeProtocol(proto) self.changes_applied() def change_service_dialog_protocol_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditProtocolButton.set_sensitive(True) self.serviceConfRemoveProtocolButton.set_sensitive(True) else: self.serviceConfEditProtocolButton.set_sensitive(False) self.serviceConfRemoveProtocolButton.set_sensitive(False) def onServiceConfAddSourcePort(self, *args): self.service_conf_add_edit_source_port(True) def onServiceConfEditSourcePort(self, *args): self.service_conf_add_edit_source_port(False) def onServiceConfSourcePortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.service_conf_add_edit_source_port(False) def onServiceConfRemoveSourcePort(self, *args): active_service = self.get_active_service() selection = self.serviceConfSourcePortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.serviceConfSourcePortStore.get_value(iter, 0) proto = self.serviceConfSourcePortStore.get_value(iter, 1) service = self.fw.config().getServiceByName(active_service) service.removeSourcePort(port, proto) self.changes_applied() def change_service_dialog_source_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditSourcePortButton.set_sensitive(True) self.serviceConfRemoveSourcePortButton.set_sensitive(True) else: self.serviceConfEditSourcePortButton.set_sensitive(False) self.serviceConfRemoveSourcePortButton.set_sensitive(False) def add_edit_service(self, add): if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None self.serviceBaseDialogNameEntry.set_text("") self.serviceBaseDialogVersionEntry.set_text("") self.serviceBaseDialogShortEntry.set_text("") self.serviceBaseDialogDescText.get_buffer().set_text("") else: active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) settings = service.getSettings() props = service.get_properties() default = props["default"] builtin = props["builtin"] old_name = service.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() self.serviceBaseDialogNameEntry.set_text(old_name) self.serviceBaseDialogVersionEntry.set_text(old_version) self.serviceBaseDialogShortEntry.set_text(old_short) self.serviceBaseDialogDescText.get_buffer().set_text(old_desc) self.serviceBaseDialogOkButton.set_sensitive(False) if builtin: self.serviceBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in service, rename not supported.")) else: self.serviceBaseDialogNameEntry.set_tooltip_markup("") self.serviceBaseDialogNameEntry.set_sensitive(not builtin and default) self.serviceBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.serviceBaseDialog.set_transient_for(self.mainWindow) self.serviceBaseDialog.show_all() self.add_visible_dialog(self.serviceBaseDialog) result = self.serviceBaseDialog.run() self.serviceBaseDialog.hide() self.remove_visible_dialog(self.serviceBaseDialog) if result != 1: return name = self.serviceBaseDialogNameEntry.get_text() version = self.serviceBaseDialogVersionEntry.get_text() short = self.serviceBaseDialogShortEntry.get_text() buffer = self.serviceBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc: # no changes return if not add: active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) settings = service.getSettings() else: settings = client.FirewallClientServiceSettings() if old_version != version or old_short != short or \ old_desc != desc: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) if not add: service.update(settings) if not add: if old_name == name: return service.rename(name) else: self.fw.config().addService(name, settings) self.changes_applied() def onServiceConfLoadDefaultsService(self, *args): active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) service.loadDefaults() self.changes_applied() self.onChangeService() def onServiceConfAddModule(self, *args): self.add_edit_module(True) def onServiceConfEditModule(self, *args): self.add_edit_module(False) def onServiceConfModuleClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.add_edit_module(False) def onServiceConfRemoveModule(self, *args): active_service = self.get_active_service() selection = self.serviceConfModuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return module = self.serviceConfModuleStore.get_value(iter, 0) service = self.fw.config().getServiceByName(active_service) service.removeModule(module) self.changes_applied() def change_service_dialog_module_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.serviceConfEditModuleButton.set_sensitive(True) self.serviceConfRemoveModuleButton.set_sensitive(True) else: self.serviceConfEditModuleButton.set_sensitive(False) self.serviceConfRemoveModuleButton.set_sensitive(False) def helper_select_dialog(self, old_helper=""): self.helperDialogHelperStore.clear() helpers = [ ] if self.runtime_view: helpers = self.fw.getHelpers() else: helpers = self.fw.config().getHelperNames() for helper in sorted(helpers): self.helperDialogHelperStore.append([helper]) selection = self.helperDialogHelperView.get_selection() selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.helperDialogHelperStore.get_iter_first() while iter: if self.helperDialogHelperStore.get_value(iter, 0) == old_helper: selection.select_iter(iter) iter = self.helperDialogHelperStore.iter_next(iter) self.helperDialogOkButton.set_sensitive(False) self.helperDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.helperDialog.set_transient_for(self.mainWindow) self.helperDialog.show_all() self.add_visible_dialog(self.helperDialog) result = self.helperDialog.run() self.helperDialog.hide() self.remove_visible_dialog(self.helperDialog) if result != 1: return None (model, iter) = selection.get_selected() if not iter: return None helper = self.helperDialogHelperStore.get_value(iter, 0) if old_helper == helper: return None return helper def add_edit_module(self, add): active_service = self.get_active_service() old_helper = None if not add: selection = self.serviceConfModuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_helper = self.serviceConfModuleStore.get_value(iter, 0) helper = self.helper_select_dialog(old_helper) if helper is None: return if old_helper == helper: # nothing to change return service = self.fw.config().getServiceByName(active_service) if not service.queryModule(helper): if not add: service.removeModule(old_helper) service.addModule(helper) self.changes_applied() def onChangeServiceConfDestIpv4(self, *args): old_addr = self.serviceConfDestIpv4Chooser.get_text() addr = self.address_select_dialog("ipv4", old_addr) if addr is None: return active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) if not service.queryDestination("ipv4", addr): if addr != "": service.setDestination("ipv4", addr) else: service.removeDestination("ipv4") self.changes_applied() def onChangeServiceConfDestIpv6(self, *args): old_addr = self.serviceConfDestIpv6Chooser.get_text() addr = self.address_select_dialog("ipv6", old_addr) if addr is None: return active_service = self.get_active_service() service = self.fw.config().getServiceByName(active_service) if not service.queryDestination("ipv6", addr): if addr != "": service.setDestination("ipv6", addr) else: service.removeDestination("ipv6") self.changes_applied() def onAddressChanged(self, entry, addr_type, old_address): text = entry.get_text() if text == "": self.addressDialogOkButton.set_sensitive(True) return self.addressDialogOkButton.set_sensitive(False) if addr_type == "ipv4": if functions.checkIPnMask(text) and text != old_address: self.addressDialogOkButton.set_sensitive(True) elif addr_type == "ipv6": if functions.checkIP6nMask(text) and text != old_address: self.addressDialogOkButton.set_sensitive(True) else: if (functions.checkIPnMask(text) or functions.checkIP6nMask(text)) \ and text != old_address: self.addressDialogOkButton.set_sensitive(True) def address_select_dialog(self, addr_type, old_address): if addr_type == "ipv4": label1 = _("Please enter an ipv4 address with the form address[/mask].") label2 = _("The mask can be a network mask or a number.") elif addr_type == "ipv6": label1 = _("Please enter an ipv6 address with the form address[/mask].") label2 = _("The mask is a number.") else: label1 = _("Please enter an ipv4 or ipv6 address with the form address[/mask].") label2 = _("The mask can be a network mask or a number for ipv4.\nThe mask is a number for ipv6.") self.addressDialogLabel.set_markup(label1) self.addressDialogLabel2.set_markup(label2) self.addressDialogAddressEntry.set_text(old_address) handler_id = self.addressDialogAddressEntry.connect( "changed", self.onAddressChanged, addr_type, old_address) self.addressDialogOkButton.set_sensitive(False) self.addressDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.addressDialog.set_transient_for(self.mainWindow) self.addressDialog.show_all() self.add_visible_dialog(self.addressDialog) result = self.addressDialog.run() self.addressDialog.hide() self.remove_visible_dialog(self.addressDialog) self.addressDialogAddressEntry.disconnect(handler_id) address = self.addressDialogAddressEntry.get_text() if functions.check_mac(address): address = address.upper() if result != 1 or old_address == address: return None return address def get_active_ipset(self): selection = self.ipsetConfIPSetView.get_selection() (model, iter) = selection.get_selected() if iter: return self.ipsetConfIPSetStore.get_value(iter, 0) return None def load_ipsets(self): if not self.show_ipsets: return active_ipset = self.get_active_ipset() if self.runtime_view: ipsets = self.fw.getIPSets() else: ipsets = self.fw.config().getIPSetNames() selection = self.ipsetConfIPSetView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.ipsetConfIPSetStore.clear() # ipsets for ipset in ipsets: self.ipsetConfIPSetStore.append([ipset]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) == \ active_ipset: selection.select_iter(iter) return iter = self.ipsetConfIPSetStore.iter_next(iter) selection.select_path(0) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) if not self.get_active_ipset(): self.ipsetConfEditIPSetButton.set_sensitive(False) self.ipsetConfRemoveIPSetButton.set_sensitive(False) self.ipsetConfLoadDefaultsIPSetButton.set_sensitive(False) self.ipsetConfEntryBox.set_sensitive(False) def onIPSetConfAddIPSet(self, *args): self.add_edit_ipset(True) def onIPSetConfRemoveIPSet(self, *args): active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) ipset.remove() self.changes_applied() self.load_ipsets() self.onChangeIPSet() def onIPSetConfEditIPSet(self, *args): self.add_edit_ipset(False) def onIPSetConfLoadDefaultsIPSet(self, *args): active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) ipset.loadDefaults() self.changes_applied() self.onChangeIPSet() def onIPSetBaseDialogChanged(self, *args): def check_ipset_name(ipset): return (len(ipset) <= IPSET_MAXNAMELEN, ipset) OK=True if args and (args[0] == self.ipsetBaseDialogNameEntry): additional_chars = "".join(IPSet.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars OK = self.entry_changed(args[0], allowed_chars, check_ipset_name) self.ipsetBaseDialogOkButton.set_sensitive(OK) def add_edit_ipset(self, add): self.ipsetBaseDialogTypeCombobox.remove_all() ipset_types = self.fw.get_property("IPSetTypes") for x in ipset_types: self.ipsetBaseDialogTypeCombobox.append_text(x) self.ipsetBaseDialogBadTypeLabel.set_text("") if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None old_ipset_type = None old_options = { } self.ipsetBaseDialogNameEntry.set_text("") self.ipsetBaseDialogVersionEntry.set_text("") self.ipsetBaseDialogShortEntry.set_text("") self.ipsetBaseDialogDescText.get_buffer().set_text("") combobox_select_text(self.ipsetBaseDialogTypeCombobox, "hash:ip") self.ipsetBaseDialogFamilyCombobox.set_active(0) self.ipsetBaseDialogTimeoutEntry.set_text("") self.ipsetBaseDialogHashsizeEntry.set_text("") self.ipsetBaseDialogMaxelemEntry.set_text("") else: active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() props = ipset.get_properties() default = props["default"] builtin = props["builtin"] old_name = ipset.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() old_ipset_type = settings.getType() old_options = settings.getOptions() self.ipsetBaseDialogNameEntry.set_text(old_name) self.ipsetBaseDialogVersionEntry.set_text(old_version) self.ipsetBaseDialogShortEntry.set_text(old_short) self.ipsetBaseDialogDescText.get_buffer().set_text(old_desc) if old_ipset_type not in ipset_types: self.ipsetBaseDialogBadTypeLabel.set_text(old_ipset_type) else: combobox_select_text(self.ipsetBaseDialogTypeCombobox, old_ipset_type) if "family" in old_options and \ old_options["family"] in [ "inet", "inet6" ]: combobox_select_text(self.ipsetBaseDialogFamilyCombobox, old_options["family"]) else: self.ipsetBaseDialogFamilyCombobox.set_active(0) if "timeout" in old_options: self.ipsetBaseDialogTimeoutEntry.set_text( old_options["timeout"]) else: self.ipsetBaseDialogTimeoutEntry.set_text("") if "hashsize" in old_options: self.ipsetBaseDialogHashsizeEntry.set_text( old_options["hashsize"]) else: self.ipsetBaseDialogHashsizeEntry.set_text("") if "maxelem" in old_options: self.ipsetBaseDialogMaxelemEntry.set_text( old_options["maxelem"]) else: self.ipsetBaseDialogMaxelemEntry.set_text("") self.ipsetBaseDialogOkButton.set_sensitive(False) if builtin: self.ipsetBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in ipset, rename not supported.")) else: self.ipsetBaseDialogNameEntry.set_tooltip_markup("") self.ipsetBaseDialogNameEntry.set_sensitive(not builtin and default) self.ipsetBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.ipsetBaseDialog.set_transient_for(self.mainWindow) self.ipsetBaseDialog.show_all() self.add_visible_dialog(self.ipsetBaseDialog) result = self.ipsetBaseDialog.run() self.ipsetBaseDialog.hide() self.remove_visible_dialog(self.ipsetBaseDialog) if result != 1: return name = self.ipsetBaseDialogNameEntry.get_text() version = self.ipsetBaseDialogVersionEntry.get_text() short = self.ipsetBaseDialogShortEntry.get_text() buffer = self.ipsetBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) ipset_type = self.ipsetBaseDialogBadTypeLabel.get_text() ipset_type = self.ipsetBaseDialogTypeCombobox.get_active_text() options = { } if self.ipsetBaseDialogFamilyCombobox.is_sensitive(): x = self.ipsetBaseDialogFamilyCombobox.get_active_text() if x != "inet": options["family"] = x if self.ipsetBaseDialogTimeoutEntry.is_sensitive(): x = self.ipsetBaseDialogTimeoutEntry.get_text() if x != "": options["timeout"] = x x = self.ipsetBaseDialogHashsizeEntry.get_text() if x != "": options["hashsize"] = x x = self.ipsetBaseDialogMaxelemEntry.get_text() if x != "": options["maxelem"] = x if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc and old_ipset_type == ipset_type and \ old_options == options: # no changes return if not add: active_ipset = self.get_active_ipset() ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() else: settings = client.FirewallClientIPSetSettings() if old_version != version or old_short != short or \ old_desc != desc or old_ipset_type != ipset_type or \ old_options != options: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) settings.setType(ipset_type) settings.setOptions(options) if not add: ipset.update(settings) if not add: if old_name == name: return ipset.rename(name) else: self.fw.config().addIPSet(name, settings) self.changes_applied() def onIPSetChanged(self, *args): if self.ipsetBaseDialogTypeCombobox.get_active_text() is None: # unsupported ipset type return if self.ipsetBaseDialogTypeCombobox.get_active_text() == "hash:mac": self.ipsetBaseDialogFamilyLabel.set_sensitive(False) self.ipsetBaseDialogFamilyCombobox.set_sensitive(False) else: self.ipsetBaseDialogFamilyLabel.set_sensitive(True) self.ipsetBaseDialogFamilyCombobox.set_sensitive(True) self.ipsetBaseDialogOkButton.set_sensitive(True) def onIPSetConfAddEntry(self, *args): self.add_edit_ipset_entry(True) def onIPSetConfAddEntriesFromFile(self, *args): dialog = Gtk.FileChooserDialog( _("Please select a file"), None, Gtk.FileChooserAction.OPEN, (Gtk.STOCK_CANCEL, Gtk.ResponseType.CANCEL, Gtk.STOCK_OPEN, Gtk.ResponseType.OK)) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) filefilter = Gtk.FileFilter() filefilter.set_name(_("Text Files")) filefilter.add_mime_type("text/plain") dialog.add_filter(filefilter) filefilter = Gtk.FileFilter() filefilter.set_name(_("All Files")) filefilter.add_pattern("*") dialog.add_filter(filefilter) result = dialog.run() dialog.hide() if result == Gtk.ResponseType.OK: filename = dialog.get_filename() else: return dialog.destroy() entries = self.get_ipset_entries_from_file(filename) active_ipset = self.get_active_ipset() if self.runtime_view: old_entries = self.fw.getEntries(active_ipset) changed = False for entry in entries: if entry not in old_entries: old_entries.append(entry) changed = True if changed: self.fw.setEntries(active_ipset, old_entries) else: ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() changed = False for entry in entries: if not settings.queryEntry(entry): settings.addEntry(entry) changed = True if changed: ipset.update(settings) def onIPSetConfEditEntry(self, *args): self.add_edit_ipset_entry(False) def onIPSetConfEntryClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.add_edit_ipset_entry(False) def onIPSetConfRemoveEntry(self, *args): active_ipset = self.get_active_ipset() selection = self.ipsetConfEntryView.get_selection() (model, iter) = selection.get_selected() if iter is None: return entry = self.ipsetConfEntryStore.get_value(iter, 0) if self.runtime_view: if self.fw.queryEntry(active_ipset, entry): self.fw.removeEntry(active_ipset, entry) self.changes_applied() else: ipset = self.fw.config().getIPSetByName(active_ipset) ipset.removeEntry(entry) self.changes_applied() self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def onIPSetConfRemoveEntriesFromFile(self, *args): dialog = Gtk.FileChooserDialog( _("Please select a file"), None, Gtk.FileChooserAction.OPEN, (Gtk.STOCK_CANCEL, Gtk.ResponseType.CANCEL, Gtk.STOCK_OPEN, Gtk.ResponseType.OK)) dialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) dialog.set_transient_for(self.mainWindow) filefilter = Gtk.FileFilter() filefilter.set_name(_("Text Files")) filefilter.add_mime_type("text/plain") dialog.add_filter(filefilter) filefilter = Gtk.FileFilter() filefilter.set_name(_("All Files")) filefilter.add_pattern("*") dialog.add_filter(filefilter) result = dialog.run() dialog.hide() if result == Gtk.ResponseType.OK: filename = dialog.get_filename() else: return dialog.destroy() entries = self.get_ipset_entries_from_file(filename) active_ipset = self.get_active_ipset() if self.runtime_view: old_entries = self.fw.getEntries(active_ipset) changed = False for entry in entries: if entry in old_entries: old_entries.remove(entry) changed = True if changed: self.fw.setEntries(active_ipset, old_entries) else: ipset = self.fw.config().getIPSetByName(active_ipset) settings = ipset.getSettings() changed = False for entry in entries: if settings.queryEntry(entry): settings.removeEntry(entry) changed = True if changed: ipset.update(settings) def onIPSetConfRemoveAllEntries(self, *args): active_ipset = self.get_active_ipset() if self.runtime_view: self.fw.setEntries(active_ipset, [ ]) self.changes_applied() else: ipset = self.fw.config().getIPSetByName(active_ipset) ipset.setEntries([ ]) self.changes_applied() self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def onIPSetEntryChanged(self, *args): settings = self.active_ipset_settings entry = self.ipsetEntryDialogEntryEntry.get_text() try: IPSet.check_entry(entry, settings.getOptions(), settings.getType()) except Exception: self.ipsetEntryDialogOkButton.set_sensitive(False) else: self.ipsetEntryDialogOkButton.set_sensitive(True) def change_ipset_conf_entry_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.ipsetConfEditEntryButton.set_sensitive(True) self.ipsetConfRemoveEntryMenuitem.set_sensitive(True) else: self.ipsetConfEditEntryButton.set_sensitive(False) self.ipsetConfRemoveEntryMenuitem.set_sensitive(False) def add_edit_ipset_entry(self, add): active_ipset = self.get_active_ipset() if self.runtime_view: settings = self.fw.getIPSetSettings(active_ipset) else: settings = self.fw.config().getIPSetByName(active_ipset).getSettings() self.active_ipset_settings = settings self.ipsetEntryDialogTypeLabel.set_text(settings.getType()) self.ipsetEntryDialogEntryEntry.set_text("") old_entry = None if not add: selection = self.ipsetConfEntryView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_entry = self.ipsetConfEntryStore.get_value(iter, 0) if old_entry: self.ipsetEntryDialogEntryEntry.set_text(old_entry) self.ipsetEntryDialogOkButton.set_sensitive(False) self.ipsetEntryDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.ipsetEntryDialog.set_transient_for(self.mainWindow) self.ipsetEntryDialog.show_all() self.add_visible_dialog(self.ipsetEntryDialog) result = self.ipsetEntryDialog.run() self.ipsetEntryDialog.hide() self.active_ipset_settings = None self.remove_visible_dialog(self.ipsetEntryDialog) if result != 1: return entry = self.ipsetEntryDialogEntryEntry.get_text() if old_entry == entry: # nothing to change return if self.runtime_view: if not self.fw.queryEntry(active_ipset, entry): self.fw.addEntry(active_ipset, entry) if not add: self.fw.removeEntry(active_ipset, old_entry) self.changes_applied() else: ipset = self.fw.config().getIPSetByName(active_ipset) if not ipset.queryEntry(entry): if not add: ipset.removeEntry(old_entry) ipset.addEntry(entry) self.changes_applied() def ipset_entry_added_cb(self, ipset, entry): if not self.runtime_view or ipset != self.get_active_ipset(): return iter = self.ipsetConfEntryStore.get_iter_first() while iter: if self.ipsetConfEntryStore.get_value(iter, 0) == entry: # already there return iter = self.ipsetConfEntryStore.iter_next(iter) # nothing found, so add it self.ipsetConfEntryStore.append([entry]) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def ipset_entry_removed_cb(self, ipset, entry): if not self.runtime_view or ipset != self.get_active_ipset(): return iter = self.ipsetConfEntryStore.get_iter_first() while iter: if self.ipsetConfEntryStore.get_value(iter, 0) == entry: self.ipsetConfEntryStore.remove(iter) break iter = self.ipsetConfEntryStore.iter_next(iter) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def conf_ipset_added_cb(self, ipset): if self.runtime_view: return # check if ipset is in store iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) == ipset: return iter = self.ipsetConfIPSetStore.iter_next(iter) # not in list, append self.ipsetConfIPSetStore.append([ipset]) selection = self.ipsetConfIPSetView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_ipset_updated_cb(self, ipset): if self.runtime_view or ipset != self.get_active_ipset(): return self.onChangeIPSet() def conf_ipset_removed_cb(self, ipset): if self.runtime_view: return iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) == ipset: self.ipsetConfIPSetStore.remove(iter) break iter = self.ipsetConfIPSetStore.iter_next(iter) def conf_ipset_renamed_cb(self, ipset): if self.runtime_view: return # Get all ipsets, renamed the one that is missing. # If more or less than one is missing, update ipset store. ipsets = self.fw.config().getIPSetNames() use_iter = None iter = self.ipsetConfIPSetStore.get_iter_first() while iter: if self.ipsetConfIPSetStore.get_value(iter, 0) not in ipsets: if use_iter is not None: return self.load_ipsets() use_iter = iter iter = self.ipsetConfIPSetStore.iter_next(iter) if use_iter is None: return self.load_ipsets() self.ipsetConfIPSetStore.set_value(use_iter, 0, ipset) def onChangeIPSet(self, *args): active_ipset = self.get_active_ipset() self.ipsetConfEntryStore.clear() self.ipsetConfEntryView.get_selection().set_mode( Gtk.SelectionMode.NONE) if not active_ipset: self.ipsetConfEditIPSetButton.set_sensitive(False) self.ipsetConfRemoveIPSetButton.set_sensitive(False) self.ipsetConfLoadDefaultsIPSetButton.set_sensitive(False) self.ipsetConfEntryBox.set_sensitive(False) return self.ipsetConfEditIPSetButton.set_sensitive(True) self.ipsetConfEntryBox.set_sensitive(True) entries = [ ] if self.runtime_view: # load runtime configuration self.deactivate_exception_handler() try: settings = self.fw.getIPSetSettings(active_ipset) except (DBusException, Exception) as msg: self.activate_exception_handler() if isinstance(msg, DBusException): msg = msg.get_dbus_message() else: msg = str(msg) code = FirewallError.get_code(msg) if code == errors.NOT_APPLIED: self.ipsetConfNotebook.set_sensitive(False) return raise else: self.ipsetConfNotebook.set_sensitive(True) self.activate_exception_handler() entries = settings.getEntries() options = settings.getOptions() default = False builtin = False else: try: ipset = self.fw.config().getIPSetByName(active_ipset) except: return # load permanent configuration settings = ipset.getSettings() entries = settings.getEntries() options = settings.getOptions() props = ipset.get_properties() default = props["default"] builtin = props["builtin"] if "timeout" in options: self.ipsetConfEntrySW.hide() self.ipsetConfEntryBox.hide() self.ipsetConfEntryLabel.hide() self.ipsetConfTimeoutLabel.show() else: self.ipsetConfEntrySW.show() self.ipsetConfEntryBox.show() self.ipsetConfEntryLabel.show() self.ipsetConfTimeoutLabel.hide() # set entries for item in entries: self.ipsetConfEntryStore.append([item]) self.ipsetConfEntryView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.ipsetConfRemoveIPSetButton.set_sensitive(not builtin and default) self.ipsetConfLoadDefaultsIPSetButton.set_sensitive(not default) self.ipsetConfRemoveEntryMenubutton.set_sensitive( len(self.ipsetConfEntryStore) > 0) def get_active_helper(self): selection = self.helperConfHelperView.get_selection() (model, iter) = selection.get_selected() if iter: return self.helperConfHelperStore.get_value(iter, 0) return None def load_helpers(self): if not self.show_helpers: return active_helper = self.get_active_helper() if self.runtime_view: helpers = self.fw.getHelpers() else: helpers = self.fw.config().getHelperNames() selection = self.helperConfHelperView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.helperConfHelperStore.clear() # helpers for helper in helpers: self.helperConfHelperStore.append([helper]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) == \ active_helper: selection.select_iter(iter) return iter = self.helperConfHelperStore.iter_next(iter) selection.select_path(0) if not self.get_active_helper(): self.helperConfEditHelperButton.set_sensitive(False) self.helperConfRemoveHelperButton.set_sensitive(False) self.helperConfLoadDefaultsHelperButton.set_sensitive(False) self.helperConfHelperNotebook.set_sensitive(False) def onHelperConfAddHelper(self, *args): self.add_edit_helper(True) def onHelperConfRemoveHelper(self, *args): active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) helper.remove() self.changes_applied() self.load_helpers() self.onChangeHelper() def onHelperConfEditHelper(self, *args): self.add_edit_helper(False) def onHelperConfLoadDefaultsHelper(self, *args): active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) helper.loadDefaults() self.changes_applied() self.onChangeHelper() def onHelperBaseDialogModuleChooserClicked(self, *args): old_module = self.helperBaseDialogModuleChooser.get_text() module = self.module_select_dialog(old_module) if module is not None: self.helperBaseDialogModuleChooser.set_text(module) def onHelperBaseDialogChanged(self, *args): def check_helper_name(helper): return (len(helper) <= HELPER_MAXNAMELEN, helper) OK=True if args and (args[0] == self.helperBaseDialogNameEntry): additional_chars = "".join(Helper.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars OK = self.entry_changed(args[0], allowed_chars, check_helper_name) module = self.helperBaseDialogModuleChooser.get_text() if module is None or not module.startswith("nf_conntrack_") or \ len(module.replace("nf_conntrack_", "")) < 1: OK = False self.helperBaseDialogOkButton.set_sensitive(OK) def add_edit_helper(self, add): if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None old_module = None old_family = None self.helperBaseDialogNameEntry.set_text("") self.helperBaseDialogVersionEntry.set_text("") self.helperBaseDialogShortEntry.set_text("") self.helperBaseDialogDescText.get_buffer().set_text("") self.helperBaseDialogModuleChooser.set_text("") self.helperBaseDialogFamilyCombobox.set_active(0) else: active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) settings = helper.getSettings() props = helper.get_properties() default = props["default"] builtin = props["builtin"] old_name = helper.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() old_module = settings.getModule() old_family = settings.getFamily() self.helperBaseDialogNameEntry.set_text(old_name) self.helperBaseDialogVersionEntry.set_text(old_version) self.helperBaseDialogShortEntry.set_text(old_short) self.helperBaseDialogDescText.get_buffer().set_text(old_desc) self.helperBaseDialogModuleChooser.set_text(old_module) self.helperBaseDialogFamilyCombobox.set_active(0) combobox_select_text(self.helperBaseDialogFamilyCombobox, { "": _("All") , "ipv4": _("IPv4"), "ipv6" : _("IPv6") }[old_family]) self.helperBaseDialogOkButton.set_sensitive(False) if builtin: self.helperBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in helper, rename not supported.")) else: self.helperBaseDialogNameEntry.set_tooltip_markup("") self.helperBaseDialogNameEntry.set_sensitive(not builtin and default) self.helperBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.helperBaseDialog.set_transient_for(self.mainWindow) self.helperBaseDialog.show_all() self.add_visible_dialog(self.helperBaseDialog) result = self.helperBaseDialog.run() self.helperBaseDialog.hide() self.remove_visible_dialog(self.helperBaseDialog) if result != 1: return name = self.helperBaseDialogNameEntry.get_text() version = self.helperBaseDialogVersionEntry.get_text() short = self.helperBaseDialogShortEntry.get_text() buffer = self.helperBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) module = self.helperBaseDialogModuleChooser.get_text() family = { _("All") : "", _("IPv4") : "ipv4", _("IPv6") : "ipv6" } \ [self.helperBaseDialogFamilyCombobox.get_active_text()] if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc and old_module == module and \ old_family == family: # no changes return if not add: active_helper = self.get_active_helper() helper = self.fw.config().getHelperByName(active_helper) settings = helper.getSettings() else: settings = client.FirewallClientHelperSettings() if old_version != version or old_short != short or \ old_desc != desc or old_family != family: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) settings.setModule(module) settings.setFamily(family) if not add: helper.update(settings) if not add: if old_name == name: return helper.rename(name) else: self.fw.config().addHelper(name, settings) self.changes_applied() def onHelperChanged(self, *args): self.helperBaseDialogOkButton.set_sensitive(True) def onHelperConfAddPort(self, *args): self.add_edit_helper_port(True) def onHelperConfEditPort(self, *args): self.add_edit_helper_port(False) def onHelperConfPortClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS and \ not self.runtime_view: self.add_edit_helper_port(False) def onHelperConfRemovePort(self, *args): active_helper = self.get_active_helper() selection = self.helperConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return port = self.helperConfPortStore.get_value(iter, 0) proto = self.helperConfPortStore.get_value(iter, 1) if self.runtime_view: if self.fw.queryPort(active_helper, port, proto): self.fw.removePort(active_helper, port, proto) self.changes_applied() else: helper = self.fw.config().getHelperByName(active_helper) helper.removePort(port, proto) self.changes_applied() def change_helper_conf_port_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.helperConfEditPortButton.set_sensitive(True) self.helperConfRemovePortButton.set_sensitive(True) else: self.helperConfEditPortButton.set_sensitive(False) self.helperConfRemovePortButton.set_sensitive(False) def add_edit_helper_port(self, add): active_helper = self.get_active_helper() self.portDialogPortEntry.set_text("") self.portDialogProtoCombobox.set_active(0) old_port = None old_proto = None if not add: selection = self.helperConfPortView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_port = self.helperConfPortStore.get_value(iter, 0) old_proto = self.helperConfPortStore.get_value(iter, 1) if old_port: self.portDialogPortEntry.set_text(old_port) if old_proto: combobox_select_text(self.portDialogProtoCombobox, old_proto) self.portDialogOkButton.set_sensitive(False) self.portDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.portDialog.set_transient_for(self.mainWindow) self.portDialog.show_all() self.add_visible_dialog(self.portDialog) result = self.portDialog.run() self.portDialog.hide() self.remove_visible_dialog(self.portDialog) if result != 1: return port = self.portDialogPortEntry.get_text() proto = self.portDialogProtoCombobox.get_active_text() if old_port == port and old_proto == proto: # nothing to change return helper = self.fw.config().getHelperByName(active_helper) if not helper.queryPort(port, proto): if not add: helper.removePort(old_port, old_proto) helper.addPort(port, proto) self.changes_applied() def helper_port_added_cb(self, helper, entry): if not self.runtime_view or helper != self.get_active_helper(): return iter = self.helperConfPortStore.get_iter_first() while iter: if self.helperConfPortStore.get_value(iter, 0) == entry: # already there return iter = self.helperConfPortStore.iter_next(iter) # nothing found, so add it self.helperConfPortStore.append([entry]) def helper_port_removed_cb(self, helper, entry): if not self.runtime_view or helper != self.get_active_helper(): return iter = self.helperConfPortStore.get_iter_first() while iter: if self.helperConfPortStore.get_value(iter, 0) == entry: self.helperConfPortStore.remove(iter) break iter = self.helperConfPortStore.iter_next(iter) def conf_helper_added_cb(self, helper): if self.runtime_view: return # check if helper is in store iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) == helper: return iter = self.helperConfHelperStore.iter_next(iter) # not in list, append self.helperConfHelperStore.append([helper]) selection = self.helperConfHelperView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_helper_updated_cb(self, helper): if self.runtime_view or helper != self.get_active_helper(): return self.onChangeHelper() def conf_helper_removed_cb(self, helper): if self.runtime_view: return iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) == helper: self.helperConfHelperStore.remove(iter) break iter = self.helperConfHelperStore.iter_next(iter) def conf_helper_renamed_cb(self, helper): if self.runtime_view: return # Get all helpers, renamed the one that is missing. # If more or less than one is missing, update helper store. helpers = self.fw.config().getHelperNames() use_iter = None iter = self.helperConfHelperStore.get_iter_first() while iter: if self.helperConfHelperStore.get_value(iter, 0) not in helpers: if use_iter is not None: return self.load_helpers() use_iter = iter iter = self.helperConfHelperStore.iter_next(iter) if use_iter is None: return self.load_helpers() self.helperConfHelperStore.set_value(use_iter, 0, helper) def onChangeHelper(self, *args): active_helper = self.get_active_helper() self.helperConfPortStore.clear() self.helperConfPortView.get_selection().set_mode( Gtk.SelectionMode.NONE) if not active_helper: self.helperConfEditHelperButton.set_sensitive(False) self.helperConfRemoveHelperButton.set_sensitive(False) self.helperConfLoadDefaultsHelperButton.set_sensitive(False) self.helperConfHelperNotebook.set_sensitive(False) return self.helperConfEditHelperButton.set_sensitive(True) self.helperConfHelperNotebook.set_sensitive(True) ports = [ ] if self.runtime_view: # load runtime configuration settings = self.fw.getHelperSettings(active_helper) ports = settings.getPorts() default = False builtin = False else: try: helper = self.fw.config().getHelperByName(active_helper) except: return # load permanent configuration settings = helper.getSettings() ports = settings.getPorts() props = helper.get_properties() default = props["default"] builtin = props["builtin"] # set entries for item in ports: self.helperConfPortStore.append(item) self.helperConfPortView.get_selection().set_mode( Gtk.SelectionMode.SINGLE) self.helperConfRemoveHelperButton.set_sensitive(not builtin and default) self.helperConfLoadDefaultsHelperButton.set_sensitive(not default) def onModuleChanged(self, *args): if self.moduleDialogOtherModuleCheck.get_active(): self.moduleDialogModuleLabel.set_sensitive(False) self.moduleDialogModuleCombobox.set_sensitive(False) self.moduleDialogOtherModuleEntry.set_sensitive(True) module = self.moduleDialogOtherModuleEntry.get_text() else: self.moduleDialogModuleLabel.set_sensitive(True) self.moduleDialogModuleCombobox.set_sensitive(True) self.moduleDialogOtherModuleEntry.set_sensitive(False) module = self.moduleDialogModuleCombobox.get_active_text() if module is not None and module.startswith("nf_conntrack_") and \ len(module.replace("nf_conntrack_", "")) > 1: self.moduleDialogOkButton.set_sensitive(True) else: self.moduleDialogOkButton.set_sensitive(False) def module_select_dialog(self, old_module): self.moduleDialogModuleCombobox.set_active(0) self.moduleDialogOtherModuleCheck.set_active(False) self.moduleDialogOtherModuleEntry.set_text("") if old_module: if not combobox_select_text(self.moduleDialogModuleCombobox, old_module): self.moduleDialogOtherModuleCheck.set_active(True) self.moduleDialogOtherModuleEntry.set_text(old_module) self.moduleDialogOkButton.set_sensitive(False) self.moduleDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.moduleDialog.set_transient_for(self.mainWindow) self.moduleDialog.show_all() self.add_visible_dialog(self.moduleDialog) result = self.moduleDialog.run() self.moduleDialog.hide() self.remove_visible_dialog(self.moduleDialog) if result != 1: return None if self.moduleDialogOtherModuleCheck.get_active(): module = self.moduleDialogOtherModuleEntry.get_text() else: module = self.moduleDialogModuleCombobox.get_active_text() if old_module == module: # nothing to change return None return module def get_active_icmp(self): selection = self.icmpDialogIcmpView.get_selection() (model, iter) = selection.get_selected() if iter: return self.icmpDialogIcmpStore.get_value(iter, 0) return None def load_icmps(self): if not self.show_icmp_types: return active_icmp = self.get_active_icmp() if self.runtime_view: icmps = self.fw.listIcmpTypes() else: icmps = self.fw.config().getIcmpTypeNames() selection = self.icmpDialogIcmpView.get_selection() selection.set_mode(Gtk.SelectionMode.NONE) # reset and fill notebook content according to view self.icmpDialogIcmpStore.clear() # icmps for icmp in icmps: self.icmpDialogIcmpStore.append([icmp]) selection.set_mode(Gtk.SelectionMode.SINGLE) iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) == \ active_icmp: selection.select_iter(iter) return iter = self.icmpDialogIcmpStore.iter_next(iter) selection.select_path(0) if not self.get_active_icmp(): self.icmpDialogEditIcmpButton.set_sensitive(False) self.icmpDialogRemoveIcmpButton.set_sensitive(False) self.icmpDialogLoadDefaultsIcmpButton.set_sensitive(False) self.icmpDialogIcmpNotebook.set_sensitive(False) def onChangeIcmp(self, *args): active_icmp = self.get_active_icmp() ### load service settings self.icmpDialogDestIpv4Check.set_active(True) self.icmpDialogDestIpv6Check.set_active(True) if not active_icmp: self.icmpDialogEditIcmpButton.set_sensitive(False) self.icmpDialogRemoveIcmpButton.set_sensitive(False) self.icmpDialogLoadDefaultsIcmpButton.set_sensitive(False) self.icmpDialogIcmpNotebook.set_sensitive(False) return self.icmpDialogEditIcmpButton.set_sensitive(True) self.icmpDialogIcmpNotebook.set_sensitive(True) destination = [ ] if self.runtime_view: # load runtime configuration settings = self.fw.getIcmpTypeSettings(active_icmp) destination = settings.getDestinations() default = False builtin = False else: try: icmp = self.fw.config().getIcmpTypeByName(active_icmp) except: return # load permanent configuration settings = icmp.getSettings() destination = settings.getDestinations() props = icmp.get_properties() default = props["default"] builtin = props["builtin"] self.icmpDialogRemoveIcmpButton.set_sensitive(not builtin and default) self.icmpDialogLoadDefaultsIcmpButton.set_sensitive(not default) ipv4 = "ipv4" in destination ipv6 = "ipv6" in destination # set destination if ipv4 != ipv6: if not ipv4: self.icmpDialogDestIpv4Check.set_active(False) if not ipv6: self.icmpDialogDestIpv6Check.set_active(False) def onIcmpDialogAddIcmp(self, *args): self.add_edit_icmp(True) def onIcmpDialogRemoveIcmp(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) icmp.remove() self.load_icmps() self.onChangeIcmp() def onIcmpDialogEditIcmp(self, *args): self.add_edit_icmp(False) def onIcmpBaseDialogChanged(self, *args): if args and (args[0] == self.icmpBaseDialogNameEntry): additional_chars = "".join(IcmpType.ADDITIONAL_ALNUM_CHARS) allowed_chars = string.ascii_letters+string.digits+additional_chars self.entry_changed(args[0], allowed_chars) self.icmpBaseDialogOkButton.set_sensitive(True) def add_edit_icmp(self, add): if add: default = True builtin = False old_name = None old_version = None old_short = None old_desc = None self.icmpBaseDialogNameEntry.set_text("") self.icmpBaseDialogVersionEntry.set_text("") self.icmpBaseDialogShortEntry.set_text("") self.icmpBaseDialogDescText.get_buffer().set_text("") else: active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) settings = icmp.getSettings() props = icmp.get_properties() default = props["default"] builtin = props["builtin"] old_name = icmp.get_property("name") old_version = settings.getVersion() old_short = settings.getShort() old_desc = settings.getDescription() self.icmpBaseDialogNameEntry.set_text(old_name) self.icmpBaseDialogVersionEntry.set_text(old_version) self.icmpBaseDialogShortEntry.set_text(old_short) self.icmpBaseDialogDescText.get_buffer().set_text(old_desc) self.icmpBaseDialogOkButton.set_sensitive(False) if builtin: self.icmpBaseDialogNameEntry.set_tooltip_markup(\ _("Built-in icmp, rename not supported.")) else: self.icmpBaseDialogNameEntry.set_tooltip_markup("") self.icmpBaseDialogNameEntry.set_sensitive(not builtin and default) self.icmpBaseDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.icmpBaseDialog.set_transient_for(self.mainWindow) self.icmpBaseDialog.show_all() self.add_visible_dialog(self.icmpBaseDialog) result = self.icmpBaseDialog.run() self.icmpBaseDialog.hide() self.remove_visible_dialog(self.icmpBaseDialog) if result != 1: return name = self.icmpBaseDialogNameEntry.get_text() version = self.icmpBaseDialogVersionEntry.get_text() short = self.icmpBaseDialogShortEntry.get_text() buffer = self.icmpBaseDialogDescText.get_buffer() desc = buffer.get_text(buffer.get_start_iter(), buffer.get_end_iter(), False) if old_name == name and \ old_version == version and old_short == short and \ old_desc == desc: # no changes return if not add: active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) settings = icmp.getSettings() else: settings = client.FirewallClientIcmpTypeSettings() if old_version != version or old_short != short or \ old_desc != desc: # settings settings.setVersion(version) settings.setShort(short) settings.setDescription(desc) if not add: icmp.update(settings) if not add: if old_name == name: return icmp.rename(name) else: self.fw.config().addIcmpType(name, settings) self.changes_applied() def onIcmpDialogLoadDefaultsIcmp(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) icmp.loadDefaults() self.changes_applied() self.onChangeIcmp() def icmp_dialog_dest_ipv4_check_cb(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) if self.icmpDialogDestIpv4Check.get_active(): if icmp.queryDestination("ipv4"): icmp.removeDestination("ipv4") self.changes_applied() elif not icmp.queryDestination("ipv4"): icmp.addDestination("ipv4") self.changes_applied() def icmp_dialog_dest_ipv6_check_cb(self, *args): active_icmp = self.get_active_icmp() icmp = self.fw.config().getIcmpTypeByName(active_icmp) if self.icmpDialogDestIpv6Check.get_active(): if icmp.queryDestination("ipv6"): icmp.removeDestination("ipv6") self.changes_applied() elif not icmp.queryDestination("ipv6"): icmp.addDestination("ipv6") self.changes_applied() def conf_icmp_added_cb(self, icmp): if self.runtime_view: return if not self.show_icmp_types: return # check if icmp is in store iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) == icmp: return iter = self.icmpDialogIcmpStore.iter_next(iter) # not in list, append self.icmpDialogIcmpStore.append([icmp]) selection = self.icmpDialogIcmpView.get_selection() if selection.count_selected_rows() == 0: selection.select_path(0) def conf_icmp_updated_cb(self, zone): if self.runtime_view: return if not self.show_icmp_types: return self.onChangeIcmp() def conf_icmp_removed_cb(self, icmp): if self.runtime_view: return if not self.show_icmp_types: return iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) == icmp: self.icmpDialogIcmpStore.remove(iter) break iter = self.icmpDialogIcmpStore.iter_next(iter) def conf_icmp_renamed_cb(self, icmp): if self.runtime_view: return # Get all icmps, renamed the one that is missing. # If more or less than one is missing, update icmp store. icmps = self.fw.config().getIcmpTypeNames() use_iter = None iter = self.icmpDialogIcmpStore.get_iter_first() while iter: if self.icmpDialogIcmpStore.get_value(iter, 0) not in icmps: if use_iter is not None: return self.load_icmps() use_iter = iter iter = self.icmpDialogIcmpStore.iter_next(iter) if use_iter is None: return self.load_icmps() self.icmpDialogIcmpStore.set_value(use_iter, 0, icmp) def lockdown_check_cb(self, *args): if self.fw.queryLockdown(): self.fw.config().set_property("Lockdown", "no") # permanent self.fw.disableLockdown() # runtime else: self.fw.config().set_property("Lockdown", "yes") # permanent self.fw.enableLockdown() # runtime self.changes_applied() def panic_check_cb(self, *args): if self.fw.queryPanicMode(): self.fw.disablePanicMode() else: self.fw.enablePanicMode() self.changes_applied() def load_direct(self): if not self.show_direct: return if self.runtime_view: chains = self.fw.getAllChains() rules = self.fw.getAllRules() passthroughs = self.fw.getAllPassthroughs() else: direct = self.fw.config().direct() settings = direct.getSettings() chains = settings.getAllChains() rules = settings.getAllRules() passthroughs = settings.getAllPassthroughs() self.directChainStore.clear() self.directRuleStore.clear() self.directPassthroughStore.clear() for x in chains: self.directChainStore.append(x) for (ipv, table, chain, priority, args) in rules: self.directRuleStore.append((ipv, table, chain, priority, functions.joinArgs(args))) for (ipv, args) in passthroughs: self.directPassthroughStore.append((ipv, functions.joinArgs(args))) def load_lockdown_whitelist(self): if not self.show_lockdown_whitelist: return if self.runtime_view: contexts = self.fw.getLockdownWhitelistContexts() commands = self.fw.getLockdownWhitelistCommands() users = self.fw.getLockdownWhitelistUsers() uids = self.fw.getLockdownWhitelistUids() else: whitelist = self.fw.config().policies().getLockdownWhitelist() contexts = whitelist.getContexts() commands = whitelist.getCommands() users = whitelist.getUsers() uids = whitelist.getUids() self.lockdownContextStore.clear() self.lockdownCommandStore.clear() self.lockdownUserStore.clear() self.lockdownUidStore.clear() for context in contexts: self.lockdownContextStore.append([context]) self.lockdownContextView.get_selection().select_path(0) for command in commands: self.lockdownCommandStore.append([command]) self.lockdownCommandView.get_selection().select_path(0) for user in users: self.lockdownUserStore.append([user]) self.lockdownUserView.get_selection().select_path(0) for uid in uids: self.lockdownUidStore.append([uid]) self.lockdownUidView.get_selection().select_path(0) def lockdown_enabled_cb(self): self.lockdownLabel.set_text(self.enabled) self.lockdownMenuitem.handler_block(self.lockdown_check_id) self.lockdownMenuitem.set_active(True) self.lockdownMenuitem.handler_unblock(self.lockdown_check_id) def lockdown_disabled_cb(self): self.lockdownLabel.set_text(self.disabled) self.lockdownMenuitem.handler_block(self.lockdown_check_id) self.lockdownMenuitem.set_active(False) self.lockdownMenuitem.handler_unblock(self.lockdown_check_id) def change_lockdown_context_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownContextButton.set_sensitive(True) self.removeLockdownContextButton.set_sensitive(True) else: self.editLockdownContextButton.set_sensitive(False) self.removeLockdownContextButton.set_sensitive(False) def change_lockdown_command_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownCommandButton.set_sensitive(True) self.removeLockdownCommandButton.set_sensitive(True) else: self.editLockdownCommandButton.set_sensitive(False) self.removeLockdownCommandButton.set_sensitive(False) def change_lockdown_user_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownUserButton.set_sensitive(True) self.removeLockdownUserButton.set_sensitive(True) else: self.editLockdownUserButton.set_sensitive(False) self.removeLockdownUserButton.set_sensitive(False) def change_lockdown_uid_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editLockdownUidButton.set_sensitive(True) self.removeLockdownUidButton.set_sensitive(True) else: self.editLockdownUidButton.set_sensitive(False) self.removeLockdownUidButton.set_sensitive(False) def onAddContext(self, button): self.add_edit_context(True) def onEditContext(self, button): self.add_edit_context(False) def onContextClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_context(False) def onRemoveContext(self, button): selection = self.lockdownContextView.get_selection() (model, iter) = selection.get_selected() if iter is None: return context = self.lockdownContextStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistContext(context) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeContext(context) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_context_added_cb(self, context): if not self.show_lockdown_whitelist: return iter = self.lockdownContextStore.get_iter_first() while iter: if self.lockdownContextStore.get_value(iter, 0) == context: return iter = self.lockdownContextStore.iter_next(iter) self.lockdownContextStore.append([context]) def lockdown_whitelist_context_removed_cb(self, context): if not self.show_lockdown_whitelist: return iter = self.lockdownContextStore.get_iter_first() while iter: if self.lockdownContextStore.get_value(iter, 0) == context: self.lockdownContextStore.remove(iter) break iter = self.lockdownContextStore.iter_next(iter) def add_edit_context(self, add): if add: old_context = "" else: selection = self.lockdownContextView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_context = self.lockdownContextStore.get_value(iter, 0) self.contextDialogContextEntry.set_text(old_context) self.contextDialogOkButton.set_sensitive(False) self.contextDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.contextDialog.set_transient_for(self.mainWindow) self.contextDialog.show_all() self.add_visible_dialog(self.contextDialog) result = self.contextDialog.run() self.contextDialog.hide() self.remove_visible_dialog(self.contextDialog) if result != 1: return context = self.contextDialogContextEntry.get_text() if old_context == context: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistContext(context): self.fw.addLockdownWhitelistContext(context) if not add: self.fw.removeLockdownWhitelistContext(old_context) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryContext(context): if not add: whitelist.removeContext(old_context) whitelist.addContext(context) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onContextChanged(self, *args): text = self.contextDialogContextEntry.get_text() if text != "" and functions.checkContext(text): self.contextDialogOkButton.set_sensitive(True) else: self.contextDialogOkButton.set_sensitive(False) def onAddCommand(self, button): self.add_edit_command(True) def onEditCommand(self, button): self.add_edit_command(False) def onCommandClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_command(False) def onRemoveCommand(self, button): selection = self.lockdownCommandView.get_selection() (model, iter) = selection.get_selected() if iter is None: return command = self.lockdownCommandStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistCommand(command) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeCommand(command) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_command_added_cb(self, command): if not self.show_lockdown_whitelist: return iter = self.lockdownCommandStore.get_iter_first() while iter: if self.lockdownCommandStore.get_value(iter, 0) == command: return iter = self.lockdownCommandStore.iter_next(iter) self.lockdownCommandStore.append([command]) def lockdown_whitelist_command_removed_cb(self, command): if not self.show_lockdown_whitelist: return iter = self.lockdownCommandStore.get_iter_first() while iter: if self.lockdownCommandStore.get_value(iter, 0) == command: self.lockdownCommandStore.remove(iter) break iter = self.lockdownCommandStore.iter_next(iter) def add_edit_command(self, add): if add: old_command = "" else: selection = self.lockdownCommandView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_command = self.lockdownCommandStore.get_value(iter, 0) self.commandDialogCommandEntry.set_text(old_command) self.commandDialogOkButton.set_sensitive(False) self.commandDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.commandDialog.set_transient_for(self.mainWindow) self.commandDialog.show_all() self.add_visible_dialog(self.commandDialog) result = self.commandDialog.run() self.commandDialog.hide() self.remove_visible_dialog(self.commandDialog) if result != 1: return command = self.commandDialogCommandEntry.get_text() if old_command == command: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistCommand(command): self.fw.addLockdownWhitelistCommand(command) if not add: self.fw.removeLockdownWhitelistCommand(old_command) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryCommand(command): if not add: whitelist.removeCommand(old_command) whitelist.addCommand(command) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onCommandChanged(self, *args): text = self.commandDialogCommandEntry.get_text() if functions.checkCommand(text): self.commandDialogOkButton.set_sensitive(True) else: self.commandDialogOkButton.set_sensitive(False) def onAddUser(self, button): self.add_edit_user(True) def onEditUser(self, button): self.add_edit_user(False) def onUserClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_user(False) def onRemoveUser(self, button): selection = self.lockdownUserView.get_selection() (model, iter) = selection.get_selected() if iter is None: return user = self.lockdownUserStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistUser(user) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeUser(user) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_user_added_cb(self, user): if not self.show_lockdown_whitelist: return iter = self.lockdownUserStore.get_iter_first() while iter: if self.lockdownUserStore.get_value(iter, 0) == user: return iter = self.lockdownUserStore.iter_next(iter) self.lockdownUserStore.append([user]) def lockdown_whitelist_user_removed_cb(self, user): if not self.show_lockdown_whitelist: return iter = self.lockdownUserStore.get_iter_first() while iter: if self.lockdownUserStore.get_value(iter, 0) == user: self.lockdownUserStore.remove(iter) break iter = self.lockdownUserStore.iter_next(iter) def add_edit_user(self, add): if add: old_user = "" else: selection = self.lockdownUserView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_user = self.lockdownUserStore.get_value(iter, 0) self.userDialogUserEntry.set_text(old_user) self.userDialogOkButton.set_sensitive(False) self.userDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.userDialog.set_transient_for(self.mainWindow) self.userDialog.show_all() self.add_visible_dialog(self.userDialog) result = self.userDialog.run() self.userDialog.hide() self.remove_visible_dialog(self.userDialog) if result != 1: return user = self.userDialogUserEntry.get_text() if old_user == user: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistUser(user): self.fw.addLockdownWhitelistUser(user) if not add: self.fw.removeLockdownWhitelistUser(old_user) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryUser(user): if not add: whitelist.removeUser(old_user) whitelist.addUser(user) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onUserChanged(self, *args): text = self.userDialogUserEntry.get_text() if text != "" and functions.checkUser(text): self.userDialogOkButton.set_sensitive(True) else: self.userDialogOkButton.set_sensitive(False) def onAddUid(self, button): self.add_edit_uid(True) def onEditUid(self, button): self.add_edit_uid(False) def onUidClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_uid(False) def onRemoveUid(self, button): selection = self.lockdownUidView.get_selection() (model, iter) = selection.get_selected() if iter is None: return uid = self.lockdownUidStore.get_value(iter, 0) if self.runtime_view: self.fw.removeLockdownWhitelistUid(uid) else: whitelist = self.fw.config().policies().getLockdownWhitelist() whitelist.removeUid(uid) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def lockdown_whitelist_uid_added_cb(self, uid): if not self.show_lockdown_whitelist: return iter = self.lockdownUidStore.get_iter_first() while iter: if self.lockdownUidStore.get_value(iter, 0) == uid: return iter = self.lockdownUidStore.iter_next(iter) self.lockdownUidStore.append([uid]) def lockdown_whitelist_uid_removed_cb(self, uid): if not self.show_lockdown_whitelist: return iter = self.lockdownUidStore.get_iter_first() while iter: if self.lockdownUidStore.get_value(iter, 0) == uid: self.lockdownUidStore.remove(iter) break iter = self.lockdownUidStore.iter_next(iter) def add_edit_uid(self, add): if add: old_uid = "" else: selection = self.lockdownUidView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_uid = self.lockdownUidStore.get_value(iter, 0) self.uidDialogUidEntry.set_text("%s" % old_uid) self.uidDialogOkButton.set_sensitive(False) self.uidDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.uidDialog.set_transient_for(self.mainWindow) self.uidDialog.show_all() self.add_visible_dialog(self.uidDialog) result = self.uidDialog.run() self.uidDialog.hide() self.remove_visible_dialog(self.uidDialog) if result != 1: return uid = int(self.uidDialogUidEntry.get_text()) if old_uid == uid: # nothing to change return if self.runtime_view: if not self.fw.queryLockdownWhitelistUid(uid): self.fw.addLockdownWhitelistUid(uid) if not add: self.fw.removeLockdownWhitelistUid(old_uid) self.changes_applied() else: whitelist = self.fw.config().policies().getLockdownWhitelist() if not whitelist.queryUid(uid): if not add: whitelist.removeUid(old_uid) whitelist.addUid(uid) self.fw.config().policies().setLockdownWhitelist(whitelist) self.changes_applied() def onUidChanged(self, *args): text = self.uidDialogUidEntry.get_text() if text != "" and functions.checkUid(text): self.uidDialogOkButton.set_sensitive(True) else: self.uidDialogOkButton.set_sensitive(False) def lockdown_whitelist_updated_cb(self): self.load_lockdown_whitelist() def change_chain_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editDirectChainButton.set_sensitive(True) self.removeDirectChainButton.set_sensitive(True) else: self.editDirectChainButton.set_sensitive(False) self.removeDirectChainButton.set_sensitive(False) def onAddChain(self, button): self.add_edit_direct_chain(True) def onEditChain(self, button): self.add_edit_direct_chain(False) def onChainClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_direct_chain(False) def onRemoveChain(self, button): selection = self.directChainView.get_selection() (model, iter) = selection.get_selected() if iter is None: return ipv = self.directChainStore.get_value(iter, 0) table = self.directChainStore.get_value(iter, 1) chain = self.directChainStore.get_value(iter, 2) if self.runtime_view: self.fw.removeChain(ipv, table, chain) self.changes_applied() else: direct = self.fw.config().direct() if direct.queryChain(ipv, table, chain): direct.removeChain(ipv, table, chain) self.changes_applied() def direct_updated_cb(self): if not self.show_direct: return if self.runtime_view: return self.load_direct() def direct_chain_added_cb(self, ipv, table, chain): if not self.show_direct: return if not self.runtime_view: return iter = self.directChainStore.get_iter_first() while iter: if self.directChainStore.get_value(iter, 0) == ipv and \ self.directChainStore.get_value(iter, 1) == table and \ self.directChainStore.get_value(iter, 2) == chain: return iter = self.directChainStore.iter_next(iter) self.directChainStore.append([ipv, table, chain]) def direct_chain_removed_cb(self, ipv, table, chain): if not self.show_direct: return if not self.runtime_view: return iter = self.directChainStore.get_iter_first() while iter: if self.directChainStore.get_value(iter, 0) == ipv and \ self.directChainStore.get_value(iter, 1) == table and \ self.directChainStore.get_value(iter, 2) == chain: self.directChainStore.remove(iter) break iter = self.directChainStore.iter_next(iter) def add_edit_direct_chain(self, add): if add: old_ipv = "" old_table = "" old_chain = "" else: selection = self.directChainView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_ipv = self.directChainStore.get_value(iter, 0) old_table = self.directChainStore.get_value(iter, 1) old_chain = self.directChainStore.get_value(iter, 2) self.directChainDialogIPVCombobox.set_active(0) combobox_select_text(self.directChainDialogIPVCombobox, old_ipv) combobox_select_text(self.directChainDialogTableCombobox, old_table) self.directChainDialogChainEntry.set_text("%s" % old_chain) self.directChainDialogOkButton.set_sensitive(False) self.directChainDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.directChainDialog.set_transient_for(self.mainWindow) self.directChainDialog.show_all() self.add_visible_dialog(self.directChainDialog) result = self.directChainDialog.run() self.directChainDialog.hide() self.remove_visible_dialog(self.directChainDialog) if result != 1: return ipv = self.directChainDialogIPVCombobox.get_active_text() table = self.directChainDialogTableCombobox.get_active_text() chain = self.directChainDialogChainEntry.get_text() if self.runtime_view: if not self.fw.queryChain(ipv, table, chain): self.fw.addChain(ipv, table, chain) if not add: self.fw.removeChain(old_ipv, old_table, old_chain) self.changes_applied() else: direct = self.fw.config().direct() if not direct.queryChain(ipv, table, chain): if not add: direct.removeChain(old_ipv, old_table, old_chain) direct.addChain(ipv, table, chain) self.changes_applied() def onDirectChainDialogChanged(self, *args): self.directChainDialogOkButton.set_sensitive(True) def onDirectChainDialogIPVChanged(self, *args): old_table = self.directChainDialogTableCombobox.get_active_text() ipv = self.directChainDialogIPVCombobox.get_active_text() self.directChainDialogTableCombobox.remove_all() self.directChainDialogTableCombobox.append_text("filter") if ipv in [ "ipv4", "ipv6" ]: self.directChainDialogTableCombobox.append_text("nat") self.directChainDialogTableCombobox.append_text("mangle") self.directChainDialogTableCombobox.append_text("raw") self.directChainDialogTableCombobox.append_text("security") else: self.directChainDialogTableCombobox.append_text("broute") combobox_select_text(self.directChainDialogTableCombobox, old_table) def change_rule_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editDirectRuleButton.set_sensitive(True) self.removeDirectRuleButton.set_sensitive(True) else: self.editDirectRuleButton.set_sensitive(False) self.removeDirectRuleButton.set_sensitive(False) def onAddRule(self, button): self.add_edit_direct_rule(True) def onEditRule(self, button): self.add_edit_direct_rule(False) def onRuleClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_direct_rule(False) def onRemoveRule(self, button): selection = self.directRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return ipv = self.directRuleStore.get_value(iter, 0) table = self.directRuleStore.get_value(iter, 1) chain = self.directRuleStore.get_value(iter, 2) priority = self.directRuleStore.get_value(iter, 3) args = self.directRuleStore.get_value(iter, 4) split_args = functions.splitArgs(args) if self.runtime_view: self.fw.removeRule(ipv, table, chain, priority, split_args) self.changes_applied() else: direct = self.fw.config().direct() if direct.queryRule(ipv, table, chain, priority, split_args): direct.removeRule(ipv, table, chain, priority, split_args) self.changes_applied() def direct_rule_added_cb(self, ipv, table, chain, priority, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directRuleStore.get_iter_first() while iter: if self.directRuleStore.get_value(iter, 0) == ipv and \ self.directRuleStore.get_value(iter, 1) == table and \ self.directRuleStore.get_value(iter, 2) == chain and \ self.directRuleStore.get_value(iter, 3) == priority and \ self.directRuleStore.get_value(iter, 4) == joined_args: return iter = self.directRuleStore.iter_next(iter) self.directRuleStore.append([ipv, table, chain, priority, joined_args]) def direct_rule_removed_cb(self, ipv, table, chain, priority, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directRuleStore.get_iter_first() while iter: if self.directRuleStore.get_value(iter, 0) == ipv and \ self.directRuleStore.get_value(iter, 1) == table and \ self.directRuleStore.get_value(iter, 2) == chain and \ self.directRuleStore.get_value(iter, 3) == priority and \ self.directRuleStore.get_value(iter, 4) == joined_args: self.directRuleStore.remove(iter) break iter = self.directRuleStore.iter_next(iter) def add_edit_direct_rule(self, add): if add: old_ipv = "" old_table = "" old_chain = "" old_priority = 0 old_args = "" else: selection = self.directRuleView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_ipv = self.directRuleStore.get_value(iter, 0) old_table = self.directRuleStore.get_value(iter, 1) old_chain = self.directRuleStore.get_value(iter, 2) old_priority = self.directRuleStore.get_value(iter, 3) old_args = self.directRuleStore.get_value(iter, 4) self.directRuleDialogIPVCombobox.set_active(0) combobox_select_text(self.directRuleDialogIPVCombobox, old_ipv) combobox_select_text(self.directRuleDialogTableCombobox, old_table) self.directRuleDialogChainEntry.set_text("%s" % old_chain) self.directRuleDialogPrioritySpinbutton.set_value(old_priority) self.directRuleDialogArgsEntry.set_text("%s" % old_args) self.directRuleDialogOkButton.set_sensitive(False) self.directRuleDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.directRuleDialog.set_transient_for(self.mainWindow) self.directRuleDialog.show_all() self.add_visible_dialog(self.directRuleDialog) result = self.directRuleDialog.run() self.directRuleDialog.hide() self.remove_visible_dialog(self.directRuleDialog) if result != 1: return ipv = self.directRuleDialogIPVCombobox.get_active_text() table = self.directRuleDialogTableCombobox.get_active_text() chain = self.directRuleDialogChainEntry.get_text() priority = self.directRuleDialogPrioritySpinbutton.get_value_as_int() args = self.directRuleDialogArgsEntry.get_text() split_args = functions.splitArgs(args) split_old_args = functions.splitArgs(old_args) if self.runtime_view: if not self.fw.queryRule(ipv, table, chain, priority, split_args): self.fw.addRule(ipv, table, chain, priority, split_args) if not add: self.fw.removeRule(old_ipv, old_table, old_chain, old_priority, split_old_args) self.changes_applied() else: direct = self.fw.config().direct() if not direct.queryRule(ipv, table, chain, priority, split_args): if not add: direct.removeRule(old_ipv, old_table, old_chain, old_priority, split_old_args) direct.addRule(ipv, table, chain, priority, split_args) self.changes_applied() def onDirectRuleDialogChanged(self, *args): self.directRuleDialogOkButton.set_sensitive(True) def onDirectRuleDialogIPVChanged(self, *args): old_table = self.directRuleDialogTableCombobox.get_active_text() ipv = self.directRuleDialogIPVCombobox.get_active_text() self.directRuleDialogTableCombobox.remove_all() self.directRuleDialogTableCombobox.append_text("filter") if ipv in [ "ipv4", "ipv6" ]: self.directRuleDialogTableCombobox.append_text("nat") self.directRuleDialogTableCombobox.append_text("mangle") self.directRuleDialogTableCombobox.append_text("raw") self.directRuleDialogTableCombobox.append_text("security") else: self.directRuleDialogTableCombobox.append_text("broute") combobox_select_text(self.directRuleDialogTableCombobox, old_table) def change_passthrough_selection_cb(self, selection): (model, iter) = selection.get_selected() if iter: self.editDirectPassthroughButton.set_sensitive(True) self.removeDirectPassthroughButton.set_sensitive(True) else: self.editDirectPassthroughButton.set_sensitive(False) self.removeDirectPassthroughButton.set_sensitive(False) def onAddPassthrough(self, button): self.add_edit_direct_passthrough(True) def onEditPassthrough(self, button): self.add_edit_direct_passthrough(False) def onPassthroughClicked(self, widget, event): if event.type == Gdk.EventType.DOUBLE_BUTTON_PRESS: self.add_edit_direct_passthrough(False) def onRemovePassthrough(self, button): selection = self.directPassthroughView.get_selection() (model, iter) = selection.get_selected() if iter is None: return ipv = self.directPassthroughStore.get_value(iter, 0) args = self.directPassthroughStore.get_value(iter, 1) split_args = functions.splitArgs(args) if self.runtime_view: self.fw.removePassthrough(ipv, split_args) self.changes_applied() else: direct = self.fw.config().direct() if direct.queryPassthrough(ipv, split_args): direct.removePassthrough(ipv, split_args) self.changes_applied() def direct_passthrough_added_cb(self, ipv, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directPassthroughStore.get_iter_first() while iter: if self.directPassthroughStore.get_value(iter, 0) == ipv and \ self.directPassthroughStore.get_value(iter, 1) == joined_args: return iter = self.directPassthroughStore.iter_next(iter) self.directPassthroughStore.append([ipv, joined_args]) def direct_passthrough_removed_cb(self, ipv, args): if not self.show_direct: return if not self.runtime_view: return joined_args = functions.joinArgs(args) iter = self.directPassthroughStore.get_iter_first() while iter: if self.directPassthroughStore.get_value(iter, 0) == ipv and \ self.directPassthroughStore.get_value(iter, 1) == joined_args: self.directPassthroughStore.remove(iter) break iter = self.directPassthroughStore.iter_next(iter) def add_edit_direct_passthrough(self, add): if add: old_ipv = "" old_args = "" else: selection = self.directPassthroughView.get_selection() (model, iter) = selection.get_selected() if iter is None: return old_ipv = self.directPassthroughStore.get_value(iter, 0) old_args = self.directPassthroughStore.get_value(iter, 1) self.directPassthroughDialogIPVCombobox.set_active(0) combobox_select_text(self.directPassthroughDialogIPVCombobox, old_ipv) self.directPassthroughDialogArgsEntry.set_text("%s" % old_args) self.directPassthroughDialogOkButton.set_sensitive(False) self.directPassthroughDialog.set_position(Gtk.WindowPosition.CENTER_ON_PARENT) self.directPassthroughDialog.set_transient_for(self.mainWindow) self.directPassthroughDialog.show_all() self.add_visible_dialog(self.directPassthroughDialog) result = self.directPassthroughDialog.run() self.directPassthroughDialog.hide() self.remove_visible_dialog(self.directPassthroughDialog) if result != 1: return ipv = self.directPassthroughDialogIPVCombobox.get_active_text() args = self.directPassthroughDialogArgsEntry.get_text() split_args = functions.splitArgs(args) split_old_args = functions.splitArgs(old_args) if self.runtime_view: if not self.fw.queryPassthrough(ipv, split_args): self.fw.addPassthrough(ipv, split_args) if not add: self.fw.removePassthrough(old_ipv, split_old_args) self.changes_applied() else: direct = self.fw.config().direct() if not direct.queryPassthrough(ipv, split_args): if not add: direct.removePassthrough(old_ipv, split_old_args) direct.addPassthrough(ipv, split_args) self.changes_applied() def onDirectPassthroughDialogChanged(self, *args): self.directPassthroughDialogOkButton.set_sensitive(True) def get_ipset_entries_from_file(self, filename): entries = [ ] try: f = open(filename) except Exception as ex: self._error(_("Failed to read file '%s': %s") % (filename, ex)) else: for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] in ['#', ';']: continue if line not in entries: entries.append(line) f.close() return entries def combobox_select_text(combobox, value, insensitive=False): model = combobox.get_model() iter = model.get_iter_first() while iter: if (not insensitive and model.get_value(iter, 0) == value) or \ (insensitive and \ model.get_value(iter, 0).lower() == value.lower()): combobox.set_active_iter(iter) return True iter = model.iter_next(iter) combobox.set_active(0) return False class ZoneInterfaceEditor(Gtk.Dialog): def __init__(self, fw, interface, zone): self.fw = fw self.interface = interface self.zone = None self.title = _("Select zone for interface '%s'") % self.interface Gtk.Dialog.__init__(self, self.title) self.create_ui(zone) def create_ui(self, zone): self.set_property("width-request", 100) self.resize_to_geometry(100, 50) self.set_resizable(True) self.add_button("gtk-close", 1) self.ok_button = self.add_button("gtk-ok", 2) self.ok_button.set_sensitive(False) vbox = Gtk.Box(orientation=Gtk.Orientation.VERTICAL, spacing=6) vbox.set_border_width(12) vbox.set_homogeneous(False) label = Gtk.Label() label.set_text(self.title) label.set_line_wrap(True) label.set_justify(Gtk.Justification.LEFT) label.set_alignment(0, 0.5) vbox.pack_start(label, True, True, 0) self.combo = Gtk.ComboBoxText() self.fill_zone_combo() vbox.pack_start(self.combo, True, True, 0) box = self.get_content_area() box.set_border_width(6) box.set_homogeneous(False) box.pack_start(vbox, False, True, 0) self.combo.connect("changed", self.combo_changed) self.set_zone(zone) def combo_changed(self, combo): self.ok_button.set_sensitive(self.get_zone() != self.zone) def set_zone(self, zone): old_zone = self.zone self.zone = zone if self.get_zone() == old_zone: if zone == "": combobox_select_text(self.combo, _("Default Zone")) else: combobox_select_text(self.combo, self.zone) else: self.combo_changed(None) def get_zone(self): text = self.combo.get_active_text() if text == _("Default Zone"): text = "" return text def fill_zone_combo(self): self.combo.remove_all() for zone in self.fw.getZones(): self.combo.append_text(zone) def zones_changed(self): zone = self.get_zone() self.fill_zone_combo() self.set_zone(zone) def run(self): if Gtk.Dialog.run(self) != 2: return self.fw.changeZoneOfInterface(self.get_zone(), self.interface) class ZoneConnectionEditor(ZoneInterfaceEditor): def __init__(self, fw, connection, connection_name, zone): self.fw = fw self.connection = connection self.connection_name = connection_name self.zone = None self.title = _("Select zone for connection '%s'") % self.connection_name Gtk.Dialog.__init__(self, self.title) self.create_ui(zone) def fill_zone_combo(self): self.combo.remove_all() self.combo.append_text(_("Default Zone")) for zone in self.fw.getZones(): self.combo.append_text(zone) def run(self): if Gtk.Dialog.run(self) != 2: return nm_set_zone_of_connection(self.get_zone(), self.connection) class ZoneSourceEditor(ZoneInterfaceEditor): def __init__(self, fw, source, zone): self.fw = fw self.source = source self.zone = None self.title = _("Select zone for source %s") % self.source Gtk.Dialog.__init__(self, self.title) self.create_ui(zone) def run(self): if Gtk.Dialog.run(self) != 2: return self.fw.changeZoneOfSource(self.get_zone(), self.source) # MAIN if len(sys.argv) > 1: print("""Usage: %s [options] Options: -h, --help show this help message and exit """ % sys.argv[0]) sys.exit(1) app = FirewallConfig() sys.exit(0) firewalld-1.1.1/src/firewall-offline-cmd.in0000755000000000000000000036134214217342322020602 0ustar00rootroot00000000000000#!@PYTHON@ # -*- coding: utf-8 -*- # # Copyright (C) 2009-2016 Red Hat, Inc. # # Authors: # Thomas Woerner # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from gi.repository import GObject import sys sys.modules['gobject'] = GObject import argparse import os from firewall.client import FirewallClientIPSetSettings, \ FirewallClientZoneSettings, FirewallClientServiceSettings, \ FirewallClientIcmpTypeSettings, FirewallClientHelperSettings, \ FirewallClientPolicySettings from firewall.errors import FirewallError from firewall import config from firewall.core.fw import Firewall from firewall.functions import joinArgs, splitArgs, getPortRange from firewall.core.io.functions import check_on_disk_config from firewall.core.io.zone import zone_reader from firewall.core.io.policy import policy_reader from firewall.core.io.service import service_reader from firewall.core.io.ipset import ipset_reader from firewall.core.io.icmptype import icmptype_reader from firewall.core.io.helper import helper_reader from firewall.command import FirewallCommand # check for root user def assert_root(): if os.getuid() != 0: sys.stderr.write("You need to be root to run %s.\n" % sys.argv[0]) sys.exit(-1) SYSTEM_CONFIG_FIREWALL = config.SYSCONFIGDIR + '/system-config-firewall' def __usage(): sys.stdout.write(""" Usage: firewall-offline-cmd [OPTIONS...] If no options are given, configuration from '%s' will be migrated. General Options -h, --help Prints a short help text and exists -V, --version Print the version string of firewalld -q, --quiet Do not print status messages --system-config Path to firewalld system configuration --default-config Path to firewalld default configuration --check-config Check system and default configuration Lokkit Compatibility Options --migrate-system-config-firewall= Import configuration data from the given configuration file. --enabled Enable firewall (default) --disabled Disable firewall --addmodule= Ignored option, was used to enable an iptables module --removemodule= Ignored option, was used to disable an iptables module -s , --service= Enable a service in the default zone (example: ssh) --remove-service= Disable a service in the default zone (example: ssh) -p [-]:, --port=[-]: Enable a port in the default zone (example: ssh:tcp) -t , --trust= Bind an interface to the trusted zone -m , --masq= Enables masquerading in the default zone, interface argument is ignored. This is IPv4 only. --custom-rules=[:][
:] Ignored option. Was used to add custom rules to the firewall (Example: ipv4:filter:%s/ipv4_filter_addon) --forward-port=if=:port=:proto=[:toport=][:toaddr=] Forward the port with protocol for the interface to either another local destination port (no destination address given) or to an other destination address with an optional destination port. This will be added to the default zone. This is IPv4 only. --block-icmp= Block this ICMP type in the default zone. The default is to accept all ICMP types. Log Denied Options --get-log-denied Print the log denied value --set-log-denied= Set log denied value Automatic Helpers Options --get-automatic-helpers Print the automatic helpers value --set-automatic-helpers= Set automatic helpers value Zone Options --get-default-zone Print default zone for connections and interfaces --set-default-zone= Set default zone --get-zones Print predefined zones --get-services Print predefined services --get-icmptypes Print predefined icmptypes --get-zone-of-interface= Print name of the zone the interface is bound to --get-zone-of-source=[/]||ipset: Print name of the zone the source is bound to --list-all-zones List everything added for or enabled in all zones --new-zone= Add a new empty zone --new-zone-from-file= [--name=] Add a new zone from file with optional name override [P only] --delete-zone= Delete an existing zone --load-zone-defaults= Load zone default settings --zone= Use this zone to set or query options, else default zone Usable for options marked with [Z] --info-zone= Print information about a zone --path-zone= Print file path of a zone Policy Options --get-policies Print predefined policies --list-all-policies List everything added for or enabled in all policies --new-policy= Add a new empty policy --new-policy-from-file= [--name=] Add a new policy from file with optional name override [P only] --delete-policy= Delete an existing policy --load-policy-defaults= Load policy default settings --policy= Use this policy to set or query options Usable for options marked with [O] --info-policy= Print information about a policy --path-policy= Print file path of a policy IPSet Options --new-ipset= --type= [--option=[=]].. Add a new empty ipset --new-ipset-from-file= [--name=] Add a new ipset from file with optional name override [P only] --delete-ipset= Delete an existing ipset --load-ipset-defaults= Load ipset default settings --info-ipset= Print information about an ipset --path-ipset= Print file path of an ipset --get-ipsets Print predefined ipsets --ipset= --set-description= Set new description to ipset --ipset= --get-description Print description for ipset --ipset= --set-short= Set new short description to ipset --ipset= --get-short Print short description for ipset --ipset= --add-entry= Add a new entry to an ipset --ipset= --remove-entry= Remove an entry from an ipset --ipset= --query-entry= Return whether ipset has an entry --ipset= --get-entries List entries of an ipset --ipset= --add-entries-from-file= Add a new entries to an ipset --ipset= --remove-entries-from-file= Remove entries from an ipset IcmpType Options --new-icmptype= Add a new empty icmptype --new-icmptype-from-file= [--name=] Add a new icmptype from file with optional name override [P only] --delete-icmptype= Delete an existing icmptype --load-icmptype-defaults= Load icmptype default settings --info-icmptype= Print information about an icmptype --path-icmptype= Print file path of an icmptype --icmptype= --set-description= Set new description to icmptype --icmptype= --get-description Print description for icmptype --icmptype= --set-short= Set new short description to icmptype --icmptype= --get-short Print short description for icmptype --icmptype= --add-destination= Enable destination for ipv in icmptype --icmptype= --remove-destination= Disable destination for ipv in icmptype --icmptype= --query-destination= Return whether destination ipv is enabled in icmptype --icmptype= --get-destinations List destinations in icmptype Service Options --new-service= Add a new empty service --new-service-from-file= [--name=] Add a new service from file with optional name override [P only] --delete-service= Delete an existing service --load-service-defaults= Load icmptype default settings --info-service= Print information about a service --path-service= Print file path of a service --service= --set-description= Set new description to service --service= --get-description Print description for service --service= --set-short= Set new short description to service --service= --get-short Print short description for service --service= --add-port=[-]/ Add a new port to service --service= --remove-port=[-]/ Remove a port from service --service= --query-port=[-]/ Return whether the port has been added for service --service= --get-ports List ports of service --service= --add-protocol= Add a new protocol to service --service= --remove-protocol= Remove a protocol from service --service= --query-protocol= Return whether the protocol has been added for service --service= --get-protocols List protocols of service --service= --add-source-port=[-]/ Add a new source port to service --service= --remove-source-port=[-]/ Remove a source port from service --service= --query-source-port=[-]/ Return whether the source port has been added for service [P only] --service= --get-source-ports List source ports of service --service= --add-helper= Add a new helper to service --service= --remove-helper= Remove a helper from service --service= --query-helper= Return whether the helper has been added for service --service= --get-service-helpers List helpers of service --service= --set-destination=:
[/] Set destination for ipv to address in service --service= --remove-destination= Disable destination for ipv i service --service= --query-destination=:
[/] Return whether destination ipv is set for service --service= --get-destinations List destinations in service --service= --add-include= Add a new include to service --service= --remove-include= Remove a include from service --service= --query-include= Return whether the include has been added for service --service= --get-includes List includes of service Options to Adapt and Query Zones and Policies --list-all List everything added for or enabled [Z] [O] --set-description= Set new description [Z] [O] --get-description Print description [Z] [O] --get-target Get the target [Z] [O] --set-target= Set the target [Z] [O] --set-short= Set new short description to zone [Z] [O] --get-short Print short description for zone [Z] [O] --list-services List services added [Z] [O] --add-service= Add a service [Z] [O] --remove-service-from-zone= Remove a service from a zone [Z] --remove-service-from-policy= Remove a service from a policy [O] --query-service= Return whether service has been added [Z] [O] --list-ports List ports added [Z] [O] --add-port=[-]/ Add the port [Z] [O] --remove-port=[-]/ Remove the port [Z] [O] --query-port=[-]/ Return whether the port has been added [Z] [O] --list-protocols List protocols added [Z] [O] --add-protocol= Add the protocol [Z] [O] --remove-protocol= Remove the protocol [Z] [O] --query-protocol= Return whether the protocol has been added [Z] [O] --list-source-ports List source ports added [Z] [O] --add-source-port=[-]/ Add the source port [Z] [O] --remove-source-port=[-]/ Remove the source port [Z] [O] --query-source-port=[-]/ Return whether the source port has been added [Z] [O] --list-icmp-blocks List Internet ICMP type blocks added [Z] [O] --add-icmp-block= Add an ICMP block [Z] [O] --remove-icmp-block= Remove the ICMP block [Z] [O] --query-icmp-block= Return whether an ICMP block has been added [Z] [O] --list-forward-ports List IPv4 forward ports added [Z] [O] --add-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Add the IPv4 forward port [Z] [O] --remove-forward-port=port=[-]:proto=[:toport=[-]][:toaddr=
[/]] Remove the IPv4 forward port [Z] [O] Options to Adapt and Query Zones --add-icmp-block-inversion Enable inversion of icmp blocks for a zone [Z] --remove-icmp-block-inversion Disable inversion of icmp blocks for a zone [Z] --query-icmp-block-inversion Return whether inversion of icmp blocks has been enabled for a zone [Z] --add-forward Enable forwarding of packets between interfaces and sources in a zone [Z] --remove-forward Disable forwarding of packets between interfaces and sources in a zone [Z] --query-forward Return whether forwarding of packets between interfaces and sources has been enabled for a zone [Z] Options to Adapt and Query Policies --get-priority Get the priority [O] --set-priority= Set the priority [O] --list-ingress-zones List ingress zones that are bound to a policy [O] --add-ingress-zone= Add the ingress zone to a policy [O] --remove-ingress-zone= Remove the ingress zone from a policy [O] --query-ingress-zone= Query whether the ingress zone has been adedd to a policy [O] --list-egress-zones List egress zones that are bound to a policy [O] --add-egress-zone= Add the egress zone to a policy [O] --remove-egress-zone= Remove the egress zone from a policy [O] --query-egress-zone= Query whether the egress zone has been adedd to a policy [O] Options to Handle Bindings of Interfaces --list-interfaces List interfaces that are bound to a zone [Z] --add-interface= Bind the to a zone [Z] --change-interface= Change zone the is bound to [Z] --query-interface= Query whether is bound to a zone [Z] --remove-interface= Remove binding of from a zone [Z] Options to Handle Bindings of Sources --list-sources List sources that are bound to a zone [Z] --add-source=[/]||ipset: Bind the source to a zone [Z] --change-source=[/]||ipset: Change zone the source is bound to [Z] --query-source=[/]||ipset: Query whether the source is bound to a zone [Z] --remove-source=[/]||ipset: Remove binding of the source from a zone [Z] Helper Options --new-helper= --module= [--family=] Add a new helper --new-helper-from-file= [--name=] Add a new helper from file with optional name --delete-helper= Delete an existing helper --load-helper-defaults= Load helper default settings --info-helper= Print information about an helper --path-helper= Print file path of an helper --get-helpers Print predefined helpers --helper= --set-description= Set new description to helper --helper= --get-description Print description for helper --helper= --set-short= Set new short description to helper --helper= --get-short Print short description for helper --helper= --add-port=[-]/ Add a new port to helper --helper= --remove-port=[-]/ Remove a port from helper --helper= --query-port=[-]/ Return whether the port has been added for helper --helper= --get-ports List ports of helper --helper= --set-module= Set module to helper --helper= --get-module Get module from helper --helper= --set-family={ipv4|ipv6|} Set family for helper --helper= --get-family Get module from helper Direct Options --direct First option for all direct options --get-all-chains Get all chains --get-chains {ipv4|ipv6|eb}
Get all chains added to the table --add-chain {ipv4|ipv6|eb}
Add a new chain to the table --remove-chain {ipv4|ipv6|eb}
Remove the chain from the table --query-chain {ipv4|ipv6|eb}
Return whether the chain has been added to the table --get-all-rules Get all rules --get-rules {ipv4|ipv6|eb}
Get all rules added to chain in table --add-rule {ipv4|ipv6|eb}
... Add rule to chain in table --remove-rule {ipv4|ipv6|eb}
... Remove rule with priority from chain in table --remove-rules {ipv4|ipv6|eb}
Remove rules from chain in table --query-rule {ipv4|ipv6|eb}
... Return whether a rule with priority has been added to chain in table --get-all-passthroughs Get all passthrough rules --get-passthroughs {ipv4|ipv6|eb} ... Get passthrough rules --add-passthrough {ipv4|ipv6|eb} ... Add a new passthrough rule --remove-passthrough {ipv4|ipv6|eb} ... Remove a passthrough rule --query-passthrough {ipv4|ipv6|eb} ... Return whether the passthrough rule has been added Lockdown Options --lockdown-on Enable lockdown. --lockdown-off Disable lockdown. --query-lockdown Query whether lockdown is enabled Lockdown Whitelist Options --list-lockdown-whitelist-commands List all command lines that are on the whitelist --add-lockdown-whitelist-command= Add the command to the whitelist --remove-lockdown-whitelist-command= Remove the command from the whitelist --query-lockdown-whitelist-command= Query whether the command is on the whitelist --list-lockdown-whitelist-contexts List all contexts that are on the whitelist --add-lockdown-whitelist-context= Add the context context to the whitelist --remove-lockdown-whitelist-context= Remove the context from the whitelist --query-lockdown-whitelist-context= Query whether the context is on the whitelist --list-lockdown-whitelist-uids List all user ids that are on the whitelist --add-lockdown-whitelist-uid= Add the user id uid to the whitelist --remove-lockdown-whitelist-uid= Remove the user id uid from the whitelist --query-lockdown-whitelist-uid= Query whether the user id uid is on the whitelist --list-lockdown-whitelist-users List all user names that are on the whitelist --add-lockdown-whitelist-user= Add the user name user to the whitelist --remove-lockdown-whitelist-user= Remove the user name user from the whitelist --query-lockdown-whitelist-user= Query whether the user name user is on the whitelist Polkit Options --policy-server Change Polkit actions to 'server' (more restricted) --policy-desktop Change Polkit actions to 'desktop' (less restricted) """ % (SYSTEM_CONFIG_FIREWALL, config.SYSCONFIGDIR)) def parse_port_lokkit(value): try: (port, proto) = value.split(":") except Exception: cmd.fail("bad port (most likely missing protocol), correct syntax is portid[-portid]:protocol") return (port, proto) def pk_symlink(product='server'): _PK_DIR = '/usr/share/polkit-1/actions/' _PK_NAME = 'org.fedoraproject.FirewallD1.' os.chdir(_PK_DIR) if os.path.isfile(_PK_NAME+product+'.policy.choice'): if os.path.isfile(_PK_NAME+'policy'): os.remove(_PK_NAME+'policy') os.symlink(_PK_NAME+product+'.policy.choice', _PK_NAME+'policy') cmd.print_and_exit('symlink '+_PK_DIR+_PK_NAME+product+'.policy.choice -> '+_PK_NAME+'policy') else: cmd.fail('no such file '+_PK_DIR+_PK_NAME+product+'.policy.choice') # system-config-firewall def read_sysconfig_args(config_file=SYSTEM_CONFIG_FIREWALL): filename = None if os.path.exists(config_file) and os.path.isfile(config_file): filename = config_file try: f = open(filename, 'r') except Exception: return None argv = [ ] for line in f: if not line: break line = line.strip() if len(line) < 1 or line[0] == '#': continue argv.append(line) f.close() return argv parser = argparse.ArgumentParser(usage="see firewall-offline-cmd man page", add_help=False) parser_group_output = parser.add_mutually_exclusive_group() parser_group_output.add_argument("-v", "--verbose", action="store_true") parser_group_output.add_argument("-q", "--quiet", action="store_true") parser_group_lokkit = parser.add_argument_group() parser_group_lokkit.add_argument("--enabled", action="store_true") parser_group_lokkit.add_argument("--disabled", action="store_true") parser_group_lokkit.add_argument("--addmodule", metavar="", action='append') parser_group_lokkit.add_argument("--removemodule", metavar="", action='append') parser_group_lokkit.add_argument("--service", "-s", metavar="", action='append') parser_group_lokkit.add_argument("--remove-service", metavar="", action='append') parser_group_lokkit.add_argument("--port", "-p", metavar="", action='append') parser_group_lokkit.add_argument("--trust", "-t", metavar="", action='append') parser_group_lokkit.add_argument("--masq", "-m", metavar="", action='append') parser_group_lokkit.add_argument("--custom-rules", metavar="", action='append') parser_group_lokkit.add_argument("--forward-port", metavar="", action='append') parser_group_lokkit.add_argument("--block-icmp", metavar="", action='append') parser.add_argument("--system-config", metavar="path") parser.add_argument("--default-config", metavar="path") parser.add_argument("--check-config", action="store_true") parser_group_standalone = parser.add_mutually_exclusive_group() parser_group_standalone.add_argument("-h", "--help", action="store_true") parser_group_standalone.add_argument("-V", "--version", action="store_true") parser_group_standalone.add_argument("--get-log-denied", action="store_true") parser_group_standalone.add_argument("--set-log-denied", metavar="") parser_group_standalone.add_argument("--get-automatic-helpers", action="store_true") parser_group_standalone.add_argument("--set-automatic-helpers", metavar="") parser_group_standalone.add_argument("--policy-server", action="store_true") parser_group_standalone.add_argument("--policy-desktop", action="store_true") parser_group_standalone.add_argument("--lockdown-on", action="store_true") parser_group_standalone.add_argument("--lockdown-off", action="store_true") parser_group_standalone.add_argument("--query-lockdown", action="store_true") parser_group_standalone.add_argument("--get-default-zone", action="store_true") parser_group_standalone.add_argument("--set-default-zone", metavar="") parser_group_standalone.add_argument("--get-zones", action="store_true") parser_group_standalone.add_argument("--get-policies", action="store_true") parser_group_standalone.add_argument("--get-services", action="store_true") parser_group_standalone.add_argument("--get-icmptypes", action="store_true") parser_group_standalone.add_argument("--get-zone-of-interface", metavar="", action='append') parser_group_standalone.add_argument("--get-zone-of-source", metavar="", action='append') parser_group_standalone.add_argument("--list-all-zones", action="store_true") parser_group_standalone.add_argument("--list-all-policies", action="store_true") parser_group_standalone.add_argument("--info-zone", metavar="") parser_group_standalone.add_argument("--info-policy", metavar="") parser_group_standalone.add_argument("--info-service", metavar="") parser_group_standalone.add_argument("--info-icmptype", metavar="") parser_group_standalone.add_argument("--info-ipset", metavar="") parser_group_standalone.add_argument("--info-helper", metavar="") parser_group_config = parser.add_mutually_exclusive_group() parser_group_config.add_argument("--new-icmptype", metavar="") parser_group_config.add_argument("--new-icmptype-from-file", metavar="") parser_group_config.add_argument("--delete-icmptype", metavar="") parser_group_config.add_argument("--load-icmptype-defaults", metavar="") parser_group_config.add_argument("--new-service", metavar="") parser_group_config.add_argument("--new-service-from-file", metavar="") parser_group_config.add_argument("--delete-service", metavar="") parser_group_config.add_argument("--load-service-defaults", metavar="") parser_group_config.add_argument("--new-zone", metavar="") parser_group_config.add_argument("--new-zone-from-file", metavar="") parser_group_config.add_argument("--delete-zone", metavar="") parser_group_config.add_argument("--load-zone-defaults", metavar="") parser_group_config.add_argument("--new-policy", metavar="") parser_group_config.add_argument("--new-policy-from-file", metavar="") parser_group_config.add_argument("--delete-policy", metavar="") parser_group_config.add_argument("--load-policy-defaults", metavar="") parser_group_config.add_argument("--new-ipset", metavar="") parser_group_config.add_argument("--new-ipset-from-file", metavar="") parser_group_config.add_argument("--delete-ipset", metavar="") parser_group_config.add_argument("--load-ipset-defaults", metavar="") parser_group_config.add_argument("--new-helper", metavar="") parser_group_config.add_argument("--new-helper-from-file", metavar="") parser_group_config.add_argument("--delete-helper", metavar="") parser_group_config.add_argument("--load-helper-defaults", metavar="") parser_group_config.add_argument("--path-zone", metavar="") parser_group_config.add_argument("--path-policy", metavar="") parser_group_config.add_argument("--path-service", metavar="") parser_group_config.add_argument("--path-icmptype", metavar="") parser_group_config.add_argument("--path-ipset", metavar="") parser_group_config.add_argument("--path-helper", metavar="") parser.add_argument("--name", default="", metavar="") parser_group_lockdown_whitelist = parser.add_mutually_exclusive_group() parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-commands", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-command", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-contexts", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-context", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-uids", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-uid", metavar="", type=int, action='append') parser_group_lockdown_whitelist.add_argument("--list-lockdown-whitelist-users", action="store_true") parser_group_lockdown_whitelist.add_argument("--add-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--remove-lockdown-whitelist-user", metavar="", action='append') parser_group_lockdown_whitelist.add_argument("--query-lockdown-whitelist-user", metavar="", action='append') parser.add_argument("--zone", default="", metavar="") parser.add_argument("--policy", default="", metavar="") parser_group_zone_or_policy = parser.add_mutually_exclusive_group() parser_group_zone_or_policy.add_argument("--add-interface", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-interface", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-interface", metavar="", action='append') parser_group_zone_or_policy.add_argument("--change-interface", "--change-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-interfaces", action="store_true") parser_group_zone_or_policy.add_argument("--add-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--change-source", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-sources", action="store_true") parser_group_zone_or_policy.add_argument("--add-ingress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-ingress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-ingress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-ingress-zones", action="store_true") parser_group_zone_or_policy.add_argument("--add-egress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-egress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-egress-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-egress-zones", action="store_true") parser_group_zone_or_policy.add_argument("--add-rich-rule", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-rich-rule", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-rich-rule", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-service", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-service-from-zone", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-service-from-policy", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-service", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-protocol", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-protocol", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-protocol", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-source-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-source-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-source-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-forward", action="store_true") parser_group_zone_or_policy.add_argument("--remove-forward", action="store_true") parser_group_zone_or_policy.add_argument("--query-forward", action="store_true") parser_group_zone_or_policy.add_argument("--add-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--remove-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--query-masquerade", action="store_true") parser_group_zone_or_policy.add_argument("--add-icmp-block", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-icmp-block", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-icmp-block", metavar="", action='append') parser_group_zone_or_policy.add_argument("--add-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--remove-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--query-icmp-block-inversion", action="store_true") parser_group_zone_or_policy.add_argument("--add-forward-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--remove-forward-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--query-forward-port", metavar="", action='append') parser_group_zone_or_policy.add_argument("--list-rich-rules", action="store_true") parser_group_zone_or_policy.add_argument("--list-services", action="store_true") parser_group_zone_or_policy.add_argument("--list-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-protocols", action="store_true") parser_group_zone_or_policy.add_argument("--list-icmp-blocks", action="store_true") parser_group_zone_or_policy.add_argument("--list-forward-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-source-ports", action="store_true") parser_group_zone_or_policy.add_argument("--list-all", action="store_true") parser_group_zone_or_policy.add_argument("--get-target", action="store_true") parser_group_zone_or_policy.add_argument("--set-target", metavar="") parser_group_zone_or_policy.add_argument("--get-priority", action="store_true") parser_group_zone_or_policy.add_argument("--set-priority", metavar="") parser.add_argument("--option", metavar="[=]", action='append') parser.add_argument("--type", metavar="") parser.add_argument("--ipset", metavar="") parser_ipset = parser.add_mutually_exclusive_group() #parser_ipset.add_argument("--add-option", metavar="[=]") #parser_ipset.add_argument("--remove-option", metavar="[=]") #parser_ipset.add_argument("--query-option", metavar="[=]") #parser_ipset.add_argument("--get-options", action="store_true") parser_ipset.add_argument("--get-ipsets", action="store_true") parser_ipset.add_argument("--add-entry", metavar="", action='append') parser_ipset.add_argument("--remove-entry", metavar="", action='append') parser_ipset.add_argument("--query-entry", metavar="", action='append') parser_ipset.add_argument("--get-entries", action="store_true") parser_ipset.add_argument("--add-entries-from-file", metavar="", action='append') parser_ipset.add_argument("--remove-entries-from-file", metavar="", action='append') parser.add_argument("--icmptype", metavar="") parser_icmptype = parser.add_mutually_exclusive_group() parser_icmptype.add_argument("--add-destination", metavar="", action='append') parser_icmptype.add_argument("--remove-destination", metavar="", action='append') parser_icmptype.add_argument("--query-destination", metavar="", action='append') parser_icmptype.add_argument("--get-destinations", action="store_true") parser_service = parser.add_mutually_exclusive_group() parser_service.add_argument("--get-ports", action="store_true") parser_service.add_argument("--get-source-ports", action="store_true") parser_service.add_argument("--get-protocols", action="store_true") parser_service.add_argument("--add-module", metavar="", action='append') parser_service.add_argument("--remove-module", metavar="", action='append') parser_service.add_argument("--query-module", metavar="", action='append') parser_service.add_argument("--get-modules", action="store_true") parser_service.add_argument("--add-helper", metavar="", action='append') parser_service.add_argument("--remove-helper", metavar="", action='append') parser_service.add_argument("--query-helper", metavar="", action='append') parser_service.add_argument("--get-service-helpers", action="store_true") parser_service.add_argument("--add-include", metavar="", action='append') parser_service.add_argument("--remove-include", metavar="", action='append') parser_service.add_argument("--query-include", metavar="", action='append') parser_service.add_argument("--get-includes", action="store_true") parser_service.add_argument("--set-destination", metavar="", action='append') parser_service.add_argument("--get-destination", action="store_true") parser_service.add_argument("--set-description", metavar="") parser_service.add_argument("--get-description", action="store_true") parser_service.add_argument("--set-short", metavar="") parser_service.add_argument("--get-short", action="store_true") parser.add_argument("--helper", metavar="") parser.add_argument("--family", metavar="") parser.add_argument("--module", metavar="") parser_helper = parser.add_mutually_exclusive_group() #parser_helper.add_argument("--get-ports", action="store_true") parser_helper.add_argument("--get-helpers", action="store_true") parser_helper.add_argument("--set-module", metavar="") parser_helper.add_argument("--get-module", action="store_true") #parser_helper.add_argument("--query-module", metavar="") parser_helper.add_argument("--set-family", metavar="|''", nargs="*") parser_helper.add_argument("--get-family", action="store_true") parser.add_argument("--direct", action="store_true") # not possible to have sequences of options here parser_direct = parser.add_mutually_exclusive_group() parser_direct.add_argument("--add-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--remove-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--query-passthrough", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "")) parser_direct.add_argument("--get-passthroughs", nargs=1, metavar=("{ ipv4 | ipv6 | eb }")) parser_direct.add_argument("--get-all-passthroughs", action="store_true") parser_direct.add_argument("--add-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--remove-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--query-chain", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-chains", action="store_true") parser_direct.add_argument("--get-chains", nargs=2, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--add-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--remove-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--query-rule", nargs=argparse.REMAINDER, metavar=("{ ipv4 | ipv6 | eb }", "
")) parser_direct.add_argument("--get-rules", nargs=3, metavar=("{ ipv4 | ipv6 | eb }", "
", "")) parser_direct.add_argument("--get-all-rules", action="store_true") ############################################################################## cmd = FirewallCommand() def myexcepthook(exctype, value, traceback): cmd.exception_handler(str(value)) sys.excepthook = myexcepthook if len(sys.argv) > 1 and \ any('--migrate-system-config-firewall' in arg for arg in sys.argv): args = sys.argv[1:] migration_parser = argparse.ArgumentParser( usage="see firewall-offline-cmd man page", add_help=False) migration_parser.add_argument("-h", "--help", action="store_true") migration_parser.add_argument("-v", "--verbose", action="store_true") migration_parser.add_argument("-q", "--quiet", action="store_true") migration_parser.add_argument("--migrate-system-config-firewall", metavar="", action='store') a,unknown = migration_parser.parse_known_args(args) cmd.set_quiet(a.quiet) cmd.set_verbose(a.verbose) if a.help: __usage() sys.exit(0) else: assert_root() if a.quiet: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.migrate_system_config_firewall: args = read_sysconfig_args(a.migrate_system_config_firewall) if not args: cmd.fail("Opening of '%s' failed, exiting." % \ a.migrate_system_config_firewall) args += unknown elif len(sys.argv) > 1: i = -1 args = sys.argv[1:] if '--add-passthrough' in args: i = args.index('--add-passthrough') + 1 elif '--remove-passthrough' in args: i = args.index('--remove-passthrough') + 1 elif '--query-passthrough' in args: i = args.index('--query-passthrough') + 1 elif '--add-rule' in args: i = args.index('--add-rule') + 4 elif '--remove-rule' in args: i = args.index('--remove-rule') + 4 elif '--query-rule' in args: i = args.index('--query-rule') + 4 # join into one argument to prevent parser from parsing each iptables # option, because they can conflict with firewall-cmd options # # e.g. --delete (iptables) and --delete-* (firewall-cmd) if (i > -1) and (i < len(args) - 1): aux_args = args[:] args = aux_args[:i+1] # all but not args.append(joinArgs(aux_args[i+1:])) # add as one arg else: assert_root() # migrate configuration from SYSTEM_CONFIG_FIREWALL args = read_sysconfig_args() if not args: cmd.fail("Opening of '%s' failed, exiting." % SYSTEM_CONFIG_FIREWALL) a = parser.parse_args(args) options_lokkit = a.enabled or a.disabled or a.addmodule or a.removemodule or \ a.trust or a.masq or a.custom_rules or \ a.service or a.remove_service or a.port or \ a.trust or a.masq or a.forward_port or a.block_icmp options_standalone = a.help or a.version or \ a.policy_server or a.policy_desktop or \ a.lockdown_on or a.lockdown_off or a.query_lockdown or \ a.get_default_zone or a.set_default_zone or \ a.get_log_denied or a.set_log_denied or \ a.get_automatic_helpers or a.set_automatic_helpers options_desc_xml_file = a.set_description or a.get_description or \ a.set_short or a.get_short options_lockdown_whitelist = \ a.list_lockdown_whitelist_commands or a.add_lockdown_whitelist_command or \ a.remove_lockdown_whitelist_command or \ a.query_lockdown_whitelist_command or \ a.list_lockdown_whitelist_contexts or a.add_lockdown_whitelist_context or \ a.remove_lockdown_whitelist_context or \ a.query_lockdown_whitelist_context or \ a.list_lockdown_whitelist_uids or a.add_lockdown_whitelist_uid is not None or \ a.remove_lockdown_whitelist_uid is not None or \ a.query_lockdown_whitelist_uid is not None or \ a.list_lockdown_whitelist_users or a.add_lockdown_whitelist_user or \ a.remove_lockdown_whitelist_user or \ a.query_lockdown_whitelist_user options_config = a.get_zones or a.get_services or a.get_icmptypes or \ options_lockdown_whitelist or a.list_all_zones or \ a.get_zone_of_interface or a.get_zone_of_source or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.info_policy or a.get_ipsets or a.info_helper or \ a.get_helpers or a.get_policies or a.list_all_policies options_zone_and_policy_adapt_query = \ a.add_service or a.remove_service_from_zone or a.query_service or \ a.add_port or a.remove_port or a.query_port or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.add_source_port or a.remove_source_port or a.query_source_port or \ a.add_icmp_block or a.remove_icmp_block or a.query_icmp_block or \ a.add_forward_port or a.remove_forward_port or a.query_forward_port or \ a.add_rich_rule or a.remove_rich_rule or a.query_rich_rule or \ a.add_masquerade or a.remove_masquerade or a.query_masquerade or \ a.list_services or a.list_ports or a.list_protocols or \ a.list_source_ports or \ a.list_icmp_blocks or a.list_forward_ports or a.list_rich_rules or \ a.list_all or a.get_target or a.set_target options_zone_unique = \ a.add_icmp_block_inversion or a.remove_icmp_block_inversion or \ a.query_icmp_block_inversion or \ a.add_forward or a.remove_forward or a.query_forward or \ a.list_interfaces or a.change_interface or \ a.add_interface or a.remove_interface or a.query_interface or \ a.list_sources or a.change_source or \ a.add_source or a.remove_source or a.query_source options_zone_ops = options_zone_unique or options_zone_and_policy_adapt_query options_policy_unique = \ a.list_ingress_zones or a.add_ingress_zone or \ a.remove_ingress_zone or a.query_ingress_zone or \ a.list_egress_zones or a.add_egress_zone or \ a.remove_egress_zone or a.query_egress_zone or \ a.set_priority or a.get_priority options_policy_ops = options_policy_unique or options_zone_and_policy_adapt_query options_zone = a.zone or options_zone_ops or options_desc_xml_file options_policy = a.policy or options_policy_ops or options_desc_xml_file options_ipset = a.add_entry or a.remove_entry or a.query_entry or \ a.get_entries or a.add_entries_from_file or \ a.remove_entries_from_file or options_desc_xml_file options_icmptype = a.add_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file options_service = a.add_port or a.remove_port or a.query_port or \ a.get_ports or \ a.add_protocol or a.remove_protocol or a.query_protocol or \ a.get_protocols or \ a.add_source_port or a.remove_source_port or \ a.query_source_port or a.get_source_ports or \ a.add_module or a.remove_module or a.query_module or \ a.get_modules or \ a.set_destination or a.remove_destination or \ a.query_destination or a.get_destinations or \ options_desc_xml_file or \ a.add_include or a.remove_include or a.query_include or \ a.get_includes or \ a.add_helper or a.remove_helper or a.query_helper or \ a.get_service_helpers options_helper = a.add_port or a.remove_port or a.query_port or \ a.get_ports or a.set_module or a.get_module or \ a.set_family or a.get_family or \ options_desc_xml_file options_permanent = options_config or options_zone or options_policy or \ a.new_icmptype or a.delete_icmptype or \ a.new_icmptype_from_file or \ a.load_icmptype_defaults or \ a.new_service or a.delete_service or \ a.new_service_from_file or \ a.load_service_defaults or \ a.new_zone or a.delete_zone or \ a.new_zone_from_file or \ a.load_zone_defaults or \ a.new_policy or a.delete_policy or \ a.new_policy_from_file or \ a.load_policy_defaults or \ a.new_helper or a.delete_helper or \ a.new_helper_from_file or \ a.load_helper_defaults or \ a.new_ipset or a.delete_ipset or \ a.new_ipset_from_file or \ a.load_ipset_defaults or \ a.ipset or options_ipset or \ (a.icmptype and options_icmptype) or \ (a.service and options_service) or \ (a.helper and options_helper) or \ a.path_zone or a.path_icmptype or a.path_service or \ a.path_ipset or a.path_helper or a.path_policy options_direct = \ a.add_chain or a.remove_chain or a.query_chain or \ a.get_chains or a.get_all_chains or \ a.add_rule or a.remove_rule or a.remove_rules or a.query_rule or \ a.get_rules or a.get_all_rules or \ a.add_passthrough or a.remove_passthrough or a.query_passthrough or \ a.get_passthroughs or a.get_all_passthroughs # these are supposed to only write out some output options_list_get = a.help or a.version or a.list_all or a.list_all_zones or \ a.list_lockdown_whitelist_commands or a.list_lockdown_whitelist_contexts or \ a.list_lockdown_whitelist_uids or a.list_lockdown_whitelist_users or \ a.list_services or a.list_ports or a.list_protocols or a.list_icmp_blocks or \ a.list_forward_ports or a.list_rich_rules or a.list_interfaces or \ a.list_sources or a.get_default_zone or \ a.get_zone_of_interface or a.get_zone_of_source or a.get_zones or \ a.get_services or a.get_icmptypes or a.get_target or \ a.info_zone or a.info_icmptype or a.info_service or \ a.info_ipset or a.get_ipsets or a.get_entries or \ a.info_helper or a.get_helpers or \ a.get_destinations or a.get_description or \ a.list_all_policies or a.info_policy or a.get_policies # Set quiet and verbose cmd.set_quiet(a.quiet) cmd.set_verbose(a.verbose) # Check various impossible combinations of options if not (options_standalone or options_ipset or \ options_lokkit or \ options_icmptype or options_service or options_helper or \ options_permanent or options_direct or options_desc_xml_file or \ a.check_config): cmd.fail(parser.format_usage() + "No option specified.") if options_lokkit and (options_standalone or \ options_permanent or options_direct) and \ not (options_service and a.service): cmd.fail(parser.format_usage() + "Can't use lokkit options with other options.") if options_standalone and (options_permanent or \ options_direct or options_ipset): cmd.fail(parser.format_usage() + "Can't use stand-alone options with other options.") if options_ipset and not options_desc_xml_file and not a.ipset: cmd.fail(parser.format_usage() + "No ipset specified.") if (options_icmptype and not a.icmptype) and \ not (options_service and a.service) and not options_desc_xml_file: cmd.fail(parser.format_usage() + "No icmptype specified.") if options_service and a.service and len(a.service) > 0: if len(a.service) > 1: cmd.fail(parser.format_usage() + "More than one service specified.") # use the first entry in the array only a.service = a.service[0] if (options_helper and not a.helper) and \ not (options_service and a.service) and \ not options_zone and not options_desc_xml_file and \ not options_policy: cmd.fail(parser.format_usage() + "No helper specified.") if options_direct and (options_zone or options_policy): cmd.fail(parser.format_usage() + "Can't use 'direct' options with other options.") if (a.direct and not options_direct) or (options_direct and not a.direct): cmd.fail(parser.format_usage() + "Wrong usage of 'direct' options.") if a.name and not (a.new_zone_from_file or a.new_service_from_file or \ a.new_ipset_from_file or a.new_icmptype_from_file or \ a.new_helper_from_file or a.new_policy_from_file): cmd.fail(parser.format_usage() + "Wrong usage of '--name' option.") if options_config and (options_zone or options_policy): cmd.fail(parser.format_usage() + "Wrong usage of --get-zones | --get-services | --get-icmptypes | --get-policies.") if a.quiet and options_list_get: # it makes no sense to use --quiet with these options a.quiet = False cmd.set_quiet(a.quiet) cmd.fail("-q/--quiet can't be used with this option(s)") if a.zone and a.policy: cmd.fail(parser.format_usage() + "Can't use --zone with --policy.") if a.policy and options_zone_unique: cmd.fail(parser.format_usage() + "Can't use --policy with zone only options.") if a.zone and options_policy_unique: cmd.fail(parser.format_usage() + "Can't use --zone with policy only options.") if not a.policy and options_policy_unique: cmd.fail(parser.format_usage() + "Must use --policy with policy only options.") if a.help: __usage() sys.exit(0) assert_root() if a.system_config: config.set_system_config_paths(a.system_config) if a.default_config: config.set_default_config_paths(a.default_config) if a.check_config: try: fw = Firewall(offline=True) fw.start() check_on_disk_config(fw) except FirewallError as error: cmd.print_and_exit("Configuration error: %s" % error, error.code) except Exception as msg: cmd.fail("Configuration error: %s" % msg) sys.exit(0) zone = a.zone fw = Firewall(offline=True) fw.start() try: # Lokkit Compatibility Options if options_lokkit and not (options_service and a.service): trusted_zone = "trusted" default_zone = fw.get_default_zone() fw_zone = fw.config.get_zone(default_zone) fw_settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(fw_zone)) if a.enabled: # Enable firewall (default) os.system("systemctl enable firewalld.service") if a.disabled: # Disable firewall os.system("systemctl disable firewalld.service") if a.addmodule: for m in a.addmodule: cmd.print_msg("Ignoring addmodule '%s'" % m) if a.removemodule: for m in a.removemodule: cmd.print_msg("Ignoring removemodule '%s'" % m) if a.custom_rules: for c in a.custom_rules: cmd.print_msg("Ignoring custom-rule '%s'" % c) if a.service: for s in a.service: cmd.print_msg("Adding service '%s' to default zone." % s) if not fw_settings.queryService(s): fw_settings.addService(s) else: cmd.print_msg("ALREADY_ENABLED: %s" % s) if a.remove_service: for s in a.remove_service: cmd.print_msg("Removing service '%s' from default zone." % s) if fw_settings.queryService(s): fw_settings.removeService(s) else: cmd.print_msg("NOT_ENABLED: %s" % s) if a.port: for port_proto in a.port: (port, proto) = parse_port_lokkit(port_proto) cmd.print_msg("Adding port '%s/%s' to default zone." % (port, proto)) if not fw_settings.queryPort(port, proto): fw_settings.addPort(port, proto) else: cmd.print_msg("ALREADY_ENABLED: %s" % port_proto) if a.trust: if default_zone != trusted_zone: fw_trusted = fw.config.get_zone("trusted") fw_trusted_settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(fw_trusted)) # Bind an interface to the trusted zone for i in a.trust: cmd.print_msg("Interface '%s' will be bound to zone '%s'." % \ (i, trusted_zone)) if not fw_trusted_settings.queryInterface(i): fw_trusted_settings.addInterface(i) else: cmd.print_msg("ALREADY_ENABLED: %s" % i) fw.config.set_zone_config_dict(fw_trusted, fw_trusted_settings.getSettingsDict()) else: for i in a.trust: cmd.print_msg("Interface '%s' will be bound to zone '%s'." % \ (i, trusted_zone)) if not fw_settings.queryInterface(i): fw_settings.addInterface(i) else: cmd.print_msg("ALREADY_ENABLED: %s" % i) if a.masq: # Enables masquerading in the default zone, interface argument is ignored cmd.print_msg("Enabling masquerade for the default zone.") fw_settings.setMasquerade(True) if a.forward_port: for fp in a.forward_port: (port, protocol, toport, toaddr) = cmd.parse_forward_port( fp, compat=True) cmd.print_msg("Adding forward port %s:%s:%s:%s to default zone." % \ (port, protocol, toport, toaddr)) if not fw_settings.queryForwardPort(port, protocol, toport, toaddr): fw_settings.addForwardPort(port, protocol, toport, toaddr) else: cmd.print_msg("ALREADY_ENABLED: %s" % fp) if a.block_icmp: for ib in a.block_icmp: cmd.print_msg("Adding icmpblock '%s' to default zone." % ib) if not fw_settings.queryIcmpBlock(ib): fw_settings.addIcmpBlock(ib) else: cmd.print_msg("ALREADY_ENABLED: %s" % ib) fw.config.set_zone_config_dict(fw_zone, fw_settings.getSettingsDict()) elif a.version: cmd.print_and_exit(config.VERSION) elif a.get_log_denied: cmd.print_and_exit(fw.get_log_denied()) elif a.set_log_denied: fw.set_log_denied(a.set_log_denied) elif a.get_automatic_helpers: cmd.print_and_exit(fw.get_automatic_helpers()) elif a.set_automatic_helpers: fw.set_automatic_helpers(a.set_automatic_helpers) elif a.policy_server: pk_symlink('server') elif a.policy_desktop: pk_symlink('desktop') # options from firewall-cmd elif a.get_default_zone: cmd.print_and_exit(fw.get_default_zone()) elif a.set_default_zone: fw.set_default_zone(a.set_default_zone) # lockdown elif a.lockdown_on: fw.enable_lockdown() elif a.lockdown_off: fw.disable_lockdown() elif a.query_lockdown: cmd.print_query_result(fw.policies.query_lockdown()) # zones elif a.get_zones: zones = fw.config.get_zones() cmd.print_and_exit(" ".join(zones)) elif a.new_zone: fw.config.new_zone_dict(a.new_zone, FirewallClientZoneSettings().getSettingsDict()) elif a.new_zone_from_file: filename = os.path.basename(a.new_zone_from_file) dirname = os.path.dirname(a.new_zone_from_file) if dirname == "": dirname = "./" try: obj = zone_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load zone file '%s': %s" % \ (a.new_zone_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load zone file: %s" % msg) if a.name: obj.name = a.name fw.config.new_zone(obj.name, obj.export_config()) elif a.delete_zone: obj = fw.config.get_zone(a.delete_zone) fw.config.remove_zone(obj) elif a.load_zone_defaults: obj = fw.config.get_zone(a.load_zone_defaults) fw.config.load_zone_defaults(obj) elif a.info_zone: zone = fw.config.get_zone(a.info_zone) settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(zone)) cmd.print_zone_info(a.info_zone, settings, True) sys.exit(0) elif a.path_zone: obj = fw.config.get_zone(a.path_zone) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) # policies elif a.get_policies: policies = fw.config.get_policy_objects() cmd.print_and_exit(" ".join(policies)) elif a.new_policy: fw.config.new_policy_object_dict(a.new_policy, FirewallClientPolicySettings().getSettingsDict()) elif a.new_policy_from_file: filename = os.path.basename(a.new_policy_from_file) dirname = os.path.dirname(a.new_policy_from_file) if dirname == "": dirname = "./" try: obj = policy_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load policy file '%s': %s" % \ (a.new_policy_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load policy file: %s" % msg) if a.name: obj.name = a.name fw.config.new_policy_object_dict(obj.name, obj.export_config_dict()) elif a.delete_policy: obj = fw.config.get_policy_object(a.delete_policy) fw.config.remove_policy_object(obj) elif a.load_policy_defaults: obj = fw.config.get_policy_object(a.load_policy_defaults) fw.config.load_policy_object_defaults(obj) elif a.info_policy: policy = fw.config.get_policy_object(a.info_policy) settings = FirewallClientPolicySettings(fw.config.get_policy_object_config_dict(policy)) cmd.print_policy_info(a.info_policy, settings, True) sys.exit(0) elif a.path_policy: obj = fw.config.get_policy_object(a.path_policy) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) # services elif a.get_services: services = fw.config.get_services() cmd.print_and_exit(" ".join(services)) elif a.new_service: fw.config.new_service_dict(a.new_service, FirewallClientServiceSettings().getSettingsDict()) elif a.new_service_from_file: filename = os.path.basename(a.new_service_from_file) dirname = os.path.dirname(a.new_service_from_file) if dirname == "": dirname = "./" try: obj = service_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load service file '%s': %s" % \ (a.new_service_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load service file: %s" % msg) if a.name: obj.name = a.name fw.config.new_service_dict(obj.name, obj.export_config_dict()) elif a.delete_service: obj = fw.config.get_service(a.delete_service) fw.config.remove_service(obj) # remove service from all zones zones = fw.config.get_zones() for zone in zones: _zone = fw.config.get_zone(zone) _settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(_zone)) if _settings.queryService(a.delete_service): _settings.removeService(a.delete_service) fw.config.set_zone_config_dict(_zone, _settings.getSettingsDict()) # remove service from all policies for policy in fw.config.get_policy_objects(): _policy = fw.config.get_policy_object(policy) _settings = FirewallClientPolicySettings(fw.config.get_policy_object_config_dict(_policy)) if _settings.queryService(a.delete_service): _settings.removeService(a.delete_service) fw.config.set_policy_object_config_dict(_policy, _settings.getSettingsDict()) elif a.load_service_defaults: obj = fw.config.get_service(a.load_service_defaults) fw.config.load_service_defaults(obj) elif a.info_service: service = fw.config.get_service(a.info_service) settings = FirewallClientServiceSettings( fw.config.get_service_config_dict(service)) cmd.print_service_info(a.info_service, settings) sys.exit(0) elif a.path_service: obj = fw.config.get_service(a.path_service) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) # icmptypes elif a.get_icmptypes: icmptypes = fw.config.get_icmptypes() cmd.print_and_exit(" ".join(icmptypes)) elif a.new_icmptype: fw.config.new_icmptype(a.new_icmptype, FirewallClientIcmpTypeSettings().settings) elif a.new_icmptype_from_file: filename = os.path.basename(a.new_icmptype_from_file) dirname = os.path.dirname(a.new_icmptype_from_file) if dirname == "": dirname = "./" try: obj = icmptype_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load icmptype file '%s': %s" % \ (a.new_icmptype_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load icmptype file: %s" % msg) if a.name: obj.name = a.name fw.config.new_icmptype(obj.name, obj.export_config()) elif a.delete_icmptype: obj = fw.config.get_icmptype(a.delete_icmptype) fw.config.remove_icmptype(obj) # remove icmpyte from all zones zones = fw.config.get_zones() for zone in zones: _zone = fw.config.get_zone(zone) _settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(_zone)) if _settings.queryIcmpBlock(a.delete_icmptype): _settings.removeIcmpBlock(a.delete_icmptype) fw.config.set_zone_config_dict(_zone, _settings.getSettingsDict()) for policy in fw.config.get_policy_objects(): _policy = fw.config.get_policy_object(policy) _settings = FirewallClientPolicySettings(fw.config.get_policy_object_config_dict(_policy)) if _settings.queryIcmpBlock(a.delete_icmptype): _settings.removeIcmpBlock(a.delete_icmptype) fw.config.set_policy_object_config_dict(_policy, _settings.getSettingsDict()) elif a.load_icmptype_defaults: obj = fw.config.get_icmptype(a.load_icmptype_defaults) fw.config.load_icmptype_defaults(obj) elif a.info_icmptype: icmptype = fw.config.get_icmptype(a.info_icmptype) settings = FirewallClientIcmpTypeSettings( list(fw.config.get_icmptype_config(icmptype))) cmd.print_icmptype_info(a.info_icmptype, settings) sys.exit(0) elif a.path_icmptype: obj = fw.config.get_icmptype(a.path_icmptype) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) elif a.icmptype and options_icmptype: icmptype = fw.config.get_icmptype(a.icmptype) settings = FirewallClientIcmpTypeSettings( list(fw.config.get_icmptype_config(icmptype))) if a.add_destination: cmd.add_sequence(a.add_destination, settings.addDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") fw.config.set_icmptype_config(icmptype, settings.settings) elif a.remove_destination: cmd.remove_sequence(a.remove_destination, settings.removeDestination, settings.queryDestination, cmd.check_destination_ipv, "'%s'") fw.config.set_icmptype_config(icmptype, settings.settings) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.check_destination_ipv , "'%s'") elif a.get_destinations: l = settings.getDestinations() if len(l) == 0: l = [ "ipv4", "ipv6" ] cmd.print_and_exit("\n".join(l)) elif a.set_description: settings.setDescription(a.set_description) fw.config.set_icmptype_config(icmptype, settings.settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) fw.config.set_icmptype_config(icmptype, settings.settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") cmd.print_and_exit("success") elif a.service and options_service: service = fw.config.get_service(a.service) settings = FirewallClientServiceSettings( fw.config.get_service_config_dict(service)) if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_protocol: cmd.add_sequence(a.add_protocol, settings.addProtocol, settings.queryProtocol, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, settings.removeProtocol, settings.queryProtocol, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_protocol: cmd.query_sequence(a.query_protocol, settings.queryProtocol, None, "'%s'") elif a.get_protocols: l = settings.getProtocols() cmd.print_and_exit(" ".join(["%s" % protocol for protocol in l])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, settings.addSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, settings.removeSourcePort, settings.querySourcePort, cmd.parse_port, "%s/%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_source_port: cmd.query_sequence(a.query_source_port, settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.get_source_ports: l = settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.add_module: cmd.add_sequence(a.add_module, settings.addModule, settings.queryModule, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_module: cmd.remove_sequence(a.remove_module, settings.removeModule, settings.queryModule, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_module: cmd.query_sequence(a.query_module, settings.queryModule, None, "'%s'") elif a.get_modules: l = settings.getModules() cmd.print_and_exit(" ".join(["%s" % module for module in l])) elif a.set_destination: cmd.add_sequence(a.set_destination, settings.setDestination, settings.queryDestination, cmd.parse_service_destination, "%s:%s") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_destination: # special case for removeDestination: Only ipv, no address for ipv in a.remove_destination: cmd.check_destination_ipv(ipv) if ipv not in settings.getDestinations(): if len(a.remove_destination) > 1: cmd.print_warning("Warning: NOT_ENABLED: '%s'" % ipv) else: code = FirewallError.get_code("NOT_ENABLED") cmd.print_and_exit("Error: NOT_ENABLED: '%s'" % ipv, code) else: settings.removeDestination(ipv) fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_destination: cmd.query_sequence(a.query_destination, settings.queryDestination, cmd.parse_service_destination, "'%s'") elif a.get_destinations: l = settings.getDestinations() cmd.print_and_exit(" ".join(["%s:%s" % (dest[0], dest[1]) for dest in l.items()])) elif a.add_include: cmd.add_sequence(a.add_include, settings.addInclude, settings.queryInclude, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_include: cmd.remove_sequence(a.remove_include, settings.removeInclude, settings.queryInclude, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_include: cmd.query_sequence(a.query_include, settings.queryInclude, None, "'%s'") elif a.get_includes: l = settings.getIncludes() cmd.print_and_exit(" ".join(["%s" % include for include in sorted(l)])) elif a.add_helper: cmd.add_sequence(a.add_helper, settings.addHelper, settings.queryHelper, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.remove_helper: cmd.remove_sequence(a.remove_helper, settings.removeHelper, settings.queryHelper, None, "'%s'") fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.query_helper: cmd.query_sequence(a.query_helper, settings.queryHelper, None, "'%s'") elif a.get_service_helpers: l = settings.getHelpers() cmd.print_and_exit(" ".join(["%s" % helper for helper in sorted(l)])) elif a.set_description: settings.setDescription(a.set_description) fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) fw.config.set_service_config_dict(service, settings.getSettingsDict()) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") cmd.print_and_exit("success") # ipsets if a.get_ipsets: ipsets = fw.config.get_ipsets() cmd.print_and_exit(" ".join(sorted(ipsets))) elif a.new_ipset: if not a.type: cmd.fail(parser.format_usage() + "No type specified.") if a.type=='hash:mac' and a.family: cmd.fail(parser.format_usage() + "--family is not compatible with the hash:mac type") settings = FirewallClientIPSetSettings() settings.setType(a.type) if a.option: for opt in a.option: settings.addOption(*cmd.parse_ipset_option(opt)) fw.config.new_ipset(a.new_ipset, settings.settings) elif a.new_ipset_from_file: filename = os.path.basename(a.new_ipset_from_file) dirname = os.path.dirname(a.new_ipset_from_file) if dirname == "": dirname = "./" try: obj = ipset_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load ipset file '%s': %s" % \ (a.new_ipset_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load ipset file: %s" % msg) if a.name: obj.name = a.name fw.config.new_ipset(obj.name, obj.export_config()) elif a.delete_ipset: ipset = fw.config.get_ipset(a.delete_ipset) fw.config.remove_ipset(ipset) elif a.load_ipset_defaults: obj = fw.config.get_ipset(a.load_ipset_defaults) fw.config.load_ipset_defaults(obj) elif a.info_ipset: ipset = fw.config.get_ipset(a.info_ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.print_ipset_info(a.info_ipset, settings) sys.exit(0) elif a.path_ipset: obj = fw.config.get_ipset(a.path_ipset) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) elif a.ipset: if a.add_entry: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.add_sequence(a.add_entry, settings.addEntry, settings.queryEntry, None, "'%s'") fw.config.set_ipset_config(ipset, settings.settings) elif a.remove_entry: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.remove_sequence(a.remove_entry, settings.removeEntry, settings.queryEntry, None, "'%s'") fw.config.set_ipset_config(ipset, settings.settings) elif a.query_entry: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.query_sequence(a.query_entry, settings.queryEntry, None, "'%s'") elif a.get_entries: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) l = settings.getEntries() cmd.print_and_exit("\n".join(l)) elif a.add_entries_from_file: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) changed = False for filename in a.add_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.add_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry not in entries_set: old_entries.append(entry) entries_set.add(entry) changed = True else: cmd.print_if_verbose( "Warning: ALREADY_ENABLED: %s" % entry) if changed: settings.setEntries(old_entries) if changed: fw.config.set_ipset_config(ipset, settings.settings) elif a.remove_entries_from_file: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) changed = False for filename in a.remove_entries_from_file: try: entries = cmd.get_ipset_entries_from_file(filename) except IOError as msg: message = "Failed to read file '%s': %s" % (filename, msg) if len(a.remove_entries_from_file) > 1: cmd.print_warning(message) else: cmd.print_and_exit(message) else: old_entries = settings.getEntries() entries_set = set() for entry in old_entries: entries_set.add(entry) for entry in entries: if entry in entries_set: old_entries.remove(entry) entries_set.discard(entry) changed = True else: cmd.print_if_verbose("Warning: NOT_ENABLED: %s" % \ entry) if changed: settings.setEntries(old_entries) if changed: fw.config.set_ipset_config(ipset, settings.settings) elif a.set_description: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) settings.setDescription(a.set_description) fw.config.set_ipset_config(ipset, settings.settings) elif a.get_description: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.print_and_exit(settings.getDescription()) elif a.set_short: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) settings.setShort(a.set_short) fw.config.set_ipset_config(ipset, settings.settings) elif a.get_short: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") cmd.print_and_exit("success") # helper elif a.get_helpers: cmd.print_and_exit(" ".join(sorted(fw.config.get_helpers()))) elif a.new_helper: if not a.module: cmd.fail(parser.format_usage() + "No module specified.") settings = FirewallClientHelperSettings() settings.setModule(a.module) if a.family: settings.setFamily(a.family) fw.config.new_helper(a.new_helper, settings.settings) elif a.new_helper_from_file: filename = os.path.basename(a.new_helper_from_file) dirname = os.path.dirname(a.new_helper_from_file) if dirname == "": dirname = "./" try: obj = helper_reader(filename, dirname) except FirewallError as msg: cmd.print_and_exit("Failed to load helper file '%s': %s" % \ (a.new_helper_from_file, msg), msg.code) except IOError as msg: cmd.fail("Failed to load helper file: %s" % msg) if a.name: obj.name = a.name fw.config.new_helper(obj.name, obj.export_config()) elif a.delete_helper: obj = fw.config.get_helper(a.delete_helper) fw.config.remove_helper(obj) elif a.load_helper_defaults: obj = fw.config.get_helper(a.load_helper_defaults) fw.config.load_helper_defaults(obj) elif a.info_helper: obj = fw.config.get_helper(a.info_helper) settings = FirewallClientHelperSettings( list(fw.config.get_helper_config(obj))) cmd.print_helper_info(a.info_helper, settings) sys.exit(0) elif a.path_helper: obj = fw.config.get_helper(a.path_helper) cmd.print_and_exit("%s/%s" % (obj.path, obj.filename)) elif a.helper: obj = fw.config.get_helper(a.helper) settings = FirewallClientHelperSettings( list(fw.config.get_helper_config(obj))) if a.add_port: cmd.add_sequence(a.add_port, settings.addPort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_helper_config(obj, settings.settings) elif a.remove_port: cmd.remove_sequence(a.remove_port, settings.removePort, settings.queryPort, cmd.parse_port, "%s/%s") fw.config.set_helper_config(obj, settings.settings) elif a.query_port: cmd.query_sequence(a.query_port, settings.queryPort, cmd.parse_port, "%s/%s") elif a.get_ports: l = settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in l])) elif a.get_module: cmd.print_and_exit(settings.getModule()) elif a.set_module: settings.setModule(cmd.check_module(a.set_module)) fw.config.set_helper_config(obj, settings.settings) elif a.get_family: cmd.print_and_exit(settings.getFamily()) elif a.set_family: settings.setFamily(cmd.check_helper_family(a.set_family[0])) fw.config.set_helper_config(obj, settings.settings) elif a.set_description: settings.setDescription(a.set_description) fw.config.set_helper_config(obj, settings.settings) elif a.get_description: cmd.print_and_exit(settings.getDescription()) elif a.set_short: settings.setShort(a.set_short) fw.config.set_helper_config(obj, settings.settings) elif a.get_short: cmd.print_and_exit(settings.getShort()) else: cmd.fail(parser.format_usage() + "Unknown option") # lockdown whitelist elif options_lockdown_whitelist: whitelist = fw.config.get_policies().lockdown_whitelist # commands if a.list_lockdown_whitelist_commands: l = whitelist.get_commands() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_command: cmd.add_sequence(a.add_lockdown_whitelist_command, whitelist.add_command, whitelist.has_command, None, "'%s'") elif a.remove_lockdown_whitelist_command: cmd.remove_sequence(a.remove_lockdown_whitelist_command, whitelist.remove_command, whitelist.has_command, None, "'%s'") elif a.query_lockdown_whitelist_command: cmd.query_sequence(a.query_lockdown_whitelist_command, whitelist.has_command, None, "'%s'") # contexts elif a.list_lockdown_whitelist_contexts: l = whitelist.get_contexts() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_context: cmd.add_sequence(a.add_lockdown_whitelist_context, whitelist.add_context, whitelist.has_context, None, "'%s'") elif a.remove_lockdown_whitelist_context: cmd.remove_sequence(a.remove_lockdown_whitelist_context, whitelist.remove_context, whitelist.has_context, None, "'%s'") elif a.query_lockdown_whitelist_context: cmd.query_sequence(a.query_lockdown_whitelist_context, whitelist.has_context, None, "'%s'") # uids elif a.list_lockdown_whitelist_uids: l = whitelist.get_uids() cmd.print_and_exit(" ".join(map(str, l))) elif a.add_lockdown_whitelist_uid: cmd.add_sequence(a.add_lockdown_whitelist_uid, whitelist.add_uid, whitelist.has_uid, None, "'%s'") elif a.remove_lockdown_whitelist_uid: cmd.remove_sequence(a.remove_lockdown_whitelist_uid, whitelist.remove_uid, whitelist.has_uid, None, "'%s'") elif a.query_lockdown_whitelist_uid: cmd.query_sequence(a.query_lockdown_whitelist_uid, whitelist.has_uid, None, "'%s'") # users elif a.list_lockdown_whitelist_users: l = whitelist.get_users() cmd.print_and_exit("\n".join(l)) elif a.add_lockdown_whitelist_user: cmd.add_sequence(a.add_lockdown_whitelist_user, whitelist.add_user, whitelist.has_user, None, "'%s'") elif a.remove_lockdown_whitelist_user: cmd.remove_sequence(a.remove_lockdown_whitelist_user, whitelist.remove_user, whitelist.has_user, None, "'%s'") elif a.query_lockdown_whitelist_user: cmd.query_sequence(a.query_lockdown_whitelist_user, whitelist.has_user, None, "'%s'") # apply whitelist changes whitelist.write() elif options_direct: obj = fw.config.get_direct() if a.add_passthrough: if len(a.add_passthrough) < 2: cmd.fail("usage: --direct --add-passthrough { ipv4 | ipv6 | eb } ") cmd.print_msg( obj.add_passthrough(cmd.check_ipv(a.add_passthrough[0]), splitArgs(a.add_passthrough[1]))) elif a.remove_passthrough: if len(a.remove_passthrough) < 2: cmd.fail("usage: --direct --remove-passthrough { ipv4 | ipv6 | eb } ") obj.remove_passthrough(cmd.check_ipv(a.remove_passthrough[0]), splitArgs(a.remove_passthrough[1])) elif a.query_passthrough: if len(a.query_passthrough) < 2: cmd.fail("usage: --direct --query-passthrough { ipv4 | ipv6 | eb } ") cmd.print_query_result( obj.query_passthrough(cmd.check_ipv(a.query_passthrough[0]), splitArgs(a.query_passthrough[1]))) sys.exit(0) elif a.get_passthroughs: rules = obj.get_passthroughs(cmd.check_ipv(a.get_passthroughs[0])) for rule in rules: cmd.print_msg(joinArgs(rule)) sys.exit(0) elif a.get_all_passthroughs: rules = obj.get_all_passthroughs() for ipv in rules: for rule in rules[ipv]: cmd.print_msg("%s %s" % (ipv, joinArgs(rule))) sys.exit(0) elif a.add_chain: obj.add_chain(cmd.check_ipv(a.add_chain[0]), a.add_chain[1], a.add_chain[2]) elif a.remove_chain: obj.remove_chain(cmd.check_ipv(a.remove_chain[0]), a.remove_chain[1], a.remove_chain[2]) elif a.query_chain: cmd.print_query_result( obj.query_chain(cmd.check_ipv(a.query_chain[0]), a.query_chain[1], a.query_chain[2])) sys.exit(0) elif a.get_chains: cmd.print_and_exit( " ".join(obj.get_chains(cmd.check_ipv(a.get_chains[0]), a.get_chains[1]))) sys.exit(0) elif a.get_all_chains: chains = obj.get_all_chains() for (ipv, table) in chains: for chain in chains[(ipv, table)]: cmd.print_msg("%s %s %s" % (ipv, table, chain)) sys.exit(0) elif a.add_rule: if len(a.add_rule) < 5: cmd.fail("usage: --direct --add-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.add_rule[3]) except ValueError: cmd.fail("wrong priority\nusage: --direct --add-rule { ipv4 | ipv6 | eb }
") obj.add_rule(cmd.check_ipv(a.add_rule[0]), a.add_rule[1], a.add_rule[2], priority, splitArgs(a.add_rule[4])) elif a.remove_rule: if len(a.remove_rule) < 5: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.remove_rule[3]) except ValueError: cmd.fail("usage: --direct --remove-rule { ipv4 | ipv6 | eb }
") obj.remove_rule(cmd.check_ipv(a.remove_rule[0]), a.remove_rule[1], a.remove_rule[2], priority, splitArgs(a.remove_rule[4])) elif a.remove_rules: if len(a.remove_rules) < 3: cmd.fail("usage: --direct --remove-rules { ipv4 | ipv6 | eb }
") obj.remove_rules(cmd.check_ipv(a.remove_rules[0]), a.remove_rules[1], a.remove_rules[2]) elif a.query_rule: if len(a.query_rule) < 5: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") try: priority = int(a.query_rule[3]) except ValueError: cmd.fail("usage: --direct --query-rule { ipv4 | ipv6 | eb }
") cmd.print_query_result( obj.query_rule(cmd.check_ipv(a.query_rule[0]), a.query_rule[1], a.query_rule[2], priority, splitArgs(a.query_rule[4]))) sys.exit(0) elif a.get_rules: rules = obj.get_rules(cmd.check_ipv(a.get_rules[0]), a.get_rules[1], a.get_rules[2]) for (priority, rule) in rules: cmd.print_msg("%d %s" % (priority, joinArgs(rule))) sys.exit(0) elif a.get_all_rules: rules = obj.get_all_rules() for (ipv, table, chain) in rules: for (priority, rule) in rules[(ipv, table, chain)]: cmd.print_msg("%s %s %s %d %s" % \ (ipv, table, chain, priority, joinArgs(rule))) sys.exit(0) obj.write() # list everything elif a.list_all_policies: policies = fw.config.get_policy_objects() for policy in policies: fw_policy = fw.config.get_policy_object(policy) fw_settings = FirewallClientPolicySettings(fw.config.get_policy_object_config_dict(fw_policy)) cmd.print_policy_info(policy, fw_settings) cmd.print_msg("") sys.exit(0) elif a.policy: fw_policy = fw.config.get_policy_object(a.policy) fw_settings = FirewallClientPolicySettings(fw.config.get_policy_object_config_dict(fw_policy)) # ingress zones if a.list_ingress_zones: l = fw_settings.getIngressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_ingress_zone: cmd.add_sequence(a.add_ingress_zone, fw_settings.addIngressZone, fw_settings.queryIngressZone, None, "'%s'") elif a.remove_ingress_zone: cmd.remove_sequence(a.remove_ingress_zone, fw_settings.removeIngressZone, fw_settings.queryIngressZone, None, "'%s'") elif a.query_ingress_zone: cmd.query_sequence(a.query_ingress_zone, fw_settings.queryIngressZone, None, "'%s'") # egress zones if a.list_egress_zones: l = fw_settings.getEgressZones() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_egress_zone: cmd.add_sequence(a.add_egress_zone, fw_settings.addEgressZone, fw_settings.queryEgressZone, None, "'%s'") elif a.remove_egress_zone: cmd.remove_sequence(a.remove_egress_zone, fw_settings.removeEgressZone, fw_settings.queryEgressZone, None, "'%s'") elif a.query_egress_zone: cmd.query_sequence(a.query_egress_zone, fw_settings.queryEgressZone, None, "'%s'") # priority elif a.get_priority: cmd.print_and_exit(str(fw_settings.getPriority())) elif a.set_priority: fw_settings.setPriority(a.set_priority) # rich rules if a.list_rich_rules: l = fw_settings.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, fw_settings.addRichRule, fw_settings.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, fw_settings.removeRichRule, fw_settings.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, fw_settings.queryRichRule, None, "'%s'") # service if a.list_services: l = fw_settings.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, fw_settings.addService, fw_settings.queryService, None, "'%s'") elif a.remove_service_from_policy: cmd.remove_sequence(a.remove_service_from_policy, fw_settings.removeService, fw_settings.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, fw_settings.queryService, None, "'%s'") # port elif a.list_ports: l = fw_settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.add_sequence(a.add_port, fw_settings.addPort, fw_settings.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, fw_settings.removePort, fw_settings.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, fw_settings.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = fw_settings.getProtocols() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_protocol: cmd.add_sequence(a.add_protocol, fw_settings.addProtocol, fw_settings.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, fw_settings.removeProtocol, fw_settings.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, fw_settings.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw_settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, fw_settings.addSourcePort, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, fw_settings.removeSourcePort, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") # masquerade elif a.add_masquerade: fw_settings.setMasquerade(True) elif a.remove_masquerade: fw_settings.setMasquerade(False) elif a.query_masquerade: cmd.print_query_result(fw_settings.getMasquerade()) # forward port elif a.list_forward_ports: l = fw_settings.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (_port, _protocol, _toport, _toaddr) for (_port, _protocol, _toport, _toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, fw_settings.addForwardPort, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, fw_settings.removeForwardPort, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = fw_settings.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, fw_settings.addIcmpBlock, fw_settings.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, fw_settings.removeIcmpBlock, fw_settings.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, fw_settings.queryIcmpBlock, None, "'%s'") # policy target elif a.get_target: cmd.print_and_exit(fw_settings.getTarget()) elif a.set_target: fw_settings.setTarget(a.set_target) # list all policy settings elif a.list_all: cmd.print_policy_info(a.policy, fw_settings) sys.exit(0) elif a.set_description: fw_settings.setDescription(a.set_description) elif a.get_description: cmd.print_and_exit(fw_settings.getDescription()) elif a.set_short: fw_settings.setShort(a.set_short) elif a.get_short: cmd.print_and_exit(fw_settings.getShort()) fw.config.set_policy_object_config_dict(fw_policy, fw_settings.getSettingsDict()) cmd.print_and_exit("success") else: if zone == "": zone = fw.get_default_zone() fw_zone = fw.config.get_zone(zone) fw_settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(fw_zone)) # interface if a.list_interfaces: l = fw_settings.getInterfaces() cmd.print_and_exit(" ".join(l)) elif a.get_zone_of_interface: for interface in a.get_zone_of_interface: ret = [ ] for zone in fw.config.get_zones(): obj = fw.config.get_zone(zone) if interface in obj.interfaces: ret.append(obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same interface is in several zone XML files cmd.print_warning(" ".join(ret) + " (ERROR: interface '%s' is in %s zone XML files, can be only in one)" % (interface, len(ret))) if len(ret) == 1: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: %s" % (interface, ret[0])) else: cmd.print_and_exit(ret[0]) else: if len(a.get_zone_of_interface) > 1: cmd.print_warning("%s: no zone" % interface) else: cmd.print_and_exit("no zone", 2) elif a.change_interface: for interface in a.change_interface: for old_zone in fw.config.get_zones(): old_zone_obj = fw.config.get_zone(old_zone) if interface in old_zone_obj.interfaces: if old_zone_obj.name != zone: old_zone_settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(old_zone_obj)) old_zone_settings.removeInterface(interface) # remove from old fw.config.set_zone_config_dict(old_zone_obj, old_zone_settings.getSettingsDict()) fw_settings.addInterface(interface) # add to new elif a.add_interface: cmd.add_sequence(a.add_interface, fw_settings.addInterface, fw_settings.queryInterface, None, "'%s'") elif a.remove_interface: cmd.remove_sequence(a.remove_interface, fw_settings.removeInterface, fw_settings.queryInterface, None, "'%s'") elif a.query_interface: cmd.query_sequence(a.query_interface, fw_settings.queryInterface, None, "'%s'") # source if a.list_sources: sources = fw_settings.getSources() cmd.print_and_exit(" ".join(sources)) elif a.get_zone_of_source: for source in a.get_zone_of_source: ret = [ ] for zone in fw.config.get_zones(): obj = fw.config.get_zone(zone) if source in obj.sources: ret.append(obj.name) if len(ret) > 1: # Even it shouldn't happen, it's actually possible that # the same source is in several zone XML files cmd.print_warning(" ".join(ret) + " (ERROR: source '%s' is in %s zone XML files, can be only in one)" % (source, len(ret))) if len(ret) == 1: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: %s" % (source, ret[0])) else: cmd.print_and_exit(ret[0]) else: if len(a.get_zone_of_source) > 1: cmd.print_warning("%s: no zone" % source) else: cmd.print_and_exit("no zone", 2) elif a.change_source: for source in a.change_source: for old_zone in fw.config.get_zones(): old_zone_obj = fw.config.get_zone(old_zone) if source in old_zone_obj.sources: if old_zone_obj.name != zone: old_zone_settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(old_zone_obj)) old_zone_settings.removeSource(source) # remove from old fw.config.set_zone_config_dict(old_zone_obj, old_zone_settings.getSettingsDict()) fw_settings.addSource(source) # add to new elif a.add_source: cmd.add_sequence(a.add_source, fw_settings.addSource, fw_settings.querySource, None, "'%s'") elif a.remove_source: cmd.remove_sequence(a.remove_source, fw_settings.removeSource, fw_settings.querySource, None, "'%s'") elif a.query_source: cmd.query_sequence(a.query_source, fw_settings.querySource, None, "'%s'") # rich rules if a.list_rich_rules: l = fw_settings.getRichRules() cmd.print_and_exit("\n".join(l)) elif a.add_rich_rule: cmd.add_sequence(a.add_rich_rule, fw_settings.addRichRule, fw_settings.queryRichRule, None, "'%s'") elif a.remove_rich_rule: cmd.remove_sequence(a.remove_rich_rule, fw_settings.removeRichRule, fw_settings.queryRichRule, None, "'%s'") elif a.query_rich_rule: cmd.query_sequence(a.query_rich_rule, fw_settings.queryRichRule, None, "'%s'") # service if a.list_services: l = fw_settings.getServices() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_service: cmd.add_sequence(a.add_service, fw_settings.addService, fw_settings.queryService, None, "'%s'") elif a.remove_service_from_zone: cmd.remove_sequence(a.remove_service_from_zone, fw_settings.removeService, fw_settings.queryService, None, "'%s'") elif a.query_service: cmd.query_sequence(a.query_service, fw_settings.queryService, None, "'%s'") # port elif a.list_ports: l = fw_settings.getPorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_port: cmd.add_sequence(a.add_port, fw_settings.addPort, fw_settings.queryPort, cmd.parse_port, "%s/%s") elif a.remove_port: cmd.remove_sequence(a.remove_port, fw_settings.removePort, fw_settings.queryPort, cmd.parse_port, "%s/%s") elif a.query_port: cmd.query_sequence(a.query_port, fw_settings.queryPort, cmd.parse_port, "%s/%s") # protocol elif a.list_protocols: l = fw_settings.getProtocols() cmd.print_and_exit(" ".join(sorted(l))) elif a.add_protocol: cmd.add_sequence(a.add_protocol, fw_settings.addProtocol, fw_settings.queryProtocol, None, "'%s'") elif a.remove_protocol: cmd.remove_sequence(a.remove_protocol, fw_settings.removeProtocol, fw_settings.queryProtocol, None, "'%s'") elif a.query_protocol: cmd.query_sequence(a.query_protocol, fw_settings.queryProtocol, None, "'%s'") # source port elif a.list_source_ports: l = fw_settings.getSourcePorts() cmd.print_and_exit(" ".join(["%s/%s" % (port[0], port[1]) for port in sorted(l, key=lambda x: (x[1], getPortRange(x[0])[0]))])) elif a.add_source_port: cmd.add_sequence(a.add_source_port, fw_settings.addSourcePort, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.remove_source_port: cmd.remove_sequence(a.remove_source_port, fw_settings.removeSourcePort, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") elif a.query_source_port: cmd.query_sequence(a.query_source_port, fw_settings.querySourcePort, cmd.parse_port, "%s/%s") # forward elif a.add_forward: fw_settings.setForward(True) elif a.remove_forward: fw_settings.setForward(False) elif a.query_forward: cmd.print_query_result(fw_settings.getForward()) # masquerade elif a.add_masquerade: fw_settings.setMasquerade(True) elif a.remove_masquerade: fw_settings.setMasquerade(False) elif a.query_masquerade: cmd.print_query_result(fw_settings.getMasquerade()) # forward port elif a.list_forward_ports: l = fw_settings.getForwardPorts() cmd.print_and_exit("\n".join(["port=%s:proto=%s:toport=%s:toaddr=%s" % (_port, _protocol, _toport, _toaddr) for (_port, _protocol, _toport, _toaddr) in l])) elif a.add_forward_port: cmd.add_sequence(a.add_forward_port, fw_settings.addForwardPort, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.remove_forward_port: cmd.remove_sequence(a.remove_forward_port, fw_settings.removeForwardPort, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") elif a.query_forward_port: cmd.query_sequence(a.query_forward_port, fw_settings.queryForwardPort, cmd.parse_forward_port, "port=%s:proto=%s:toport=%s:toaddr=%s") # block icmp elif a.list_icmp_blocks: l = fw_settings.getIcmpBlocks() cmd.print_and_exit(" ".join(l)) elif a.add_icmp_block: cmd.add_sequence(a.add_icmp_block, fw_settings.addIcmpBlock, fw_settings.queryIcmpBlock, None, "'%s'") elif a.remove_icmp_block: cmd.remove_sequence(a.remove_icmp_block, fw_settings.removeIcmpBlock, fw_settings.queryIcmpBlock, None, "'%s'") elif a.query_icmp_block: cmd.query_sequence(a.query_icmp_block, fw_settings.queryIcmpBlock, None, "'%s'") # icmp block inversion elif a.add_icmp_block_inversion: fw_settings.addIcmpBlockInversion() elif a.remove_icmp_block_inversion: fw_settings.removeIcmpBlockInversion() elif a.query_icmp_block_inversion: cmd.print_query_result(fw_settings.queryIcmpBlockInversion()) # zone target elif a.get_target: cmd.print_and_exit(fw_settings.getTarget()) elif a.set_target: fw_settings.setTarget(a.set_target) # list all zone settings elif a.list_all: cmd.print_zone_info(zone if zone else fw.get_default_zone(), fw_settings) sys.exit(0) # list everything elif a.list_all_zones: zones = fw.config.get_zones() for zone in zones: fw_zone = fw.config.get_zone(zone) fw_settings = FirewallClientZoneSettings(fw.config.get_zone_config_dict(fw_zone)) cmd.print_zone_info(zone, fw_settings) cmd.print_msg("") sys.exit(0) elif a.set_description: fw_settings.setDescription(a.set_description) elif a.get_description: cmd.print_and_exit(fw_settings.getDescription()) elif a.set_short: fw_settings.setShort(a.set_short) elif a.get_short: cmd.print_and_exit(fw_settings.getShort()) fw.config.set_zone_config_dict(fw_zone, fw_settings.getSettingsDict()) cmd.print_and_exit("success") except FirewallError as msg: cmd.print_and_exit("%s" % msg, msg.code) except Exception as msg: cmd.fail("%s" % msg) else: cmd.print_and_exit("success") firewalld-1.1.1/src/firewalld.in0000755000000000000000000001774614217342322016573 0ustar00rootroot00000000000000#!@PYTHON@ # -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # python fork magic derived from setroubleshoot # Copyright (C) 2006,2007,2008,2009 Red Hat, Inc. # Authors: # John Dennis # Dan Walsh import os import sys import dbus import argparse from firewall import config from firewall.functions import firewalld_is_active from firewall.core.logger import log, FileLog def parse_cmdline(): parser = argparse.ArgumentParser() parser.add_argument('--debug', nargs='?', const=1, default=0, type=int, choices=range(1, log.DEBUG_MAX+1), help="""Enable logging of debug messages. Additional argument in range 1..%s can be used to specify log level.""" % log.DEBUG_MAX, metavar="level") parser.add_argument('--debug-gc', help="""Turn on garbage collector leak information. The collector runs every 10 seconds and if there are leaks, it prints information about the leaks.""", action="store_true") parser.add_argument('--nofork', help="""Turn off daemon forking, run as a foreground process.""", action="store_true") parser.add_argument('--nopid', help="""Disable writing pid file and don't check for existing server process.""", action="store_true") parser.add_argument('--system-config', help="""Path to firewalld system configuration""", metavar="path") parser.add_argument('--default-config', help="""Path to firewalld default configuration""", metavar="path") parser.add_argument('--log-file', help="""Path to firewalld log file""", metavar="path") return parser.parse_args() def setup_logging(args): # Set up logging capabilities log.setDateFormat("%Y-%m-%d %H:%M:%S") log.setFormat("%(date)s %(label)s%(message)s") log.setInfoLogging("*", log.syslog, [ log.FATAL, log.ERROR, log.WARNING, log.TRACEBACK ], fmt="%(label)s%(message)s") log.setDebugLogLevel(log.NO_INFO) log.setDebugLogLevel(log.NO_DEBUG) if args.debug: log.setInfoLogLevel(log.INFO_MAX) log.setDebugLogLevel(args.debug) if args.nofork: log.addInfoLogging("*", log.stdout) log.addDebugLogging("*", log.stdout) log_file = FileLog(config.FIREWALLD_LOGFILE, "a") try: log_file.open() except IOError as e: log.error("Failed to open log file '%s': %s", config.FIREWALLD_LOGFILE, str(e)) else: log.addInfoLogging("*", log_file, [ log.FATAL, log.ERROR, log.WARNING, log.TRACEBACK ]) log.addDebugLogging("*", log_file) if args.debug: log.addInfoLogging("*", log_file) log.addDebugLogging("*", log_file) def startup(args): try: if not args.nofork: # do the UNIX double-fork magic, see Stevens' "Advanced # Programming in the UNIX Environment" for details (ISBN 0201563177) pid = os.fork() if pid > 0: # exit first parent sys.exit(0) # decouple from parent environment os.chdir("/") os.setsid() os.umask(os.umask(0o077) | 0o022) # Do not close the file descriptors here anymore # File descriptors are now closed in runProg before execve # Redirect the standard I/O file descriptors to /dev/null if hasattr(os, "devnull"): REDIRECT_TO = os.devnull else: REDIRECT_TO = "/dev/null" fd = os.open(REDIRECT_TO, os.O_RDWR) os.dup2(fd, 0) # standard input (0) os.dup2(fd, 1) # standard output (1) os.dup2(fd, 2) # standard error (2) if not args.nopid: # write the pid file with open(config.FIREWALLD_PIDFILE, "w") as f: f.write(str(os.getpid())) if not os.path.exists(config.FIREWALLD_TEMPDIR): os.mkdir(config.FIREWALLD_TEMPDIR, 0o750) # attempt to drop Linux capabilities to a minimal set: # - CAP_NET_ADMIN # - CAP_NET_RAW # - CAP_SYS_MODULE try: import capng capng.capng_clear(capng.CAPNG_SELECT_BOTH) if capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE | capng.CAPNG_PERMITTED | capng.CAPNG_BOUNDING_SET, capng.CAP_NET_ADMIN) or \ capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE | capng.CAPNG_PERMITTED | capng.CAPNG_BOUNDING_SET, capng.CAP_NET_RAW) or \ capng.capng_update(capng.CAPNG_ADD, capng.CAPNG_EFFECTIVE | capng.CAPNG_PERMITTED | capng.CAPNG_BOUNDING_SET, capng.CAP_SYS_MODULE) or \ capng.capng_apply(capng.CAPNG_SELECT_BOTH): log.info(log.INFO1, "libcap-ng failed to drop Linux capabilities.") else: log.info(log.INFO1, "Dropped Linux capabilities to NET_ADMIN, NET_RAW, SYS_MODULE.") except ImportError: pass if args.system_config: config.set_system_config_paths(args.system_config) if args.default_config: config.set_default_config_paths(args.default_config) # Start the server mainloop here from firewall.server import server server.run_server(args.debug_gc) # Clean up on exit if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) except OSError as e: log.fatal("Fork #1 failed: %d (%s)" % (e.errno, e.strerror)) log.exception() if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) sys.exit(1) except dbus.exceptions.DBusException as e: log.fatal(str(e)) log.exception() if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) sys.exit(1) except IOError as e: log.fatal(str(e)) log.exception() if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE): os.remove(config.FIREWALLD_PIDFILE) sys.exit(1) def main(): # firewalld should only be run as the root user if os.getuid() != 0: print("You need to be root to run %s." % sys.argv[0]) sys.exit(-1) # Process the command-line arguments args = parse_cmdline() if args.log_file: config.FIREWALLD_LOGFILE = args.log_file setup_logging(args) # Don't attempt to run two copies of firewalld simultaneously if not args.nopid and firewalld_is_active(): log.fatal("Not starting FirewallD, already running.") sys.exit(1) startup(args) sys.exit(0) if __name__ == '__main__': main() firewalld-1.1.1/src/icons/0000755000000000000000000000000014217353175015373 5ustar00rootroot00000000000000firewalld-1.1.1/src/icons/16x16/0000755000000000000000000000000014217353175016160 5ustar00rootroot00000000000000firewalld-1.1.1/src/icons/16x16/apps/0000755000000000000000000000000014217353175017123 5ustar00rootroot00000000000000firewalld-1.1.1/src/icons/16x16/apps/firewall-applet.png0000644000000000000000000000142614217342322022714 0ustar00rootroot00000000000000‰PNG  IHDRóÿasBIT|dˆ pHYs × ×B(›xtEXtSoftwarewww.inkscape.org›î<tEXtTitleFirewall®®tEXtAuthorLapo Calamandreiß‘*VIDAT8¥’MHTQÇ÷Ý;Î3«‰ ÇÈ.Õ ‰ˆÂFÝ -¬$¤›Dp뢕n2¢•H´i3ê"7æ8ˆ‹#I‘$n \4àÆ užïÝûn‹Á‰\uWçžÿ½¿óçœ#2™ ÿsÔɲׇ}ß C£¬µXk±å "¡#‘È‹ @©Tì}Ü«âñ‹T»Õ¸®‹R<¯DÉ+áyÞA Ï+±³³£¦¦ÞV‚ P®ëR¥kËÕ¥”cBàº.»»»¬­"Ъ£1¡Áq$µÉ:Ξ‘H$ØØؤ±±dmíË-"„Àhƒê]^Ña8`A²_½& ðãû1Y6ÏœãCì2ÁAkã8h£Q: :‡†ä·ímš“É£?_‹EšëêÀq0Ö2?<ÌBÃ<ÖúØYÕØH,GÆãà8 ±X ™H€ã …kÙx?Â0Æèòƒ•ÖÆÆH¦R %HÉÚê*ué4H‰J¥ø²þ™ ðñ}Ÿýý=Œ µ˜{©µ•í|þÔe9Ôç=<Ñ¡£Ñhyn55a¢Q’…¥%îuv9™Ÿžæv:ÍL>O*uíÀñ­1Ëbì…–~ §:8Ô¯n¬åŠ?‹ÌÎÌï+€¶övf î÷ô”›(%s<èï)q’IÞ <{ú¼¬”ú-&ÁÖÔ׳·µuªƒCýM&#þÖ”´uuɪš‚\6Ëݾ¾£¹l–¶înGGÍ¿àb*ÑZXkåi„F)õr¼£ãÉßÚ®þªÎéDKIEND®B`‚firewalld-1.1.1/src/icons/16x16/apps/firewall-config.png0000644000000000000000000000142614217342322022674 0ustar00rootroot00000000000000‰PNG  IHDRóÿasBIT|dˆ pHYs × ×B(›xtEXtSoftwarewww.inkscape.org›î<tEXtTitleFirewall®®tEXtAuthorLapo Calamandreiß‘*VIDAT8¥’MHTQÇ÷Ý;Î3«‰ ÇÈ.Õ ‰ˆÂFÝ -¬$¤›Dp뢕n2¢•H´i3ê"7æ8ˆ‹#I‘$n \4àÆ užïÝûn‹Á‰\uWçžÿ½¿óçœ#2™ ÿsÔɲׇ}ß C£¬µXk±å "¡#‘È‹ @©Tì}Ü«âñ‹T»Õ¸®‹R<¯DÉ+áyÞA Ï+±³³£¦¦ÞV‚ P®ëR¥kËÕ¥”cBàº.»»»¬­"Ъ£1¡Áq$µÉ:Ξ‘H$ØØؤ±±dmíË-"„Àhƒê]^Ña8`A²_½& ðãû1Y6ÏœãCì2ÁAkã8h£Q: :‡†ä·ímš“É£?_‹EšëêÀq0Ö2?<ÌBÃ<ÖúØYÕØH,GÆãà8 ±X ™H€ã …kÙx?Â0Æèòƒ•ÖÆÆH¦R %HÉÚê*ué4H‰J¥ø²þ™ ðñ}Ÿýý=Œ µ˜{©µ•í|þÔe9Ôç=<Ñ¡£Ñhyn55a¢Q’…¥%îuv9™Ÿžæv:ÍL>O*uíÀñ­1Ëbì…–~ §:8Ô¯n¬åŠ?‹ÌÎÌï+€¶övf î÷ô”›(%s<èï)q’IÞ <{ú¼¬”ú-&ÁÖÔ׳·µuªƒCýM&#þÖ”´uuɪš‚\6Ëݾ¾£¹l–¶înGGÍ¿àb*ÑZXkåi„F)õr¼£ãÉßÚ®þªÎéDKIEND®B`‚firewalld-1.1.1/src/icons/16x16/apps/firewall-applet-panic.png0000644000000000000000000000143114217342322024000 0ustar00rootroot00000000000000‰PNG  IHDRóÿasBIT|dˆ pHYs : :ðd’JtEXtSoftwarewww.inkscape.org›î<–IDAT8¥“OˆUeÆßw¾ïœ¹3çzuÿt§;b !KláFA¡65¸hUQ- wnÔ¡… mf´) R¨RŽf )Èؽw®#2ŽcsϹç;çûÞwTfç /ïûyž÷y”ˆð,e6Zž;3s²uwñÕî&”æn³ùh±5ù(·Q! ^p…ûöôé3ß«§üüæë_¼ÒéWû‘Ö ¥4 ÆR®¿ó6Ý]-Bð,¯,ßo÷Ž<É@©mª¿/Û·Gÿv»(¥0Æà½GDØ=?Ï_ÏO2[œúüÄÈüöfðC½þi³Ù<õòØظª|¤ï1•$ˆh¥‘Háƒç¡6¼Õ»Ç¥m[A„²*‡ÄiúÙþFc§uå=UQ`Óq/‚±–¢ßg9¯*â½ûKôE ¬ÖDt.¨…8x’Êr8C@¼‡8F{ÏXY‘”%û®ÌqÅ{òu5çb=3Ctìñº$áxn g³³á»‹ÛÎù¿ €Žc1fÃnX‰R+ŸüyõÝ7n­*áÂÄÄÍ×’äÅèÀB’ •"ˆ µ „QÄÀZAµ?²«_žýÝý¡ÆH5:Š¹|«5E–‘¤)•sØZ²,‰ê)Çjy×Ôh§×Ëš;Z‹ÃÞ«îÄ¥s¸<'xO™ç”yŽ¯ªá,KŠÕÕ*Ï2÷ËÞ½K¿ý:÷pzzºÐJ©ÈY;Ò:z9|e-µñq”µØ4e¤Ñ@mŒÔ–tXzpü§[·÷õÿË>ZÏB½3ܼvþü–àV+~¡Ý¶‘sºr DȃêG‘¯?β¯.ÖZT½=|¬»²²Òl·U]`­ª8@§¿52‚+0ãã„Õ*z31[ZBg0½½áüñãþéúß¹\®í+¥¼ïŠ ž9ƒ»z•ö©Sø››°µE$PZcÖ×iŸ>-’JÕ:wî|v¹;þm<ßø· =•V«øÛÌLÒC¢ÕŠ][‹xÆèŽ1ˆs ÂîÆFgzuõ‹÷D¾œ}<¼vøe½›>ˆ¼G²ð ÀÜýÊ×ᦈl=‘þ§­ó?³ec×Iþ.IEND®B`‚firewalld-1.1.1/src/icons/22x22/0000755000000000000000000000000014217353175016152 5ustar00rootroot00000000000000firewalld-1.1.1/src/icons/22x22/apps/0000755000000000000000000000000014217353175017115 5ustar00rootroot00000000000000firewalld-1.1.1/src/icons/22x22/apps/firewall-applet.png0000644000000000000000000000236314217342322022707 0ustar00rootroot00000000000000‰PNG  IHDRÄ´l;sBIT|dˆ pHYs × ×B(›xtEXtSoftwarewww.inkscape.org›î<tEXtTitleFirewall®®tEXtAuthorLapo Calamandreiß‘*3IDAT8¥•ÛkWÇ?çœÙ‹ &±j|‰½K¬¥M!¢UÙ×Z±(T¬i‹H}(Øö¡EÛèSýlµR ­õªP‰ˆn ÕPi²ºÑÄd Ù]“lw®§³ÎzK[膙ï™s>3ç{¾sF$“I¦«––HTZòOí÷pk 5ÅT*eG¦ƒ¾±lég®kµ „Ðh´Ž]nÕš¨´Šþ„~õõÅ_N v,§}Ã;Ìh4†iš˜fÓ01 Û¶±Û¶‚ëòÙ²-lÛâ—“'Û§»ŽcVWWóÂó$7¤”h­ƒMÔŒ–g£) ü~ù7Ç1Cðû]]USêÞÆg±ò9ÀüÙ³ñ}ŸººYÔ×Ï#ÓßÏd±HãË‹©Ÿ;×u°m›ÎÎN„øž€ZOŸþN'ï%ÀS¦‰oÛ,ýáGþìø™}55è±1@@.‡ÊãY6ÍÀà0ªëñ|‰cépFÞ°ëy[ÞÚ½[Ýéë‹4¬[‡—N0Ò×ÇSõµkøBplëVN6-Çu,Û@QkPÊ4) ¡ïßGzbσ”²Yt±ˆž˜@Õ׃֌[&®åá9ªl¢ÀóüŠ§^:Íí³gi0MФävw7ó«ªB}§»›ùµµÁ€©)nžÿ>\ØÄŒA圡!_¼ë×AJ„”xRâõ÷ƒR Tp`?¤¡·÷\×Åq\×ax8 0‚¯cD£ôœ;‡ë8DL“H,FÏ™3¸¶M$%‹q¹« ×q¨+G°­­­¤­}””íùŸ†à¦åËñB:q‚æµk—ÔáÃ4¯__¶P:x¦5kHŸ:ÅÊU+”ïëoýtdûÃßAÖ€38RBÙÿV ðÊv!%ÞÝ»¬Z±Æøbçç}¼cû‡ ¥DVÚÕ‚ xåƯˆÇ¸r…±BeŒf2Üá^.‡ŠD¸“Ép+›åÞØÊ0˜”’±«W9óL-sçÌÁ÷µºySÑèžx<^Ù+­^Í…žš7n 6!H8@ó¦Ma*.îßOskkàå¼y¤gõ›+)•þ"—Ë‹™53Í‘ì­u³j¾Áîèh%ÃÃZ02J!¤ µ¯‚Ü6½¸(ô5ŸÏ‹cGE.œÿuwîÏd0âq.=ŠcY±X µ,"±‘xœK¸¥µK–ÐúÁ–Ò˦”U ÑSëöíà R±w/-Û¶©={íû¡^¶kG6oæ]˜‘L&‹3ç{¾sF$“I¦«––HTZòOí÷pk 5ÅT*eG¦ƒ¾±lég®kµ „Ðh´Ž]nÕš¨´Šþ„~õõÅ_N v,§}Ã;Ìh4†iš˜fÓ01 Û¶±Û¶‚ëòÙ²-lÛâ—“'Û§»ŽcVWWóÂó$7¤”h­ƒMÔŒ–g£) ü~ù7Ç1Cðû]]USêÞÆg±ò9ÀüÙ³ñ}ŸººYÔ×Ï#ÓßÏd±HãË‹©Ÿ;×u°m›ÎÎN„øž€ZOŸþN'ï%ÀS¦‰oÛ,ýáGþìø™}55è±1@@.‡ÊãY6ÍÀà0ªëñ|‰cépFÞ°ëy[ÞÚ½[Ýéë‹4¬[‡—N0Ò×ÇSõµkøBplëVN6-Çu,Û@QkPÊ4) ¡ïßGzbσ”²Yt±ˆž˜@Õ׃֌[&®åá9ªl¢ÀóüŠ§^:Íí³gi0MФävw7ó«ªB}§»›ùµµÁ€©)nžÿ>\ØÄŒA圡!_¼ë×AJ„”xRâõ÷ƒR Tp`?¤¡·÷\×Åq\×ax8 0‚¯cD£ôœ;‡ë8DL“H,FÏ™3¸¶M$%‹q¹« ×q¨+G°­­­¤­}””íùŸ†à¦åËñB:q‚æµk—ÔáÃ4¯__¶P:x¦5kHŸ:ÅÊU+”ïëoýtdûÃßAÖ€38RBÙÿV ðÊv!%ÞÝ»¬Z±Æøbçç}¼cû‡ ¥DVÚÕ‚ xåƯˆÇ¸r…±BeŒf2Üá^.‡ŠD¸“Ép+›åÞØÊ0˜”’±«W9óL-sçÌÁ÷µºySÑèžx<^Ù+­^Í…žš7n 6!H8@ó¦Ma*.îßOskkàå¼y¤gõ›+)•þ"—Ë‹™53Í‘ì­u³j¾Áîèh%ÃÃZ02J!¤ µ¯‚Ü6½¸(ô5ŸÏ‹cGE.œÿuwîÏd0âq.=ŠcY±X µ,"±‘xœK¸¥µK–ÐúÁ–Ò˦”U ÑSëöíà R±w/-Û¶©={íû¡^¶kG6oæ]˜‘L&‹nÆËe_)—ýÈŠeîzg§WuŠ¢x—‰ˆý`Ï{î¹7XÄ|ÿÂóÃ.ÿù¨¦ÙÛ#"¨*Þþxq3#ÏÂÑ¡#8—Y˜¥ñ"Oxü9x¹4¢ÀݺÅBï™Æ€Ì+ØüB¼²#ÉØQ*bÄà§>*²ªØ×w|u__®xñbPð^tªÁÒ®.|šÂ´b& ðYFÅÜHRÒ d`ìë‹!óÙ ØÁª¾5kX>:šöv¬µ¨s¤QDX,B’€*Yš h–aƒ:RpÆ  ¯ß®áEÈ2Ç)Ìä¤01WÅ„!xŸšBA¦5uQD0­·:‡KR樂¦Üš˜œ+@86&¬]K°{7ÒÛ ªäT‘;7½6Ö‚*mª,7Æâ+êû÷surçšäp½Ø;1›6Íd¾afåfVnW¯&ÇznðíXÖ®94ÜÖÑáµw¹ïA#µ-§Ï¼ÿʉS{瀣öv¯ûöµè¢E- Ô{ŒµÜi&U0/ •qÍ~’}ëÍW¯ýðÝðæ/}Ýߌc'Oâ·né0ï›Ì[KÐÜV·ßQÀ#ê}xå©'jƒO°öô8‰cÚêuÂ\sî4ªUòÅ""‚zOT¯³ T’Fƒm!¦£ç2Ò®n9/fÛ:•sÞ «Õ¨ôõ¡Þã’„,ŠšË2²8ÆÅ1¨âÒÇxçPAlHeûvÎœ=»àãµ4ö „¡$+Wr»R!?6†±›Ë5ÁQDÏcÂ4ŠP@Œ!ºy³áSñÅr¹rèø¿¢\- õø¬èïì´ËÖ¯‡þ~âÇÉGQ˳Þ9r¥8‡Ë2\–5½ǵbÛ[­½ñì¥ßnÌvIpno&ßÞ»Fƒ¤§Ç,™š’òè¨QïEU‰ªUÔ9PEUÉ’DOÁ©wᵪùöUEDÛûá‘ÙÅ¥P€Å½ÐÝ ]pý/˜8 ç߯€ŸõC½5èEÄÌ/þ[¨ª¿_í¾_Ó¿º7ü£f‚³IEND®B`‚firewalld-1.1.1/src/icons/22x22/apps/firewall-applet-error.png0000644000000000000000000000226514217342322024037 0ustar00rootroot00000000000000‰PNG  IHDRÄ´l;sBIT|dˆ pHYs ° °ÚÐ8ytEXtSoftwarewww.inkscape.org›î<2IDAT8µ•_hÕeÇ?Ï{Îïw6ÏÙfn«©S›˜ÙEó¢ © ÑB¨‹@f8’"Ã?©¸tåØB]1›^+óßpuQ#Ê‚ /2 JELhŠZ¶?§öÿœóû½ïÓÅ涓ZAôÀ{ó{àóûò}¾ïóŠªòTôïš""µµµ± »|ùrÐÖÖfä~Š·¿¶}qI_ÿ‡e7oøÝî4E]] «¸Øu»Ž²™¶gòd§(jEq6‘HC}Ý›õ÷‹˜SÏ>seá[s4ï¨GDPUœ1\_²˜Ž§Ÿ"m-A&ÃŒ™Óioÿ´oßž· î¶Bä qÁ¦›ÂB~êèÀ“wΡªx‡ÞEŽçÀ´©|ÿs­mDZ6Œ˜;¼c"å'D^þ Ž+W.›|ê‹IfÉ&97z”<1$&9¥¤ªŠ²¯Nóä²ålÈ„äcÄà¬F‡×*27¿´ôÌ£¥¥±ü«W£‘uëÄ”—ã•—S–È#ÓÜ £Ž/ŠY³¿¾~äƒç3ÿãOX F݈uÀÂÜÒyó˜•Lz^<.ÒÞ>æLt÷nr««ÉÉK͉«®‡É–ÃXgX?Ð! í¸b“L ÝÝ8ULK ƒÔÕx»kH";vŒA{6m¦û½@)z»“ÙVx·o‹f2 ŠZ‹65¦RÄöíùq]Ýø@€`Û6äƒ÷)ö ª#I‰%“X;BFCkÑ0$U\S"‚¿woVp2[·47DŒÚ{'°O´†òؼCY`?/ÏåD£¨µ©Ï#"±»/žCÄ÷ñDˆE"Ãñîžë8§K{ûŽ½töÜž¬¸¥âq‡*¨sˆ1HUfÔç‰å54Y»–Xn®d|?¯jÉÜô¬™s®íxµâËÓŸ/Ïÿ‘N“b(Æ©â*+1¦ŸÞ²…ôæÍYp­¨À9‡‰Ó÷¿x'Ë -)±’NãâWT |Õ;‰9Bjp?‘@jkH44àÅ|Ò­' ‹ä’˜¨lÈRö÷ÓYZŠ:«VAmM As36Uƒ±55ãÊŸ{žhÄ£sõjÎ_¸ûvãþö1ÅÏ“ÌìÙ tvBc#þúõØ“' &L¥ˆæä`< •B÷ïÇK&1••nà@óðÅLúÖ¡3_ÿˆòK"‘„ѵ¹Idã ‹Õ=±bE.]]¤%žJa"Pe¸·—Ü)SÀZlbÃTI%“ùð™¨þ>qÀQ€ó0°ðÊrâñ´&SRb¦ IñµkFU%ÕׇZ;rT 3=çÞ€WΪßIUED_ ‹‡'6g@Á|˜6ŠŠ  z~…îoáÒëððÞc©-z1mþS©ª»_ï¾OÓ­?NÀõo"v€TIEND®B`‚firewalld-1.1.1/src/icons/24x24/0000755000000000000000000000000014217353175016156 5ustar00rootroot00000000000000firewalld-1.1.1/src/icons/24x24/apps/0000755000000000000000000000000014217353175017121 5ustar00rootroot00000000000000firewalld-1.1.1/src/icons/24x24/apps/firewall-applet.png0000644000000000000000000000230614217342322022710 0ustar00rootroot00000000000000‰PNG  IHDRàw=øsBIT|dˆ pHYs × ×B(›xtEXtSoftwarewww.inkscape.org›î<tEXtTitleFirewall®®tEXtAuthorLapo Calamandreiß‘*IDATH‰Õ–MlTUÇ÷μ7Sp…H¡´¤.l‰‰Äа0hl LK]°Â€‚QSŒÕš¨D“.º€$|˜AêÐ.Í?bJZ Ó¦-eæQ:±$M±Lß{÷^¯<ËÀŠ…gsï¹ç¼ÿÿ|Ý›'y’"Ÿ(:}”ñ¥†õ{´R”R ` [¤ŒL Ckooß$ð\÷pSSs¼rE±X ÛŽ³cX–…ëÎ2ëÎëìƒ{—‰‰[‰Tê—ÃÀc¥‚ïB‚]]]]­?àÁƧRü~ð{~ ÎÆÆ ·7ˆÁðâ¥ü¹t%¾§p] €¥t1oÌ{o9"'2V55¡®]àæÀÀÃõLe çÞÙK×sð=çQK!æg ‰F.¤ÍÂÝ»˜©)€@/0ÓÓ Ç×…™¬Š Њ)õž_À÷î¡=„@]¹‚sñ"«¤!@JœînVÇã0wv³»›Õ‰\³€þ ßõNJŒŽVËBg2 %BJ°mÔà`@"%²PÃÈxçfß÷ñ|ÏsÉår…yWóy„”üÖÙHÉ¥dò~hRÒsö,Á"ÌCëþÖ9ƒ1F§…Ô­óžß´ ]Sƒ’ž3gØÐÒrôÔ)6ìØd$é“'©ßº•¡®.6o~ÍטoNž8õ ÿ‘"¢¯_Ke¡FFÐHaÛAçì:Ÿ`ÛëÛ£{ß}»íÃý￸r¾>tà»s‘ššÖ îKÉH_ÎÄHIn`g|g|¤$Ûׇ“Ëád³ %SÆp{hˆóe1–-{­Õ‘áÑø‚eñ²øhy°(ƒú-[øµ¿Ÿ†;Ã(ÓÇÓ°kWXªtG »wƒ”DV¬`èÂ^yõefff˜œœä™gö­‰[Ÿ.Z¼èPOO."Ðù|lÛè7‚}$LU6‹˜›*aÛhÇAÛ6/¾°>Ę¼=I[ÛÇ~_ïÕÏæõ ÿòå Ê'©RÒÓÑqª„ }ô(‰º:ZÞÜ^ÔX˲îþ¿-C‚T*Û Ô77£7nDHIúØ1öí Óíí>'éövÖµ´0”Lòs²3ÞØØ8{Ïæ»á6|ØÖ !”¯5¶!%Q_\¾¥‚ïB‚]]]]­?àÁƧRü~ð{~ ÎÆÆ ·7ˆÁðâ¥ü¹t%¾§p] €¥t1oÌ{o9"'2V55¡®]àæÀÀÃõLe çÞÙK×sð=çQK!æg ‰F.¤ÍÂÝ»˜©)€@/0ÓÓ Ç×…™¬Š Њ)õž_À÷î¡=„@]¹‚sñ"«¤!@JœînVÇã0wv³»›Õ‰\³€þ ßõNJŒŽVËBg2 %BJ°mÔà`@"%²PÃÈxçfß÷ñ|ÏsÉår…yWóy„”üÖÙHÉ¥dò~hRÒsö,Á"ÌCëþÖ9ƒ1F§…Ô­óžß´ ]Sƒ’ž3gØÐÒrôÔ)6ìØd$é“'©ßº•¡®.6o~ÍטoNž8õ ÿ‘"¢¯_Ke¡FFÐHaÛAçì:Ÿ`ÛëÛ£{ß}»íÃý￸r¾>tà»s‘ššÖ îKÉH_ÎÄHIn`g|g|¤$Ûׇ“Ëád³ %SÆp{hˆóe1–-{­Õ‘áÑø‚eñ²øhy°(ƒú-[øµ¿Ÿ†;Ã(ÓÇÓ°kWXªtG »wƒ”DV¬`èÂ^yõefff˜œœä™gö­‰[Ÿ.Z¼èPOO."Ðù|lÛè7‚}$LU6‹˜›*aÛhÇAÛ6/¾°>Ę¼=I[ÛÇ~_ïÕÏæõ ÿòå Ê'©RÒÓÑqª„ }ô(‰º:ZÞÜ^ÔX˲îþ¿-C‚T*Û Ô77£7nDHIúØ1öí Óíí>'éövÖµ´0”Lòs²3ÞØØ8{Ïæ»á6|ØÖ !”¯5¶!%Q_\¾OêÒ%ÌÖ­@¼ çöñb¸yú°==”ß;À¯ƒC8gk3sÈYë¹½{ñ¦“?Nx›7íØ¡Ý_ ëµú'ó˜dRý xìä3Qðü¡ý—¯ìkœ¼sLù¾ãìY´»û±“Ûk=®zîûÂÏ¿qñâ¹u0‡Ád½ÎÔв};3»[Œ‰Í…øŒñ<˜SÀK¥¨NMQmmADHø¾ÔàŒ‰ïg°çÅ;[!“É’Ë5/àíý\þéç»^Ø}hžDª*7GGiL&i›yˆå±±‡Ò¨R¾wD0A€µ–À/«WFßžÿ.ª‡õÆ™¼>À$ŸJ¥dýîݸ NŸ&,I75ÅI£:1AºP˜ÅµÉI‚l–p|î6qÆšÍhºÙŒ¶4Wòa¨ª ªXTä÷r±¸¶§gû÷W¼üÜúÆ…ƒ'·ß3t*æŽ"‚ˆãèé¿P×álûÃdVÜG9ŠˆÊeÊQ™C'šúy°XþÓ‘– ɺ×óÉäCuõ3Ü¡¡!@ùR”c®ÇËaȨóæÍ¥çµm|úñ'Ã=Û^›}¹" àíº… ïð–,UEUqÇqð}Ÿx<ŽãT?m\ñwßy'ïÆã,]°€á‘*ÖL÷à=×íQxä6‘ºë- R_ ¸M®Ké7˜³nEÕ‰• (¨@rÇ®.0»ünVü~šï¤ºJ[±S€½"³S3g®[¾reÿ}bmmàº]]ø©vÓ&°c ^2‰lÙ‚¬^]…º.Ö¸k|ŒÛÃ"‚©­ÀˆAÊ÷ýJbp5¾ýÝ·oJµU«p^z µgëÖ©äÀÙÝýäZaU¾öR‰l±¨?N%›%¦ ÝÝháttT!«W#Q„c ´·O&/îÜÉ©§7@Í«›=ƒR©\ˆ "å2j-j-”ËاžÂD±ÎÎêr;:¦íLÛ×GaÃnœßÊŽ€À‘á¬5¥i€¤1nYk-…\®Z O>Y- ¹Qo/Ñƨ1üÉØÉUŽìÙ[‰Òé­ÓNhàûø¾ZK)Ÿ'‘J‹qYˆà'”&&HÅã•ðÜùaob" ðØ7ŸIçrŸÕ€Ê»pëçÍÍY3k–Vêë5J¥4jÒiµ»wë•ÂôõéÙ ÐR[›þÙ’6¹yssÙ¹×e¿Þ·û/¾øèfU’4EL”ËŠE Å"ªŠyñE¤f2@´kQoïä³³f ñíÛ9ówÇóœ$Î{ž“ŸÙrÁ8ì€uS7 Õkm $ß|“ØÚµSÒö÷ÃóÏSêîF÷ì™|tvÒôê6âñÇuåÌÜëãcãŠuŽN“èÀ5×\8×Þ®Ùx\Íý÷O“Âö÷«I§5jlÔ\"¡fε}}ÓæTžèÒhÑB=¶o¯vv=~ìb‹™4YUå·L†† àÚL†„1àºD½½”º»ÁÚÉ‚ò™ ¬_Oh-^GÃØ/¿Úµ•>ù°•£†‹y=€nC¹åÞ{±mmxû÷“_¶Œ°µg`€0•¢˜ÍŸ1£ ±–R.›7“}ë-:ÎɆÇÿøaé’uçó ¾õ3ÓŸÁm]ª®__" +Wb >2RíI"¸A€ãûÕV"‚ø>CåÐ!=§ú]3lxeààèe³ªYÞo§’É™EZs_Z­uæ ® ""JíüP«Ê"G4¦#«:xùf©D¤Ùƒ‹!»äT™uKaÎM0{Ì®Izú78ý%œÜÇ#ªZº"àjÆU¿UüUèz£hÁ ­IEND®B`‚firewalld-1.1.1/src/icons/32x32/0000755000000000000000000000000014217353175016154 5ustar00rootroot00000000000000firewalld-1.1.1/src/icons/32x32/apps/0000755000000000000000000000000014217353175017117 5ustar00rootroot00000000000000firewalld-1.1.1/src/icons/32x32/apps/firewall-applet.png0000644000000000000000000000355514217342322022715 0ustar00rootroot00000000000000‰PNG  IHDR szzôsBIT|dˆ pHYs × ×B(›xtEXtSoftwarewww.inkscape.org›î<tEXtTitleFirewall®®tEXtAuthorLapo Calamandreiß‘*­IDATX…Í—[l熟f›µ ˜s²ShÔ†T(%ؾHzÑ•Ú¤'QÁ¤ mUEQ€‹6¹©"¤ÐV½I¹(J•P«&i¥˜D–BMÀƒKMemã³1Þ]ïÌîÌèŬwqe¨,!ÑOZÍþï~š}çyÿofWÄb1îeY÷ôÛÿ 83iþÞö¦F›ý~àߧµF+…Ö¥5áZ£µú¯µFi5e£Ê—;ÎûçŸfd òÕ«ÖÌ[²h ‘H¤ðÒÚÈ€ ð ‚âÑ/¬§~64<\}®µõõ 6¼=#~6;oAõ–.]†RjÚcÌô: ضÍáø{äü lpVbÖL `ŒÆóž;5vwñ"Äg òÊ¿Éu]Ât]ÂÃÀ¬R~½üaL¤œL ÑÚ •@I+o@ å-ö´µ}MWTüaé3ÏDÓkV±pÑBjFÆ1?Æñ}æ¬~ˆ>ÖߥÐÆ0n[$ZÁŠè¡!€þ?$ÿo-¬ §B´²Q2ŒË‚ Ø¡¬R¿¸©)jÕÔ`•Î¢úú zh‚„À Ê]ëFR)ÈŸd¶Vø© :•Âd2¡Ëâþúzæ8€§KPJ¢•… J™)"ö¤߯r’IÆ¡ë»™ÿΟñGG1¾Èå˜ð<®¬ÜÂ÷ßÇäu|Ÿ Ï£ëg/3ÿÐ!ÌØXQ¯¬ÄÏåpu J;h壵Aæ ˆ<ˆ]ÈIIª·—Îñqr‰^:g YcÌç•ëA¨÷ô˜ÀÓš¬1 6†Àª@© …@# ›p²D,ã‡ÇË…·]73“¡¸mE£e$ê¥é6÷„3gOñ«W÷ªÙ¥eå!¥XuðLg'&—ß'åyüë•Ÿ²áƒ˜7Â8‚€”ëréå—¨÷0ææÍö”çqé¥]Ô¿'åyt Aox÷“2 ‚€k×®aÙ­««ó cè÷õᆵ.àõ{z¦b÷ý{ooQ׺ §z{¹¬ÆvîÚ9-ˆÆÚÕÒÒ¢E,ãé£Geíéw5‚î†Ç°ß>@gÇ•Å»wïˆÅbÓæácÄêŽ3ÞÚJÇ_ þà‘pWAïOvPèf||òqtìzŽ†£'1ãã…þtEÝBP9g®|`ù²®}ûö¾øüó»^ÅbzZAª¯Î±1à¼ù]=˜Ëà_¿Ž—ÉcÊë¹¾>¼É)К!ß!X¿n½c ΞŸ¿òÚ[ùãÎ9åå¶å8J@ZqÂH{ŸˆÅbl‹ÇU]ËIë®NAÃc4?ù-ã8Ž‘RºY×}úK<ÒW]U-+æFçÍ­ªz²dVÉúÂ&\s²ýé§!ÆI¼;~DñB¼·bn; 'Z0Édx·Ìëíßo¢ñãV’®KÂ}æôÙ/.[¶¬t˶§^¬®^°?:»´Üvì2@ –hvˆÜà îðpo6;=Þ¼î u¥ ýÉþ~:³YÂzjë拳gGéî¾ÎÕ« jjî'—ÍaYâÐg—nÓ›oî÷Ã)ˆÇumËIqW§ ñ+,>ñWÆoÞ¤¢¢‚Dw‚Ñ‘QÖ®]éS§3ÉÔÄ掋‡‹œiãæùót<»…Æ¿ÿ“LãÈdhß¾•Æ–¶¢.e¨7m¢±õ"&•)!HF£ôÁ—×®/˜Ú°¾¡ð¾ªr~Ùïüö `IÁ@z`€®ÑÑû$^¥Â8‰=¯ûCC…~O)Ói´ÖlÿÁ³·¥TRR’ƒü³`[ž;5vwñ"Äg òÊ¿Éu]Ât]ÂÃÀ¬R~½üaL¤œL ÑÚ •@I+o@ å-ö´µ}MWTüaé3ÏDÓkV±pÑBjFÆ1?Æñ}æ¬~ˆ>ÖߥÐÆ0n[$ZÁŠè¡!€þ?$ÿo-¬ §B´²Q2ŒË‚ Ø¡¬R¿¸©)jÕÔ`•Î¢úú zh‚„À Ê]ëFR)ÈŸd¶Vø© :•Âd2¡Ëâþúzæ8€§KPJ¢•… J™)"ö¤߯r’IÆ¡ë»™ÿΟñGG1¾Èå˜ð<®¬ÜÂ÷ßÇäu|Ÿ Ï£ëg/3ÿÐ!ÌØXQ¯¬ÄÏåpu J;h壵Aæ ˆ<ˆ]ÈIIª·—Îñqr‰^:g YcÌç•ëA¨÷ô˜ÀÓš¬1 6†Àª@© …@# ›p²D,ã‡ÇË…·]73“¡¸mE£e$ê¥é6÷„3gOñ«W÷ªÙ¥eå!¥XuðLg'&—ß'åyüë•Ÿ²áƒ˜7Â8‚€”ëréå—¨÷0ææÍö”çqé¥]Ô¿'åyt Aox÷“2 ‚€k×®aÙ­««ó cè÷õᆵ.àõ{z¦b÷ý{ooQ׺ §z{¹¬ÆvîÚ9-ˆÆÚÕÒÒ¢E,ãé£Geíéw5‚î†Ç°ß>@gÇ•Å»wïˆÅbÓæácÄêŽ3ÞÚJÇ_ þà‘pWAïOvPèf||òqtìzŽ†£'1ãã…þtEÝBP9g®|`ù²®}ûö¾øüó»^ÅbzZAª¯Î±1à¼ù]=˜Ëà_¿Ž—ÉcÊë¹¾>¼É)К!ß!X¿n½c ΞŸ¿òÚ[ùãÎ9åå¶å8J@ZqÂH{ŸˆÅbl‹ÇU]ËIë®NAÃc4?ù-ã8Ž‘RºY×}úK<ÒW]U-+æFçÍ­ªz²dVÉúÂ&\s²ýé§!ÆI¼;~DñB¼·bn; 'Z0Édx·Ìëíßo¢ñãV’®KÂ}æôÙ/.[¶¬t˶§^¬®^°?:»´Üvì2@ –hvˆÜà îðpo6;=Þ¼î u¥ ýÉþ~:³YÂzjë拳gGéî¾ÎÕ« jjî'—ÍaYâÐg—nÓ›oî÷Ã)ˆÇumËIqW§ ñ+,>ñWÆoÞ¤¢¢‚Dw‚Ñ‘QÖ®]éS§3ÉÔÄ掋‡‹œiãæùót<»…Æ¿ÿ“LãÈdhß¾•Æ–¶¢.e¨7m¢±õ"&•)!HF£ôÁ—×®/˜Ú°¾¡ð¾ªr~Ùïüö `IÁ@z`€®ÑÑû$^¥Â8‰=¯ûCC…~O)Ói´ÖlÿÁ³·¥TRR’ƒü³`[Ë['O6êµÊ:à&"ÏÏ”ff,==d™cddcL—ãö}¡Óg#Ë–ß^â`¡À Å"åò$w-]ÊŸ{ ß{c‘Ç€/µ–ʼn¢ÙÏ¢("Iœs¤iÚê‹) ª< ô ò«Ë—q.CDA þ€ý"q¾‰ìÈAò)¸' ŒODL– "¬$Ë€–ÎCš6!TÀE1õЖ¶=ÇÁž^œÐð¸Öû@¶'½½{>´y³ œ>MÏÄb-šeä D(.\Hh4:³‡°ù<„€zªR›š"³1(U¤_Ì&x~q@•6Á\ >Ú·dIöÁûïOôèQL±ˆÍåš«|–T‰{{gWYš÷ö"!€÷ BZ©`œ#ØU AÜúõóœß“fÖ¬áÜëGÂ_xñ•y6I4Éço»ó¶- zqÇ©|õ7¿>¸S[E¨ ³Ž‡+Wn»só¼ù¦?Ôå³+ÖªÖëø­[‘;aÕ*¼÷Ø8nž{­àóÞ#ÖbædDlãÒ’ÉåHëuìåaÍ^zÉ„ÞÒª¡Ÿß÷Ö_þô”kðñmÛ¶¥]ãÞSKSôÌt÷îNjÝ’µÊ²ÉçÉ*…®§ˆãXBUW.•v üÁ&² øe€ š,_NãÔ)â8&Êå:Y½NÈ2r¥ÒlÎ{Omzš}}H»BÆ1YµJ’$ä{Š„pΑ$ ç— DÃÖ¸Œ…ãpM ¨*aݺ&Œµ˜(´ €1Í>ŒH§ ›–2§ÏZKEäs9Š…ù|žáŸÖÓ§NM{‘µ›6=vz@pŽj¡Àx¡Ð„ñžàÁ¹ÙãWµÓœCÚà­±í£YD°6‹µé¦Í”6F†Þ½°lÿÏöwüvI !È¿Ï£^*Ñ32BT«uË TÇÇçÉ_›˜hÞƒÉåP`rr’zëû™8âûïü“ÊOþ…ˆIƒsÕy)$Q±ÈÚ-[p>H<4DþÈêSSäûû[E¦iõr™(—#šsfdµÁ{ò}}d•Šö¦éØ€scx~ÆÄoàAŒŒ:ôòû]"RúܳÜZÉõ÷;‹Ó¨Váµ×0IÒÔ¶•†E˜$Á$I' M¡íX¼ª$ÎU übÃððÏÍÛ·îX:ÓµrYÊ—/C¹ Α®^ÍøÄk''±årÇ™˜fy ÞƒsMùZEË×ëï¥Ó‡àÛ»TßÀws.mÌà°áÆü8 á®ëQ>¬ø_3ͱ÷D¦ŸQýò 8¢ªo Ö[X¼î‹nðËö1XòIXû,Bo €ƒF¦ÎÃŽÀ™Âß<\Ž«j¸Þ\]"b·¸H¾y€ç ~×Õ›9ï¸SvÇÿŽÿ »E3¼í¸ÛIEND®B`‚firewalld-1.1.1/src/icons/32x32/apps/firewall-applet-error.png0000644000000000000000000000367114217342322024043 0ustar00rootroot00000000000000‰PNG  IHDR szzôsBIT|dˆ pHYsttÞfxtEXtSoftwarewww.inkscape.org›î<6IDATX…Å—klÇÇ3³wïÓ6¶!´‘Mã´ªV-""(¸ hJ%Æ‘Ú(¤ùRUMQ!•Jô¡BJ>˜„¨Á¼ª`H¸D (NúWÒ§!NbÆ1`®íûÜÙ™~Øëk_.ú‰‘V;»;3ÿßžsæœ]a­åv6y[Õçÿüä/Ÿœ&îÈõç{ú½'æFGåo²ŠÛ¿yóæË#WâV\°qãÏ¿j„:\Óß?õK}Ì{ÎQ14Œëyd(ÄP"A÷”É|pç.ÕTc¬-žB_J±ïw¿yªé–6ýôÇm O¿»xVϧRJÎ#‡µ68° Í›G߃MäCZk´¯ÑÚÃÓšKýýttt€¡aË–mÇnî!f®ž6uþ„a—Ë—¯n‹’óH³ÖBëAä±W91ç[œ¯­Á÷}Œ1TWcÅËyçäÉ|6“š Ü@ˆuÀCÃÊDÏÓôõõ!¥,écŠ÷”£Xô§sì‹ÅØ“L^厉yà{ßŃ_{c!–3gN,±t©ô_=.“œÑiŽãàº.Zkr¹ ã3gQýr¬ëè jútþxñ"Z{!0ÆbükvŠÁGˆ•apïƒI‘¹sC‰7ßt+„€'ž ÕÔÄä³"<(¸@ûËg!üý•TíÝ ŽÖrîþzμǾD%ZPðÑcâ°Â­¬Üø•… ÅøÓ§I à,X#¦vâ--„ãqôÁƒ#ǃŠDÀäÒ¥„ž>¬H´¾žèÉSüÀ`{í¸ÀZFÆ&¢¯UM˜à}ù‰ÇQ õèÇÁin&¼z5አÜDª¬Ä]µªT°ZsõÀ!ŒÔ§SÌÎfß`¸À‚J ÙÙ‰Õ«5tua¼B)Ä3Ï@C֬ֈŋ۶•ˆ£5縞\Ïy|$X1< €1~1`Kƒ0•²âÌt*…“ÏcóyìK/!òy䎣ŽƒØ¾²YÈåO? J•ˆ÷­iäÒ¡C…ìÖøÜ+AåóXkÑÆ+H¤Ó¥°¾U*°‚ïc[[ñ²YB»v•@¨;Q«ŒO­]‹m;Jmõ¸QwX‹ã8dºÞÇ7__Ç!ÏftFÙ æ÷Z[ñ­%ÒÒ2 1V¸ î?ò^k+ñš*Çׂ-$'‚õºOžd09èx·À‘Ók-ù\Ž|nLÀZKtÏžrqß'ÓÔ„ikÃZËÐð¹±±SðE×_þj¸kúþý-ûÛöµì+P®k#á0¶ð†Æ²©ÑD!ƒxÑ(7jRJÜD/“!â†M<N‡†/ËL.=2få©5?ü÷lÛ³k_0gìžR¥B Æ<”J!¥D._Žzî¹ò·PŠð‹/"—-kJI&ã‰É2‘ˆÊx<"c±°™uo‰f‰òJÙ¢ß `¬E.[ˆÝjÆ¥vÈqÏ>K(™DŸ8rIzWUªºjŠ”J ¥èn\µåã~PçùfCCC®„æŠï“I§Éd2¤³Y²ù<^´uM’Ak2kÖil,KVñÝ»aÉ’ƒƒ„#|‹ÌyžÈd³:YQ±ÁL劵e.±˜uëêJáF£Äªªˆ75ݽ»LÜ_¿çõ×ñÂ_·® ¢ê…¨^¹’h!f\×åÜäIN¯R{©àí2k-föìF)äÔ©¨ææ2q»~=âÈ‘Ñ’ÜÖ†}ì±2ˆèÖ­DgÌ ‹‰Dè¿=}êÔ/DÝ‚KN—­IÇb\‰Å‚½»|y™¸yôQü—_ÆhÑQ÷_y¥ÜJá̽¥r R±ðÛ¢û£?·ã;Šº%Ahg»ºÈVTèëÃ?|˜ø† AКLSÓh%Ó2Agï^\­ ïÜY,ǽ¯½Æ¥Þ üúý÷HmýBȜѺ¸-‹9pxœºE‹Ð3fêîÆmo']_OxÞÎo0XWgÃiŽÿl|GG¶güøíÃ2ô7|Rô=zäÓ!Dů`Ò”áqãi µµäÓiÌ[oÁÙ³ÁÇgÁÂq®‹tÝ`+Òq°Ÿ)æ“OHoÚ”©‚+ž›ÓÛÛ|´Ìn¥˜8 C™dR$/^„d´&7mW¨»z•LÅ„ Ê«ñý¢Ï­µ ~6‹ñ}‘‚¡£ð‹µÖ»v°–µ!Äô{`ÎϤü½cÌ×£¼˜ü¿VÓÎ 1ôµ?ê„vkmÏ­8À7Ô·;ü²}&Ì…º»`z*p4äS0ø|Øÿþ-üӇπ·­µæzk•!pãJsöˆ<Ùë—A™Lf™bÎ9æææÚJ®^½š0 —õœsd3ÙvÛ;6@ŵë`P jðs(Ô§Ùˆ!ÈãùJÿê5X PE1ÉjÕž˜DéL&óîy@\2ó&[HÕo)¾ø´ë¹®¨çƒú¨ïhÚ¼L…\–l× ¬¨hª¸iV}Àühž¹ÉyÞSFõ¼#Ö ܶÿÀâM_ü:ÇÖ­åø¦Ñ;7ßaàÉ®£†\]™„Ö˳8cø÷l/_÷r¸l–+û“AM2û‚‡ŠKÖ~p7+O“©Vž¤ââ˜+sñ¦Q81 Ëúªµ<´cõƒƒ|£÷*2¹¬J²_˜d¯Pã£^²R)É>àûn‰Ú¹Ð÷Ã00";²ŸøD·q£×¬V™½e=«OŽàWΠa¸¬H£A0;K0?6›Ë0¬%?]Å››ƒ·a† JïæÍÜÓ¨ÒÕÛ‡5YYœ—Å‘Á‘Á¦EÈ` p^2×¾gPwŽetâøñl¶¿¿7S(¿ø" 3ÓLnþ07ìÞƒFëu´ÑHj4¨©0úÓ?Åš#GÑÑ|^…S·®§ÿرN¼Ùd. Ž0™®$½ð£ŠCPãPªb ‚ÁJÄ™1¨ž#ººg­fÆ 1î{¨vÏdt´ƒãã~â<»oßÅãžÇxO8‡˜<øiÞ$‚x.á¿gõqâ¡X¬I(äÒܨÀÀZ/ô<­U*Œ†!=Ãz”°\fÁ9ª,ˆP¡¡ÊHàsÓ…à• ª‹¸*Mc‹cÖÅñò‰òb,à#XÄx¨±ˆÄ©öÜTeìO¿L6¹ˆýóç³ë7^(þ×_ëÄá&…ú¶_…LUÅ8‡‹΂Xƒg|$Ýs¬Ï³ŒV«Ä—]Æí;ÿwà@§«*œúêsÇ«o$œn4Ðfs9þ'_âŽ×ÞL(“r0lãC_|’;^߃;z”Ù8f¿sxÙnŒâYj<Ôyx~ @Ç€*·wø0vß¾åSf ãÆ`@NŸ†VV™¦Ñ^ríÞz )•HsêÅþiÕ>ŒLLPîí¥Ñlpà{Ovxè|Rèê">¯€¦µDÓÓÔR/¨ROù;âRNOMQ7††H‚§¼õ½$f¦¦X€Oc¢®ÊhSÕ3g Cóy2AÀ‰Ã’ÄNq.9È´ÎÎ!’ž ÒƒNl#D—Ñö‰ì·víêËç²åÞ}.WoÔ/xV.EŒ1t{>£~’ž8–žÎÒÓ›K³UuiF ûöíg÷žÝl½ÿúWõóô3Ï4*“]Ë=ÆÀGÞØK¼s'3Õ†žü=î|c/®TZätº1UUÚþwî>€[Ä£ ªâüýǹsß!dl,‰…ÖF†Ôº»9åû­o ¢ˆJØ:µµŽ¥"‰1Qf ]]<÷Âó *À_vP¨ ô8‡;y)•Úœµ‡R–ðcWcNwp~,ÍWÜ‘#ÈÄÄrÜó˜<Ïãy„¯½¾¹kïµ+VàÙŒfsYen©Ï<êsM > ¶V«µ“¯åÉœ*µ³g‰"ÞRI8}ölÂiç>§e]†×KÊÛñéé$V–àMU*žGÆó¸ãö»ˆÃ󼇶áÿh®X,^Ð9³ ôu÷]V¾ê¥ß³ùøÃ\¿ã8g95<(Í0Ïd2ÇV^Þççr¹n…¼ PcÄ3Tè+Øè[ßüæß—àm0Öñ‘ÿ=‚;th‘³éZ^Çàï|ž;M(ñ6NWeðó¿Áæ#ƒÈø8EÉ=QÍ&Usòs±ùè)ÜгÖ2b Ð›²|ìÞ{½°_ýôß=M½Ùøµ k7LõööÚ|Þ3ÖóLFÕ ò]«Wö­øŒŸÍ}øX‡24„;v¬ƒóc6ÙHÜñãÈÄÄâÛ…G`R¼\R&ý‘3g˜ÈfqÖñµ?û‹eϯÎT_ÙýæÞ3[·nm~ú±_~*ü{TÍ cè2Æ8Uç¼0ÅbQ;b ªV©©R·¶Íç†s «°Þ@Ôâ´µÔKò †Å±ηbÅÚEÜƬf'')ÍÏ3˜Ëá9þç÷_¾u©žç¹L&nûÔ#Û1þðàеé™þ×V­Zå¯Y³FËårû€ñþÅ€0´õ!ŽüÑ°0?GwO/SSgéï¿œF£AoOg§¦¹¢ÿrê™ Ø5^*ß÷ì³ÏÆ€´‚|y 8ágŽa÷ìa¦:ÃÉÏ>ÊæcÃH¹¼Èé0„(J8ýاØ=MÙ9ŒsÑ÷þéù«éb±(.@Zð¾ù»Eâñƒ³ÝW^Ih- )gK]]\ßÝCœÍÒèï§i- çÜZJù|‚û>¾>šq¼Ï帾»‡y ìûìܳ‡lÔpî*`–äè{ÑbŠÅ"`ý6Ïûòƒ¾ÿH.Žó—2ØÅÈ\&Óøn¿øßðWÀÁb±ýÈNç–0ù‚ÈÓ/ˆ<Ç;xgzÁǘJéó/IÚ«ÐÀÀ@äH²¿ÎÏ(ï¾(É‹‹°X,ÚKdÙG¾÷Bñer¡yÿùä’¿Rþ‘ü‡îð~Ëÿ¨ûÙdBùEIEND®B`‚firewalld-1.1.1/src/icons/48x48/apps/firewall-config.png0000644000000000000000000000621514217342322022707 0ustar00rootroot00000000000000‰PNG  IHDR00Wù‡sBIT|dˆ pHYs × ×B(›xtEXtSoftwarewww.inkscape.org›î<tEXtTitleFirewall®®tEXtAuthorLapo Calamandreiß‘* ÍIDATh홌\×UÇ?÷½7¿ö‡³NÖÆù`;NB툖$Ž›4?0L©i‹†Ò”•*ÊÑR• R ÔR%HH­òšD@„ˆºZQpš˜øŽÛ»Þ]ÏîÎx×»³³»3óÞ»÷þxofw3¶j;QB¤éÎÜw¿ïÞwÎ=ßsï¹ï™b±ÈY¼÷[w*?6àý–¼Á;éüÄOä …Šn5Ÿïî ‘‘%¿K+ËD^ýõ¨ua.uzâ ¿ým0¿nðTTAQETPœ(*‚¨CD\»½UUÄ "®]wâPQœ8D$Å%7ä+;_Ýõ\¢¶oÿÜe‘ã³÷l¹××A™Lf™bÎ9æææÚJ®^½š0 —õœsd3ÙvÛ;6@ŵë`P jðs(Ô§Ùˆ!ÈãùJÿê5X PE1ÉjÕž˜DéL&óîy@\2ó&[HÕo)¾ø´ë¹®¨çƒú¨ïhÚ¼L…\–l× ¬¨hª¸iV}Àühž¹ÉyÞSFõ¼#Ö ܶÿÀâM_ü:ÇÖ­åø¦Ñ;7ßaàÉ®£†\]™„Ö˳8cø÷l/_÷r¸l–+û“AM2û‚‡ŠKÖ~p7+O“©Vž¤ââ˜+sñ¦Q81 Ëúªµ<´cõƒƒ|£÷*2¹¬J²_˜d¯Pã£^²R)É>àûn‰Ú¹Ð÷Ã00";²ŸøD·q£×¬V™½e=«OŽàWΠa¸¬H£A0;K0?6›Ë0¬%?]Å››ƒ·a† JïæÍÜÓ¨ÒÕÛ‡5YYœ—Å‘Á‘Á¦EÈ` p^2×¾gPwŽetâøñl¶¿¿7S(¿ø" 3ÓLnþ07ìÞƒFëu´ÑHj4¨©0úÓ?Åš#GÑÑ|^…S·®§ÿرN¼Ùd. Ž0™®$½ð£ŠCPãPªb ‚ÁJÄ™1¨ž#ººg­fÆ 1î{¨vÏdt´ƒãã~â<»oßÅãžÇxO8‡˜<øiÞ$‚x.á¿gõqâ¡X¬I(äÒܨÀÀZ/ô<­U*Œ†!=Ãz”°\fÁ9ª,ˆP¡¡ÊHàsÓ…à• ª‹¸*Mc‹cÖÅñò‰òb,à#XÄx¨±ˆÄ©öÜTeìO¿L6¹ˆýóç³ë7^(þ×_ëÄá&…ú¶_…LUÅ8‡‹΂Xƒg|$Ýs¬Ï³ŒV«Ä—]Æí;ÿwà@§«*œúêsÇ«o$œn4Ðfs9þ'_âŽ×ÞL(“r0lãC_|’;^߃;z”Ù8f¿sxÙnŒâYj<Ôyx~ @Ç€*·wø0vß¾åSf ãÆ`@NŸ†VV™¦Ñ^ríÞz )•HsêÅþiÕ>ŒLLPîí¥Ñlpà{Ovxè|Rèê">¯€¦µDÓÓÔR/¨ROù;âRNOMQ7††H‚§¼õ½$f¦¦X€Oc¢®ÊhSÕ3g Cóy2AÀ‰Ã’ÄNq.9È´ÎÎ!’ž ÒƒNl#D—Ñö‰ì·víêËç²åÞ}.WoÔ/xV.EŒ1t{>£~’ž8–žÎÒÓ›K³UuiF ûöíg÷žÝl½ÿúWõóô3Ï4*“]Ë=ÆÀGÞØK¼s'3Õ†žü=î|c/®TZätº1UUÚþwî>€[Ä£ ªâüýǹsß!dl,‰…ÖF†Ôº»9åû­o ¢ˆJØ:µµŽ¥"‰1Qf ]]<÷Âó *À_vP¨ ô8‡;y)•Úœµ‡R–ðcWcNwp~,ÍWÜ‘#ÈÄÄrÜó˜<Ïãy„¯½¾¹kïµ+VàÙŒfsYen©Ï<êsM > ¶V«µ“¯åÉœ*µ³g‰"ÞRI8}ölÂiç>§e]†×KÊÛñéé$V–àMU*žGÆó¸ãö»ˆÃ󼇶áÿh®X,^Ð9³ ôu÷]V¾ê¥ß³ùøÃ\¿ã8g95<(Í0Ïd2ÇV^Þççr¹n…¼ PcÄ3Tè+Øè[ßüæß—àm0Öñ‘ÿ=‚;th‘³éZ^Çàï|ž;M(ñ6NWeðó¿Áæ#ƒÈø8EÉ=QÍ&Usòs±ùè)ÜгÖ2b Ð›²|ìÞ{½°_ýôß=M½Ùøµ k7LõööÚ|Þ3ÖóLFÕ ò]«Wö­øŒŸÍ}øX‡24„;v¬ƒóc6ÙHÜñãÈÄÄâÛ…G`R¼\R&ý‘3g˜ÈfqÖñµ?û‹eϯÎT_ÙýæÞ3[·nm~ú±_~*ü{TÍ cè2Æ8Uç¼0ÅbQ;b ªV©©R·¶Íç†s «°Þ@Ôâ´µÔKò †Å±ηbÅÚEÜƬf'')ÍÏ3˜Ëá9þç÷_¾u©žç¹L&nûÔ#Û1þðàеé™þ×V­Zå¯Y³FËårû€ñþÅ€0´õ!ŽüÑ°0?GwO/SSgéï¿œF£AoOg§¦¹¢ÿrê™ Ø5^*ß÷ì³ÏÆ€´‚|y 8ágŽa÷ìa¦:ÃÉÏ>ÊæcÃH¹¼Èé0„(J8ýاØ=MÙ9ŒsÑ÷þéù«éb±(.@Zð¾ù»Eâñƒ³ÝW^Ih- )gK]]\ßÝCœÍÒèï§i- çÜZJù|‚û>¾>šq¼Ï帾»‡y ìûìܳ‡lÔpî*`–äè{ÑbŠÅ"`ý6Ïûòƒ¾ÿH.Žó—2ØÅÈ\&Óøn¿øßðWÀÁb±ýÈNç–0ù‚ÈÓ/ˆ<Ç;xgzÁǘJéó/IÚ«ÐÀÀ@äH²¿ÎÏ(ï¾(É‹‹°X,ÚKdÙG¾÷Bñer¡yÿùä’¿Rþ‘ü‡îð~Ëÿ¨ûÙdBùEIEND®B`‚firewalld-1.1.1/src/icons/48x48/apps/firewall-applet-panic.png0000644000000000000000000000517414217342322024022 0ustar00rootroot00000000000000‰PNG  IHDR00Wù‡sBIT|dˆ pHYs¯¯^‘tEXtSoftwarewww.inkscape.org›î< ùIDAThí™kˆ]ÕÇ{ŸÇÜ›y˜IÌcâLbLD›ÔX«¤h,ÖÔ–‚µm¨–lA‚ÕB?´BmðKñK@JcS„‚ QÚF!¡˜„!Z­š–¢yŒ“N:&:5ÎãÎû8÷ì½úá<î¹3÷N&#F³çÜ»×Þû¬ÿZk¯½Ö¾JDø,“þ´ø¸ô9€O›Ü3ùÑGq•Õúneíu"JùAà,z¯³«Xô;&‹~çdɘhŸÛÛƒBGGpºwÙDÅ÷ ™­'™ÿ6ýPïSŠsÆò\×¼®}Û¶m Óþ¹nâG~ýÈ=ÊÚ§¼Z+NqÅàiV¼wǘç…ŽÃéË–1°b9Ë{ ܺSI22É´ïò÷®öî Û¶m³sðØcå‚êäàÚã'–|íøIº¬E)(”Pñ_晼^êOÓÑÎðwïàÜÍ7c”`ÅXƒµc ÖšøiáرãT*”¨ÍÛ·?ñg˜£ Ýxè¥{{†Ï-YTœ¤»»•®Tý3 ¥T ”R$ÊZÈ廟§÷Õטx`+•k¾HhBŒ1˜0$4_ºt (Å›o¾b7s ÔòùŸŽ^Ò…ãû 0Yšdxx8´ù´:€i4ð.öÐ!þÔÓÃþ… ¢q"P¾tݵl}à>æåç!Öä“©³ ”~Ü©D4Ô}Ö˜ÉÉÉY/ÕŠîèï§ÚÛÉld £³3UŒAeôp!ø%ð½ô›H²ÃR ZkÜxSfµíû~jc a˜”R´··§ü­À5K—òÜêÕœ9s†£GFãˆö˜X› `³<”úNƒðu †’§R ­5¾ïã¸.ŽãFT:mù|ÇqÒ±Jk6 ³qdÏóbá“õ" ˜Lxfç•ò«ð#ßÜÐq¬U°6ܶÑ1´ÖTGÇÐaÈÒHíèZ-Æ“],‚D/oI[Ç%ÔV@D¥ý"pû±ã¼Þs¯ÇK)¥±õùM°GÁ·ÖÓ"»µ8A1OïªxóM£Vgƒ `,`ì’nDi -½gÏò×ìx›=ß<£T‚ot®\É—o¿ÜÀ¯¼‚v]œ|1©ÕêëY‹5fÎü R¡:>Ž_­RÊå#“3C„ÞZ…Û€ ¤çŒµ j a½€³hñb.½újœƒ±®‹òDytŒ“'û”’þd|ÓTÂ1†ÀôC],¹[Ó–-ŒŒŒðÏyç·±Öš0`GÂn À³6ÊY®¼òâ Ú‚œU«¨V«x… ¬•¬üx×®]ƒ ¿© iߧÍóZæö“´RfqqòTG¥ú¯gûßýL)*šZÀø>Úua`àâH9©ÁÁr{•JǦ -„INÿä“Ÿ°xç§ÚïwÔ*‹-¾y㕇ï™?•ß@Íu£ƒhÿ~ìÝw#{÷B©Õj½AÔ²}Êo2^ªU¤T"r¤;辤çÛ¾rWͶ ï?´ogVÖ¦{  BP.#aˆÝ½’P*‚±­uäbSÒg™ ?ÎNÝ|†T L® »;­Ê4ØœçY±ÖŠµÖ7¶TY¸ð°Q[øÛ³·ÞúÍÃ--PК ~Yڬň€RXÂZ0¾9Hš‰OVk-aÔÇ$7 q"'€1&-;q5–TeŽ£­ã¸ÆqüšÖ¹±öyÝÿ(ŽoA±=òyxF ¸]]xË–áœ8A%p\?_d"“ Cª¥ŽçáÏ›7m”ïºøííi¿Ò\T'&p\/ŸÀ‰% b-ŽèëU^ߊ׺¬¨=3p|gÝ:t…”ÖÑJ ÒZãÄõëTÚq"~Ò¯Êu‘8ñS*ª…Ç‹ÓiA¡hËû¼³xƒƒ§/]¾byI)õâøÈÄ®˜r™pá¨ÉÒÔlÔ˜¡Òz Ék²¥d6›ÕQ*åk¥ÈµµÅÃ~V}}œýÂUüïƒxá…ïÙñÛ»ÈPÓ= q¦8ŸÄJ©Æd,Ûá² 3M‡Ÿ¬ïy>žçãº^úÙó|Ôý÷³þƯ266·Ãþpª¬Í-` ƒJÑãºè0¤21Ñ4ª˜ZJ¡uZÛšŸÌ×íûi=P©V™xÿýirŒ,èæù7^§\©P.—VÎ €Å‰ j¥§ººX3:ŠmR¨¸‰µ˜&üt½8’¥ä8õ'VX©Tj˜jÅŽE«:úV¶{ï¬x]]¬Ú¸[.cÖ­ÃÒñÆØ0$˜œD{^CTIȆ!A±ˆöý–Q)(£¨ÕÙ‰©V©ma8ÙQ*ÍŽ}µgÉ®ÿvu¾šé*í}aïË-(¥¼ŸÁꈢPû’%Hµ ¹ôõ1èøšO;Îù£Ò |¥5Žë¦.„ˆ´Õj%’;Ç¿l:=ô›M-Wȼ+óyùÌÁD…½ÖQñ­5á-·PY³ÝÖ†ò¼¨:ÓSb€R³ãkÝXÄn% JõçÝÀã³ht¡îI(”ŠÅTp2¿ ”n¼‘‰b‘Þ¡¡4ÕnH“Û†øTmÉCª­ï ‚*À]"ÏÌVxÈüB£”º¡ –턧s¹Üüî•+iËå¢[…˜D†Ì7†+ r•JcÔ‰E•ãÔ‹÷©üŒ ÄZ pìðÔã𤈴®î›PÖ¦ ö-øãõ•ÊOÎ;ÖÝjÒ9`X¬&S¸_ Õ@þ Çï‚_}Uš\Þ²X ¬è÷Û°Æo¦É]àm€Ë×ÂÊË OG—-É‚9CoÞ†—_‚$ú¼/"oÎ@ b ÐË;»r÷Ãê^Xp)twE7&`䌾#;áÝãÑ}m–>N‹Hmúªà³HŸù_ê?ðiÓÿ:Y«á²EhIEND®B`‚firewalld-1.1.1/src/icons/48x48/apps/firewall-applet-error.png0000644000000000000000000000612214217342322024053 0ustar00rootroot00000000000000‰PNG  IHDR00Wù‡sBIT|dˆ pHYs¯¯^‘tEXtSoftwarewww.inkscape.org›î< ÏIDAThí™UG•Ç?Ý÷Çû5ó`ø ˆƒD#Ѹ®?¶PÁXYØ`†ÁUBH  ÂÖšÚ?v­Z—Ê?[þ“’h'#‚qEÔ 0 X”bai•Ù`üQf“I†ð#5˜aæý¸ïÞÛÝûǽïÍ›™÷#þ‘J•§¦çÞÛݧû|ûœ>çt?aŒáÝLò௥¿x§Éþk˜¿ò•¿–òa¡õGŒÂõ}kÁù ÍÙ\ÎmÊçÜæ|Áɤý\&ã75ùçZçx®«¨Úz¦ê?€®¼ŒÖ Áe¥ùq6ýéÎ;ÃJýnâ/ÿ×—7 ­¿í Ïgaÿ9n¾pK©†|¡eqî¦yôݼ€¾­øöèV$©’ÉLø6ÿ—Í´,ݹs§¾aO<ñDÒ/åûo;óêìågÎ’Õ! @ÄUÏòôfô©š2 ¬éàòw¢„A+Ò ­5J)´VñS38x•žž3xž‡0bí“Oîú Ü  -9ù³Gç\ž=3—§¥¥Q\ˆÑwBˆ!(/–1ƒ ä=?zŽÖç_`ä±­xú ¡ QJ¡ÂP)Tü=gÎl‚—^zŒ^ Ü !>·4•ú—Á)Y,×ùBžŠ µÙFL ¾×Ð'Oòƒ¹sùùôiQ?c" Æðwù0[ÛB:•Æh *³N€ø7às £6«TH>ŸŸôPõ¨£·—R/[ù2¦¼Ã*@¤”Øñ¦¬^m×u+PJ†'‚‚L&Siß |hÎ~¼h/^äôéÓQ?¢=f´®v`“ŒB¬®Çéľ}³¦?û=Üåwb„¨ö€cl^”×u±l˲£2*ÒbFGó`æ7¾AêãGHÉÒ–]½Šã8±ðåñ" ¨*÷:AÏ á–`½€û{4}n í%K¬ô¯±ˆŒ0µbÁáÃÈ ˜kEAŒ§ d.&šj ®´m¬Þ^äÐ& 1aZÃÉ“˜cÇêNÎÊ•ˆ§žŠ _©hÅËüR"víBÜsO]öáî#Œüâ$Æ4m`>ðÑÁAÊáEk3&µ¨éF…”ÈÞÞ2Ç(ƒ1˜;¢>«VÕ¢\ovì¥"^ÛF|ík°bEáraã¶QïÀ‡‡*5Æè11¢&uíœ?ñ<ÂB;bwi¢•Ý´ ººííõAhÙ¸åû8{ö4¾xà'¼¾ááHSUâÇQ—Û†¯!”ƃֆêX_@*—CxZkt¢…ÀøþhßÇlÞŒèêBvtÔqï½XßùnbÕéà8À•uëPUÁm‚<¡Bž=‹°­×1¡äðp´Úã­® ‡BìÝ‹sß}5'–íí #¥îî&·ni×¥mþ|*Q½:°l‹Ü믣½=.×`‡!¦œ| e™" ãTy´¦¸~=RJ¬5kˆ:‘Ì‘#›6Ab§Ó¤š›Æ ?îYâìÙ^Œ1az°”Â/ è0Ä+¢M\   Djß¾IƒP‡lÙ‚ŽÍÒ÷}ò—/‚«ñò»¿à•¼cPF‰o–[jjØÑm :ö>Ú C”Ö£%Öò<@pðàu…¢°aÊ÷+ ŸÒ Ï+UJÉó¢R*—ÎðZ›>´ùÂþýûûËãÕÔ€t]Žy’8¡PJá{–mã&“ãP;Xöä’[ËqpS)”ïSÊåp,ÛLI&ŠV©T”ù°ÔzÂŽnòJ¿ÿaïkÿlÆ*j»Q×EZÖX{¯"!%V0lñÌ3ˆ{ï½®ðΚ5H)?ŽŽÏÏF ´ã¤•ã¤E&Ý2íÂ¥?Ž‘ñýžñÂ×ÚvœïLTêÍø»‰<…ì윔ðe²V¯ÆØ6lÚ}[6S[¦Q,”ƒ³f.JC^”dsmñ­·ôüòðÔåË;†ªÇª¹Û¦*vWÀT‡p„ÛFîÞ]7 5"±jvWØ6–”H)I¥Rø~@2A¶y–?%;ÛŸ:eŽß2eîÛŸü‡Ï:1ðó“?í¼.€acð‹EJÅ"žïã•Jx¥A¬ †xž‡yúiÄêÕu…TÝݨÇë¶ËövšöïÇS!—ÞºÄÀŸH$XBhå•Â°Pôƒ\Þ×F®zÓ§?X±õĉãË?>þUJµ×±,œ½{ºÍààAòëÖ]×;¹k×’ýÞÿ ãc§”aYR[–­,Ë ¤LeÒ-¿Í]{Á“‘Ôæ_ËüµY6‹3oÖ«¯âù~äuRñE€ã`uu!˜>r¶o'‘HP*ðyËquöIbÍf¤Rÿ& C…ÑË’!è›ß*œù7¿€¡@QQkM X®‹uûíÈØ- )£ºD{÷î†Â›£GaÇŽÈ®c~i ìØÑ0wV®$½k¶ãb[–m!E´/^™5“7úÏÍ0Æ”€^»:²¿!U,NŸN8Î׋åË #æèQÌ–-ày†c½–R˜/~1XÄŠ•$ïú4étšL:C:ÆikãÒÞÏŸèîþßÍwßõOëî¿ÿþJfY@9çÉßrK$xœñðÃõ…?v óØcc¼VtI{´0ÄlÝÚ„ýÀ8Ž[)bÛ6>±ä††®ñöÀÛë&ô¯5ˆRŠþ¾>|!˜kÛÈ0ÄÁ½r¥&CxèþÆQ¦Zü*©Bà•3\cࡇH|÷»X5L±ðæ› ½õW§µðÜ‹§(zÅè¬Ý6¾m ¹‘ò…¯g³(­ }ŸÒ׿>Qøƒ)>ø ªP@ù>* +¥i•B•JQ{ <oãFÂîî ã]ݽ›B¡À°Wä›3§óÒé—y¥ç•ró„MTSN6Ë{—-C‹¨ÛoG÷÷Óôâ‹è³g),[†ûè£X­­¨={0'Nlj¢øàçrH×ÅM§'Œ[n¯äB[¶Pìì$¹}»’ž—÷Ÿzjhê /”žŸ;{ÿ›Ùæç«Ø Ǻýª.!„ó%Xô1"/”™=S*A2 óçƒRÈÓ§ñO"øÃÙl¤¾êœ(&{­z$¤Ä²mL?Nxüx± ÞHA9ÿ9x÷¹óÿ}wݪæªz_0Sc0ÑÁ^JˆKx×]x‹# „ã€eEmc$“k—2º±(›ˆÂèó€¯NBv`¬ µä¡PÈå*‚S•"–,a$—£õüùÊè˜ôPˆ _Ãöø‚@ºY‚†]Yc¾?Yá¡ê!ÄÇ0¯žM&“S[ÚÚH$“¨ê›6cPaÈT¥X8Fk†¡çøöWáé8XMšª5 J _†=õ¼G.÷ô´Ôcº ô €E@}koL˜?™ÏÃ^Ðø¶T­YDW‹4ƒ½ Û0q‡Ž£,8Ká=·AÛM0_‚Õ¨¿uÎÿ Þx~õ3¸7½eŒyé†Ä f­Üàog·Br,j…i3 % Ó†áêe¼W;áµ3Ñ}m5]Îc‚‰£þÞô®ÿ¥þoÞiúŸÂì¶Æ?2ˆIEND®B`‚firewalld-1.1.1/src/icons/scalable/0000755000000000000000000000000014217353175017141 5ustar00rootroot00000000000000firewalld-1.1.1/src/icons/scalable/apps/0000755000000000000000000000000014217353175020104 5ustar00rootroot00000000000000firewalld-1.1.1/src/icons/scalable/apps/firewall-applet.svg0000644000000000000000000021043614217342322023713 0ustar00rootroot00000000000000 Firewall image/svg+xml Lapo Calamandrei Firewall image/svg+xml firewalld-1.1.1/src/icons/scalable/apps/firewall-config.svg0000644000000000000000000021043614217342322023673 0ustar00rootroot00000000000000 Firewall image/svg+xml Lapo Calamandrei Firewall image/svg+xml firewalld-1.1.1/src/icons/scalable/apps/firewall-applet-panic.svg0000644000000000000000000011574714217342322025014 0ustar00rootroot00000000000000 image/svg+xml firewalld-1.1.1/src/icons/scalable/apps/firewall-applet-error.svg0000644000000000000000000014030114217342322025033 0ustar00rootroot00000000000000 image/svg+xml firewalld-1.1.1/src/icons/Makefile.am0000644000000000000000000000012114217342322017411 0ustar00rootroot00000000000000icondir = $(datadir)/icons/hicolor nobase_dist_icon_DATA = $(wildcard */apps/*) firewalld-1.1.1/src/icons/Makefile.in0000644000000000000000000003622414217352322017440 0ustar00rootroot00000000000000# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = src/icons ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(nobase_dist_icon_DATA) \ $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(icondir)" DATA = $(nobase_dist_icon_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ icondir = $(datadir)/icons/hicolor nobase_dist_icon_DATA = $(wildcard */apps/*) all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/icons/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/icons/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-nobase_dist_iconDATA: $(nobase_dist_icon_DATA) @$(NORMAL_INSTALL) @list='$(nobase_dist_icon_DATA)'; test -n "$(icondir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(icondir)'"; \ $(MKDIR_P) "$(DESTDIR)$(icondir)" || exit 1; \ fi; \ $(am__nobase_list) | while read dir files; do \ xfiles=; for file in $$files; do \ if test -f "$$file"; then xfiles="$$xfiles $$file"; \ else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \ test -z "$$xfiles" || { \ test "x$$dir" = x. || { \ echo " $(MKDIR_P) '$(DESTDIR)$(icondir)/$$dir'"; \ $(MKDIR_P) "$(DESTDIR)$(icondir)/$$dir"; }; \ echo " $(INSTALL_DATA) $$xfiles '$(DESTDIR)$(icondir)/$$dir'"; \ $(INSTALL_DATA) $$xfiles "$(DESTDIR)$(icondir)/$$dir" || exit $$?; }; \ done uninstall-nobase_dist_iconDATA: @$(NORMAL_UNINSTALL) @list='$(nobase_dist_icon_DATA)'; test -n "$(icondir)" || list=; \ $(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \ dir='$(DESTDIR)$(icondir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(DATA) installdirs: for dir in "$(DESTDIR)$(icondir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-nobase_dist_iconDATA install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-nobase_dist_iconDATA .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ ctags-am distclean distclean-generic distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-nobase_dist_iconDATA \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-nobase_dist_iconDATA .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-1.1.1/src/tests/0000755000000000000000000000000014217353201015410 5ustar00rootroot00000000000000firewalld-1.1.1/src/tests/cli/0000755000000000000000000000000014217353201016157 5ustar00rootroot00000000000000firewalld-1.1.1/src/tests/cli/firewall-offline-cmd.at0000644000000000000000000000615214217342322022501 0ustar00rootroot00000000000000AT_BANNER([firewall-offline-cmd]) m4_define([FIREWALL_BACKEND], [offline]) dnl !!! DO NOT ADD TESTS HERE !!! dnl dnl Most tests are common and should be added to firewall-cmd.at dnl See FWD_CHECK() and related macros for the magic. dnl dnl !!! DO NOT ADD TESTS HERE !!! m4_define([TESTING_FIREWALL_OFFLINE_CMD]) m4_include([cli/firewall-cmd.at]) m4_include([features/features.at]) dnl Now begin the tests explicitly for firewall-offline-cmd dnl m4_define([TESTING_FIREWALL_OFFLINE_CMD_PASSTHROUGH]) FWD_START_TEST([lokkit migration]) AT_KEYWORDS(lokkit) dnl from command line FWD_CHECK([--addmodule=abc --addmodule=efg --removemodule=xyz dnl --trust=eth+ --trust=em0 dnl --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp dnl --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config dnl --service=dns --service=ftp --remove-service=dhcpv6-client dnl --block-icmp=router-advertisement --block-icmp=router-solicitation dnl --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 dnl --forward-port=if=ippp+:port=333:proto=udp:toport=444], 0, ignore) FWD_CHECK([--zone=trusted --query-interface=eth+], 0, ignore) FWD_CHECK([--zone=trusted --query-interface=em0], 0, ignore) FWD_CHECK([--query-service dns], 0, ignore) FWD_CHECK([--query-service ftp], 0, ignore) FWD_CHECK([--query-service dhcpv6-client], 1, ignore) FWD_CHECK([--query-icmp-block router-advertisement], 0, ignore) FWD_CHECK([--query-icmp-block router-solicitation], 0, ignore) FWD_CHECK([--query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4], 0, ignore) FWD_CHECK([--query-forward-port port=333:proto=udp:toport=444], 0, ignore) dnl from file AT_CHECK([cat << EOF > ./system-config-firewall --addmodule=abc --addmodule=efg --removemodule=xyz --trust=eth+ --trust=em0 --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config --service=dns --service=ftp --remove-service=dhcpv6-client --block-icmp=router-advertisement --block-icmp=router-solicitation --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 --forward-port=if=ippp+:port=333:proto=udp:toport=444 EOF ], 0, ignore) FWD_CHECK([--migrate-system-config-firewall=./system-config-firewall], 0, ignore) FWD_CHECK([--zone=trusted --query-interface=eth+], 0, ignore) FWD_CHECK([--zone=trusted --query-interface=em0], 0, ignore) FWD_CHECK([--query-service dns], 0, ignore) FWD_CHECK([--query-service ftp], 0, ignore) FWD_CHECK([--query-service dhcpv6-client], 1, ignore) FWD_CHECK([--query-icmp-block router-advertisement], 0, ignore) FWD_CHECK([--query-icmp-block router-solicitation], 0, ignore) FWD_CHECK([--query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4], 0, ignore) FWD_CHECK([--query-forward-port port=333:proto=udp:toport=444], 0, ignore) FWD_END_TEST m4_undefine([TESTING_FIREWALL_OFFLINE_CMD_PASSTHROUGH]) m4_undefine([TESTING_FIREWALL_OFFLINE_CMD]) firewalld-1.1.1/src/tests/cli/firewall-cmd.at0000644000000000000000000033114214217345563021073 0ustar00rootroot00000000000000m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ AT_BANNER([firewall-cmd (FIREWALL_BACKEND)]) ]) FWD_START_TEST([basic options]) AT_KEYWORDS(panic reload) FWD_CHECK([-h], 0, ignore) FWD_CHECK([--help], 0, ignore) FWD_CHECK([-V], 0, ignore) FWD_CHECK([--reload], 0, ignore) dnl Don't test --complete-reload, it causes modules to unload and we don't dnl want to do that to the testing host. The module unload _should_ be dnl denied, but lets be safe and avoid it all together. dnl dnl FWD_CHECK([--complete-reload], 0, ignore) FWD_CHECK([--permanent --complete-reload], 2, ignore, ignore) FWD_CHECK([--panic-on], 0, ignore) FWD_RELOAD FWD_CHECK([--query-panic], 0, [yes ]) FWD_CHECK([--panic-off], 0, ignore) FWD_CHECK([--query-panic], 1, [no ]) FWD_END_TEST FWD_START_TEST([get/list options]) AT_KEYWORDS(zone service icmp) FWD_CHECK([--get-zones], 0, ignore) FWD_CHECK([--get-services], 0, ignore) FWD_CHECK([--get-icmptypes], 0, ignore) FWD_CHECK([--permanent --get-zones], 0, ignore) FWD_CHECK([--permanent --get-services], 0, ignore) FWD_CHECK([--permanent --get-icmptypes], 0, ignore) FWD_CHECK([--list-all-zones], 0, ignore) FWD_CHECK([--list-all], 0, ignore) FWD_CHECK([--permanent --list-all-zones], 0, ignore) FWD_CHECK([--permanent --list-all], 0, ignore) FWD_END_TEST FWD_START_TEST([default zone]) AT_KEYWORDS(zone) FWD_CHECK([--get-default-zone], 0, [public ]) FWD_CHECK([--set-default-zone="home"], 0, ignore) FWD_CHECK([--get-default-zone], 0, [home ]) FWD_CHECK([--set-default-zone="public"], 0, ignore) FWD_CHECK([--set-default-zone], 2, ignore, ignore) FWD_END_TEST FWD_START_TEST([user zone]) AT_KEYWORDS(zone) FWD_CHECK([--new-zone=foobar], 2, ignore, ignore) dnl no --permanent FWD_CHECK([--permanent --new-zone=foobar], 0, ignore) FWD_CHECK([--permanent --get-zones | grep foobar], 0, ignore) FWD_CHECK([--permanent --zone=foobar --get-target | grep default], 0, ignore) FWD_CHECK([--permanent --zone=foobar --set-target=BAD], 110, ignore, ignore) FWD_CHECK([--permanent --zone=foobar --set-target=%%REJECT%%], 0, ignore) FWD_CHECK([--permanent --zone=foobar --set-target=DROP], 0, ignore) FWD_CHECK([--permanent --zone=foobar --set-target=ACCEPT], 0, ignore) FWD_CHECK([--permanent --zone=foobar --get-target | grep ACCEPT], 0, ignore) FWD_CHECK([--permanent --zone=foobar --add-service=ssh], 0, ignore) dnl verify zone name limits (currently 17) FWD_CHECK([-q --permanent --new-zone=123456789abcefghi]) FWD_CHECK([-q --permanent --new-zone=123456789abcefghij], 116, [ignore], [ignore]) FWD_END_TEST([-e '/ERROR: INVALID_TARGET: /d'dnl -e '/ERROR: INVALID_NAME: /d']) FWD_START_TEST([zone interfaces]) AT_KEYWORDS(zone) FWD_CHECK([--zone=work --add-interface=dummy], 0, ignore) FWD_CHECK([--get-zone-of-interface=dummy], 0, [work ]) FWD_CHECK([--get-active-zones], 0, ignore) FWD_CHECK([--zone work --query-interface=dummy], 0, ignore) FWD_CHECK([--zone=public --change-interface=dummy], 0, ignore) FWD_CHECK([--get-zone-of-interface=dummy], 0, [public ]) FWD_CHECK([--zone=block --add-interface=dummy1], 0, ignore) FWD_CHECK([--zone=block --remove-interface=dummy1], 0, ignore) FWD_CHECK([--zone=dmz --change-zone=dummy], 0, ignore) FWD_CHECK([--get-zone-of-interface=dummy], 0, [dmz ]) FWD_CHECK([--zone=dmz --list-interfaces], 0, [dummy ]) FWD_CHECK([--zone=dmz --remove-interface=dummy], 0, ignore) FWD_CHECK([--zone=dmz --query-interface dummy], 1, ignore, ignore) FWD_CHECK([--zone=dmz --change-interface=dummy], 0, ignore) dnl functions as an add FWD_CHECK([--zone=dmz --query-interface dummy], 0, ignore) FWD_CHECK([--zone=dmz --remove-interface=dummy], 0, ignore) FWD_CHECK([--zone=dmz --query-interface dummy], 1, ignore, ignore) FWD_CHECK([--get-zone-of-interface=dummy], 2, ignore, ignore) FWD_CHECK([--get-zone-of-interface], 2, ignore, ignore) FWD_CHECK([--zone=dmz --get-zones], 2, ignore, ignore) FWD_CHECK([--zone=dmz --get-services], 2, ignore, ignore) FWD_CHECK([--zone=dmz --get-default-zone], 2, ignore, ignore) FWD_CHECK([--zone=dmz --set-default-zone], 2, ignore, ignore) FWD_CHECK([--zone=dmz --get-zone-of-interface], 2, ignore, ignore) FWD_CHECK([--permanent --zone=work --add-interface=perm_dummy], 0, ignore) FWD_CHECK([--permanent --zone=trusted --add-interface=perm_dummy2], 0, ignore) FWD_RELOAD FWD_CHECK([--permanent --get-zone-of-interface=perm_dummy], 0, [work ]) FWD_CHECK([--permanent --zone work --query-interface=perm_dummy], 0, ignore) FWD_CHECK([--permanent --zone=work --list-interfaces], 0, [perm_dummy ]) m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ FWD_CHECK([--permanent --zone=public --add-interface=perm_dummy], 18, ignore, ignore) ]) FWD_CHECK([--permanent --zone=public --change-interface=perm_dummy], 0, ignore) FWD_CHECK([--permanent --get-zone-of-interface=perm_dummy], 0, [public ]) FWD_CHECK([--permanent --zone=public --remove-interface=perm_dummy], 0, ignore) FWD_CHECK([--permanent --zone=public --query-interface perm_dummy], 1, ignore) FWD_CHECK([--permanent --zone=public --change-interface=perm_dummy], 0, ignore) FWD_CHECK([--permanent --get-zone-of-interface=perm_dummy], 0, [public ]) FWD_CHECK([--permanent --zone=public --remove-interface=perm_dummy], 0, ignore) FWD_CHECK([--permanent --zone=public --query-interface perm_dummy], 1, ignore) FWD_CHECK([--permanent --zone=trusted --remove-interface=perm_dummy2], 0, ignore) FWD_RELOAD FWD_CHECK([--add-interface=foo], 0, ignore) FWD_CHECK([--add-interface=bar --zone=public], 0, ignore) FWD_CHECK([--set-default-zone=trusted], 0, ignore) FWD_CHECK([--get-default-zone], 0, [trusted ]) dnl check that changing default zone moves interfaces in that zone FWD_CHECK([--query-interface foo --zone=trusted], 0, ignore) dnl check that *only* iface1 was moved to new default zone FWD_CHECK([--query-interface bar --zone=public], 0, ignore) FWD_CHECK([--set-default-zone=public], 0, ignore) FWD_CHECK([--remove-interface=foo], 0, ignore) FWD_CHECK([--remove-interface=bar], 0, ignore) dnl exercise wildcards, rhbz 1644025 dnl Note: This feature is undocumented, because it's a possible security dnl risk. FWD_CHECK([--zone=trusted --add-interface=+], 0, ignore) FWD_CHECK([--add-interface=foobar+++], 0, ignore) FWD_CHECK([--add-interface=foobar+], 0, ignore) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { iifname "foobar*" goto filter_IN_public iifname "foobar++*" goto filter_IN_public goto filter_IN_trusted goto filter_IN_public } } ]) FWD_CHECK([--zone=trusted --remove-interface=+], 0, ignore) FWD_CHECK([--remove-interface=foobar+++], 0, ignore) FWD_CHECK([--remove-interface=foobar+], 0, ignore) FWD_CHECK([--permanent --add-interface=foobar+], 0, ignore) FWD_CHECK([--permanent --remove-interface=foobar+], 0, ignore) FWD_RELOAD FWD_END_TEST([-e '/ERROR: ZONE_CONFLICT: perm_dummy/d']) FWD_START_TEST([zone sources]) AT_KEYWORDS(zone) m4_define([check_zone_source], [ FWD_CHECK([--zone=public --add-source=$1], 0, ignore) FWD_CHECK([--get-zone-of-source=$1], 0, [public ]) FWD_CHECK([--zone=public --list-sources], 0, [$1 ]) FWD_CHECK([--zone=public --list-all | TRIM | grep ^sources], 0, [sources: $1 ]) FWD_CHECK([--get-active-zones | TRIM | grep "^\(public\|sources\)"], 0, [public sources: $1 ]) FWD_CHECK([--zone public --query-source=$1], 0, ignore) FWD_CHECK([--zone=work --change-source=$1], 0, ignore) FWD_CHECK([--get-zone-of-source=$1], 0, [work ]) FWD_CHECK([--zone=work --remove-source=$1], 0, ignore) FWD_CHECK([--zone work --query-source=$1], 1, ignore) FWD_CHECK([--get-zone-of-source=$1], 2, ignore, ignore) FWD_CHECK([--get-zone-of-source], 2, ignore, ignore) dnl missing arg FWD_CHECK([--permanent --zone=public --add-source=$1], 0, ignore) FWD_CHECK([--permanent --get-zone-of-source=$1], 0, [public ]) FWD_CHECK([--permanent --zone=public --list-sources], 0, [$1 ]) FWD_CHECK([--permanent --zone=public --list-all | TRIM | grep ^sources], 0, [sources: $1 ]) FWD_CHECK([--permanent --zone public --query-source=$1], 0, ignore) m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ FWD_CHECK([--permanent --zone=work --add-source=$1], 18, ignore, ignore) ]) FWD_CHECK([--permanent --zone=work --change-source=$1], 0, ignore) FWD_CHECK([--permanent --get-zone-of-source=$1], 0, [work ]) FWD_CHECK([--permanent --zone=work --remove-source=$1], 0, ignore) FWD_CHECK([--permanent --zone work --query-source=$1], 1, ignore) ]) check_zone_source([1.2.3.4]) check_zone_source([192.168.1.0/24]) check_zone_source([192.168.1.1/255.255.255.0]) IF_HOST_SUPPORTS_IPV6_RULES([ check_zone_source([3ffe:501:ffff::/64]) check_zone_source([dead:beef::babe]) ]) m4_undefine([check_zone_source]) FWD_END_TEST([ -e '/ERROR: ZONE_CONFLICT/d']) FWD_START_TEST([services]) AT_KEYWORDS(service) FWD_CHECK([--add-service=dns --timeout 60 --zone=public], 0, ignore) FWD_CHECK([--query-service dns], 0, ignore) FWD_CHECK([--remove-service=dns], 0, ignore) FWD_CHECK([--query-service=dns], 1, ignore) FWD_CHECK([--add-service=smtpssssssss], 101, ignore, ignore) FWD_CHECK([--add-service=dns --timeout], 2, ignore, ignore) dnl missing argument FWD_CHECK([--add-service=dns --add-interface=dummy0], 2, ignore, ignore) dnl impossible combination FWD_CHECK([--permanent --zone=external --add-service=dns --timeout 60], 2, ignore, ignore) dnl impossible combination FWD_CHECK([--permanent --zone=external --add-service dns], 0, ignore) FWD_CHECK([--permanent --zone=external --list-services], 0, [dns ssh ]) FWD_CHECK([--permanent --zone=external --query-service dns], 0, ignore) m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [ FWD_CHECK([--permanent --zone=external --remove-service-from-zone=dns], 0, ignore) ], [ FWD_CHECK([--permanent --zone=external --remove-service=dns], 0, ignore) ]) FWD_CHECK([--permanent --zone=external --query-service=dns], 1, ignore) FWD_CHECK([--permanent --zone=external --add-service=smtpssssssss], 101, ignore, ignore) FWD_CHECK([--permanent --zone=external --add-service=dns --add-interface=dummy0], 2, ignore, ignore) dnl impossible combination FWD_CHECK([--add-service=http --add-service=nfs --timeout=1h], 0, ignore) FWD_CHECK([--query-service http], 0, ignore) FWD_CHECK([--query-service=nfs --zone=public], 0, ignore) FWD_CHECK([--remove-service=nfs --remove-service=http], 0, ignore) FWD_CHECK([--query-service http], 1, ignore) FWD_CHECK([--query-service nfs], 1, ignore) FWD_CHECK([--permanent --add-service=http --add-service=nfs], 0, ignore) FWD_CHECK([--permanent --query-service http], 0, ignore) FWD_CHECK([--permanent --query-service=nfs --zone=public], 0, ignore) m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [ FWD_CHECK([--permanent --remove-service-from-zone=nfs --remove-service-from-zone=http], 0, ignore) ], [ FWD_CHECK([--permanent --remove-service=nfs --remove-service=http], 0, ignore) ]) FWD_CHECK([--permanent --query-service http], 1, ignore) FWD_CHECK([--permanent --query-service nfs], 1, ignore) FWD_END_TEST([-e '/ERROR: INVALID_SERVICE:/d']) FWD_START_TEST([user services]) AT_KEYWORDS(service) FWD_CHECK([--permanent --new-service=ssh], 26, ignore, ignore) dnl already exists FWD_CHECK([--permanent --new-service=foobar], 0, ignore) FWD_CHECK([--permanent --get-services | grep foobar], 0, ignore) FWD_CHECK([--permanent --service=foobar --add-port=666], 102, ignore, ignore) dnl no protocol FWD_CHECK([--permanent --service=foobar --add-port=666/dummy], 103, ignore, ignore) dnl bad protocol FWD_CHECK([--permanent --service=foobar --add-port=666/tcp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-port=666/tcp], 0, ignore) FWD_CHECK([--permanent --service=foobar --add-port=111-222/udp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-port=111-222/udp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-port 111-222/udp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-port=111-222/udp], 1, ignore) FWD_CHECK([--permanent --service=foobar --add-port=666/sctp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-port=666/sctp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-port 666/sctp], 0, ignore, ignore) FWD_CHECK([--permanent --service=foobar --query-port=666/sctp], 1, ignore) FWD_CHECK([--permanent --service=foobar --add-port=999/dccp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-port=999/dccp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-port 999/dccp], 0, ignore, ignore) FWD_CHECK([--permanent --service=foobar --query-port=999/dccp], 1, ignore) FWD_CHECK([--permanent --service=foobar --add-port=666/sctp], 0, ignore) FWD_CHECK([--permanent --service=foobar --add-port=999/dccp], 0, ignore) FWD_CHECK([--permanent --service=foobar --add-protocol=ddp --add-protocol gre], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-protocol=ddp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-protocol=gre], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-protocol ddp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-protocol gre], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-protocol=ddp], 1, ignore) FWD_CHECK([--permanent --service=foobar --query-protocol=gre], 1, ignore) FWD_CHECK([--permanent --service=foobar --add-module=sip], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-module=sip], 0, ignore) FWD_CHECK([--permanent --service=foobar --add-module=ftp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-module=ftp], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-module=ftp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-module=ftp], 1, ignore) FWD_CHECK([--permanent --service=foobar --add-helper=sip], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-helper=sip], 0, ignore) FWD_CHECK([--permanent --service=foobar --add-helper=ftp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-helper=ftp], 0, ignore) FWD_CHECK([--permanent --service=foobar --get-service-helpers], 0, [dnl ftp ]) FWD_CHECK([--permanent --service=foobar --remove-helper=ftp], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-helper=ftp], 1, ignore) FWD_CHECK([--permanent --service=foobar --set-destination=ipv4], 121, ignore, ignore) dnl no address FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:foo], 105, ignore, ignore) dnl bad address FWD_CHECK([--permanent --service=foobar --set-destination=ipv4:1.2.3.4], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-destination=ipv4], 0, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64], 0, ignore) FWD_CHECK([--permanent --service=foobar --remove-destination=ipv6], 0, ignore) FWD_CHECK([--permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64], 1, ignore) ]) FWD_CHECK([--permanent --zone=public --add-service=foobar], 0, ignore) FWD_CHECK([--permanent --zone=public --list-services | grep foobar], 0, ignore) FWD_CHECK([--permanent --delete-service=foobar], 0, ignore) FWD_CHECK([--permanent --zone=public --list-services | grep foobar], 1, ignore) AT_DATA([./foobar-to-be-renamed], [m4_strip([dnl ]) FWD_CHECK([--permanent --new-service-from-file="./foobar-to-be-renamed" --name="foobar-from-file"]) FWD_CHECK([--permanent --get-services | grep foobar-from-file], 0, [ignore]) ]) FWD_END_TEST([-e '/ERROR: NAME_CONFLICT: new_service():/d' dnl -e '/ERROR: INVALID_ADDR:/d']) FWD_START_TEST([ports]) AT_KEYWORDS(port) FWD_CHECK([--zone home --list-ports], 0, ignore) FWD_CHECK([--add-port=666], 102, ignore, ignore) dnl no protocol FWD_CHECK([--add-port=666/dummy], 103, ignore, ignore) dnl bad protocol FWD_CHECK([--add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo], 254, ignore, ignore) FWD_CHECK([--add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo --add-port bar], 254, ignore, ignore) FWD_CHECK([--add-port=666/tcp --zone=public --timeout=30m], 0, ignore) FWD_CHECK([--remove-port=666/tcp], 0, ignore) FWD_CHECK([--add-port=111-222/udp], 0, ignore) FWD_CHECK([--query-port=111-222/udp --zone=public], 0, ignore) FWD_CHECK([--remove-port 111-222/udp], 0, ignore) FWD_CHECK([--query-port=111-222/udp], 1, ignore) FWD_CHECK([--add-port=5000/sctp], 0, ignore) FWD_CHECK([--query-port=5000/sctp --zone=public], 0, ignore) FWD_CHECK([--remove-port 5000/sctp], 0, ignore) FWD_CHECK([--query-port=5000/sctp], 1, ignore) FWD_CHECK([--add-port=222/dccp], 0, ignore) FWD_CHECK([--query-port=222/dccp --zone=public], 0, ignore) FWD_CHECK([--remove-port 222/dccp], 0, ignore) FWD_CHECK([--query-port=222/dccp], 1, ignore) FWD_CHECK([--permanent --add-port=666], 102, ignore, ignore) dnl no protocol FWD_CHECK([--permanent --add-port=666/dummy], 103, ignore, ignore) dnl bad protocol FWD_CHECK([--permanent --add-port=666/tcp], 0, ignore) FWD_CHECK([--permanent --remove-port=666/tcp --zone=public], 0, ignore) FWD_CHECK([--permanent --add-port=111-222/udp --zone=public], 0, ignore) FWD_CHECK([--permanent --query-port=111-222/udp], 0, ignore) FWD_CHECK([--permanent --remove-port 111-222/udp], 0, ignore) FWD_CHECK([--permanent --query-port=111-222/udp], 1, ignore) FWD_CHECK([--permanent --add-port=5000/sctp], 0, ignore) FWD_CHECK([--permanent --query-port=5000/sctp --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-port 5000/sctp], 0, ignore) FWD_CHECK([--permanent --query-port=5000/sctp], 1, ignore) FWD_CHECK([--permanent --add-port=222/dccp], 0, ignore) FWD_CHECK([--permanent --query-port=222/dccp --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-port 222/dccp], 0, ignore) FWD_CHECK([--permanent --query-port=222/dccp], 1, ignore) FWD_CHECK([--add-port=80/tcp --add-port 443-444/udp], 0, ignore) FWD_CHECK([--query-port=80/tcp --zone=public], 0, ignore) FWD_CHECK([--query-port=443-444/udp], 0, ignore) FWD_CHECK([--remove-port 80/tcp --remove-port=443-444/udp], 0, ignore) FWD_CHECK([--query-port=80/tcp], 1, ignore) FWD_CHECK([--query-port=443-444/udp], 1, ignore) FWD_CHECK([--permanent --add-port=80/tcp --add-port 443-444/udp], 0, ignore) FWD_CHECK([--permanent --query-port=80/tcp --zone=public], 0, ignore) FWD_CHECK([--permanent --query-port=443-444/udp], 0, ignore) FWD_CHECK([--permanent --remove-port 80/tcp --remove-port=443-444/udp], 0, ignore) FWD_CHECK([--permanent --query-port=80/tcp], 1, ignore) FWD_CHECK([--permanent --query-port=443-444/udp], 1, ignore) FWD_END_TEST FWD_START_TEST([source ports]) AT_KEYWORDS(port) FWD_CHECK([--zone home --list-source-ports], 0, ignore) FWD_CHECK([--add-source-port=666], 102, ignore, ignore) dnl no protocol FWD_CHECK([--add-source-port=666/dummy], 103, ignore, ignore) dnl bad protocol FWD_CHECK([--add-source-port=666/tcp --zone=public --timeout=30m], 0, ignore) FWD_CHECK([--remove-source-port=666/tcp], 0, ignore) FWD_CHECK([--add-source-port=111-222/udp], 0, ignore) FWD_CHECK([--query-source-port=111-222/udp --zone=public], 0, ignore) FWD_CHECK([--remove-source-port 111-222/udp], 0, ignore) FWD_CHECK([--query-source-port=111-222/udp], 1, ignore) FWD_CHECK([--permanent --add-source-port=666], 102, ignore, ignore) dnl no protocol FWD_CHECK([--permanent --add-source-port=666/dummy], 103, ignore, ignore) dnl bad protocol FWD_CHECK([--permanent --add-source-port=666/tcp], 0, ignore) FWD_CHECK([--permanent --remove-source-port=666/tcp --zone=public], 0, ignore) FWD_CHECK([--permanent --add-source-port=111-222/udp --zone=public], 0, ignore) FWD_CHECK([--permanent --query-source-port=111-222/udp], 0, ignore) FWD_CHECK([--permanent --remove-source-port 111-222/udp], 0, ignore) FWD_CHECK([--permanent --query-source-port=111-222/udp], 1, ignore) FWD_CHECK([--add-source-port=80/tcp --add-source-port 443-444/udp], 0, ignore) FWD_CHECK([--query-source-port=80/tcp --zone=public], 0, ignore) FWD_CHECK([--query-source-port=443-444/udp], 0, ignore) FWD_CHECK([--remove-source-port 80/tcp --remove-source-port=443-444/udp], 0, ignore) FWD_CHECK([--query-source-port=80/tcp], 1, ignore) FWD_CHECK([--query-source-port=443-444/udp], 1, ignore) FWD_CHECK([--permanent --add-source-port=80/tcp --add-source-port 443-444/udp], 0, ignore) FWD_CHECK([--permanent --query-source-port=80/tcp --zone=public], 0, ignore) FWD_CHECK([--permanent --query-source-port=443-444/udp], 0, ignore) FWD_CHECK([--permanent --remove-source-port 80/tcp --remove-source-port=443-444/udp], 0, ignore) FWD_CHECK([--permanent --query-source-port=80/tcp], 1, ignore) FWD_CHECK([--permanent --query-source-port=443-444/udp], 1, ignore) FWD_END_TEST FWD_START_TEST([protocols]) AT_KEYWORDS(protocol) FWD_CHECK([--add-protocol=dummy], 103, ignore, ignore) FWD_CHECK([--add-protocol=dccp --zone=public], 0, ignore) FWD_CHECK([--query-protocol=dccp], 0, ignore) FWD_CHECK([--remove-protocol dccp], 0, ignore) FWD_CHECK([--query-protocol=dccp], 1, ignore) FWD_CHECK([--permanent --add-protocol=dummy], 103, ignore, ignore) FWD_CHECK([--permanent --add-protocol=dccp --zone=public], 0, ignore) FWD_CHECK([--permanent --query-protocol=dccp], 0, ignore) FWD_CHECK([--permanent --remove-protocol dccp], 0, ignore) FWD_CHECK([--permanent --query-protocol=dccp], 1, ignore) FWD_CHECK([--add-protocol=ddp --add-protocol gre], 0, ignore) FWD_CHECK([--query-protocol=ddp --zone=public], 0, ignore) FWD_CHECK([--query-protocol=gre], 0, ignore) FWD_CHECK([--remove-protocol ddp --remove-protocol=gre], 0, ignore) FWD_CHECK([--query-protocol=ddp], 1, ignore) FWD_CHECK([--query-protocol=gre], 1, ignore) FWD_CHECK([--permanent --add-protocol=ddp --add-protocol gre], 0, ignore) FWD_CHECK([--permanent --query-protocol=ddp --zone=public], 0, ignore) FWD_CHECK([--permanent --query-protocol=gre], 0, ignore) FWD_CHECK([--permanent --remove-protocol ddp --remove-protocol=gre], 0, ignore) FWD_CHECK([--permanent --query-protocol=ddp], 1, ignore) FWD_CHECK([--permanent --query-protocol=gre], 1, ignore) FWD_END_TEST([-e '/ERROR: INVALID_PROTOCOL: dummy/d']) FWD_START_TEST([masquerade]) AT_KEYWORDS(masquerade nat) FWD_CHECK([--add-masquerade --zone=public], 0, ignore) dnl man page says this should only affect IPv4, so verify that. NFT_LIST_RULES([inet], [nat_POST_public_allow], 0, [dnl table inet firewalld { chain nat_POST_public_allow { meta nfproto ipv4 oifname != "lo" masquerade } } ]) IPTABLES_LIST_RULES([nat], [POST_public_allow], 0, [dnl MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [POST_public_allow], 0, [dnl ]) FWD_CHECK([--query-masquerade], 0, ignore) FWD_CHECK([--remove-masquerade], 0, ignore) FWD_CHECK([--query-masquerade], 1, ignore) FWD_CHECK([--permanent --add-masquerade --zone=public], 0, ignore) FWD_CHECK([--permanent --query-masquerade], 0, ignore) FWD_CHECK([--permanent --remove-masquerade], 0, ignore) FWD_CHECK([--permanent --query-masquerade], 1, ignore) FWD_END_TEST FWD_START_TEST([forward]) AT_KEYWORDS(forward gh586 gh613) FWD_CHECK([--zone=home --add-interface=dummy --add-interface=dummy2], 0, ignore) FWD_CHECK([--zone=home --add-forward], 0, ignore) NFT_LIST_RULES([inet], [filter_FWD_home_allow], 0, [dnl table inet firewalld { chain filter_FWD_home_allow { oifname "dummy" accept oifname "dummy2" accept } } ]) dnl These two ipXtables rules correspond to: dnl -A FWD_home_allow -o dummy -j ACCEPT dnl -A FWD_home_allow -o dummy2 -j ACCEPT dnl although we can't assert the interface names because they don't dnl appear in these rule listings, unfortunately... IPTABLES_LIST_RULES([filter], [FWD_home_allow], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FWD_home_allow], 0, [dnl ACCEPT all ::/0 ::/0 ACCEPT all ::/0 ::/0 ]) dnl Forward rules should be updated when the interfaces change FWD_CHECK([--zone=home --remove-interface=dummy2], 0, ignore) NFT_LIST_RULES([inet], [filter_FWD_home_allow], 0, [dnl table inet firewalld { chain filter_FWD_home_allow { oifname "dummy" accept } } ]) IPTABLES_LIST_RULES([filter], [FWD_home_allow], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FWD_home_allow], 0, [dnl ACCEPT all ::/0 ::/0 ]) FWD_CHECK([--zone=home --add-interface=dummy3], 0, ignore) NFT_LIST_RULES([inet], [filter_FWD_home_allow], 0, [dnl table inet firewalld { chain filter_FWD_home_allow { oifname "dummy" accept oifname "dummy3" accept } } ]) IPTABLES_LIST_RULES([filter], [FWD_home_allow], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FWD_home_allow], 0, [dnl ACCEPT all ::/0 ::/0 ACCEPT all ::/0 ::/0 ]) FWD_CHECK([--zone=home --query-forward], 0, ignore) FWD_CHECK([--zone=home --remove-forward], 0, ignore) NFT_LIST_RULES([inet], [filter_FWD_home_allow], 0, [dnl table inet firewalld { chain filter_FWD_home_allow { } } ]) IPTABLES_LIST_RULES([filter], [FWD_home_allow], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FWD_home_allow], 0, [dnl ]) FWD_CHECK([--zone=home --query-forward], 1, ignore) FWD_CHECK([--zone=home --remove-interface=dummy --remove-interface=dummy3], 0, ignore) FWD_CHECK([--permanent --zone=home --add-forward], 0, ignore) FWD_CHECK([-q --permanent --zone=home --add-interface=dummy --add-interface=dummy3]) FWD_CHECK([-q --permanent --zone=home --add-source=10.10.10.0/24]) FWD_RELOAD FWD_CHECK([--permanent --zone=home --query-forward], 0, ignore) NFT_LIST_RULES([inet], [filter_FWD_home_allow], 0, [dnl table inet firewalld { chain filter_FWD_home_allow { oifname "dummy" accept oifname "dummy3" accept ip daddr 10.10.10.0/24 accept } } ]) IPTABLES_LIST_RULES([filter], [FWD_home_allow], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([filter], [FWD_home_allow], 0, [dnl ACCEPT all ::/0 ::/0 ACCEPT all ::/0 ::/0 ]) FWD_CHECK([--permanent --zone=home --remove-forward], 0, ignore) FWD_CHECK([--permanent --zone=home --query-forward], 1, ignore) FWD_CHECK([-q --permanent --zone=home --remove-interface=dummy --remove-interface=dummy3]) FWD_CHECK([-q --permanent --zone=home --remove-source=10.10.10.0/24]) FWD_RELOAD dnl verify enabled in default zone doesn't add a wildcard/catch-all entry FWD_CHECK([--get-default-zone |grep public], 0, [ignore]) FWD_CHECK([-q --add-interface dummy4]) FWD_CHECK([-q --add-forward]) NFT_LIST_RULES([inet], [filter_FWD_public_allow], 0, [dnl table inet firewalld { chain filter_FWD_public_allow { oifname "dummy4" accept } } ]) IPTABLES_LIST_RULES([filter], [FWD_public_allow], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FWD_public_allow], 0, [dnl ACCEPT all ::/0 ::/0 ]) dnl zone source FWD_CHECK([--zone=internal --add-source=10.10.10.0/24], 0, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--zone=internal --add-source=1234::/64], 0, ignore) ]) FWD_CHECK([--zone=internal --add-forward], 0, ignore) NFT_LIST_RULES([inet], [filter_FWD_internal_allow], 0, [dnl table inet firewalld { chain filter_FWD_internal_allow { ip daddr 10.10.10.0/24 accept ip6 daddr 1234::/64 accept } } ]) IPTABLES_LIST_RULES([filter], [FWD_internal_allow], 0, [dnl ACCEPT all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([filter], [FWD_internal_allow], 0, [dnl ACCEPT all ::/0 1234::/64 ]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--zone=internal --remove-source=1234::/64], 0, ignore) ]) NFT_LIST_RULES([inet], [filter_FWD_internal_allow], 0, [dnl table inet firewalld { chain filter_FWD_internal_allow { ip daddr 10.10.10.0/24 accept } } ]) IPTABLES_LIST_RULES([filter], [FWD_internal_allow], 0, [dnl ACCEPT all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([filter], [FWD_internal_allow], 0, [dnl ]) FWD_CHECK([--zone=internal --add-source=10.20.20.0/24], 0, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--zone=internal --add-source=4321::/64], 0, ignore) ]) NFT_LIST_RULES([inet], [filter_FWD_internal_allow], 0, [dnl table inet firewalld { chain filter_FWD_internal_allow { ip daddr 10.10.10.0/24 accept ip daddr 10.20.20.0/24 accept ip6 daddr 4321::/64 accept } } ]) IPTABLES_LIST_RULES([filter], [FWD_internal_allow], 0, [dnl ACCEPT all -- 0.0.0.0/0 10.10.10.0/24 ACCEPT all -- 0.0.0.0/0 10.20.20.0/24 ]) IP6TABLES_LIST_RULES([filter], [FWD_internal_allow], 0, [dnl ACCEPT all ::/0 4321::/64 ]) FWD_CHECK([--zone=internal --remove-forward], 0, ignore) NFT_LIST_RULES([inet], [filter_FWD_internal_allow], 0, [dnl table inet firewalld { chain filter_FWD_internal_allow { } } ]) IPTABLES_LIST_RULES([filter], [FWD_internal_allow], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FWD_internal_allow], 0, [dnl ]) FWD_END_TEST FWD_START_TEST([forward ports]) AT_KEYWORDS(port forward_port) FWD_CHECK([--add-forward-port=666], 106, ignore, ignore) FWD_CHECK([--add-forward-port=port=11:proto=tcp:toport=22], 0, ignore) dnl man page says this should only affect IPv4, so verify that. NFT_LIST_RULES([inet], [nat_PRE_public_allow], 0, [dnl table inet firewalld { chain nat_PRE_public_allow { meta nfproto ipv4 tcp dport 11 redirect to :22 } } ]) IPTABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11 to::22 ]) IP6TABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl ]) FWD_CHECK([--remove-forward-port=port=11:proto=tcp:toport=22 --zone=public], 0, ignore) FWD_CHECK([--add-forward-port=port=33:proto=tcp:toaddr=4444], 105, ignore, ignore) dnl bad address FWD_CHECK([--add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public], 0, ignore) dnl man page says this should only affect IPv4, so verify that. NFT_LIST_RULES([inet], [nat_PRE_public_allow], 0, [dnl table inet firewalld { chain nat_PRE_public_allow { meta nfproto ipv4 tcp dport 33 dnat ip to 4.4.4.4 } } ]) IPTABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:33 to:4.4.4.4 ]) IP6TABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl ]) FWD_CHECK([--remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4], 0, ignore) FWD_CHECK([--add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore) FWD_CHECK([--remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7], 1, ignore) FWD_CHECK([--add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore) FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) dnl this should only affect IPv6, so verify that. NFT_LIST_RULES([inet], [nat_PRE_public_allow], 0, [dnl table inet firewalld { chain nat_PRE_public_allow { meta nfproto ipv6 sctp dport 66 dnat ip6 to [[fd00:dead:beef:ff0::]:66] } } ]) IPTABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl DNAT sctp ::/0 ::/0 sctp dpt:66 [to:[fd00:dead:beef:ff0::]:66] ]) FWD_CHECK([--query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore) FWD_CHECK([--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) FWD_CHECK([--query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 1, ignore) ]) FWD_CHECK([--add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200], 0, ignore) FWD_CHECK([--query-forward-port=port=100:proto=tcp:toport=200], 0, ignore) FWD_CHECK([--query-forward-port=port=88:proto=udp:toport=99 --zone=public], 0, ignore) FWD_CHECK([--remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99], 0, ignore) FWD_CHECK([--query-forward-port port=100:proto=tcp:toport=200], 1, ignore) FWD_CHECK([--query-forward-port=port=88:proto=udp:toport=99], 1, ignore) FWD_CHECK([--list-forward-ports], 0, ignore) FWD_CHECK([--permanent --add-forward-port=666], 106, ignore, ignore) FWD_CHECK([--permanent --add-forward-port=port=11:proto=tcp:toport=22], 0, ignore) FWD_CHECK([--permanent --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public], 0, ignore) FWD_CHECK([--permanent --add-forward-port=port=33:proto=tcp:toaddr=4444], 105, ignore, ignore) dnl bad address FWD_CHECK([--permanent --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4], 0, ignore) FWD_CHECK([--permanent --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--permanent --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--permanent --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7], 1, ignore) FWD_CHECK([--permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 0, ignore) FWD_CHECK([--permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7], 1, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) FWD_CHECK([--permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 0, ignore) FWD_CHECK([--permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0::], 1, ignore) ]) FWD_CHECK([--permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200], 0, ignore) FWD_CHECK([--permanent --query-forward-port=port=100:proto=tcp:toport=200], 0, ignore) FWD_CHECK([--permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public], 0, ignore) FWD_CHECK([--permanent --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99], 0, ignore) FWD_CHECK([--permanent --query-forward-port port=100:proto=tcp:toport=200], 1, ignore) FWD_CHECK([--permanent --query-forward-port=port=88:proto=udp:toport=99], 1, ignore) FWD_CHECK([--permanent --list-forward-ports], 0, ignore) FWD_END_TEST([-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) FWD_START_TEST([ICMP block]) AT_KEYWORDS(icmp) FWD_CHECK([--list-icmp-blocks], 0, ignore) FWD_CHECK([--zone=external --add-icmp-block=dummyblock], 107, ignore, ignore) FWD_CHECK([--zone=external --add-icmp-block=redirect], 0, ignore) FWD_CHECK([--zone=external --query-icmp-block=redirect], 0, ignore) FWD_CHECK([--zone=external --remove-icmp-block redirect], 0, ignore) FWD_CHECK([--zone=external --query-icmp-block=redirect], 1, ignore) FWD_CHECK([--permanent --zone=external --add-icmp-block=dummyblock], 107, ignore, ignore) FWD_CHECK([--permanent --zone=external --add-icmp-block=redirect], 0, ignore) FWD_CHECK([--permanent --zone=external --query-icmp-block=redirect], 0, ignore) FWD_CHECK([--permanent --zone=external --remove-icmp-block redirect], 0, ignore) FWD_CHECK([--permanent --zone=external --query-icmp-block=redirect], 1, ignore) FWD_CHECK([--add-icmp-block-inversion --zone=public], 0, ignore) FWD_CHECK([--query-icmp-block-inversion], 0, ignore) FWD_CHECK([--remove-icmp-block-inversion], 0, ignore) FWD_CHECK([--query-icmp-block-inversion], 1, ignore) FWD_CHECK([--permanent --add-icmp-block-inversion --zone=public], 0, ignore) FWD_CHECK([--permanent --query-icmp-block-inversion], 0, ignore) FWD_CHECK([--permanent --remove-icmp-block-inversion], 0, ignore) FWD_CHECK([--permanent --query-icmp-block-inversion], 1, ignore) FWD_CHECK([--add-icmp-block-inversion --zone=block], 0, ignore) FWD_CHECK([--remove-icmp-block-inversion --zone=block], 0, ignore) FWD_CHECK([--add-icmp-block-inversion --zone=drop], 0, ignore) FWD_CHECK([--remove-icmp-block-inversion --zone=drop], 0, ignore) FWD_CHECK([--add-icmp-block-inversion --zone=trusted], 0, ignore) FWD_CHECK([--remove-icmp-block-inversion --zone=trusted], 0, ignore) FWD_CHECK([--zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation], 0, ignore) FWD_CHECK([--zone=external --query-icmp-block=echo-reply], 0, ignore) FWD_CHECK([--zone=external --query-icmp-block=router-solicitation], 0, ignore) FWD_CHECK([--zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation], 0, ignore) FWD_CHECK([--zone=external --query-icmp-block=echo-reply], 1, ignore) FWD_CHECK([--zone=external --query-icmp-block=router-solicitation], 1, ignore) FWD_CHECK([--permanent --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation], 0, ignore) FWD_CHECK([--permanent --zone=external --query-icmp-block=echo-reply], 0, ignore) FWD_CHECK([--permanent --zone=external --query-icmp-block=router-solicitation], 0, ignore) FWD_CHECK([--permanent --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation], 0, ignore) FWD_CHECK([--permanent --zone=external --query-icmp-block=echo-reply], 1, ignore) FWD_CHECK([--permanent --zone=external --query-icmp-block=router-solicitation], 1, ignore) FWD_END_TEST([-e '/ERROR: INVALID_ICMPTYPE:/d']) FWD_START_TEST([user ICMP types]) AT_KEYWORDS(icmp) FWD_CHECK([--permanent --new-icmptype=redirect], 26, ignore, ignore) dnl already exists FWD_CHECK([--permanent --new-icmptype=foobar], 0, ignore) FWD_CHECK([--permanent --get-icmptypes | grep foobar], 0, ignore) FWD_CHECK([--permanent --icmptype=foobar --add-destination=ipv5], 111, ignore, ignore) FWD_CHECK([--permanent --icmptype=foobar --add-destination=ipv4], 0, ignore, ignore) FWD_CHECK([--permanent --icmptype=foobar --remove-destination=ipv4], 0, ignore) FWD_CHECK([--permanent --icmptype=foobar --add-destination=ipv4], 0, ignore) FWD_CHECK([--permanent --icmptype=foobar --query-destination=ipv4], 0, ignore) FWD_CHECK([--permanent --icmptype=foobar --remove-destination=ipv4], 0, ignore) FWD_CHECK([--permanent --icmptype=foobar --query-destination=ipv4], 1, ignore) FWD_CHECK([--permanent --zone=public --add-icmp-block=foobar], 0, ignore) FWD_CHECK([--permanent --zone=public --list-icmp-blocks | grep foobar], 0, ignore) FWD_CHECK([--permanent --delete-icmptype=foobar], 0, ignore) FWD_CHECK([--permanent --zone=public --list-icmp-blocks | grep foobar], 1, ignore) FWD_END_TEST([-e '/NAME_CONFLICT: new_icmptype():/d']) FWD_START_TEST([ipset]) AT_KEYWORDS(ipset rhbz1685256) CHECK_IPSET CHECK_IPSET_HASH_MAC FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip], 0, ignore) FWD_CHECK([--reload], 0, ignore) FWD_CHECK([--ipset=foobar --get-entries], 0, [ ]) FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4], 0, ignore) FWD_CHECK([--ipset=foobar --get-entries | grep "1.2.3.4"], 0, ignore) FWD_CHECK([--ipset=foobar --add-entry=1.2.3.400], 136, ignore, ignore) FWD_CHECK([--ipset=foobar --remove-entry=1.2.3.4], 0, ignore) FWD_CHECK([--ipset=foobar --get-entries], 0, [ ]) FWD_CHECK([--zone=public --add-source=ipset:foobar], 0, ignore) FWD_CHECK([--get-zone-of-source=ipset:foobar | grep public], 0, ignore) FWD_CHECK([--zone=public --list-sources | grep "ipset:foobar"], 0, ignore) FWD_CHECK([--zone=public --query-source=ipset:foobar], 0, ignore) FWD_CHECK([--zone=public --remove-source=ipset:foobar], 0, ignore) FWD_CHECK([--zone=public --query-source=ipset:foobar], 1, ignore) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_CHECK([--reload], 0, ignore) dnl multi dimensional sets FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,port], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,1234], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,2000-2100], 0, ignore) FWD_RELOAD NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr . inet_proto . inet_service flags interval elements = { 10.10.10.10 . tcp . 1234, 10.10.10.10 . tcp . 2000-2100 } } } ]) FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,8080], 0, ignore) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD dnl multi dimensional set with non default protocol FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,port], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002], 0, ignore) FWD_RELOAD FWD_CHECK([--ipset=foobar --add-entry=20.20.20.20,8080], 0, ignore) FWD_CHECK([--zone internal --add-source=ipset:foobar], 0, ignore) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr . inet_proto . inet_service flags interval elements = { 10.10.10.10 . sctp . 1234, 10.10.10.10 . udp . 1000-1002, 20.20.20.20 . tcp . 8080 } } } ]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { ip saddr . meta l4proto . th sport @foobar goto filter_IN_internal goto filter_IN_public } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip,port Members: 10.10.10.10,sctp:1234 10.10.10.10,udp:1000 10.10.10.10,udp:1001 10.10.10.10,udp:1002 20.20.20.20,tcp:8080 ]) FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,sctp:8080], 0, ignore) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD dnl hash:ip,mark FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,mark], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,0x100], 0, ignore) FWD_RELOAD FWD_CHECK([--ipset=foobar --add-entry=20.20.20.20,0x200], 0, ignore) FWD_CHECK([--zone internal --add-source=ipset:foobar], 0, ignore) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr . mark flags interval elements = { 10.10.10.10 . 0x00000100, 20.20.20.20 . 0x00000200 } } } ]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { ip saddr . mark @foobar goto filter_IN_internal goto filter_IN_public } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip,mark Members: 10.10.10.10,0x00000100 20.20.20.20,0x00000200 ]) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD dnl multi dimensional set with intervals FWD_CHECK([--permanent --new-ipset=foobar --type=hash:net,port], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234], 0, ignore) FWD_RELOAD FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,tcp:8080], 0, ignore) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD dnl multi dimensional set with intervals (3 dimensions) FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip,port,net], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24], 0, ignore) FWD_RELOAD FWD_CHECK([--ipset=foobar --add-entry=1.2.3.4,tcp:8080,1.6.0.0/16], 0, ignore) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr . inet_proto . inet_service . ipv4_addr flags interval elements = { 10.10.10.10 . sctp . 1234 . 10.10.10.0/24, 1.2.3.4 . tcp . 8080 . 1.6.0.0/16 } } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip,port,net Members: 1.2.3.4,tcp:8080,1.6.0.0/16 10.10.10.10,sctp:1234,10.10.10.0/24 ]) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD dnl hash:net,iface FWD_CHECK([--permanent --new-ipset=foobar --type=hash:net,iface], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=10.10.10.0/24,foobar0], 0, ignore) FWD_RELOAD FWD_CHECK([--ipset=foobar --add-entry=20.20.20.0/24,raboof0], 0, ignore) FWD_CHECK([--zone internal --add-source=ipset:foobar], 0, ignore) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr . ifname flags interval elements = { 10.10.10.0/24 . "foobar0", 20.20.20.0/24 . "raboof0" } } } ]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { ip saddr . oifname @foobar goto filter_IN_internal goto filter_IN_public } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:net,iface Members: 10.10.10.0/24,foobar0 20.20.20.0/24,raboof0 ]) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --new-ipset=foobar --type=hash:mac], 0, ignore) FWD_CHECK([--permanent --ipset=foobar --add-entry=12:34:56:78:90:ab], 0, ignore) FWD_RELOAD FWD_CHECK([--ipset=foobar --add-entry=12:34:56:78:90:ac], 0, ignore) FWD_CHECK([--permanent --delete-ipset=foobar], 0, ignore) FWD_RELOAD ]) FWD_END_TEST([-e '/ERROR: INVALID_ENTRY: invalid address/d']) FWD_START_TEST([user helpers]) AT_KEYWORDS(helper) FWD_CHECK([--permanent --new-helper=foobar --module=foo], 132, ignore, ignore) FWD_CHECK([--permanent --new-helper=foobar --module=nf_conntrack_foo], 0, ignore) FWD_CHECK([--permanent --get-helpers | grep foobar], 0, ignore) FWD_CHECK([--permanent --helper=foobar --get-family | grep ipv4], 1, ignore) FWD_CHECK([--permanent --helper=foobar --set-family=ipv5], 111, ignore, ignore) FWD_CHECK([--permanent --helper=foobar --set-family=ipv4], 0, ignore) FWD_CHECK([--permanent --helper=foobar --get-family | grep ipv4], 0, ignore) FWD_CHECK([--permanent --helper=foobar --set-family=], 0, ignore) FWD_CHECK([--permanent --helper=foobar --get-family], 0, [ ]) FWD_CHECK([--permanent --helper=foobar --get-ports], 0, [ ]) FWD_CHECK([--permanent --helper=foobar --add-port=44/tcp], 0, ignore) FWD_CHECK([--permanent --helper=foobar --get-ports | grep 44], 0, ignore) FWD_CHECK([--permanent --helper=foobar --query-port=44/tcp], 0, ignore) FWD_CHECK([--permanent --helper=foobar --remove-port=44/tcp], 0, ignore) FWD_CHECK([--permanent --helper=foobar --query-port=44/tcp], 1, ignore) FWD_CHECK([--permanent --helper=foobar --get-ports], 0, [ ]) FWD_CHECK([--permanent --delete-helper=foobar], 0, ignore) FWD_CHECK([--permanent --get-helpers | grep foobar], 1, ignore) FWD_END_TEST([-e '/ERROR: INVALID_MODULE:/d']) FWD_START_TEST([direct]) AT_KEYWORDS(direct) CHECK_IPTABLES FWD_CHECK([--direct --add-chain ipv4 filter mychain], 0, ignore) FWD_CHECK([--direct --get-chains ipv4 filter | grep mychain], 0, ignore) FWD_CHECK([--direct --get-all-chains | grep "ipv4 filter mychain"], 0, ignore) FWD_CHECK([--direct --query-chain ipv4 filter mychain], 0, ignore) FWD_CHECK([--direct --add-chain ipv5 filter mychain], 111, ignore, ignore) FWD_CHECK([--direct --add-chain ipv4 badtable mychain], 108, ignore, ignore) FWD_CHECK([--direct --add-rule ipv4 filter mychain 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --get-rules ipv4 filter mychain | grep "3 -j ACCEPT"], 0, ignore) FWD_CHECK([--direct --get-all-rules | grep "ipv4 filter mychain 3 -j ACCEPT"], 0, ignore) FWD_CHECK([--direct --query-rule ipv4 filter mychain 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --remove-rule ipv4 filter mychain 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --query-rule ipv4 filter mychain 3 -j ACCEPT], 1, ignore) FWD_CHECK([--direct --add-rule ipv5 filter mychain 3 -j ACCEPT], 111, ignore, ignore) FWD_CHECK([--direct --add-rule ipv4 badtable mychain 3 -j ACCEPT], 108, ignore, ignore) FWD_CHECK([--direct --add-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --get-rules ipv4 filter mychain | grep "3 -s 192.168.1.1 -j ACCEPT"], 0, ignore) FWD_CHECK([--direct --get-rules ipv4 filter mychain | grep "4 -s 192.168.1.2 -j ACCEPT"], 0, ignore) FWD_CHECK([--direct --get-rules ipv4 filter mychain | grep "5 -s 192.168.1.3 -j ACCEPT"], 0, ignore) FWD_CHECK([--direct --get-rules ipv4 filter mychain | grep "6 -s 192.168.1.4 -j ACCEPT"], 0, ignore) FWD_CHECK([--direct --remove-rules ipv4 filter mychain], 0, ignore) FWD_CHECK([--direct --query-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT], 1, ignore) FWD_CHECK([--direct --query-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT], 1, ignore) FWD_CHECK([--direct --query-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT], 1, ignore) FWD_CHECK([--direct --query-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT], 1, ignore) FWD_CHECK([--direct --remove-chain ipv5 filter mychain], 111, ignore, ignore) FWD_CHECK([--direct --remove-chain ipv4 badtable mychain], 108, ignore, ignore) FWD_CHECK([--direct --remove-chain ipv4 filter mychain], 0, ignore) FWD_CHECK([--direct --query-chain ipv4 filter mychain], 1, ignore) FWD_CHECK([--direct --remove-chain ipv4 filter dummy], 0, ignore, ignore) dnl impossible combinations FWD_CHECK([--direct --reload], 2, ignore, ignore) FWD_CHECK([--direct --list-all], 2, ignore, ignore) FWD_CHECK([--direct --get-services], 2, ignore, ignore) FWD_CHECK([--direct --get-default-zone], 2, ignore, ignore) FWD_CHECK([--direct --zone=home --list-services], 2, ignore, ignore) FWD_CHECK([--direct --permanent --list-all], 2, ignore, ignore) dnl try some non-ascii magic FWD_CHECK([--permanent --direct --add-chain ipv4 filter žluÅ¥ouÄký], 0, ignore) FWD_CHECK([--permanent --direct --get-chains ipv4 filter |grep "žluÅ¥ouÄký"], 0, ignore) FWD_CHECK([--permanent --direct --get-all-chains | grep "ipv4 filter žluÅ¥ouÄký"], 0, ignore) FWD_CHECK([--permanent --direct --query-chain ipv4 filter žluÅ¥ouÄký], 0, ignore) FWD_CHECK([--permanent --direct --add-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT], 0, ignore) FWD_CHECK([--permanent --direct --get-rules ipv4 filter žluÅ¥ouÄký | grep ACCEPT], 0, ignore) FWD_CHECK([--permanent --direct --get-all-rules | grep "ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT"], 0, ignore) FWD_CHECK([--permanent --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT], 0, ignore) FWD_CHECK([--permanent --direct --remove-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT], 0, ignore) FWD_CHECK([--permanent --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT], 1, ignore) FWD_CHECK([--permanent --direct --remove-chain ipv4 filter žluÅ¥ouÄký], 0, ignore) FWD_CHECK([--permanent --direct --query-chain ipv4 filter žluÅ¥ouÄký], 1, ignore) dnl rhbz 1614048 - add rule to chain with _direct suffix FWD_CHECK([--direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 filter FORWARD_direct 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 security INPUT_direct 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 raw PREROUTING_direct 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 mangle PREROUTING_direct 3 -j ACCEPT], 0, ignore) FWD_CHECK([--direct --add-rule ipv4 nat PREROUTING_direct 3 -j ACCEPT], 0, ignore) FWD_CHECK([--permanent --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT], 0, ignore) FWD_RELOAD FWD_END_TEST([-e '/ERROR: INVALID_TABLE:/d' dnl -e '/WARNING: NOT_ENABLED: chain/d']) FWD_START_TEST([direct nat]) AT_KEYWORDS(direct nat) CHECK_IPTABLES CHECK_NAT_COEXISTENCE m4_define([direct_rule1], [ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81]) m4_define([direct_rule2], [ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82]) FWD_CHECK([--permanent --direct --add-rule direct_rule1], 0, ignore) FWD_CHECK([--permanent --direct --get-all-rules | grep "direct_rule1"], 0, ignore) FWD_CHECK([--reload], 0, ignore) FWD_CHECK([--direct --get-all-rules | grep "direct_rule1"], 0, ignore) FWD_CHECK([--permanent --direct --remove-rule direct_rule1], 0, ignore) FWD_CHECK([--permanent --direct --add-rule direct_rule2], 0, ignore) FWD_CHECK([--permanent --direct --get-all-rules | grep "direct_rule2"], 0, ignore) FWD_CHECK([--reload], 0, ignore) FWD_CHECK([--direct --get-all-rules |grep "direct_rule1"], 1, ignore) FWD_CHECK([--direct --get-all-rules | grep "direct_rule2"], 0, ignore) FWD_CHECK([--permanent --direct --remove-rule direct_rule2], 0, ignore) FWD_CHECK([--reload], 0, ignore) FWD_CHECK([--direct --get-all-rules | grep "direct_rule2"], 1, ignore) m4_undefine([direct_rule1]) m4_undefine([direct_rule2]) FWD_END_TEST FWD_START_TEST([direct passthrough]) AT_KEYWORDS(direct passthrough) CHECK_IPTABLES FWD_CHECK([--direct --passthrough ipv4 --table mangle --append POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill], 0, ignore) FWD_CHECK([--direct --passthrough ipv4 --table mangle --delete POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill], 0, ignore) FWD_CHECK([--direct --add-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 111, ignore, ignore) FWD_CHECK([--direct --add-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 0, ignore) FWD_CHECK([--direct --query-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 111, ignore, ignore) FWD_CHECK([--direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 0, ignore) FWD_CHECK([--direct --remove-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 111, ignore, ignore) FWD_CHECK([--direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 0, ignore) FWD_CHECK([--direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT], 1, ignore, ignore) IF_HOST_SUPPORTS_IP6TABLES([ FWD_CHECK([--direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT], 0, ignore) FWD_CHECK([--direct --get-passthroughs ipv6 | grep "fd00:dead:beef:ff0::/64"], 0, ignore) FWD_CHECK([--direct --get-all-passthroughs | grep "fd00:dead:beef:ff0::/64"], 0, ignore) FWD_CHECK([--direct --passthrough ipv6 -nvL | grep "fd00:dead:beef:ff0::/64"], 0, ignore) FWD_CHECK([--direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT], 0, ignore, ignore) ]) FWD_CHECK([--direct --passthrough ipv5 -nvL], 111, ignore, ignore) FWD_CHECK([--direct --passthrough ipv4], 2, ignore, ignore) FWD_CHECK([--direct --passthrough --get-chains ipv4 filter], 111, ignore, ignore) FWD_CHECK([--permanent --direct --add-passthrough ipv4], 2, ignore, ignore) FWD_CHECK([--permanent --direct --add-passthrough ipv5 -nvL], 111, ignore, ignore) FWD_CHECK([--permanent --direct --add-passthrough ipv4 -nvL], 0, ignore) FWD_CHECK([--permanent --direct --get-passthroughs ipv4 | grep "\-nvL"], 0, ignore) FWD_CHECK([--permanent --direct --get-all-passthroughs | grep "ipv4 \-nvL"], 0, ignore) FWD_CHECK([--permanent --direct --query-passthrough ipv4 -nvL], 0, ignore) FWD_CHECK([--permanent --direct --remove-passthrough ipv4 -nvL], 0, ignore) FWD_CHECK([--permanent --direct --query-passthrough ipv4 -nvL], 1, ignore, ignore) FWD_END_TEST([-e '/WARNING: NOT_ENABLED: passthrough/d']) FWD_START_TEST([direct ebtables]) AT_KEYWORDS(direct ebtables) CHECK_IPTABLES FWD_CHECK([--direct --add-chain eb filter mychain], 0, ignore) FWD_CHECK([--direct --get-chains eb filter | grep mychain], 0, ignore) FWD_CHECK([--direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore) FWD_CHECK([--direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP], 0, ignore) EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl -p IPv6 -j DROP -p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP -j RETURN ]) FWD_CHECK([--direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore) EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl -p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP -j RETURN ]) FWD_CHECK([--direct --add-rule eb filter INPUT 1 -p 0x86dd -j DROP], 0, ignore) FWD_CHECK([--direct --add-rule eb filter INPUT_direct 1 -p 0x86dd -j DROP], 0, ignore) m4_if(nftables, FIREWALL_BACKEND, [dnl EBTABLES_LIST_RULES([filter], [INPUT], 0, [dnl -p IPv6 -j DROP -p IPv6 -j DROP ])], [dnl EBTABLES_LIST_RULES([filter], [INPUT_direct], 0, [dnl -p IPv6 -j DROP -p IPv6 -j DROP -j RETURN ]) ]) FWD_CHECK([--direct --remove-rules eb filter INPUT], 0, ignore) FWD_CHECK([--direct --remove-rules eb filter mychain], 0, ignore) FWD_CHECK([--permanent --direct --add-chain eb filter mychain], 0, ignore) FWD_CHECK([--permanent --direct --get-chains eb filter | grep mychain], 0, ignore) FWD_CHECK([--permanent --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore) FWD_RELOAD EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl -p IPv6 -j DROP -j RETURN ]) FWD_END_TEST FWD_START_TEST([lockdown]) AT_KEYWORDS(lockdown) FWD_CHECK([--add-lockdown-whitelist-command /usr/bin/command], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-command /usr/bin/command], 0, ignore) FWD_CHECK([--list-lockdown-whitelist-commands | grep "/usr/bin/command"], 0, ignore) FWD_CHECK([--remove-lockdown-whitelist-command /usr/bin/command], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-command /usr/bin/command], 1, ignore) FWD_CHECK([--permanent --add-lockdown-whitelist-command /usr/bin/command], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-command /usr/bin/command], 0, ignore) FWD_CHECK([--permanent --list-lockdown-whitelist-commands | grep "/usr/bin/command"], 0, ignore) FWD_CHECK([--permanent --remove-lockdown-whitelist-command /usr/bin/command], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-command /usr/bin/command], 1, ignore) FWD_CHECK([--add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 0, ignore) FWD_CHECK([--list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0"], 0, ignore) FWD_CHECK([--remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 1, ignore) FWD_CHECK([--permanent --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 0, ignore) FWD_CHECK([--permanent --list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0"], 0, ignore) FWD_CHECK([--permanent --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0], 1, ignore) FWD_CHECK([--add-lockdown-whitelist-uid 6666], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-uid 6666], 0, ignore) FWD_CHECK([--list-lockdown-whitelist-uids | grep "6666"], 0, ignore) FWD_CHECK([--remove-lockdown-whitelist-uid 6666], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-uid 6666], 1, ignore) FWD_CHECK([--add-lockdown-whitelist-uid 6666x], 2, ignore, ignore) FWD_CHECK([--permanent --add-lockdown-whitelist-uid 6666], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-uid 6666], 0, ignore) FWD_CHECK([--permanent --list-lockdown-whitelist-uids | grep "6666"], 0, ignore) FWD_CHECK([--permanent --remove-lockdown-whitelist-uid 6666], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-uid 6666], 1, ignore) FWD_CHECK([--permanent --add-lockdown-whitelist-uid 6666x], 2, ignore, ignore) FWD_CHECK([--add-lockdown-whitelist-user theboss], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-user theboss], 0, ignore) FWD_CHECK([--list-lockdown-whitelist-users | grep "theboss"], 0, ignore) FWD_CHECK([--remove-lockdown-whitelist-user theboss], 0, ignore) FWD_CHECK([--query-lockdown-whitelist-user theboss], 1, ignore) FWD_CHECK([--permanent --add-lockdown-whitelist-user theboss], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-user theboss], 0, ignore) FWD_CHECK([--permanent --list-lockdown-whitelist-users | grep "theboss"], 0, ignore) FWD_CHECK([--permanent --remove-lockdown-whitelist-user theboss], 0, ignore) FWD_CHECK([--permanent --query-lockdown-whitelist-user theboss], 1, ignore) AT_SKIP_IF([test `whoami` != 'root']) FWD_CHECK([--add-lockdown-whitelist-user root], 0, ignore) FWD_CHECK([--lockdown-on], 0, ignore) FWD_CHECK([--query-lockdown], 0, ignore) FWD_CHECK([--lockdown-off], 0, ignore) FWD_CHECK([--query-lockdown], 1, ignore) FWD_END_TEST m4_define([rich_rule_test], [ FWD_CHECK([--add-rich-rule='$1'], 0, ignore) FWD_CHECK([--query-rich-rule='$1'], 0, ignore) FWD_CHECK([--remove-rich-rule='$1'], 0, ignore) FWD_CHECK([--query-rich-rule='$1'], 1, ignore) FWD_CHECK([--permanent --add-rich-rule='$1'], 0, ignore) FWD_CHECK([--permanent --query-rich-rule='$1'], 0, ignore) FWD_CHECK([--permanent --remove-rich-rule='$1'], 0, ignore) FWD_CHECK([--permanent --query-rich-rule='$1'], 1, ignore) ]) FWD_START_TEST([rich rules good]) AT_KEYWORDS(rich) rich_rule_test([rule protocol value="ah" reject]) rich_rule_test([rule protocol value="esp" accept]) rich_rule_test([rule protocol value="sctp" log]) rich_rule_test([rule protocol value="igmp" log]) rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept]) rich_rule_test([rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop]) rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept]) rich_rule_test([rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop]) rich_rule_test([rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop]) rich_rule_test([rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept]) IF_HOST_SUPPORTS_IPV6_RULES([ rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"]) rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop]) rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"]) rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"]) rich_rule_test([rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept]) rich_rule_test([rule family="ipv6" masquerade]) ]) rich_rule_test([rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"]) rich_rule_test([rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"]) rich_rule_test([rule family="ipv4" source address="192.168.1.0/24" masquerade]) rich_rule_test([rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept]) rich_rule_test([rule family="ipv4" destination address="192.168.1.0/24" masquerade]) rich_rule_test([rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"]) rich_rule_test([rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"]) IF_HOST_SUPPORTS_IPV6_RULES([ rich_rule_test([rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"]) rich_rule_test([rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"]) ]) rich_rule_test([rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"]) FWD_END_TEST([-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) FWD_START_TEST([rich rules audit]) AT_KEYWORDS(rich) CHECK_LOG_AUDIT rich_rule_test([rule service name="ftp" audit limit value="1/m" accept]) FWD_END_TEST m4_undefine([rich_rule_test]) FWD_START_TEST([rich rules priority]) AT_KEYWORDS(rich) CHECK_LOG_AUDIT dnl Verify generic layout of zone NFT_LIST_RULES([inet], [filter_IN_public], 0, [dnl table inet firewalld { chain filter_IN_public { jump filter_INPUT_POLICIES_pre jump filter_IN_public_pre jump filter_IN_public_log jump filter_IN_public_deny jump filter_IN_public_allow jump filter_IN_public_post jump filter_INPUT_POLICIES_post meta l4proto { icmp, ipv6-icmp } accept reject with icmpx admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_FWD_public], 0, [dnl table inet firewalld { chain filter_FWD_public { jump filter_FORWARD_POLICIES_pre jump filter_FWD_public_pre jump filter_FWD_public_log jump filter_FWD_public_deny jump filter_FWD_public_allow jump filter_FWD_public_post jump filter_FORWARD_POLICIES_post reject with icmpx admin-prohibited } } ]) IPTABLES_LIST_RULES([filter], [IN_public], 0, [dnl INPUT_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_public_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_public_log all -- 0.0.0.0/0 0.0.0.0/0 IN_public_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_public_allow all -- 0.0.0.0/0 0.0.0.0/0 IN_public_post all -- 0.0.0.0/0 0.0.0.0/0 INPUT_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable ]) IPTABLES_LIST_RULES([filter], [FWD_public], 0, [dnl FORWARD_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 FWD_public_pre all -- 0.0.0.0/0 0.0.0.0/0 FWD_public_log all -- 0.0.0.0/0 0.0.0.0/0 FWD_public_deny all -- 0.0.0.0/0 0.0.0.0/0 FWD_public_allow all -- 0.0.0.0/0 0.0.0.0/0 FWD_public_post all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable ]) IP6TABLES_LIST_RULES([filter], [IN_public], 0, [dnl INPUT_POLICIES_pre all ::/0 ::/0 IN_public_pre all ::/0 ::/0 IN_public_log all ::/0 ::/0 IN_public_deny all ::/0 ::/0 IN_public_allow all ::/0 ::/0 IN_public_post all ::/0 ::/0 INPUT_POLICIES_post all ::/0 ::/0 ACCEPT icmpv6 ::/0 ::/0 REJECT all ::/0 ::/0 reject-with icmp6-port-unreachable ]) IP6TABLES_LIST_RULES([filter], [FWD_public], 0, [dnl FORWARD_POLICIES_pre all ::/0 ::/0 FWD_public_pre all ::/0 ::/0 FWD_public_log all ::/0 ::/0 FWD_public_deny all ::/0 ::/0 FWD_public_allow all ::/0 ::/0 FWD_public_post all ::/0 ::/0 FORWARD_POLICIES_post all ::/0 ::/0 REJECT all ::/0 ::/0 reject-with icmp6-port-unreachable ]) dnl priority 0 (or not specified) is special: dnl accept goes to _allow chain dnl drop goes to _deny chain dnl log goes to _log chain dnl audit goes to _log chain FWD_CHECK([--add-rich-rule='rule port port="1111" protocol="tcp" log'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=0 port port="1122" protocol="tcp" audit accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule port port="2222" protocol="tcp" drop'], 0, ignore) FWD_CHECK([--add-rich-rule='rule port port="3333" protocol="tcp" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=0 port port="4444" protocol="tcp" accept'], 0, ignore) NFT_LIST_RULES([inet], [filter_IN_public_log], 0, [dnl table inet firewalld { chain filter_IN_public_log { tcp dport 1111 ct state new,untracked log tcp dport 1122 ct state new,untracked log level audit } } ]) NFT_LIST_RULES([inet], [filter_IN_public_deny], 0, [dnl table inet firewalld { chain filter_IN_public_deny { tcp dport 2222 ct state new,untracked drop } } ]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 1122 ct state new,untracked accept tcp dport 3333 ct state new,untracked accept tcp dport 4444 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 AUDIT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED AUDIT accept ]) IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 ctstate NEW,UNTRACKED ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3333 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl LOG tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 AUDIT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED AUDIT accept ]) IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl DROP tcp ::/0 ::/0 tcp dpt:2222 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:3333 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:4444 ctstate NEW,UNTRACKED ]) FWD_RELOAD dnl verify priority range FWD_CHECK([--add-rich-rule='rule priority=-32768 port port="1234" protocol="tcp" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=32767 port port="1234" protocol="tcp" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=-32769 port port="1234" protocol="tcp" accept'], 139, ignore, ignore) FWD_CHECK([--add-rich-rule='rule priority=32768 port port="1234" protocol="tcp" accept'], 139, ignore, ignore) FWD_RELOAD dnl Special catch-all rule m4_define([rich_rule_str], ['rule priority=127 drop']) FWD_CHECK([--add-rich-rule=rich_rule_str], 0, ignore) FWD_CHECK([--query-rich-rule=rich_rule_str], 0, ignore) NFT_LIST_RULES([inet], [filter_IN_public_post], 0, [dnl table inet firewalld { chain filter_IN_public_post { drop } } ]) IPTABLES_LIST_RULES([filter], [IN_public_post], 0, [dnl DROP all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [IN_public_post], 0, [dnl DROP all ::/0 ::/0 ]) FWD_CHECK([--remove-rich-rule=rich_rule_str], 0, ignore) FWD_CHECK([--query-rich-rule=rich_rule_str], 1, ignore) FWD_CHECK([--permanent --add-rich-rule=rich_rule_str], 0, ignore) FWD_CHECK([--permanent --query-rich-rule=rich_rule_str], 0, ignore) FWD_CHECK([--permanent --remove-rich-rule=rich_rule_str], 0, ignore) FWD_CHECK([--permanent --query-rich-rule=rich_rule_str], 1, ignore) m4_undefine([rich_rule_str]) dnl special catch-all should be denied if priority not specified FWD_CHECK([--add-rich-rule='rule drop'], 122, ignore, ignore) FWD_CHECK([--add-rich-rule='rule priority=0 drop'], 122, ignore, ignore) FWD_CHECK([--add-rich-rule='rule log prefix="foobar: "'], 122, ignore, ignore) FWD_RELOAD dnl masquerade and forward-ports are special because they use nat and mangle. FWD_CHECK([--add-rich-rule='rule family="ipv4" source address="10.10.0.0/16" masquerade'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-10 source address="10.1.1.0/24" masquerade'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-1 source address="10.1.0.0/16" drop'], 0, ignore) dnl FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=0 forward-port port="222" protocol="tcp" to-port="22"'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=0 forward-port port="2222" protocol="tcp" to-port="22" to-addr="10.1.1.1"'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8888" protocol="tcp" to-port="80"'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8080" protocol="tcp" to-port="80" to-addr="10.1.1.1"'], 0, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--add-rich-rule='rule family="ipv6" priority=0 forward-port port="9090" protocol="tcp" to-port="90"'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv6" priority=-123 forward-port port="999" protocol="tcp" to-port="99"'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv6" priority=-123 forward-port port="9999" protocol="tcp" to-port="9999" to-addr="1234::4321"'], 0, ignore) ]) NFT_LIST_RULES([inet], [filter_INPUT], 0, [dnl table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname "lo" accept jump filter_INPUT_ZONES ct state invalid drop reject with icmpx admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_IN_public_pre], 0, [dnl table inet firewalld { chain filter_IN_public_pre { ip saddr 10.1.0.0/16 drop } } ]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept } } ]) NFT_LIST_RULES([inet], [filter_FWD_public_pre], 0, [dnl table inet firewalld { chain filter_FWD_public_pre { } } ]) NFT_LIST_RULES([inet], [filter_FWD_public_allow], 0, [dnl table inet firewalld { chain filter_FWD_public_allow { } } ]) NFT_LIST_RULES([inet], [nat_PRE_public_pre], 0, [dnl table inet firewalld { chain nat_PRE_public_pre { meta nfproto ipv6 tcp dport 999 redirect to :99 meta nfproto ipv6 tcp dport 9999 dnat ip6 to [[1234::4321]:9999] meta nfproto ipv4 tcp dport 8888 redirect to :80 meta nfproto ipv4 tcp dport 8080 dnat ip to 10.1.1.1:80 } } ]) NFT_LIST_RULES([inet], [nat_PRE_public_allow], 0, [dnl table inet firewalld { chain nat_PRE_public_allow { meta nfproto ipv4 tcp dport 222 redirect to :22 meta nfproto ipv4 tcp dport 2222 dnat ip to 10.1.1.1:22 meta nfproto ipv6 tcp dport 9090 redirect to :90 } } ]) NFT_LIST_RULES([inet], [nat_POST_public_pre], 0, [dnl table inet firewalld { chain nat_POST_public_pre { ip saddr 10.1.1.0/24 oifname != "lo" masquerade } } ]) NFT_LIST_RULES([inet], [nat_POST_public_allow], 0, [dnl table inet firewalld { chain nat_POST_public_allow { ip saddr 10.10.0.0/16 oifname != "lo" masquerade } } ]) NFT_LIST_RULES([inet], [mangle_PRE_public_pre], 0, [dnl table inet firewalld { chain mangle_PRE_public_pre { } } ]) NFT_LIST_RULES([inet], [mangle_PRE_public_allow], 0, [dnl table inet firewalld { chain mangle_PRE_public_allow { } } ]) IPTABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl DROP all -- 10.1.0.0/16 0.0.0.0/0 ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ]) IPTABLES_LIST_RULES([filter], [FWD_public_pre], 0, [dnl ]) IPTABLES_LIST_RULES([filter], [FWD_public_allow], 0, [dnl ]) IPTABLES_LIST_RULES([nat], [PRE_public_pre], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 to::80 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:10.1.1.1:80 ]) IPTABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:222 to::22 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:10.1.1.1:22 ]) IPTABLES_LIST_RULES([nat], [POST_public_pre], 0, [dnl MASQUERADE all -- 10.1.1.0/24 0.0.0.0/0 ]) IPTABLES_LIST_RULES([nat], [POST_public_allow], 0, [dnl MASQUERADE all -- 10.10.0.0/16 0.0.0.0/0 ]) IPTABLES_LIST_RULES([mangle], [PRE_public_pre], 0, [dnl ]) IPTABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [FWD_public_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FWD_public_allow], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [PRE_public_pre], 0, [[DNAT tcp ::/0 ::/0 tcp dpt:999 to::99 DNAT tcp ::/0 ::/0 tcp dpt:9999 to:[1234::4321]:9999 ]]) IP6TABLES_LIST_RULES([nat], [PRE_public_allow], 0, [dnl DNAT tcp ::/0 ::/0 tcp dpt:9090 to::90 ]) IP6TABLES_LIST_RULES([mangle], [PRE_public_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl ]) FWD_RELOAD dnl icmp-block and icmp-type coverage FWD_CHECK([--add-rich-rule='rule icmp-block name="destination-unreachable"'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=-10 icmp-block name="destination-unreachable"'], 0, ignore) dnl FWD_CHECK([--add-rich-rule='rule icmp-type name="echo-request" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=-10 icmp-type name="echo-request" accept'], 0, ignore) NFT_LIST_RULES([inet], [filter_IN_public_pre], 0, [dnl table inet firewalld { chain filter_IN_public_pre { icmp destination-unreachable reject with icmpx admin-prohibited icmpv6 destination-unreachable reject with icmpx admin-prohibited icmp echo-request accept icmpv6 echo-request accept } } ]) NFT_LIST_RULES([inet], [filter_IN_public_deny], 0, [dnl table inet firewalld { chain filter_IN_public_deny { icmp destination-unreachable reject with icmpx admin-prohibited icmpv6 destination-unreachable reject with icmpx admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept icmp echo-request accept icmpv6 echo-request accept } } ]) NFT_LIST_RULES([inet], [filter_FWD_public_pre], 0, [dnl table inet firewalld { chain filter_FWD_public_pre { } } ]) NFT_LIST_RULES([inet], [filter_FWD_public_deny], 0, [dnl table inet firewalld { chain filter_FWD_public_deny { } } ]) NFT_LIST_RULES([inet], [filter_FWD_public_allow], 0, [dnl table inet firewalld { chain filter_FWD_public_allow { } } ]) IPTABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ]) IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ]) IPTABLES_LIST_RULES([filter], [FWD_public_pre], 0, [dnl ]) IPTABLES_LIST_RULES([filter], [FWD_public_deny], 0, [dnl ]) IPTABLES_LIST_RULES([filter], [FWD_public_allow], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 ]) IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 ]) IP6TABLES_LIST_RULES([filter], [FWD_public_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FWD_public_deny], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FWD_public_allow], 0, [dnl ]) FWD_RELOAD dnl add many negative/positive priorities and make sure they're in the right order FWD_CHECK([--add-rich-rule='rule priority=70 service name="smtps" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=-111 service name="ntp" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=-10 port port="1111" protocol="tcp" drop'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=-100 port port="1111" protocol="tcp" log'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority="-77" service name="smtp" accept'], 0, ignore) FWD_CHECK([--remove-rich-rule='rule priority=-111 service name="ntp" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-32768 source address="10.0.0.0/8" log'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-2 source address="10.0.0.0/8" log'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-1 source address="10.0.0.0/8" drop'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-5 source address="10.10.10.0/24" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=127 drop'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=125 service name="imap" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=126 log prefix="DROPPED: "'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=10 service name="ssh" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=1 service name="http" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=100 service name="https" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=5 service name="https" accept'], 0, ignore) FWD_CHECK([--add-rich-rule='rule priority=66 service name="smtp" accept'], 0, ignore) FWD_CHECK([--remove-rich-rule='rule priority=66 service name="smtp" accept'], 0, ignore) FWD_CHECK([--remove-rich-rule='rule priority=70 service name="smtps" accept'], 0, ignore) FWD_CHECK([--remove-rich-rule='rule priority=5 service name="https" accept'], 0, ignore) FWD_CHECK([--remove-rich-rule='rule priority="-77" service name="smtp" accept'], 0, ignore) FWD_CHECK([--remove-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop'], 0, ignore) NFT_LIST_RULES([inet], [filter_IN_public_pre], 0, [dnl table inet firewalld { chain filter_IN_public_pre { ip saddr 10.0.0.0/8 log tcp dport 1111 ct state new,untracked log tcp dport 1111 ct state new,untracked drop ip saddr 10.10.10.0/24 accept ip saddr 10.0.0.0/8 log ip saddr 10.0.0.0/8 drop } } ]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept } } ]) NFT_LIST_RULES([inet], [filter_IN_public_deny], 0, [dnl table inet firewalld { chain filter_IN_public_deny { } } ]) NFT_LIST_RULES([inet], [filter_IN_public_log], 0, [dnl table inet firewalld { chain filter_IN_public_log { } } ]) NFT_LIST_RULES([inet], [filter_IN_public_post], 0, [dnl table inet firewalld { chain filter_IN_public_post { tcp dport 80 ct state new,untracked accept tcp dport 22 ct state new,untracked accept tcp dport 443 ct state new,untracked accept tcp dport 143 ct state new,untracked accept log prefix "DROPPED: " drop } } ]) IPTABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl LOG all -- 10.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED ACCEPT all -- 10.10.10.0/24 0.0.0.0/0 LOG all -- 10.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 DROP all -- 10.0.0.0/8 0.0.0.0/0 ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ]) IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl ]) IPTABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl ]) IPTABLES_LIST_RULES([filter], [IN_public_post], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 ctstate NEW,UNTRACKED LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "'DROPPED: '" DROP all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [IN_public_pre], 0, [dnl LOG tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 DROP tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [IN_public_log], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [IN_public_post], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:143 ctstate NEW,UNTRACKED LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "'DROPPED: '" DROP all ::/0 ::/0 ]) FWD_CHECK([-q --runtime-to-permanent]) FWD_RELOAD dnl Verify the rules are displayed in order of priority, not by when they dnl were added. FWD_CHECK([--add-rich-rule='rule priority=0 service name="http" accept'], 0, ignore) FWD_CHECK([--list-all | TRIM_WHITESPACE], 0, [m4_strip([dnl public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority="-32768" family="ipv4" source address="10.0.0.0/8" log rule priority="-100" port port="1111" protocol="tcp" log rule priority="-10" port port="1111" protocol="tcp" drop rule priority="-5" family="ipv4" source address="10.10.10.0/24" accept rule priority="-2" family="ipv4" source address="10.0.0.0/8" log rule priority="-1" family="ipv4" source address="10.0.0.0/8" drop rule service name="http" accept rule priority="1" service name="http" accept rule priority="10" service name="ssh" accept rule priority="100" service name="https" accept rule priority="125" service name="imap" accept rule priority="126" log prefix="DROPPED: " rule priority="127" drop ])]) FWD_END_TEST([-e '/INVALID_RULE: no element, no source, no destination/d'dnl -e '/INVALID_RULE: no element, no action/d'dnl -e '/ERROR: INVALID_PRIORITY: /d'dnl -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) FWD_START_TEST([rich rules bad]) AT_KEYWORDS(rich) m4_define([rich_rule_test], [ FWD_CHECK([--add-rich-rule='$1'], $2, ignore, ignore) FWD_CHECK([--permanent --add-rich-rule='$1'], $2, ignore, ignore) ]) rich_rule_test([], 122) dnl empty rich_rule_test([name="dns" accept], 122) dnl no rule rich_rule_test([protocol value="ah" reject], 122) dnl no rule rich_rule_test([rule protocol value="ah" reject type="icmp-host-prohibited"], 122) dnl reject type needs specific family rich_rule_test([rule family="ipv4" protocol value="ah" reject type="dummy"], 122) dnl dummy reject type rich_rule_test([rule], 122) dnl no element rich_rule_test([rule bad_element], 122) dnl no unknown element rich_rule_test([rule family="ipv5"], 122) dnl bad family rich_rule_test([rule name="dns" accept], 122) dnl name outside of element rich_rule_test([rule protocol="ah" accept], 122) dnl bad protocol usage rich_rule_test([rule protocol value="ah" accept drop], 122) dnl accept && drop rich_rule_test([rule service name="radius" port port="4011" reject], 122) dnl service && port rich_rule_test([rule service bad_attribute="dns"], 122) dnl bad attribute rich_rule_test([rule protocol value="igmp" log level="eror"], 125) dnl bad log level IF_HOST_SUPPORTS_IPV6_RULES([ rich_rule_test([family="ipv6" accept], 122) dnl no rule rich_rule_test([rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 207) dnl missing family rich_rule_test([rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"], 123) dnl bad limit ]) rich_rule_test([rule protocol value="esp"], 122) dnl no action/log/audit rich_rule_test([rule family="ipv4" masquerade drop], 122) dnl masquerade & action rich_rule_test([rule family="ipv4" icmp-block name="redirect" accept], 122) dnl icmp-block & action rich_rule_test([rule forward-port port="2222" to-port="22" protocol="tcp" family="ipv4" accept], 122) dnl forward-port & action rich_rule_test([rule service name="ssh" log prefix="RRClag4hrBx9XZXk+46c6QavQehyRGdy3tjs7gzc+xfSzsd2smjoQ2NCPami6zVyjHtPGziBuqSWT0KII7QbHkwjNMr9pzbcbPue9PMTb5zXlMPphDjeuDdC3QTCH9rGQHooa9LiDWr+DqNPkBs+vb8r50eb+yEQIyhQaiDrQ0sc" drop], 141) dnl bad log prefix length rich_rule_test([rule protocol value="sctp" nflog group=-1 drop], 142) dnl bad nflog group rich_rule_test([rule family="ipv4" service name="https" nflog queue-size=-1 drop], 143) dnl bad nflog queue-size rich_rule_test([rule family="ipv6" service name="https" nflog queue-size=65536 drop], 143) dnl threshold too high for nflog queue-size m4_undefine([rich_rule_test]) FWD_END_TEST([-e '/ERROR: INVALID_RULE:/d' dnl -e '/ERROR: INVALID_LOG_LEVEL: eror/d' dnl -e '/ERROR: MISSING_FAMILY/d' dnl -e '/ERROR: INVALID_LIMIT: 1\/2m/d' dnl -e '/ERROR: INVALID_LOG_PREFIX:/d' dnl -e '/ERROR: INVALID_NFLOG_GROUP:/d' dnl -e '/ERROR: INVALID_NFLOG_QUEUE:/d']) FWD_START_TEST([config validation]) AT_KEYWORDS(check_config) dnl default config FWD_CHECK([--check-config], 0, ignore) dnl Add some valid optional files/config to verify their checks work too AT_DATA([./direct.xml], [m4_strip([dnl -j LOG ])]) AT_DATA([./lockdown-whitelist.xml], [m4_strip([dnl ])]) FWD_RELOAD() FWD_CHECK([--check-config], 0, ignore) dnl The rest of these are negative test cases. dnl firewalld.conf AT_CHECK([cp ./firewalld.conf ./firewalld.conf.orig]) AT_CHECK([echo "SomeBogusField=yes" >> ./firewalld.conf]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl ERROR: Invalid option: 'SomeBogusField=yes' ERROR: Invalid option: 'SomeBogusField=yes' ])]) AT_CHECK([cp ./firewalld.conf.orig ./firewalld.conf]) dnl direct AT_DATA([./direct.xml], [dnl ]) FWD_CHECK([--check-config], 111, ignore, ignore) AT_DATA([./direct.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_CHECK([rm ./direct.xml]) dnl lockdown-whitelist AT_DATA([./lockdown-whitelist.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./lockdown-whitelist.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./lockdown-whitelist.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_CHECK([rm ./lockdown-whitelist.xml]) dnl ipset AT_CHECK([mkdir -p ./ipsets]) AT_DATA([./ipsets/foobar.xml], [dnl 12:34:56:78:90 ]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90', ignoring. WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90', ignoring. ])]) AT_DATA([./ipsets/foobar.xml], [dnl 12:34:56:78:90:ab ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./ipsets/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 119, ignore, ignore) AT_CHECK([rm ./ipsets/foobar.xml]) dnl helpers AT_CHECK([mkdir -p ./helpers]) AT_DATA([./helpers/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./helpers/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 111, ignore, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ AT_DATA([./helpers/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 103, ignore, ignore) ]) AT_CHECK([rm ./helpers/foobar.xml]) dnl icmptype AT_CHECK([mkdir -p ./icmptypes]) AT_DATA([./icmptypes/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./icmptypes/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_CHECK([rm ./icmptypes/foobar.xml]) dnl services AT_CHECK([mkdir -p ./services]) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 103, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 103, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 102, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 102, ignore, ignore) AT_DATA([./services/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_CHECK([rm ./services/foobar.xml]) dnl zones AT_CHECK([mkdir -p ./zones]) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 112, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 101, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 103, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl WARNING: Invalid source: No address no ipset. WARNING: Invalid source: No address no ipset. ])]) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl WARNING: INVALID_LIMIT: none: rule family="ipv4" source address="10.0.0.1/24" accept limit value="none" WARNING: INVALID_LIMIT: none: rule family="ipv4" source address="10.0.0.1/24" accept limit value="none" ])]) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl WARNING: Invalid rule: Invalid log prefix WARNING: Invalid rule: Invalid log prefix ])]) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl WARNING: Invalid rule: Invalid log level WARNING: Invalid rule: Invalid log level ])]) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl WARNING: Invalid rule: Invalid nflog group value WARNING: Invalid rule: Invalid nflog group value ])]) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl WARNING: Invalid rule: Invalid nflog queue-size WARNING: Invalid rule: Invalid nflog queue-size ])]) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 28, ignore, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ AT_DATA([./zones/foobar.xml], [dnl ]) FWD_CHECK([--check-config], 0, ignore, [dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [dnl WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept WARNING: INVALID_ADDR: 10.0.0.1/24: rule family="ipv6" source address="10.0.0.1/24" accept ])]) ]) AT_CHECK([rm ./zones/foobar.xml]) FWD_END_TEST([-e '/ERROR:/d'dnl -e '/WARNING:/d']) firewalld-1.1.1/src/tests/dbus/0000755000000000000000000000000014217353201016345 5ustar00rootroot00000000000000firewalld-1.1.1/src/tests/dbus/service.at0000644000000000000000000004534114217342322020344 0ustar00rootroot00000000000000FWD_START_TEST([dbus api - services]) AT_KEYWORDS(dbus service rhbz1721414 rhbz1737045 gh514) DBUS_INTROSPECT([config], [[//method[@name="addService"]]], 0, [dnl ]) DBUS_CHECK([config], [config.addService], ["foobar" dnl name '("1.0", dnl version "foobar", dnl short "foobar service is for foobar", dnl description @<:@("1234", "udp"), ("22", "tcp"), ("1234", "udp")@:>@, dnl ports, deliberate duplicate @<:@"ftp"@:>@, dnl modules {"ipv4": "1.2.3.4"}, dnl destination @<:@"icmp", "igmp"@:>@, dnl protocols @<:@("4321", "tcp"), ("4321", "udp")@:>@ dnl source ports )'dnl ], 0, [stdout]) SERVICE_OBJ=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] export SERVICE_OBJ DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getSettings"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings], [], 0, [dnl [(('1.0', 'foobar', 'foobar service is for foobar', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], {'ipv4': '1.2.3.4'}, ['icmp', 'igmp'], [('4321', 'tcp'), ('4321', 'udp')]),)] ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="update"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update], ['("1.1", dnl version "foobar new", dnl short "foobar new service is for foobar", dnl description @<:@("12345", "udp"), ("2222", "tcp")@:>@, dnl ports @<:@"ftp"@:>@, dnl modules {}, dnl destination @<:@"icmp"@:>@, dnl protocols @<:@("4321", "tcp")@:>@ dnl source ports )'dnl ], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings], [], 0, [dnl [(('1.1', 'foobar new', 'foobar new service is for foobar', [('12345', 'udp'), ('2222', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp')]),)] ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="loadDefaults"]]], 0, [dnl ]) DBUS_CHECK([config], [config.getServiceByName], ["ssh"], 0, [stdout]) SERVICE_OBJ_TEMP=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] export SERVICE_OBJ_TEMP DBUS_CHECK([config/service/${SERVICE_OBJ_TEMP}], [config.service.setVersion], ["1.1"], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ_TEMP}], [config.service.loadDefaults], [], 0, [ignore]) DBUS_CHECK([config], [config.getServiceByName], ["ssh"], 0, [stdout]) SERVICE_OBJ_TEMP=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] export SERVICE_OBJ_TEMP DBUS_CHECK([config/service/${SERVICE_OBJ_TEMP}], [config.service.getVersion], [], 0, [dnl ('',) ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="remove"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="rename"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getVersion"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setVersion"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getShort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setShort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getDescription"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setDescription"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getPorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setPorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addPort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removePort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryPort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getSourcePorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setSourcePorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addSourcePort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeSourcePort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="querySourcePort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getProtocols"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setProtocols"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addProtocol"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeProtocol"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryProtocol"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getModules"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setModules"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addModule"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeModule"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryModule"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getDestinations"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setDestinations"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setDestination"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getDestination"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeDestination"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryDestination"]]], 0, [dnl ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getIncludes"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getIncludes], [], 0, [dnl [(@as [],)] ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="setIncludes"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.setIncludes], [['["https", "ssh"]']], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getIncludes], [], 0, [dnl [(['https', 'ssh'],)] ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="addInclude"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.addInclude], ['"http"'], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.queryInclude], ['"http"'], 0, [dnl [(true,)] ]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="removeInclude"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.removeInclude], ['"http"'], 0, [ignore]) DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="queryInclude"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.queryInclude], ['"http"'], 0, [dnl [(false,)] ]) FWD_RELOAD DBUS_INTROSPECT([], [[//method[@name="getServiceSettings"]]], 0, [dnl ]) DBUS_CHECK([], [getServiceSettings], ["foobar"], 0, [dnl [(('1.1', 'foobar new', 'foobar new service is for foobar', [('12345', 'udp'), ('2222', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp')]),)] ]) dnl =============== dnl New APIs tests dnl =============== dnl modify service with new API that was created with old API dnl Verify old APIs also reflect the change. DBUS_CHECK([config], [config.addService], ["foobar-old" dnl name '("1.0", dnl version "foobar-old", dnl short "foobar-old service is for foobar-old", dnl description @<:@("1234", "udp"), ("22", "tcp"), ("1234", "udp")@:>@, dnl ports, deliberate duplicate @<:@"ftp"@:>@, dnl modules {}, dnl destination @<:@@:>@, dnl protocols @<:@("4321", "tcp"), ("4321", "udp")@:>@ dnl source ports )'dnl ], 0, [stdout]) SERVICE_OBJ=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] export SERVICE_OBJ DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update2], ['{"version": <"1.1">, "includes": <@<:@"https"@:>@>, "protocols": <@<:@"icmp"@:>@> }'dnl ], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings], [], 0, [dnl [(('1.1', 'foobar-old', 'foobar-old service is for foobar-old', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp'), ('4321', 'udp')]),)] ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings2], [], 0, [dnl ['description': <'foobar-old service is for foobar-old'> 'includes': <['https']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp']> 'short': <'foobar-old'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.1'>] ]) FWD_RELOAD DBUS_CHECK([], [getServiceSettings], ["foobar-old"], 0, [dnl [(('1.1', 'foobar-old', 'foobar-old service is for foobar-old', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp'), ('4321', 'udp')]),)] ]) DBUS_CHECK([], [getServiceSettings2], ["foobar-old"], 0, [dnl ['description': <'foobar-old service is for foobar-old'> 'includes': <['https']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp']> 'short': <'foobar-old'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.1'>] ]) dnl add service with new API DBUS_INTROSPECT([config], [[//method[@name="addService2"]]], 0, [dnl ]) DBUS_CHECK([config], [config.addService2], ["foobar-dict" dnl name '{"version": <"1.0">, "short": <"foobar-dict">, "description": <"foobar-dict service is for foobar-dict">, "ports": <@<:@("1234", "udp"), ("22", "tcp"), ("1234", "udp")@:>@>, "modules": <@<:@"ftp"@:>@>, "destination": <{"ipv6": "1234::4321"}>, "protocols": <@<:@"icmp", "igmp"@:>@>, "source_ports": <@<:@("4321", "tcp"), ("4321", "udp")@:>@>, "includes": <@<:@"https", "samba"@:>@>, "helpers": <@<:@"ftp"@:>@> }'dnl ], 0, [stdout]) SERVICE_OBJ=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] export SERVICE_OBJ DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="getSettings2"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings2], [], 0, [dnl ['description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'includes': <['https', 'samba']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.0'>] ]) dnl New API allows partial updates to service object DBUS_INTROSPECT([config/service/${SERVICE_OBJ}], [[//method[@name="update2"]]], 0, [dnl ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update2], ['{"version": <"1.1">, "includes": <@<:@"https", "samba", "http"@:>@> }'dnl ], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings2], [], 0, [dnl ['description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'includes': <['https', 'samba', 'http']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.1'>] ]) dnl To zero a field you have to set it with an empty value DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update2], ['{"version": <"1.2">, "includes": <@as @<:@@:>@> }'dnl ], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getSettings2], [], 0, [dnl ['description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.2'>] ]) FWD_RELOAD DBUS_INTROSPECT([], [[//method[@name="getServiceSettings2"]]], 0, [dnl ]) DBUS_CHECK([], [getServiceSettings2], ["foobar-dict"], 0, [dnl ['description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.2'>] ]) dnl bogus arguments DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.update2], ['{"version": <"1.3">, "thisdoesnotexist": <""> }'dnl ], 1, [ignore], [ignore]) FWD_END_TEST([-e '/ERROR: INVALID_OPTION: option/d']) firewalld-1.1.1/src/tests/dbus/zone_runtime_signatures.at0000644000000000000000000006154214217342322023667 0ustar00rootroot00000000000000FWD_START_TEST([dbus api - zone runtime signatures]) AT_KEYWORDS(dbus zone gh586 gh613) dnl #################### dnl Global APIs dnl #################### DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1"]//method[@name="getZoneSettings"]]], 0, [dnl ]) dnl Default Zone DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1"]//method[@name="getDefaultZone"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1"]//method[@name="setDefaultZone"]]], 0, [dnl ]) dnl Fetching Zones DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getZones"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getActiveZones"]]], 0, [dnl ]) dnl Interface/Source DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getZoneOfInterface"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getZoneOfSource"]]], 0, [dnl ]) dnl #################### dnl Zone APIs dnl #################### DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="isImmutable"]]], 0, [dnl ]) dnl Interfaces DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addInterface"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="InterfaceAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="changeZone"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ZoneChanged"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="changeZoneOfInterface"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeInterface"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="InterfaceRemoved"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryInterface"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getInterfaces"]]], 0, [dnl ]) dnl Sources DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addSource"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="SourceAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="changeZoneOfSource"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeSource"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="SourceRemoved"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="querySource"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getSources"]]], 0, [dnl ]) dnl Services DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addService"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ServiceAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeService"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ServiceRemoved"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryService"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getServices"]]], 0, [dnl ]) dnl Protocols DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addProtocol"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ProtocolAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeProtocol"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ProtocolRemoved"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryProtocol"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getProtocols"]]], 0, [dnl ]) dnl Ports DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addPort"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="PortAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removePort"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="PortRemoved"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryPort"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getPorts"]]], 0, [dnl dnl NOTE: The signature is "aas", but getPorts() actually returns dnl "a(ss)". Apparently python-dbus coerces to "aas". ]) dnl Source Ports DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addSourcePort"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="SourcePortAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeSourcePort"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="SourcePortRemoved"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="querySourcePort"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getSourcePorts"]]], 0, [dnl dnl NOTE: The signature is "aas", but getPorts() actually returns dnl "a(ss)". Apparently python-dbus coerces to "aas". ]) dnl Forward Ports DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addForwardPort"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ForwardPortAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeForwardPort"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ForwardPortRemoved"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryForwardPort"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getForwardPorts"]]], 0, [dnl dnl NOTE: The signature is "aas", but getPorts() actually returns dnl "a(ssss)". Apparently python-dbus coerces to "aas". ]) dnl Masquerade DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addMasquerade"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="MasqueradeAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeMasquerade"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="MasqueradeRemoved"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryMasquerade"]]], 0, [dnl ]) dnl ICMP Block DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addIcmpBlock"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="IcmpBlockAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeIcmpBlock"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="IcmpBlockRemoved"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryIcmpBlock"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getIcmpBlocks"]]], 0, [dnl ]) dnl ICMP Block Inversion DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addIcmpBlockInversion"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="IcmpBlockInversionAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeIcmpBlockInversion"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="IcmpBlockInversionRemoved"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryIcmpBlockInversion"]]], 0, [dnl ]) dnl Rich Rules DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addRichRule"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="RichRuleAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeRichRule"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="RichRuleRemoved"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryRichRule"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getRichRules"]]], 0, [dnl ]) dnl ################### dnl new dict based APIs dnl ################### DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getZoneSettings2"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="setZoneSettings2"]]], 0, [dnl ]) FWD_END_TEST firewalld-1.1.1/src/tests/dbus/firewalld.conf.at0000644000000000000000000000410314217342322021570 0ustar00rootroot00000000000000FWD_START_TEST([firewalld.conf]) AT_KEYWORDS(dbus) IF_HOST_SUPPORTS_NFT_FIB([ EXPECTED_IPV6_RPFILTER_VALUE=yes ], [ EXPECTED_IPV6_RPFILTER_VALUE=no ]) IF_HOST_SUPPORTS_NFT_RULE_INDEX([ EXPECTED_INDIVIDUAL_CALLS_VALUE=no ], [ EXPECTED_INDIVIDUAL_CALLS_VALUE=yes ]) dnl Verify defaults over dbus. Should be inline with default firewalld.conf. DBUS_GETALL([config], [config], 0, [dnl string "AllowZoneDrifting" : variant string "no" string "AutomaticHelpers" : variant string "no" string "CleanupModulesOnExit" : variant string "no" string "CleanupOnExit" : variant string "yes" string "DefaultZone" : variant string "public" string "FirewallBackend" : variant string "nftables" string "FlushAllOnReload" : variant string "yes" string "IPv6_rpfilter" : variant string m4_escape(["${EXPECTED_IPV6_RPFILTER_VALUE}"]) string "IndividualCalls" : variant string m4_escape(["${EXPECTED_INDIVIDUAL_CALLS_VALUE}"]) string "Lockdown" : variant string "no" string "LogDenied" : variant string "off" string "MinimalMark" : variant int32 100 string "RFC3964_IPv4" : variant string "yes" ]) m4_define([_helper], [ DBUS_SET([config], [config], [string:"$1" $2], 0, ignore) DBUS_GET([config], [config], [string:"$1"], 0, [dnl $3 ]) ]) dnl Test individual Set/Get _helper([MinimalMark], [int32:1234], [variant int32 100]) _helper([AutomaticHelpers], [string:"yes"], [variant string "no"]) _helper([Lockdown], [string:"yes"], [variant string "yes"]) _helper([LogDenied], [string:"all"], [variant string "all"]) _helper([IPv6_rpfilter], [string:"yes"], [variant string "yes"]) _helper([IndividualCalls], [string:"yes"], [variant string "yes"]) _helper([FirewallBackend], [string:"iptables"], [variant string "iptables"]) _helper([FlushAllOnReload], [string:"no"], [variant string "no"]) _helper([CleanupModulesOnExit], [string:"yes"], [variant string "yes"]) _helper([CleanupOnExit], [string:"no"], [variant string "no"]) _helper([RFC3964_IPv4], [string:"no"], [variant string "no"]) _helper([AllowZoneDrifting], [string:"yes"], [variant string "no"]) dnl Note: DefaultZone is RO m4_undefine([_helper]) FWD_END_TEST firewalld-1.1.1/src/tests/dbus/policy_runtime_functional.at0000644000000000000000000001072014217342322024161 0ustar00rootroot00000000000000FWD_START_TEST([dbus api - policy runtime functional]) AT_KEYWORDS(dbus policy) dnl ################# dnl Settings dnl ################# DBUS_CHECK([], [policy.getPolicySettings], ["allow-host-ipv6"], 0, [dnl 'description': <'Allows basic IPv6 functionality for the host running firewalld.'> 'egress_zones': m4_escape([<['HOST']>]) 'ingress_zones': m4_escape([<['ANY']>]) 'masquerade': 'priority': <-15000> 'rich_rules': m4_escape([<['rule family="ipv6" icmp-type name="neighbour-advertisement" accept', 'rule family="ipv6" icmp-type name="neighbour-solicitation" accept', 'rule family="ipv6" icmp-type name="router-advertisement" accept', 'rule family="ipv6" icmp-type name="redirect" accept']>]) 'short': <'Allow host IPv6'> 'target': <'CONTINUE'> ]) dnl Update all fields dnl DBUS_CHECK([], [policy.setPolicySettings], [dnl "allow-host-ipv6" dnl '{"services": m4_escape([<["mdns"]>]), dnl "ports": m4_escape([<[("1234", "udp")]>]), dnl "icmp_blocks": m4_escape([<["echo-request"]>]), dnl "masquerade": , dnl "forward_ports": m4_escape([<[("1234", "udp", "4321", "")]>]), dnl "rich_rules": m4_escape([<["rule family=ipv4 source address=10.20.20.20 accept"]>]), dnl "protocols": m4_escape([<["ipv6-icmp"]>]), dnl "source_ports": m4_escape([<[("1234", "udp")]>]), dnl "ingress_zones": m4_escape([<["ANY"]>]), dnl "egress_zones": m4_escape([<["HOST"]>]) dnl }' dnl ], 0, [ignore]) DBUS_CHECK([], [policy.getPolicySettings], ["allow-host-ipv6"], 0, [dnl 'description': <'Allows basic IPv6 functionality for the host running firewalld.'> 'egress_zones': m4_escape([<['HOST']>]) 'forward_ports': m4_escape([<[('1234', 'udp', '4321', '')]>]) 'icmp_blocks': m4_escape([<['echo-request']>]) 'ingress_zones': m4_escape([<['ANY']>]) 'masquerade': 'ports': m4_escape([<[('1234', 'udp')]>]) 'priority': <-15000> 'protocols': m4_escape([<['ipv6-icmp']>]) 'rich_rules': m4_escape([<['rule family="ipv4" source address="10.20.20.20" accept']>]) 'services': m4_escape([<['mdns']>]) 'short': <'Allow host IPv6'> 'source_ports': m4_escape([<[('1234', 'udp')]>]) 'target': <'CONTINUE'> ]) dnl Do it again to make sure we don't get ALREADY_ENABLED DBUS_CHECK([], [policy.setPolicySettings], [dnl "allow-host-ipv6" dnl '{"services": m4_escape([<["mdns"]>]), dnl "ports": m4_escape([<[("1234", "udp")]>]), dnl "icmp_blocks": m4_escape([<["echo-request"]>]), dnl "masquerade": , dnl "forward_ports": m4_escape([<[("1234", "udp", "4321", "")]>]), dnl "rich_rules": m4_escape([<["rule family=ipv4 source address=10.20.20.20 accept"]>]), dnl "protocols": m4_escape([<["ipv6-icmp"]>]), dnl "source_ports": m4_escape([<[("1234", "udp")]>]), dnl "ingress_zones": m4_escape([<["ANY"]>]), dnl "egress_zones": m4_escape([<["HOST"]>]) dnl }' dnl ], 0, [ignore]) dnl Update some fields DBUS_CHECK([], [policy.setPolicySettings], [dnl "allow-host-ipv6" dnl '{"services": m4_escape([<["mdns", "ssh"]>]), dnl "icmp_blocks": m4_escape([<["echo-reply"]>]) dnl }'dnl ], 0, [ignore]) dnl clear a field DBUS_CHECK([], [policy.setPolicySettings], [dnl "allow-host-ipv6" dnl '{"rich_rules": m4_escape([<@as []>]) dnl }'dnl ], 0, [ignore]) dnl clear another field DBUS_CHECK([], [policy.setPolicySettings], [dnl "allow-host-ipv6" dnl '{"forward_ports": m4_escape([<@a(ssss) []>]) dnl }'dnl ], 0, [ignore]) dnl verify the updates DBUS_CHECK([], [policy.getPolicySettings], ["allow-host-ipv6"], 0, [dnl 'description': <'Allows basic IPv6 functionality for the host running firewalld.'> 'egress_zones': m4_escape([<['HOST']>]) 'icmp_blocks': m4_escape([<['echo-reply']>]) 'ingress_zones': m4_escape([<['ANY']>]) 'masquerade': 'ports': m4_escape([<[('1234', 'udp')]>]) 'priority': <-15000> 'protocols': m4_escape([<['ipv6-icmp']>]) 'services': m4_escape([<['mdns', 'ssh']>]) 'short': <'Allow host IPv6'> 'source_ports': m4_escape([<[('1234', 'udp')]>]) 'target': <'CONTINUE'> ]) FWD_RELOAD dnl ################# dnl Fetching Policies dnl ################# DBUS_CHECK([], [policy.getPolicies], [], 0, [dnl m4_escape([(['allow-host-ipv6'],)]) ]) DBUS_CHECK([], [policy.getActivePolicies], [], 0, [dnl ['allow-host-ipv6': {'ingress_zones': ['ANY'], 'egress_zones': ['HOST']}] ]) FWD_END_TEST firewalld-1.1.1/src/tests/dbus/dbus.at0000644000000000000000000000110714217342322017631 0ustar00rootroot00000000000000AT_BANNER([dbus]) dnl use the default backend for dbus tests m4_define([FIREWALL_BACKEND], [nftables]) m4_include([dbus/firewalld.conf.at]) m4_include([dbus/service.at]) m4_include([dbus/zone_permanent_signatures.at]) m4_include([dbus/zone_runtime_signatures.at]) m4_include([dbus/zone_permanent_functional.at]) m4_include([dbus/zone_runtime_functional.at]) m4_include([dbus/policy_permanent_signatures.at]) m4_include([dbus/policy_runtime_signatures.at]) m4_include([dbus/policy_permanent_functional.at]) m4_include([dbus/policy_runtime_functional.at]) m4_include([dbus/direct.at]) firewalld-1.1.1/src/tests/dbus/policy_permanent_signatures.at0000644000000000000000000000650114217342322024513 0ustar00rootroot00000000000000FWD_START_TEST([dbus api - policy permanent signatures]) AT_KEYWORDS(dbus policy) dnl #################### dnl Global APIs dnl #################### DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="listPolicies"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="getPolicyNames"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="getPolicyByName"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="addPolicy"]]], 0, [dnl ]) dnl #################### dnl Policy object APIs dnl #################### DBUS_CHECK([config], [config.getPolicyByName], ["allow-host-ipv6"], 0, [stdout]) DBUS_POLICY_OBJ=[$(sed -e "s/.*config\/policy\/\([^']\+\)['].*/\1/" ./stdout)] export DBUS_POLICY_OBJ DBUS_INTROSPECT([config/policy/${DBUS_POLICY_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//method[@name="getSettings"]]], 0, [dnl ]) DBUS_INTROSPECT([config/policy/${DBUS_POLICY_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//method[@name="update"]]], 0, [dnl ]) DBUS_INTROSPECT([config/policy/${DBUS_POLICY_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//signal[@name="Updated"]]], 0, [dnl ]) DBUS_INTROSPECT([config/policy/${DBUS_POLICY_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//method[@name="remove"]]], 0, [dnl ]) DBUS_INTROSPECT([config/policy/${DBUS_POLICY_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//signal[@name="Removed"]]], 0, [dnl ]) DBUS_INTROSPECT([config/policy/${DBUS_POLICY_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//method[@name="rename"]]], 0, [dnl ]) DBUS_INTROSPECT([config/policy/${DBUS_POLICY_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//signal[@name="Renamed"]]], 0, [dnl ]) DBUS_INTROSPECT([config/policy/${DBUS_POLICY_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//method[@name="loadDefaults"]]], 0, [dnl ]) FWD_END_TEST firewalld-1.1.1/src/tests/dbus/zone_runtime_functional.at0000644000000000000000000003234114217342322023640 0ustar00rootroot00000000000000FWD_START_TEST([dbus api - zone runtime functional]) AT_KEYWORDS(dbus zone gh586 gh613) dnl #################### dnl Global APIs dnl #################### DBUS_CHECK([], [getZoneSettings], ["public"], 0, [dnl (('', dnl version 'Public', dnl short 'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.', dnl description false, dnl bogus/unused 'default', dnl target @<:@'ssh', 'dhcpv6-client'@:>@, dnl services @a(ss) @<:@@:>@, dnl ports @as @<:@@:>@, dnl ICMP Blocks false, dnl masquerade @a(ssss) @<:@@:>@, dnl forward ports @as @<:@@:>@, dnl interfaces @as @<:@@:>@, dnl sources @as @<:@@:>@, dnl rules_str @as @<:@@:>@, dnl protocols @a(ss) @<:@@:>@, dnl source ports false),) ]) dnl Default Zone DBUS_CHECK([], [getDefaultZone], [], 0, [dnl ('public',) ]) DBUS_CHECK([], [setDefaultZone], ['drop'], 0, [dnl () ]) DBUS_CHECK([], [getDefaultZone], [], 0, [dnl ('drop',) ]) dnl Fetching Zones if NS_CMD([firewall-cmd --get-zones |grep "nm-shared" >/dev/null]); then NM_SHARED="'nm-shared', " export NM_SHARED fi DBUS_CHECK([], [zone.getZones], [], 0, [dnl (@<:@'block', 'dmz', 'drop', 'external', 'home', 'internal', m4_escape([${NM_SHARED}])'public', 'trusted', 'work'@:>@,) ]) FWD_CHECK([-q --zone public --add-interface dummy0]) FWD_CHECK([-q --zone public --add-source 10.1.1.1]) DBUS_CHECK([], [zone.getActiveZones], [], 0, [dnl ['public': {'interfaces': ['dummy0'], 'sources': ['10.1.1.1']}] ]) FWD_CHECK([-q --zone public --remove-interface dummy0]) FWD_CHECK([-q --zone public --remove-source 10.1.1.1]) dnl Interfaces/Sources FWD_CHECK([-q --zone public --add-interface dummy1]) DBUS_CHECK([], [zone.getZoneOfInterface], ["dummy1"], 0, [dnl ('public',) ]) FWD_CHECK([-q --zone public --remove-interface dummy1]) FWD_CHECK([-q --zone drop --add-source 10.10.10.0/24]) DBUS_CHECK([], [zone.getZoneOfSource], ["10.10.10.0/24"], 0, [dnl ('drop',) ]) FWD_CHECK([-q --zone drop --remove-source 10.10.10.0/24]) dnl #################### dnl Zone Individual APIs dnl #################### dnl isImmutable DBUS_CHECK([], [zone.isImmutable], ["public"], 0, [dnl (false,) ]) dnl Interfaces DBUS_CHECK([], [zone.addInterface], ["public" "dummy0"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.changeZone], ["drop" "dummy0"], 0, [dnl ('drop',) ]) DBUS_CHECK([], [zone.queryInterface], ["public" "dummy0"], 0, [dnl (false,) ]) DBUS_CHECK([], [zone.queryInterface], ["drop" "dummy0"], 0, [dnl (true,) ]) DBUS_CHECK([], [zone.changeZoneOfInterface], ["public" "dummy0"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryInterface], ["public" "dummy0"], 0, [dnl (true,) ]) DBUS_CHECK([], [zone.queryInterface], ["drop" "dummy0"], 0, [dnl (false,) ]) DBUS_CHECK([], [zone.addInterface], ["public" "dummy1"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.getInterfaces], ["public"], 0, [dnl [(['dummy0', 'dummy1'],)] ]) DBUS_CHECK([], [zone.removeInterface], ["public" "dummy0"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.getInterfaces], ["public"], 0, [dnl [(['dummy1'],)] ]) dnl Sources DBUS_CHECK([], [zone.addSource], ["public" "10.10.10.0/24"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.changeZoneOfSource], ["drop" "10.10.10.0/24"], 0, [dnl ('drop',) ]) DBUS_CHECK([], [zone.querySource], ["public" "10.10.10.0/24"], 0, [dnl (false,) ]) DBUS_CHECK([], [zone.querySource], ["drop" "10.10.10.0/24"], 0, [dnl (true,) ]) DBUS_CHECK([], [zone.changeZoneOfSource], ["public" "10.10.10.0/24"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.addSource], ["public" "10.20.0.0/16"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.getSources], ["public"], 0, [dnl [(['10.10.10.0/24', '10.20.0.0/16'],)] ]) DBUS_CHECK([], [zone.removeSource], ["public" "10.10.10.0/24"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.getSources], ["public"], 0, [dnl [(['10.20.0.0/16'],)] ]) dnl Services DBUS_CHECK([], [zone.addService], ["public" "samba" 0], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryService], ["public" "samba"], 0, [dnl (true,) ]) DBUS_CHECK([], [zone.getServices], ["public"], 0, [dnl [(['ssh', 'dhcpv6-client', 'samba'],)] ]) DBUS_CHECK([], [zone.removeService], ["public" "samba"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryService], ["public" "samba"], 0, [dnl (false,) ]) dnl Protocols DBUS_CHECK([], [zone.addProtocol], ["public" "icmp" 0], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryProtocol], ["public" "icmp"], 0, [dnl (true,) ]) DBUS_CHECK([], [zone.getProtocols], ["public"], 0, [dnl [(['icmp'],)] ]) DBUS_CHECK([], [zone.removeProtocol], ["public" "icmp"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryProtocol], ["public" "icmp"], 0, [dnl (false,) ]) dnl Ports DBUS_CHECK([], [zone.addPort], ["public" "1234" "tcp" 0], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryPort], ["public" "1234" "tcp"], 0, [dnl (true,) ]) DBUS_CHECK([], [zone.addPort], ["public" "4321" "udp" 0], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.getPorts], ["public"], 0, [dnl [([['1234', 'tcp'], ['4321', 'udp']],)] ]) DBUS_CHECK([], [zone.removePort], ["public" "1234" "tcp"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryPort], ["public" "1234" "tcp"], 0, [dnl (false,) ]) dnl Source Ports DBUS_CHECK([], [zone.addSourcePort], ["public" "1234" "tcp" 0], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.querySourcePort], ["public" "1234" "tcp"], 0, [dnl (true,) ]) DBUS_CHECK([], [zone.addSourcePort], ["public" "4321" "udp" 0], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.getSourcePorts], ["public"], 0, [dnl [([['1234', 'tcp'], ['4321', 'udp']],)] ]) DBUS_CHECK([], [zone.removeSourcePort], ["public" "1234" "tcp"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.querySourcePort], ["public" "1234" "tcp"], 0, [dnl (false,) ]) dnl Forward Ports DBUS_CHECK([], [zone.addForwardPort], ["public" "1234" "tcp" "1111" "" 0], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl (true,) ]) DBUS_CHECK([], [zone.addForwardPort], ["public" "4321" "udp" "4444" "10.10.10.10" 0], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.getForwardPorts], ["public"], 0, [dnl [([['1234', 'tcp', '1111', ''], ['4321', 'udp', '4444', '10.10.10.10']],)] ]) DBUS_CHECK([], [zone.removeForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryForwardPort], ["public" "1234" "tcp" "1111" ""], 0, [dnl (false,) ]) dnl Masquerade DBUS_CHECK([], [zone.addMasquerade], ["public" 0], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryMasquerade], ["public"], 0, [dnl (true,) ]) DBUS_CHECK([], [zone.removeMasquerade], ["public"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryMasquerade], ["public"], 0, [dnl (false,) ]) dnl ICMP Block DBUS_CHECK([], [zone.addIcmpBlock], ["public" "echo-reply" 0], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryIcmpBlock], ["public" "echo-reply"], 0, [dnl (true,) ]) DBUS_CHECK([], [zone.addIcmpBlock], ["public" "echo-request" 0], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.getIcmpBlocks], ["public"], 0, [dnl [(['echo-reply', 'echo-request'],)] ]) DBUS_CHECK([], [zone.removeIcmpBlock], ["public" "echo-reply"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryIcmpBlock], ["public" "echo-reply"], 0, [dnl (false,) ]) dnl ICMP Block Inversion DBUS_CHECK([], [zone.addIcmpBlockInversion], ["public"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryIcmpBlockInversion], ["public"], 0, [dnl (true,) ]) DBUS_CHECK([], [zone.removeIcmpBlockInversion], ["public"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryIcmpBlockInversion], ["public"], 0, [dnl (false,) ]) dnl Rich Rules DBUS_CHECK([], [zone.addRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept" 0], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl (true,) ]) DBUS_CHECK([], [zone.getRichRules], ["public"], 0, [dnl [(['rule family="ipv4" source address="10.10.10.10" accept'],)] ]) DBUS_CHECK([], [zone.addRichRule], ["public" "rule family=ipv4 source address=20.20.20.20 accept" 0], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryRichRule], ["public" "rule family=ipv4 source address=20.20.20.20 accept"], 0, [dnl (true,) ]) DBUS_CHECK([], [zone.removeRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl ('public',) ]) DBUS_CHECK([], [zone.queryRichRule], ["public" "rule family=ipv4 source address=10.10.10.10 accept"], 0, [dnl (false,) ]) dnl ################### dnl new dict based APIs dnl ################### DBUS_CHECK([], [zone.getZoneSettings2], ["public"], 0, [dnl 'description': <'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.'> 'forward': 'forward_ports': <@<:@('4321', 'udp', '4444', '10.10.10.10')@:>@> 'icmp_block_inversion': 'icmp_blocks': <@<:@'echo-request'@:>@> 'interfaces': <@<:@'dummy1'@:>@> 'masquerade': 'ports': <@<:@('4321', 'udp')@:>@> 'rules_str': <@<:@'rule family="ipv4" source address="20.20.20.20" accept'@:>@> 'services': <@<:@'ssh', 'dhcpv6-client'@:>@> 'short': <'Public'> 'source_ports': <@<:@('4321', 'udp')@:>@> 'sources': <@<:@'10.20.0.0/16'@:>@> 'target': <'default'> ]) dnl Update all fields dnl DBUS_CHECK([], [zone.setZoneSettings2], [dnl "public" dnl '{"services": <@<:@"mdns"@:>@>, dnl "ports": <@<:@("1234", "udp")@:>@>, dnl "icmp_blocks": <@<:@"echo-request", "echo-reply"@:>@>, dnl "masquerade": , dnl "forward": , dnl "forward_ports": <@<:@("1234", "udp", "4321", "10.10.10.10")@:>@>, dnl "interfaces": <@<:@"dummy3"@:>@>, dnl "sources": <@<:@"10.10.10.0/24"@:>@>, dnl "rules_str": <@<:@"rule family=ipv4 source address=10.20.20.20 accept"@:>@>, dnl "protocols": <@<:@"ipv6-icmp"@:>@>, dnl "source_ports": <@<:@("1234", "udp")@:>@>, dnl "icmp_block_inversion": dnl }'dnl ], 0, [ignore]) DBUS_CHECK([], [zone.getZoneSettings2], ["public"], 0, [dnl 'description': <'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.'> 'forward': 'forward_ports': <@<:@('1234', 'udp', '4321', '10.10.10.10')@:>@> 'icmp_block_inversion': 'icmp_blocks': <@<:@'echo-reply', 'echo-request'@:>@> 'interfaces': <@<:@'dummy3'@:>@> 'masquerade': 'ports': <@<:@('1234', 'udp')@:>@> 'protocols': <@<:@'ipv6-icmp'@:>@> 'rules_str': <@<:@'rule family="ipv4" source address="10.20.20.20" accept'@:>@> 'services': <@<:@'mdns'@:>@> 'short': <'Public'> 'source_ports': <@<:@('1234', 'udp')@:>@> 'sources': <@<:@'10.10.10.0/24'@:>@> 'target': <'default'> ]) dnl Do it again to make sure we don't get ALREADY_ENABLED DBUS_CHECK([], [zone.setZoneSettings2], [dnl "public" dnl '{"services": <@<:@"mdns"@:>@>, dnl "ports": <@<:@("1234", "udp")@:>@>, dnl "icmp_blocks": <@<:@"echo-request", "echo-reply"@:>@>, dnl "masquerade": , dnl "forward_ports": <@<:@("1234", "udp", "4321", "10.10.10.10")@:>@>, dnl "interfaces": <@<:@"dummy3"@:>@>, dnl "sources": <@<:@"10.10.10.0/24"@:>@>, dnl "rules_str": <@<:@"rule family=ipv4 source address=10.20.20.20 accept"@:>@>, dnl "protocols": <@<:@"ipv6-icmp"@:>@>, dnl "source_ports": <@<:@("1234", "udp")@:>@>, dnl "icmp_block_inversion": dnl }'dnl ], 0, [ignore]) dnl Update some fields DBUS_CHECK([], [zone.setZoneSettings2], [dnl "public" dnl '{"services": <@<:@"mdns", "ssh"@:>@>, dnl "icmp_blocks": <@<:@"echo-reply"@:>@> dnl }'dnl ], 0, [ignore]) dnl clear a field DBUS_CHECK([], [zone.setZoneSettings2], [dnl "public" dnl '{"rules_str": <@as @<:@@:>@>, dnl "icmp_block_inversion": dnl }'dnl ], 0, [ignore]) dnl clear another field DBUS_CHECK([], [zone.setZoneSettings2], [dnl "public" dnl '{"forward_ports": <@a(ssss) @<:@@:>@> dnl }'dnl ], 0, [ignore]) dnl clear another field DBUS_CHECK([], [zone.setZoneSettings2], [dnl "public" dnl '{"services": <@as @<:@@:>@> dnl }'dnl ], 0, [ignore]) dnl verify the updates DBUS_CHECK([], [zone.getZoneSettings2], ["public"], 0, [dnl 'description': <'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.'> 'forward': 'icmp_block_inversion': 'icmp_blocks': <@<:@'echo-reply'@:>@> 'interfaces': <@<:@'dummy3'@:>@> 'masquerade': 'ports': <@<:@('1234', 'udp')@:>@> 'protocols': <@<:@'ipv6-icmp'@:>@> 'short': <'Public'> 'source_ports': <@<:@('1234', 'udp')@:>@> 'sources': <@<:@'10.10.10.0/24'@:>@> 'target': <'default'> ]) FWD_END_TEST firewalld-1.1.1/src/tests/dbus/zone_permanent_signatures.at0000644000000000000000000005540614217342322024177 0ustar00rootroot00000000000000FWD_START_TEST([dbus api - zone permanent signatures]) AT_KEYWORDS(dbus zone gh586 gh613) dnl #################### dnl Global APIs dnl #################### DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="listZones"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="getZoneNames"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="getZoneByName"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="addZone"]]], 0, [dnl ]) dnl zone relation to interface/sources DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="getZoneOfInterface"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="getZoneOfSource"]]], 0, [dnl ]) dnl #################### dnl Zone object APIs dnl #################### dnl Get a reference to the public zone. We'll use it to introspect APIs. DBUS_CHECK([config], [config.getZoneByName], ["public"], 0, [stdout]) DBUS_PUBLIC_ZONE_OBJ=[$(sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" ./stdout)] export DBUS_PUBLIC_ZONE_OBJ DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getSettings"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="update"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//signal[@name="Updated"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="loadDefaults"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="remove"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//signal[@name="Removed"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="rename"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//signal[@name="Renamed"]]], 0, [dnl ]) dnl Version dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getVersion"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setVersion"]]], 0, [dnl ]) dnl Short dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getShort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setShort"]]], 0, [dnl ]) dnl Description dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getDescription"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setDescription"]]], 0, [dnl ]) dnl Target dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getTarget"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setTarget"]]], 0, [dnl ]) dnl Interfaces dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getInterfaces"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setInterfaces"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addInterface"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeInterface"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryInterface"]]], 0, [dnl ]) dnl Sources dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getSources"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setSources"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addSource"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeSource"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="querySource"]]], 0, [dnl ]) dnl Services dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getServices"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setServices"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addService"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeService"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryService"]]], 0, [dnl ]) dnl Ports dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getPorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setPorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addPort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removePort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryPort"]]], 0, [dnl ]) dnl Source Ports dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getSourcePorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setSourcePorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addSourcePort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeSourcePort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="querySourcePort"]]], 0, [dnl ]) dnl Protocol dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getProtocols"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setProtocols"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addProtocol"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeProtocol"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryProtocol"]]], 0, [dnl ]) dnl Forward Ports dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getForwardPorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setForwardPorts"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addForwardPort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeForwardPort"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryForwardPort"]]], 0, [dnl ]) dnl Masquerade dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getMasquerade"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setMasquerade"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addMasquerade"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeMasquerade"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryMasquerade"]]], 0, [dnl ]) dnl ICMP Block dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getIcmpBlocks"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setIcmpBlocks"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addIcmpBlock"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeIcmpBlock"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryIcmpBlock"]]], 0, [dnl ]) dnl ICMP Block Inversion dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getIcmpBlockInversion"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setIcmpBlockInversion"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addIcmpBlockInversion"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeIcmpBlockInversion"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryIcmpBlockInversion"]]], 0, [dnl ]) dnl Rich Rules dnl DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getRichRules"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setRichRules"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addRichRule"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeRichRule"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryRichRule"]]], 0, [dnl ]) dnl ################### dnl new dict based APIs dnl ################### DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="addZone2"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getSettings2"]]], 0, [dnl ]) DBUS_INTROSPECT([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [[//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="update2"]]], 0, [dnl ]) FWD_END_TEST firewalld-1.1.1/src/tests/dbus/direct.at0000644000000000000000000004041214217342322020150 0ustar00rootroot00000000000000FWD_START_TEST([dbus api - direct signatures]) AT_KEYWORDS(dbus direct) dnl ############################### dnl ########## runtime ############ dnl ############################### DBUS_INTROSPECT([], [[//method[@name="addChain"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="addPassthrough"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="addRule"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="getAllChains"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="getAllPassthroughs"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="getAllRules"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="getChains"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="getPassthroughs"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="getRules"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="passthrough"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="queryChain"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="queryPassthrough"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="queryRule"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="removeAllPassthroughs"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="removeChain"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="removePassthrough"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="removeRule"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//method[@name="removeRules"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//signal[@name="ChainAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//signal[@name="ChainRemoved"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//signal[@name="PassthroughAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//signal[@name="PassthroughRemoved"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//signal[@name="RuleAdded"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//signal[@name="RuleRemoved"]]], 0, [dnl ]) dnl ############################### dnl ######### permanent ########### dnl ############################### DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getSettings"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="update"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="addChain"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="addPassthrough"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="addRule"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getAllChains"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getAllPassthroughs"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getAllRules"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getChains"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getPassthroughs"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getRules"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="queryChain"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="queryPassthrough"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="queryRule"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="removeChain"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="removePassthrough"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="removeRule"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="removeRules"]]], 0, [dnl ]) DBUS_INTROSPECT([config], [[//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//signal[@name="Updated"]]], 0, [dnl ]) FWD_END_TEST firewalld-1.1.1/src/tests/dbus/policy_permanent_functional.at0000644000000000000000000001777014217342322024503 0ustar00rootroot00000000000000FWD_START_TEST([dbus api - policy permanent functional]) AT_KEYWORDS(dbus policy) dnl #################### dnl Global APIs dnl #################### DBUS_CHECK([config], [config.listPolicies], [], 0, [stdout]) NS_CHECK([sed -e ["s/['][,]/'\n/g"] ./stdout |dnl sed -e ["s/.*config\/policy\/\([^']\+\)['].*/\1/"] |dnl while read LINE; do { echo "${LINE}" | grep ["^[0-9]\+$"] ; } || exit 1; done], 0, [ignore]) DBUS_CHECK([config], [config.getPolicyNames], [], 0, [dnl m4_escape([(['allow-host-ipv6'],)]) ]) DBUS_CHECK([config], [config.getPolicyByName], ["allow-host-ipv6"], 0, [stdout]) NS_CHECK([sed -e ["s/.*config\/policy\/\([^']\+\)['].*/\1/"] ./stdout | grep ["^[0-9]\+$"]], 0, [ignore]) DBUS_CHECK([config], [config.addPolicy], ["foobar" dnl name '{"version": <"1.0">, dnl "short": <"foobar">, dnl "description": <"foobar policy">, dnl "target": <"CONTINUE">, dnl "services": m4_escape([<["ssh", "mdns"]>]), dnl "ports": m4_escape([<[("1234", "tcp"), ("1234", "udp")]>]), dnl "icmp_blocks": m4_escape([<["echo-request"]>]), dnl "masquerade": , dnl "forward_ports": m4_escape([<[("1234", "tcp", "4321", ""), ("1234", "udp", "4321", "")]>]), dnl "rich_rules": m4_escape([<["rule family=ipv4 source address=10.20.20.20 drop"]>]), dnl "protocols": m4_escape([<["icmp"]>]), dnl "source_ports": m4_escape([<[("1234", "tcp"), ("1234", "udp")]>]), dnl "ingress_zones": m4_escape([<["public"]>]), dnl "egress_zones": m4_escape([<["HOST"]>]), dnl "priority": <-100> dnl }' dnl ], 0, [stdout]) DBUS_FOOBAR_POLICY_OBJ=[$(sed -e "s/.*config\/policy\/\([^']\+\)['].*/\1/" ./stdout)] export DBUS_FOOBAR_POLICY_OBJ dnl #################### dnl Policy object APIs dnl #################### DBUS_CHECK([config/policy/${DBUS_FOOBAR_POLICY_OBJ}], [config.policy.getSettings], [], 0, [dnl 'description': <'foobar policy'> 'egress_zones': m4_escape([<['HOST']>]) 'forward_ports': m4_escape([<[('1234', 'tcp', '4321', ''), ('1234', 'udp', '4321', '')]>]) 'icmp_blocks': m4_escape([<['echo-request']>]) 'ingress_zones': m4_escape([<['public']>]) 'masquerade': 'ports': m4_escape([<[('1234', 'tcp'), ('1234', 'udp')]>]) 'priority': <-100> 'protocols': m4_escape([<['icmp']>]) 'rich_rules': m4_escape([<['rule family="ipv4" source address="10.20.20.20" drop']>]) 'services': m4_escape([<['ssh', 'mdns']>]) 'short': <'foobar'> 'source_ports': m4_escape([<[('1234', 'tcp'), ('1234', 'udp')]>]) 'target': <'CONTINUE'> 'version': <'1.0'> ]) dnl Update all fields dnl DBUS_CHECK([config/policy/${DBUS_FOOBAR_POLICY_OBJ}], [config.policy.update], [dnl '{"version": <"1.1">, dnl "short": <"foobar update">, dnl "description": <"foobar policy update">, dnl "target": <"DROP">, dnl "services": m4_escape([<["mdns"]>]), dnl "ports": m4_escape([<[("1234", "udp")]>]), dnl "icmp_blocks": m4_escape([<["echo-request", "echo-reply"]>]), dnl "masquerade": , dnl "forward_ports": m4_escape([<[("1234", "udp", "4321", "10.10.10.10")]>]), dnl "rich_rules": m4_escape([<["rule family=ipv4 source address=10.20.20.20 accept"]>]), dnl "protocols": m4_escape([<["ipv6-icmp"]>]), dnl "source_ports": m4_escape([<[("1234", "udp")]>]), dnl "ingress_zones": m4_escape([<["public", "external"]>]), dnl "egress_zones": m4_escape([<["internal"]>]), dnl "priority": <200> dnl }' dnl ], 0, [ignore]) DBUS_CHECK([config/policy/${DBUS_FOOBAR_POLICY_OBJ}], [config.policy.getSettings], [], 0, [dnl 'description': <'foobar policy update'> 'egress_zones': m4_escape([<['internal']>]) 'forward_ports': m4_escape([<[('1234', 'udp', '4321', '10.10.10.10')]>]) 'icmp_blocks': m4_escape([<['echo-request', 'echo-reply']>]) 'ingress_zones': m4_escape([<['public', 'external']>]) 'masquerade': 'ports': m4_escape([<[('1234', 'udp')]>]) 'priority': <200> 'protocols': m4_escape([<['ipv6-icmp']>]) 'rich_rules': m4_escape([<['rule family="ipv4" source address="10.20.20.20" accept']>]) 'services': m4_escape([<['mdns']>]) 'short': <'foobar update'> 'source_ports': m4_escape([<[('1234', 'udp')]>]) 'target': <'DROP'> 'version': <'1.1'> ]) dnl Update single field DBUS_CHECK([config/policy/${DBUS_FOOBAR_POLICY_OBJ}], [config.policy.update], [dnl '{"version": <"1.2">, dnl "target": <"DROP"> dnl }' dnl ], 0, [ignore]) dnl clear a field DBUS_CHECK([config/policy/${DBUS_FOOBAR_POLICY_OBJ}], [config.policy.update], [dnl '{"version": <"1.3">, dnl "icmp_blocks": m4_escape([<@as []>]) dnl }' dnl ], 0, [ignore]) dnl clear another field DBUS_CHECK([config/policy/${DBUS_FOOBAR_POLICY_OBJ}], [config.policy.update], [dnl '{"version": <"1.4">, dnl "forward_ports": m4_escape([<@a(ssss) []>]) dnl }' dnl ], 0, [ignore]) dnl verify the updates DBUS_CHECK([config/policy/${DBUS_FOOBAR_POLICY_OBJ}], [config.policy.getSettings], [], 0, [dnl 'description': <'foobar policy update'> 'egress_zones': m4_escape([<['internal']>]) 'ingress_zones': m4_escape([<['public', 'external']>]) 'masquerade': 'ports': m4_escape([<[('1234', 'udp')]>]) 'priority': <200> 'protocols': m4_escape([<['ipv6-icmp']>]) 'rich_rules': m4_escape([<['rule family="ipv4" source address="10.20.20.20" accept']>]) 'services': m4_escape([<['mdns']>]) 'short': <'foobar update'> 'source_ports': m4_escape([<[('1234', 'udp')]>]) 'target': <'DROP'> 'version': <'1.4'> ]) DBUS_CHECK([config/policy/${DBUS_FOOBAR_POLICY_OBJ}], [config.policy.rename], ["foobar-renamed"], 0, [ignore]) DBUS_CHECK([config], [config.getPolicyByName], ["foobar-renamed"], 0, [ignore]) DBUS_CHECK([config/policy/${DBUS_FOOBAR_POLICY_OBJ}], [config.policy.remove], [], 0, [ignore]) DBUS_CHECK([config], [config.getPolicyByName], ["foobar-renamed"], 1, [ignore], [ignore]) dnl make a change to builtin and verify loadDefaults() DBUS_CHECK([config], [config.getPolicyByName], ["allow-host-ipv6"], 0, [stdout]) DBUS_BUILTIN_POLICY_OBJ=[$(sed -e "s/.*config\/policy\/\([^']\+\)['].*/\1/" ./stdout)] export DBUS_BUILTIN_POLICY_OBJ DBUS_CHECK([config/policy/${DBUS_BUILTIN_POLICY_OBJ}], [config.policy.update], [dnl '{"version": <"1.2">, dnl "target": <"DROP"> dnl }' dnl ], 0, [ignore]) DBUS_CHECK([config/policy/${DBUS_BUILTIN_POLICY_OBJ}], [config.policy.getSettings], [], 0, [dnl 'description': <'Allows basic IPv6 functionality for the host running firewalld.'> 'egress_zones': m4_escape([<['HOST']>]) 'ingress_zones': m4_escape([<['ANY']>]) 'masquerade': 'priority': <-15000> 'rich_rules': m4_escape([<['rule family="ipv6" icmp-type name="neighbour-advertisement" accept', 'rule family="ipv6" icmp-type name="neighbour-solicitation" accept', 'rule family="ipv6" icmp-type name="router-advertisement" accept', 'rule family="ipv6" icmp-type name="redirect" accept']>]) 'short': <'Allow host IPv6'> 'target': <'DROP'> 'version': <'1.2'> ]) DBUS_CHECK([config/policy/${DBUS_BUILTIN_POLICY_OBJ}], [config.policy.loadDefaults], [], 0, [ignore]) DBUS_CHECK([config/policy/${DBUS_BUILTIN_POLICY_OBJ}], [config.policy.getSettings], [], 0, [dnl 'description': <'Allows basic IPv6 functionality for the host running firewalld.'> 'egress_zones': m4_escape([<['HOST']>]) 'ingress_zones': m4_escape([<['ANY']>]) 'masquerade': 'priority': <-15000> 'rich_rules': m4_escape([<['rule family="ipv6" icmp-type name="neighbour-advertisement" accept', 'rule family="ipv6" icmp-type name="neighbour-solicitation" accept', 'rule family="ipv6" icmp-type name="router-advertisement" accept', 'rule family="ipv6" icmp-type name="redirect" accept']>]) 'short': <'Allow host IPv6'> 'target': <'CONTINUE'> ]) FWD_END_TEST([-e '/ERROR: INVALID_POLICY: foobar-renamed/d']) firewalld-1.1.1/src/tests/dbus/zone_permanent_functional.at0000644000000000000000000005273114217342322024153 0ustar00rootroot00000000000000FWD_START_TEST([dbus api - zone permanent functional]) AT_KEYWORDS(dbus zone gh586 gh613) dnl #################### dnl Global APIs dnl #################### DBUS_CHECK([config], [config.addZone], ["foobar" dnl name '("1.0", dnl version "foobar", dnl short "foobar zone", dnl description false, dnl bogus/unused "ACCEPT", dnl target @<:@"ssh", "mdns"@:>@, dnl services @<:@("1234", "tcp"), ("1234", "udp")@:>@, dnl ports @<:@"echo-request"@:>@, dnl ICMP Blocks true, dnl masquerade @<:@("1234", "tcp", "4321", ""), ("1234", "udp", "4321", "10.10.10.10")@:>@, dnl forward ports @<:@"dummy0", "dummy1"@:>@, dnl interfaces @<:@"10.10.10.0/24"@:>@, dnl sources @<:@"rule family=ipv4 source address=10.20.20.20 drop"@:>@, dnl rules_str @<:@"icmp"@:>@, dnl protocols @<:@("1234", "tcp"), ("1234", "udp")@:>@, dnl source ports false dnl ICMP block inversion )'dnl ], 0, [stdout]) DBUS_FOOBAR_ZONE_OBJ=[$(sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" ./stdout)] export DBUS_FOOBAR_ZONE_OBJ dnl Get Zones dnl if NS_CMD([firewall-cmd --get-zones |grep "nm-shared" >/dev/null]); then NM_SHARED="'nm-shared', " export NM_SHARED fi DBUS_CHECK([config], [config.getZoneNames], [], 0, [dnl (@<:@'block', 'dmz', 'drop', 'external', 'foobar', 'home', 'internal', m4_escape([${NM_SHARED}])'public', 'trusted', 'work'@:>@,) ]) DBUS_CHECK([config], [config.listZones], [], 0, [stdout]) NS_CHECK([sed -e ["s/['][,]/'\n/g"] ./stdout |dnl sed -e ["s/.*config\/zone\/\([^']\+\)['].*/\1/"] |dnl while read LINE; do { echo "${LINE}" | grep ["^[0-9]\+$"] ; } || exit 1; done], 0, [ignore]) DBUS_CHECK([config], [config.getZoneByName], ["public"], 0, [stdout]) NS_CHECK([sed -e ["s/.*config\/zone\/\([^']\+\)['].*/\1/"] ./stdout | grep ["^[0-9]\+$"]], 0, [ignore]) dnl Interfaces FWD_CHECK([-q --permanent --zone public --add-interface dummy2]) DBUS_CHECK([config], [config.getZoneOfInterface], ["dummy2"], 0, [dnl ('public',) ]) FWD_CHECK([-q --permanent --zone public --remove-interface dummy2]) dnl Sources FWD_CHECK([-q --permanent --zone public --add-source 10.20.20.0/24]) DBUS_CHECK([config], [config.getZoneOfSource], ["10.20.20.0/24"], 0, [dnl ('public',) ]) FWD_CHECK([-q --permanent --zone public --remove-source 10.20.20.0/24]) dnl #################### dnl Zone object APIs dnl #################### DBUS_CHECK([config/zone/${DBUS_FOOBAR_ZONE_OBJ}], [config.zone.getSettings], [], 0, [dnl (('1.0', dnl version 'foobar', dnl short 'foobar zone', dnl description false, dnl bogus/unused 'ACCEPT', dnl target @<:@'ssh', 'mdns'@:>@, dnl services @<:@('1234', 'tcp'), ('1234', 'udp')@:>@, dnl ports @<:@'echo-request'@:>@, dnl ICMP Blocks true, dnl masquerade @<:@('1234', 'tcp', '4321', ''), ('1234', 'udp', '4321', '10.10.10.10')@:>@, dnl forward ports @<:@'dummy0', 'dummy1'@:>@, dnl interfaces @<:@'10.10.10.0/24'@:>@, dnl sources @<:@'rule family="ipv4" source address="10.20.20.20" drop'@:>@, dnl rules_str @<:@'icmp'@:>@, dnl protocols @<:@('1234', 'tcp'), ('1234', 'udp')@:>@, dnl source ports false),) ]) dnl Verify update works dnl DBUS_CHECK([config/zone/${DBUS_FOOBAR_ZONE_OBJ}], [config.zone.update], [dnl '("1.1", dnl version "foobar v2", dnl short "foobar zone updated", dnl description false, dnl bogus/unused "ACCEPT", dnl target @<:@"ssh", "mdns", "samba"@:>@, dnl services @<:@("1234", "tcp"), ("4444", "udp")@:>@, dnl ports @<:@"echo-request", "echo-reply"@:>@, dnl ICMP Blocks false, dnl masquerade @<:@("1234", "tcp", "4321", "")@:>@, dnl forward ports @<:@"dummy0", "dummy1", "dummy2"@:>@, dnl interfaces @<:@"10.10.10.0/24", "10.20.0.0/16"@:>@, dnl sources @<:@"rule family=ipv4 source address=10.20.20.20 reject"@:>@, dnl rules_str @<:@"icmp", "ipv6-icmp"@:>@, dnl protocols @<:@("1234", "tcp"), ("6666", "udp")@:>@, dnl source ports true dnl ICMP block inversion )'dnl ], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_FOOBAR_ZONE_OBJ}], [config.zone.getSettings], [], 0, [dnl (('1.1', dnl version 'foobar v2', dnl short 'foobar zone updated', dnl description false, dnl bogus/unused 'ACCEPT', dnl target @<:@'ssh', 'mdns', 'samba'@:>@, dnl services @<:@('1234', 'tcp'), ('4444', 'udp')@:>@, dnl ports @<:@'echo-request', 'echo-reply'@:>@, dnl ICMP Blocks false, dnl masquerade @<:@('1234', 'tcp', '4321', '')@:>@, dnl forward ports @<:@'dummy0', 'dummy1', 'dummy2'@:>@, dnl interfaces @<:@'10.10.10.0/24', '10.20.0.0/16'@:>@, dnl sources @<:@'rule family="ipv4" source address="10.20.20.20" reject'@:>@, dnl rules_str @<:@'icmp', 'ipv6-icmp'@:>@, dnl protocols @<:@('1234', 'tcp'), ('6666', 'udp')@:>@, dnl source ports true),) ]) dnl Rename DBUS_CHECK([config/zone/${DBUS_FOOBAR_ZONE_OBJ}], [config.zone.rename], ["foobar-renamed"], 0, [ignore]) DBUS_CHECK([config], [config.getZoneByName], ["foobar-renamed"], 0, [ignore]) dnl Remove DBUS_CHECK([config/zone/${DBUS_FOOBAR_ZONE_OBJ}], [config.zone.remove], [], 0, [ignore]) DBUS_CHECK([config], [config.getZoneByName], ["foobar-renamed"], 1, [ignore], [ignore]) dnl Get a reference to the public zone. We'll use for the rest of the tests. DBUS_CHECK([config], [config.getZoneByName], ["public"], 0, [stdout]) DBUS_PUBLIC_ZONE_OBJ=[$(sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" ./stdout)] export DBUS_PUBLIC_ZONE_OBJ dnl loadDefaults DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.loadDefaults], [], 0, [ignore]) dnl Version DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getVersion], [], 0, [dnl ('',) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setVersion], ["1.1"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getVersion], [], 0, [dnl ('1.1',) ]) dnl Short DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getShort], [], 0, [dnl ('Public',) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setShort], ["Public updated"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getShort], [], 0, [dnl ('Public updated',) ]) dnl Description DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getDescription], [], 0, [dnl ('For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.',) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setDescription], ["A shorter description."], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getDescription], [], 0, [dnl ('A shorter description.',) ]) dnl Target DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getTarget], [], 0, [dnl ('default',) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setTarget], ["ACCEPT"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getTarget], [], 0, [dnl ('ACCEPT',) ]) dnl Interfaces DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addInterface], ["dummy0"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryInterface], ["dummy0"], 0, [dnl (true,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryInterface], ["dummy1"], 0, [dnl (false,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setInterfaces], [['["dummy0", "dummy1"]']], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getInterfaces], [], 0, [dnl [(['dummy0', 'dummy1'],)] ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeInterface], ["dummy0"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getInterfaces], [], 0, [dnl [(['dummy1'],)] ]) dnl Sources DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addSource], ["10.10.10.0/24"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.querySource], ["10.10.10.0/24"], 0, [dnl (true,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.querySource], ["10.20.20.0/24"], 0, [dnl (false,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setSources], [['["10.10.10.0/24", "10.20.20.0/24"]']], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getSources], [], 0, [dnl [(['10.10.10.0/24', '10.20.20.0/24'],)] ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeSource], ["10.10.10.0/24"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getSources], [], 0, [dnl [(['10.20.20.0/24'],)] ]) dnl Services DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addService], ["samba"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryService], ["samba"], 0, [dnl (true,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryService], ["https"], 0, [dnl (false,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setServices], [['["samba", "https"]']], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getServices], [], 0, [dnl [(['samba', 'https'],)] ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeService], ["samba"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getServices], [], 0, [dnl [(['https'],)] ]) dnl Ports DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addPort], ["1234" "tcp"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryPort], ["1234" "tcp"], 0, [dnl (true,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryPort], ["4321" "udp"], 0, [dnl (false,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setPorts], [['[("1234", "tcp"), ("4321", "udp")]']], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getPorts], [], 0, [dnl [([('1234', 'tcp'), ('4321', 'udp')],)] ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removePort], ["1234" "tcp"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getPorts], [], 0, [dnl [([('4321', 'udp')],)] ]) dnl Source Ports DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addSourcePort], ["1234" "tcp"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.querySourcePort], ["1234" "tcp"], 0, [dnl (true,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.querySourcePort], ["4321" "udp"], 0, [dnl (false,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setSourcePorts], [['[("1234", "tcp"), ("4321", "udp")]']], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getSourcePorts], [], 0, [dnl [([('1234', 'tcp'), ('4321', 'udp')],)] ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeSourcePort], ["1234" "tcp"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getSourcePorts], [], 0, [dnl [([('4321', 'udp')],)] ]) dnl Forward Ports DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addForwardPort], ["1234" "tcp" "1111" ""], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryForwardPort], ["1234" "tcp" "1111" ""], 0, [dnl (true,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryForwardPort], ["4321" "udp" "4444" "10.10.10.10"], 0, [dnl (false,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setForwardPorts], [['[("1234", "tcp", "1111", ""), ("4321", "udp", "4444", "10.10.10.10")]']], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getForwardPorts], [], 0, [dnl [([('1234', 'tcp', '1111', ''), ('4321', 'udp', '4444', '10.10.10.10')],)] ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeForwardPort], ["1234" "tcp" "1111" ""], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getForwardPorts], [], 0, [dnl [([('4321', 'udp', '4444', '10.10.10.10')],)] ]) dnl Protocols DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addProtocol], ["icmp"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryProtocol], ["icmp"], 0, [dnl (true,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryProtocol], ["igmp"], 0, [dnl (false,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setProtocols], [['["icmp", "igmp"]']], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getProtocols], [], 0, [dnl [(['icmp', 'igmp'],)] ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeProtocol], ["icmp"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getProtocols], [], 0, [dnl [(['igmp'],)] ]) dnl Masquerade DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryMasquerade], [], 0, [dnl (false,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addMasquerade], [], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryMasquerade], [], 0, [dnl (true,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setMasquerade], [true], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getMasquerade], [], 0, [dnl [(true,)] ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeMasquerade], [], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getMasquerade], [], 0, [dnl [(false,)] ]) dnl ICMP Block DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addIcmpBlock], ["echo-reply"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryIcmpBlock], ["echo-reply"], 0, [dnl (true,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryIcmpBlock], ["echo-request"], 0, [dnl (false,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setIcmpBlocks], [['["echo-reply", "echo-request"]']], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getIcmpBlocks], [], 0, [dnl [(['echo-reply', 'echo-request'],)] ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeIcmpBlock], ["echo-reply"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getIcmpBlocks], [], 0, [dnl [(['echo-request'],)] ]) dnl ICMP Block Inversion DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryIcmpBlockInversion], [], 0, [dnl (false,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addIcmpBlockInversion], [], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryIcmpBlockInversion], [], 0, [dnl (true,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setIcmpBlockInversion], [true], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getIcmpBlockInversion], [], 0, [dnl [(true,)] ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeIcmpBlockInversion], [], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getIcmpBlockInversion], [], 0, [dnl [(false,)] ]) dnl Rich Rules DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.addRichRule], ["rule family=ipv4 source address=10.10.10.0/24 accept"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryRichRule], ["rule family=ipv4 source address=10.10.10.0/24 accept"], 0, [dnl (true,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.queryRichRule], ["rule family=ipv4 source address=10.20.20.0/24 drop"], 0, [dnl (false,) ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.setRichRules], [['["rule family=ipv4 source address=10.10.10.0/24 accept", "rule family=ipv4 source address=10.20.20.0/24 drop"]']], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getRichRules], [], 0, [dnl [(['rule family="ipv4" source address="10.10.10.0/24" accept', 'rule family="ipv4" source address="10.20.20.0/24" drop'],)] ]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.removeRichRule], ["rule family=ipv4 source address=10.10.10.0/24 accept"], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_PUBLIC_ZONE_OBJ}], [config.zone.getRichRules], [], 0, [dnl [(['rule family="ipv4" source address="10.20.20.0/24" drop'],)] ]) dnl ################### dnl new dict based APIs dnl ################### DBUS_CHECK([config], [config.addZone2], ["foobar2" dnl name '{"version": <"1.0">, dnl "short": <"foobar">, dnl "description": <"foobar zone">, dnl "target": <"ACCEPT">, dnl "services": <@<:@"ssh", "mdns"@:>@>, dnl "ports": <@<:@("1234", "tcp"), ("1234", "udp")@:>@>, dnl "icmp_blocks": <@<:@"echo-request"@:>@>, dnl "masquerade": , dnl "forward": , dnl "forward_ports": <@<:@("1234", "tcp", "4321", ""), ("1234", "udp", "4321", "10.10.10.10")@:>@>, dnl "interfaces": <@<:@"dummy2", "dummy3"@:>@>, dnl "sources": <@<:@"10.10.10.0/24"@:>@>, dnl "rules_str": <@<:@"rule family=ipv4 source address=10.20.20.20 drop"@:>@>, dnl "protocols": <@<:@"icmp"@:>@>, dnl "source_ports": <@<:@("1234", "tcp"), ("1234", "udp")@:>@>, dnl "icmp_block_inversion": dnl }'dnl ], 0, [stdout]) DBUS_FOOBAR2_ZONE_OBJ=[$(sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" ./stdout)] export DBUS_FOOBAR2_ZONE_OBJ DBUS_CHECK([config/zone/${DBUS_FOOBAR2_ZONE_OBJ}], [config.zone.getSettings2], [], 0, [dnl 'description': <'foobar zone'> 'forward': 'forward_ports': <@<:@('1234', 'tcp', '4321', ''), ('1234', 'udp', '4321', '10.10.10.10')@:>@> 'icmp_block_inversion': 'icmp_blocks': <@<:@'echo-request'@:>@> 'interfaces': <@<:@'dummy2', 'dummy3'@:>@> 'masquerade': 'ports': <@<:@('1234', 'tcp'), ('1234', 'udp')@:>@> 'protocols': <@<:@'icmp'@:>@> 'rules_str': <@<:@'rule family="ipv4" source address="10.20.20.20" drop'@:>@> 'services': <@<:@'ssh', 'mdns'@:>@> 'short': <'foobar'> 'source_ports': <@<:@('1234', 'tcp'), ('1234', 'udp')@:>@> 'sources': <@<:@'10.10.10.0/24'@:>@> 'target': <'ACCEPT'> 'version': <'1.0'> ]) dnl Update all fields dnl DBUS_CHECK([config/zone/${DBUS_FOOBAR2_ZONE_OBJ}], [config.zone.update2], [dnl '{"version": <"1.1">, dnl "short": <"foobar update2">, dnl "description": <"foobar zone update2">, dnl "target": <"DROP">, dnl "services": <@<:@"mdns"@:>@>, dnl "ports": <@<:@("1234", "udp")@:>@>, dnl "icmp_blocks": <@<:@"echo-request", "echo-reply"@:>@>, dnl "masquerade": , dnl "forward_ports": <@<:@("1234", "udp", "4321", "10.10.10.10")@:>@>, dnl "interfaces": <@<:@"dummy3"@:>@>, dnl "sources": <@<:@"10.10.10.0/24", "10.30.30.0/24"@:>@>, dnl "rules_str": <@<:@"rule family=ipv4 source address=10.20.20.20 accept"@:>@>, dnl "protocols": <@<:@"ipv6-icmp"@:>@>, dnl "source_ports": <@<:@("1234", "udp")@:>@>, dnl "icmp_block_inversion": dnl }'dnl ], 0, [ignore]) DBUS_CHECK([config/zone/${DBUS_FOOBAR2_ZONE_OBJ}], [config.zone.getSettings2], [], 0, [dnl 'description': <'foobar zone update2'> 'forward': 'forward_ports': <@<:@('1234', 'udp', '4321', '10.10.10.10')@:>@> 'icmp_block_inversion': 'icmp_blocks': <@<:@'echo-request', 'echo-reply'@:>@> 'interfaces': <@<:@'dummy3'@:>@> 'masquerade': 'ports': <@<:@('1234', 'udp')@:>@> 'protocols': <@<:@'ipv6-icmp'@:>@> 'rules_str': <@<:@'rule family="ipv4" source address="10.20.20.20" accept'@:>@> 'services': <@<:@'mdns'@:>@> 'short': <'foobar update2'> 'source_ports': <@<:@('1234', 'udp')@:>@> 'sources': <@<:@'10.10.10.0/24', '10.30.30.0/24'@:>@> 'target': <'DROP'> 'version': <'1.1'> ]) dnl Update single field DBUS_CHECK([config/zone/${DBUS_FOOBAR2_ZONE_OBJ}], [config.zone.update2], [dnl '{"version": <"1.2">, dnl "target": <"ACCEPT"> dnl }'dnl ], 0, [ignore]) dnl clear a field DBUS_CHECK([config/zone/${DBUS_FOOBAR2_ZONE_OBJ}], [config.zone.update2], [dnl '{"version": <"1.3">, dnl "icmp_blocks": <@as @<:@@:>@>, dnl "icmp_block_inversion": dnl }'dnl ], 0, [ignore]) dnl clear another field DBUS_CHECK([config/zone/${DBUS_FOOBAR2_ZONE_OBJ}], [config.zone.update2], [dnl '{"version": <"1.4">, dnl "forward_ports": <@a(ssss) @<:@@:>@> dnl }'dnl ], 0, [ignore]) dnl verify the updates DBUS_CHECK([config/zone/${DBUS_FOOBAR2_ZONE_OBJ}], [config.zone.getSettings2], [], 0, [dnl 'description': <'foobar zone update2'> 'forward': 'icmp_block_inversion': 'interfaces': <@<:@'dummy3'@:>@> 'masquerade': 'ports': <@<:@('1234', 'udp')@:>@> 'protocols': <@<:@'ipv6-icmp'@:>@> 'rules_str': <@<:@'rule family="ipv4" source address="10.20.20.20" accept'@:>@> 'services': <@<:@'mdns'@:>@> 'short': <'foobar update2'> 'source_ports': <@<:@('1234', 'udp')@:>@> 'sources': <@<:@'10.10.10.0/24', '10.30.30.0/24'@:>@> 'target': <'ACCEPT'> 'version': <'1.4'> ]) FWD_END_TEST([-e '/ERROR: INVALID_ZONE: foobar-renamed/d']) firewalld-1.1.1/src/tests/dbus/policy_runtime_signatures.at0000644000000000000000000000263414217342322024210 0ustar00rootroot00000000000000FWD_START_TEST([dbus api - policy runtime signatures]) AT_KEYWORDS(dbus policy) dnl Settings dnl DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.policy"]//method[@name="getPolicySettings"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.policy"]//method[@name="setPolicySettings"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.policy"]//signal[@name="PolicyUpdated"]]], 0, [dnl ]) dnl Fetching Policies DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.policy"]//method[@name="getPolicies"]]], 0, [dnl ]) DBUS_INTROSPECT([], [[//interface[@name="org.fedoraproject.FirewallD1.policy"]//method[@name="getActivePolicies"]]], 0, [dnl ]) FWD_END_TEST firewalld-1.1.1/src/tests/features/0000755000000000000000000000000014217353201017226 5ustar00rootroot00000000000000firewalld-1.1.1/src/tests/features/rich_destination_ipset.at0000644000000000000000000000551114217342322024312 0ustar00rootroot00000000000000FWD_START_TEST([rich destination ipset]) AT_KEYWORDS(rich ipset) FWD_CHECK([--permanent --new-policy=mypolicy], 0, [ignore]) FWD_CHECK([--permanent --policy=mypolicy --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy=mypolicy --add-egress-zone HOST], 0, [ignore]) FWD_CHECK([--permanent --new-ipset=foobar --type=hash:ip], 0, [ignore]) FWD_RELOAD dnl zone FWD_CHECK([--permanent --add-rich-rule='rule family=ipv4 destination ipset=foobar accept'], 0, [ignore]) FWD_CHECK([ --add-rich-rule='rule family=ipv4 destination ipset=foobar accept'], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr @foobar accept } } ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 match-set foobar dst ]) dnl policy FWD_CHECK([--permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination ipset=foobar accept'], 0, [ignore]) FWD_CHECK([ --policy mypolicy --add-rich-rule='rule family=ipv4 destination ipset=foobar accept'], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_policy_mypolicy_allow], 0, [dnl table inet firewalld { chain filter_IN_policy_mypolicy_allow { ip daddr @foobar accept } } ]) IPTABLES_LIST_RULES([filter], [IN_mypolicy_allow], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 match-set foobar dst ]) dnl negative tests FWD_CHECK([--permanent --add-rich-rule='rule family=ipv4 destination bogus=foobar accept'], 122, [ignore], [ignore]) FWD_CHECK([ --add-rich-rule='rule family=ipv4 destination bogus=foobar accept'], 122, [ignore], [ignore]) FWD_CHECK([--permanent --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept'], 121, [ignore], [ignore]) FWD_CHECK([ --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept'], 121, [ignore], [ignore]) FWD_CHECK([--permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination bogus=foobar accept'], 122, [ignore], [ignore]) FWD_CHECK([ --policy mypolicy --add-rich-rule='rule family=ipv4 destination bogus=foobar accept'], 122, [ignore], [ignore]) FWD_CHECK([--permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept'], 121, [ignore], [ignore]) FWD_CHECK([ --policy mypolicy --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept'], 121, [ignore], [ignore]) FWD_END_TEST([-e '/ERROR: INVALID_RULE: bad attribute/d'dnl -e '/ERROR: INVALID_DESTINATION: address and ipset/d']) firewalld-1.1.1/src/tests/features/masquerade.at0000644000000000000000000001377114217342322021716 0ustar00rootroot00000000000000FWD_START_TEST([masquerade]) AT_KEYWORDS(policy masquerade) FWD_CHECK([--permanent --zone=public --add-interface foobar0], 0, [ignore]) FWD_CHECK([--permanent --new-policy=foobar], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone public], 0, [ignore]) dnl permanent --> runtime FWD_CHECK([--permanent --policy=foobar --add-masquerade], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-masquerade], 0, ignore) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade'], 0, [ignore]) FWD_RELOAD FWD_CHECK([--policy foobar --query-masquerade], 0, ignore) FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade'], 0, [ignore]) NFT_LIST_RULES([inet], [nat_POST_policy_foobar_allow], 0, [dnl table inet firewalld { chain nat_POST_policy_foobar_allow { meta nfproto ipv4 oifname != "lo" masquerade ip saddr 10.10.10.0/24 oifname != "lo" masquerade } } ]) IPTABLES_LIST_RULES([nat], [POST_foobar_allow], 0, [dnl MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 MASQUERADE all -- 10.10.10.0/24 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [POST_foobar_allow], 0, [dnl ]) FWD_CHECK([--permanent --policy=foobar --remove-masquerade], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-masquerade], 1, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade'], 1, [ignore]) FWD_CHECK([--policy=foobar --remove-masquerade], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade'], 0, [ignore]) FWD_CHECK([--policy foobar --query-masquerade], 1, [ignore]) FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade'], 1, [ignore]) dnl runtime --> permanent m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ FWD_CHECK([--policy=foobar --add-masquerade], 0, [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule family=ipv6 source address=1234::/64 masquerade'], 0, [ignore]) FWD_CHECK([--policy foobar --query-masquerade], 0, [ignore]) FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade'], 0, [ignore]) FWD_CHECK([--runtime-to-permanent], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-masquerade], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade'], 0, [ignore]) NFT_LIST_RULES([inet], [nat_POST_policy_foobar_allow], 0, [dnl table inet firewalld { chain nat_POST_policy_foobar_allow { meta nfproto ipv4 oifname != "lo" masquerade ip6 saddr 1234::/64 oifname != "lo" masquerade } } ]) IPTABLES_LIST_RULES([nat], [POST_foobar_allow], 0, [dnl MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [POST_foobar_allow], 0, [dnl MASQUERADE all 1234::/64 ::/0 ]) FWD_CHECK([--permanent --policy=foobar --remove-masquerade], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234::/64 masquerade'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-masquerade], 1, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade'], 1, [ignore]) ]) dnl invalid for --> HOST FWD_CHECK([--permanent --new-policy=foobar_host], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar_host --add-ingress-zone internal], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar_host --add-egress-zone HOST], 0, [ignore]) FWD_RELOAD FWD_CHECK([--permanent --policy=foobar_host --add-masquerade], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar_host --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade'], 112, [ignore], [ignore]) FWD_CHECK([--policy=foobar_host --add-masquerade], 112, [ignore], [ignore]) FWD_CHECK([--policy=foobar_host --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade'], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar_host --remove-ingress-zone internal], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar_host --remove-egress-zone HOST], 0, [ignore]) dnl invalid for zone --> zone if ingress zone has interfaces dnl FWD_CHECK([--permanent --new-policy=foobar_int_to_pub], 0, [ignore]) FWD_CHECK([--permanent --zone=internal --add-interface foobar1], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar_int_to_pub --add-ingress-zone internal], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar_int_to_pub --add-egress-zone public], 0, [ignore]) FWD_RELOAD FWD_CHECK([--permanent --policy=foobar_int_to_pub --add-masquerade], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade'], 112, [ignore], [ignore]) FWD_CHECK([--policy=foobar_int_to_pub --add-masquerade], 112, [ignore], [ignore]) FWD_CHECK([--policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade'], 112, [ignore], [ignore]) FWD_CHECK([--permanent --zone=internal --remove-interface foobar1], 0, [ignore]) dnl valid for zone --> zone if ingress zone has only sources dnl FWD_CHECK([--permanent --zone=internal --add-source 10.10.10.0/24], 0, [ignore]) FWD_RELOAD FWD_CHECK([--permanent --policy=foobar_int_to_pub --add-masquerade], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade'], 0, [ignore], [ignore]) FWD_CHECK([--permanent --zone=internal --remove-source 10.10.10.0/24], 0, [ignore]) FWD_END_TEST([-e '/ERROR: INVALID_ZONE:/d']) firewalld-1.1.1/src/tests/features/protocols.at0000644000000000000000000001272114217342322021605 0ustar00rootroot00000000000000FWD_START_TEST([protocols]) AT_KEYWORDS(policy protocol) FWD_CHECK([--permanent --new-policy=foobar], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone HOST], 0, [ignore]) dnl permanent --> runtime FWD_CHECK([--permanent --policy=foobar --add-protocol ipv6-icmp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-protocol dccp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-protocol gre], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule protocol value="sctp" accept'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-protocol ipv6-icmp], 0, ignore) FWD_CHECK([--permanent --policy foobar --query-protocol dccp], 0, ignore) FWD_CHECK([--permanent --policy foobar --query-protocol gre], 0, ignore) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule protocol value="sctp" accept'], 0, [ignore]) FWD_RELOAD FWD_CHECK([--policy foobar --query-protocol ipv6-icmp], 0, ignore) FWD_CHECK([--policy foobar --query-protocol dccp], 0, ignore) FWD_CHECK([--policy foobar --query-protocol gre], 0, ignore) FWD_CHECK([--policy=foobar --query-rich-rule='rule protocol value="sctp" accept'], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_allow], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_allow { meta l4proto sctp ct state new,untracked accept meta l4proto ipv6-icmp ct state new,untracked accept meta l4proto dccp ct state new,untracked accept meta l4proto gre ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT sctp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED ACCEPT icmpv6-- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED ACCEPT 33 -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT sctp ::/0 ::/0 ctstate NEW,UNTRACKED ACCEPT icmpv6 ::/0 ::/0 ctstate NEW,UNTRACKED ACCEPT 33 ::/0 ::/0 ctstate NEW,UNTRACKED ACCEPT 47 ::/0 ::/0 ctstate NEW,UNTRACKED ]) FWD_CHECK([--permanent --policy=foobar --remove-protocol ipv6-icmp], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-protocol ipv6-icmp], 1, [ignore]) FWD_CHECK([--permanent --policy foobar --query-protocol dccp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-protocol dccp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-protocol gre], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule protocol value="sctp" accept'], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-protocol ipv6-icmp], 0, [ignore]) FWD_CHECK([--policy foobar --query-protocol ipv6-icmp], 1, [ignore]) FWD_CHECK([--policy foobar --query-protocol dccp], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-protocol dccp], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-protocol gre], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-rich-rule='rule protocol value="sctp" accept'], 0, [ignore]) dnl runtime --> permanent m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ FWD_CHECK([--policy=foobar --add-protocol ipv6-icmp], 0, [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule protocol value="sctp" accept'], 0, [ignore]) FWD_CHECK([--policy foobar --query-protocol ipv6-icmp], 0, [ignore]) FWD_CHECK([--policy=foobar --query-rich-rule='rule protocol value="sctp" accept'], 0, [ignore]) FWD_CHECK([--runtime-to-permanent], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-protocol ipv6-icmp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule protocol value="sctp" accept'], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_allow], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_allow { meta l4proto ipv6-icmp ct state new,untracked accept meta l4proto sctp ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT icmpv6-- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED ACCEPT sctp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT icmpv6 ::/0 ::/0 ctstate NEW,UNTRACKED ACCEPT sctp ::/0 ::/0 ctstate NEW,UNTRACKED ]) FWD_CHECK([--permanent --policy=foobar --remove-protocol ipv6-icmp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule protocol value="sctp" accept'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-protocol ipv6-icmp], 1, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule protocol value="sctp" accept'], 1, [ignore]) FWD_CHECK([--policy=foobar --remove-protocol ipv6-icmp], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-rich-rule='rule protocol value="sctp" accept'], 0, [ignore]) FWD_CHECK([--policy foobar --query-protocol ipv6-icmp], 1, [ignore]) FWD_CHECK([--policy=foobar --query-rich-rule='rule protocol value="sctp" accept'], 1, [ignore]) ]) dnl invalid protocols FWD_CHECK([--permanent --policy=foobar --add-protocol dummy], 103, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-protocol dummy], 103, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule protocol value="dummy" accept'], 103, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule protocol value="dummy" accept'], 103, [ignore], [ignore]) FWD_END_TEST([-e '/ERROR: INVALID_PROTOCOL: dummy/d']) firewalld-1.1.1/src/tests/features/icmp_blocks.at0000644000000000000000000001760314217342322022052 0ustar00rootroot00000000000000FWD_START_TEST([ICMP blocks]) AT_KEYWORDS(policy icmp_block) FWD_CHECK([--permanent --new-policy=foobar], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone HOST], 0, [ignore]) dnl permanent --> runtime FWD_CHECK([--permanent --policy=foobar --add-icmp-block echo-request], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-icmp-block echo-reply], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-icmp-block redirect], 0, [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 0, [ignore]) ]) FWD_CHECK([--permanent --policy foobar --query-icmp-block echo-request], 0, ignore) FWD_CHECK([--permanent --policy foobar --query-icmp-block echo-reply], 0, ignore) FWD_CHECK([--permanent --policy foobar --query-icmp-block redirect], 0, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 0, [ignore]) ]) FWD_RELOAD FWD_CHECK([--policy foobar --query-icmp-block echo-request], 0, ignore) FWD_CHECK([--policy foobar --query-icmp-block echo-reply], 0, ignore) FWD_CHECK([--policy foobar --query-icmp-block redirect], 0, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 0, [ignore]) ]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_allow], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_allow { } } ]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_deny], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_deny { icmp echo-request reject with icmpx admin-prohibited icmpv6 echo-request reject with icmpx admin-prohibited icmp echo-reply reject with icmpx admin-prohibited icmpv6 echo-reply reject with icmpx admin-prohibited icmp redirect reject with icmpx admin-prohibited icmpv6 nd-redirect reject with icmpx admin-prohibited ip6 saddr 1234:5678::/64 icmpv6 nd-redirect reject with icmpx admin-prohibited } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ]) IPTABLES_LIST_RULES([filter], [IN_foobar_deny], 0, [dnl REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 reject-with icmp-host-prohibited REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 0 reject-with icmp-host-prohibited REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 5 reject-with icmp-host-prohibited ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_deny], 0, [dnl REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 128 reject-with icmp6-adm-prohibited REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 129 reject-with icmp6-adm-prohibited REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 137 reject-with icmp6-adm-prohibited REJECT icmpv6 1234:5678::/64 ::/0 ipv6-icmptype 137 reject-with icmp6-adm-prohibited ]) FWD_CHECK([--permanent --policy=foobar --remove-icmp-block echo-request], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-icmp-block echo-request], 1, [ignore]) FWD_CHECK([--permanent --policy foobar --query-icmp-block echo-reply], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-icmp-block echo-reply], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-icmp-block redirect], 0, [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 1, [ignore]) ]) FWD_CHECK([--policy=foobar --remove-icmp-block echo-request], 0, [ignore]) FWD_CHECK([--policy foobar --query-icmp-block echo-request], 1, [ignore]) FWD_CHECK([--policy foobar --query-icmp-block echo-reply], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-icmp-block echo-reply], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-icmp-block redirect], 0, [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 0, [ignore]) FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 1, [ignore]) ]) dnl runtime --> permanent m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ FWD_CHECK([--policy=foobar --add-icmp-block echo-request], 0, [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 0, [ignore]) ]) FWD_CHECK([--policy foobar --query-icmp-block echo-request], 0, [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 0, [ignore]) ]) FWD_CHECK([--runtime-to-permanent], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-icmp-block echo-request], 0, [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 0, [ignore]) ]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_allow], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_allow { } } ]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_deny], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_deny { icmp echo-request reject with icmpx admin-prohibited icmpv6 echo-request reject with icmpx admin-prohibited ip6 saddr 1234:5678::/64 icmpv6 nd-redirect reject with icmpx admin-prohibited } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ]) IPTABLES_LIST_RULES([filter], [IN_foobar_deny], 0, [dnl REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 reject-with icmp-host-prohibited ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_deny], 0, [dnl REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 128 reject-with icmp6-adm-prohibited REJECT icmpv6 1234:5678::/64 ::/0 ipv6-icmptype 137 reject-with icmp6-adm-prohibited ]) FWD_CHECK([--permanent --policy=foobar --remove-icmp-block echo-request], 0, [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 0, [ignore]) ]) FWD_CHECK([--permanent --policy foobar --query-icmp-block echo-request], 1, [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 1, [ignore]) ]) FWD_CHECK([--policy=foobar --remove-icmp-block echo-request], 0, [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 0, [ignore]) ]) FWD_CHECK([--policy foobar --query-icmp-block echo-request], 1, [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"'], 1, [ignore]) ]) ]) dnl invalid icmp blocks FWD_CHECK([--permanent --policy=foobar --add-icmp-block dummy], 107, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-icmp-block dummy], 107, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="dummy"'], 107, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="dummy"'], 107, [ignore], [ignore]) ]) FWD_END_TEST([-e '/ERROR: INVALID_ICMPTYPE:/d']) firewalld-1.1.1/src/tests/features/source_ports.at0000644000000000000000000001530214217342322022306 0ustar00rootroot00000000000000FWD_START_TEST([source ports]) AT_KEYWORDS(policy source_port) FWD_CHECK([--permanent --new-policy=foobar], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone HOST], 0, [ignore]) dnl permanent --> runtime FWD_CHECK([--permanent --policy=foobar --add-source-port 1234/tcp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-source-port 1234/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-source-port 4321/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=udp accept'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-source-port 1234/tcp], 0, ignore) FWD_CHECK([--permanent --policy foobar --query-source-port 1234/udp], 0, ignore) FWD_CHECK([--permanent --policy foobar --query-source-port 4321/udp], 0, ignore) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=udp accept'], 0, [ignore]) FWD_RELOAD FWD_CHECK([--policy foobar --query-source-port 1234/tcp], 0, ignore) FWD_CHECK([--policy foobar --query-source-port 1234/udp], 0, ignore) FWD_CHECK([--policy foobar --query-source-port 4321/udp], 0, ignore) FWD_CHECK([--policy=foobar --query-rich-rule='rule source-port port=4444 protocol=udp accept'], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_allow], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_allow { tcp sport 1234 ct state new,untracked accept udp sport 1234 ct state new,untracked accept udp sport 4321 ct state new,untracked accept udp sport 4444 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:1234 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:1234 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:4321 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:4444 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp spt:1234 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp spt:1234 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp spt:4321 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp spt:4444 ctstate NEW,UNTRACKED ]) FWD_CHECK([--permanent --policy=foobar --remove-source-port 1234/tcp], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-source-port 1234/tcp], 1, [ignore]) FWD_CHECK([--permanent --policy foobar --query-source-port 1234/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-source-port 1234/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-source-port 4321/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=udp accept'], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-source-port 1234/tcp], 0, [ignore]) FWD_CHECK([--policy foobar --query-source-port 1234/tcp], 1, [ignore]) FWD_CHECK([--policy foobar --query-source-port 1234/udp], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-source-port 1234/udp], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-source-port 4321/udp], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=udp accept'], 0, [ignore]) dnl runtime --> permanent m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ FWD_CHECK([--policy=foobar --add-source-port 1234/udp], 0, [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule source-port port=4444 protocol=sctp accept'], 0, [ignore]) FWD_CHECK([--policy foobar --query-source-port 1234/udp], 0, [ignore]) FWD_CHECK([--policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept'], 0, [ignore]) FWD_CHECK([--runtime-to-permanent], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-source-port 1234/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept'], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_allow], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_allow { udp sport 1234 ct state new,untracked accept sctp sport 4444 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:1234 ctstate NEW,UNTRACKED ACCEPT sctp -- 0.0.0.0/0 0.0.0.0/0 sctp spt:4444 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT udp ::/0 ::/0 udp spt:1234 ctstate NEW,UNTRACKED ACCEPT sctp ::/0 ::/0 sctp spt:4444 ctstate NEW,UNTRACKED ]) FWD_CHECK([--permanent --policy=foobar --remove-source-port 1234/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=sctp accept'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-source-port 1234/udp], 1, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept'], 1, [ignore]) FWD_CHECK([--policy=foobar --remove-source-port 1234/udp], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=sctp accept'], 0, [ignore]) FWD_CHECK([--policy foobar --query-source-port 1234/udp], 1, [ignore]) FWD_CHECK([--policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept'], 1, [ignore]) ]) dnl invalid ports FWD_CHECK([--permanent --policy=foobar --add-source-port 1234], 102, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-source-port 1234], 102, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-source-port 123443/tcp], 102, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-source-port 123443/tcp], 102, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-source-port 1234/bogus], 103, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-source-port 1234/bogus], 103, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule source-port port=4444 accept'], 103, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule source-port port=4444 accept'], 103, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule source-port port=99999 protocol=tcp accept'], 102, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule source-port port=99999 protocol=tcp accept'], 102, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=bogus accept'], 103, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=bogus accept'], 103, [ignore], [ignore]) FWD_END_TEST firewalld-1.1.1/src/tests/features/ports.at0000644000000000000000000001452614217342322020735 0ustar00rootroot00000000000000FWD_START_TEST([ports]) AT_KEYWORDS(policy port) FWD_CHECK([--permanent --new-policy=foobar], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone HOST], 0, [ignore]) dnl permanent --> runtime FWD_CHECK([--permanent --policy=foobar --add-port 1234/tcp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-port 1234/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-port 4321/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule port port=4444 protocol=udp accept'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-port 1234/tcp], 0, ignore) FWD_CHECK([--permanent --policy foobar --query-port 1234/udp], 0, ignore) FWD_CHECK([--permanent --policy foobar --query-port 4321/udp], 0, ignore) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=udp accept'], 0, [ignore]) FWD_RELOAD FWD_CHECK([--policy foobar --query-port 1234/tcp], 0, ignore) FWD_CHECK([--policy foobar --query-port 1234/udp], 0, ignore) FWD_CHECK([--policy foobar --query-port 4321/udp], 0, ignore) FWD_CHECK([--policy=foobar --query-rich-rule='rule port port=4444 protocol=udp accept'], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_allow], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_allow { tcp dport 1234 ct state new,untracked accept udp dport 1234 ct state new,untracked accept udp dport 4321 ct state new,untracked accept udp dport 4444 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1234 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4321 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4444 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:1234 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:1234 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:4321 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:4444 ctstate NEW,UNTRACKED ]) FWD_CHECK([--permanent --policy=foobar --remove-port 1234/tcp], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-port 1234/tcp], 1, [ignore]) FWD_CHECK([--permanent --policy foobar --query-port 1234/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-port 1234/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-port 4321/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule port port=4444 protocol=udp accept'], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-port 1234/tcp], 0, [ignore]) FWD_CHECK([--policy foobar --query-port 1234/tcp], 1, [ignore]) FWD_CHECK([--policy foobar --query-port 1234/udp], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-port 1234/udp], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-port 4321/udp], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-rich-rule='rule port port=4444 protocol=udp accept'], 0, [ignore]) dnl runtime --> permanent m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ FWD_CHECK([--policy=foobar --add-port 1234/udp], 0, [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule port port=4444 protocol=sctp accept'], 0, [ignore]) FWD_CHECK([--policy foobar --query-port 1234/udp], 0, [ignore]) FWD_CHECK([--policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept'], 0, [ignore]) FWD_CHECK([--runtime-to-permanent], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-port 1234/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept'], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_allow], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_allow { udp dport 1234 ct state new,untracked accept sctp dport 4444 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1234 ctstate NEW,UNTRACKED ACCEPT sctp -- 0.0.0.0/0 0.0.0.0/0 sctp dpt:4444 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT udp ::/0 ::/0 udp dpt:1234 ctstate NEW,UNTRACKED ACCEPT sctp ::/0 ::/0 sctp dpt:4444 ctstate NEW,UNTRACKED ]) FWD_CHECK([--permanent --policy=foobar --remove-port 1234/udp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule port port=4444 protocol=sctp accept'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-port 1234/udp], 1, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept'], 1, [ignore]) FWD_CHECK([--policy=foobar --remove-port 1234/udp], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-rich-rule='rule port port=4444 protocol=sctp accept'], 0, [ignore]) FWD_CHECK([--policy foobar --query-port 1234/udp], 1, [ignore]) FWD_CHECK([--policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept'], 1, [ignore]) ]) dnl invalid ports FWD_CHECK([--permanent --policy=foobar --add-port 1234], 102, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-port 1234], 102, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-port 123443/tcp], 102, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-port 123443/tcp], 102, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-port 1234/bogus], 103, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-port 1234/bogus], 103, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule port port=4444 accept'], 103, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule port port=4444 accept'], 103, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule port port=99999 protocol=tcp accept'], 102, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule port port=99999 protocol=tcp accept'], 102, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule port port=4444 protocol=bogus accept'], 103, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule port port=4444 protocol=bogus accept'], 103, [ignore], [ignore]) FWD_END_TEST firewalld-1.1.1/src/tests/features/rich_tcp_mss_clamp.at0000644000000000000000000000660314217342322023414 0ustar00rootroot00000000000000dnl ############### dnl ## XML tests ## dnl ############### FWD_START_TEST([tcp-mss-clamp]) AT_KEYWORDS(tcp-mss-clamp) AT_CHECK([mkdir -p ./zones]) AT_DATA([./zones/tcp.xml], [dnl ]) FWD_CHECK([--check-config],0, ignore) AT_DATA([./zones/tcp.xml], [dnl ]) FWD_CHECK([--check-config],0, ignore) AT_DATA([./zones/tcp.xml], [dnl ]) m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [FWD_CHECK([--check-config], 0, ignore, [dnl WARNING: INVALID_RULE: thisdoesnotexist: rule tcp-mss-clamp value="thisdoesnotexist" WARNING: INVALID_RULE: thisdoesnotexist: rule tcp-mss-clamp value="thisdoesnotexist" ])], [FWD_CHECK([--check-config], 0, ignore, ignore) FWD_GREP_LOG([dnl WARNING: INVALID_RULE: thisdoesnotexist: rule tcp-mss-clamp value="thisdoesnotexist" ])]) AT_DATA([./zones/tcp.xml], [dnl ]) FWD_CHECK([--check-config], 0, ignore,ignore) dnl start cli tests (permanent configuration) AT_CHECK(rm ./zones/tcp.xml) FWD_CHECK([--permanent --add-rich-rule='rule tcp-mss-clamp value=thisdoesnotexist'],122,ignore,ignore) FWD_CHECK([--permanent --add-rich-rule='rule tcp-mss-clamp'],0,ignore, ignore) FWD_CHECK([--permanent --remove-rich-rule='rule tcp-mss-clamp'],0,ignore, ignore) FWD_CHECK([--permanent --add-rich-rule='rule tcp-mss-clamp value=0'],122,ignore, ignore) FWD_CHECK([--permanent --add-rich-rule='rule tcp-mss-clamp value=536'],0,ignore, ignore) FWD_CHECK([--permanent --add-rich-rule='rule tcp-mss-clamp value=pmtu'],0,ignore, ignore) dnl start runtime tests for tcp/mss clamp FWD_CHECK([--add-rich-rule='rule tcp-mss-clamp value=0'],122,ignore, ignore) FWD_CHECK([--add-rich-rule='rule tcp-mss-clamp'],0,ignore, ignore) FWD_CHECK([--query-rich-rule='rule tcp-mss-clamp'],0,ignore, ignore) FWD_CHECK([--remove-rich-rule='rule tcp-mss-clamp'],0,ignore, ignore) FWD_CHECK([--add-rich-rule='rule tcp-mss-clamp value=536'],0,ignore, ignore) FWD_CHECK([--add-rich-rule='rule tcp-mss-clamp value=thisdoesnotexist'],122,ignore,ignore) FWD_CHECK([--add-rich-rule='rule tcp-mss-clamp value=pmtu accept'],122,ignore, ignore) FWD_CHECK([--add-rich-rule='rule tcp-mss-clamp value=pmtu'],0,ignore, ignore) NFT_LIST_RULES([inet], [filter_FWD_public_allow], 0, [dnl table inet firewalld { chain filter_FWD_public_allow { tcp flags syn tcp option maxseg size set 536 tcp flags syn tcp option maxseg size set rt mtu } } ]) IPTABLES_LIST_RULES([filter], [FWD_public_allow], 0, [dnl TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS set 536 TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU ]) IP6TABLES_LIST_RULES([filter], [FWD_public_allow], 0, [dnl TCPMSS tcp ::/0 ::/0 tcp flags:0x06/0x02 TCPMSS set 536 TCPMSS tcp ::/0 ::/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU ]) FWD_END_TEST([ignore]) firewalld-1.1.1/src/tests/features/zone.at0000644000000000000000000001370614217342322020540 0ustar00rootroot00000000000000FWD_START_TEST([zone - target]) AT_KEYWORDS(zone) FWD_CHECK([--permanent --new-zone=foobar], 0, [ignore]) FWD_CHECK([--permanent --zone=foobar --set-target=default], 0, [ignore]) FWD_CHECK([--permanent --zone=foobar --set-target=ACCEPT], 0, [ignore]) FWD_CHECK([--permanent --zone=foobar --set-target=DROP], 0, [ignore]) FWD_CHECK([--permanent --zone=foobar --set-target=%%REJECT%%], 0, [ignore]) FWD_CHECK([--permanent --zone=foobar --set-target=CONTINUE], 110, [ignore], [ignore]) FWD_CHECK([--permanent --zone=foobar --set-target=DENY], 110, [ignore], [ignore]) FWD_CHECK([--permanent --zone=foobar --set-target=ACCEPT], 0, [ignore]) FWD_CHECK([--permanent --zone=foobar --add-interface foobar0], 0, [ignore]) FWD_RELOAD NFT_LIST_RULES([inet], [filter_IN_foobar], 0, [dnl table inet firewalld { chain filter_IN_foobar { jump filter_INPUT_POLICIES_pre jump filter_IN_foobar_pre jump filter_IN_foobar_log jump filter_IN_foobar_deny jump filter_IN_foobar_allow jump filter_IN_foobar_post jump filter_INPUT_POLICIES_post accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar], 0, [dnl INPUT_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_log all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_allow all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_post all -- 0.0.0.0/0 0.0.0.0/0 INPUT_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [IN_foobar], 0, [dnl INPUT_POLICIES_pre all ::/0 ::/0 IN_foobar_pre all ::/0 ::/0 IN_foobar_log all ::/0 ::/0 IN_foobar_deny all ::/0 ::/0 IN_foobar_allow all ::/0 ::/0 IN_foobar_post all ::/0 ::/0 INPUT_POLICIES_post all ::/0 ::/0 ACCEPT all ::/0 ::/0 ]) dnl ingress zone with target ACCEPT should still allow the forwarded traffic NFT_LIST_RULES([inet], [filter_FWD_foobar], 0, [dnl table inet firewalld { chain filter_FWD_foobar { jump filter_FORWARD_POLICIES_pre jump filter_FWD_foobar_pre jump filter_FWD_foobar_log jump filter_FWD_foobar_deny jump filter_FWD_foobar_allow jump filter_FWD_foobar_post jump filter_FORWARD_POLICIES_post accept } } ]) IPTABLES_LIST_RULES([filter], [FWD_foobar], 0, [dnl FORWARD_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_pre all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_log all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_deny all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_allow all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_post all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FWD_foobar], 0, [dnl FORWARD_POLICIES_pre all ::/0 ::/0 FWD_foobar_pre all ::/0 ::/0 FWD_foobar_log all ::/0 ::/0 FWD_foobar_deny all ::/0 ::/0 FWD_foobar_allow all ::/0 ::/0 FWD_foobar_post all ::/0 ::/0 FORWARD_POLICIES_post all ::/0 ::/0 ACCEPT all ::/0 ::/0 ]) dnl same thing, but with target == default dnl FWD_CHECK([--permanent --zone=foobar --set-target=default], 0, [ignore]) FWD_RELOAD NFT_LIST_RULES([inet], [filter_IN_foobar], 0, [dnl table inet firewalld { chain filter_IN_foobar { jump filter_INPUT_POLICIES_pre jump filter_IN_foobar_pre jump filter_IN_foobar_log jump filter_IN_foobar_deny jump filter_IN_foobar_allow jump filter_IN_foobar_post jump filter_INPUT_POLICIES_post meta l4proto { icmp, ipv6-icmp } accept reject with icmpx admin-prohibited } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar], 0, [dnl INPUT_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_log all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_allow all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_post all -- 0.0.0.0/0 0.0.0.0/0 INPUT_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable ]) IP6TABLES_LIST_RULES([filter], [IN_foobar], 0, [dnl INPUT_POLICIES_pre all ::/0 ::/0 IN_foobar_pre all ::/0 ::/0 IN_foobar_log all ::/0 ::/0 IN_foobar_deny all ::/0 ::/0 IN_foobar_allow all ::/0 ::/0 IN_foobar_post all ::/0 ::/0 INPUT_POLICIES_post all ::/0 ::/0 ACCEPT icmpv6 ::/0 ::/0 REJECT all ::/0 ::/0 reject-with icmp6-port-unreachable ]) NFT_LIST_RULES([inet], [filter_FWD_foobar], 0, [dnl table inet firewalld { chain filter_FWD_foobar { jump filter_FORWARD_POLICIES_pre jump filter_FWD_foobar_pre jump filter_FWD_foobar_log jump filter_FWD_foobar_deny jump filter_FWD_foobar_allow jump filter_FWD_foobar_post jump filter_FORWARD_POLICIES_post reject with icmpx admin-prohibited } } ]) IPTABLES_LIST_RULES([filter], [FWD_foobar], 0, [dnl FORWARD_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_pre all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_log all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_deny all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_allow all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_post all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable ]) IP6TABLES_LIST_RULES([filter], [FWD_foobar], 0, [dnl FORWARD_POLICIES_pre all ::/0 ::/0 FWD_foobar_pre all ::/0 ::/0 FWD_foobar_log all ::/0 ::/0 FWD_foobar_deny all ::/0 ::/0 FWD_foobar_allow all ::/0 ::/0 FWD_foobar_post all ::/0 ::/0 FORWARD_POLICIES_post all ::/0 ::/0 REJECT all ::/0 ::/0 reject-with icmp6-port-unreachable ]) FWD_END_TEST([ignore]) firewalld-1.1.1/src/tests/features/service_include.at0000644000000000000000000001171214217342322022723 0ustar00rootroot00000000000000FWD_START_TEST([service include]) AT_KEYWORDS(service xml gh273 rhbz1720300) AT_CHECK([mkdir -p ./services]) AT_CHECK([cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE ]) AT_CHECK([cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE ]) FWD_RELOAD FWD_CHECK([-q --zone=drop --add-interface=foobar0]) FWD_CHECK([-q --zone=drop --add-service=my-service-with-include]) FWD_CHECK([--zone=drop --list-services], 0, [dnl my-service-with-include ]) dnl check recursive includes FWD_CHECK([-q --zone=drop --add-service=recursive-service]) FWD_CHECK([-q --zone=drop --remove-service=recursive-service]) NFT_LIST_RULES([inet], [filter_IN_drop_allow], 0, [dnl table inet firewalld { chain filter_IN_drop_allow { ip daddr 239.255.255.250 udp dport 1900 ct state new,untracked accept ip6 daddr ff02::c udp dport 1900 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept tcp dport 12345 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_drop_allow], 0, [dnl ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12345 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_drop_allow], 0, [dnl ACCEPT udp ::/0 ff02::c udp dpt:1900 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:12345 ctstate NEW,UNTRACKED ]) dnl firewall-cmd FWD_CHECK([--permanent --service=my-service-with-include --query-include=recursive-service], 0, [ignore], [ignore]) FWD_CHECK([-q --permanent --service=my-service-with-include --add-include=ssh]) FWD_CHECK([--permanent --service=my-service-with-include --query-include=ssh], 0, [ignore], [ignore]) AT_CHECK([grep '' ./services/my-service-with-include.xml ], 0, [ignore], [ignore]) FWD_CHECK([-q --permanent --service=my-service-with-include --remove-include=ssh]) FWD_CHECK([--permanent --service=my-service-with-include --query-include=ssh], 1, [ignore], [ignore]) AT_CHECK([grep '' ./services/my-service-with-include.xml ], 1, [ignore], [ignore]) FWD_CHECK([--permanent --service=my-service-with-include --get-includes], 0, [dnl mdns recursive-service ssdp ]) FWD_CHECK([--permanent --info-service=my-service-with-include | TRIM_WHITESPACE], 0, [m4_strip([dnl my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: ])]) FWD_CHECK([--info-service=my-service-with-include | TRIM_WHITESPACE], 0, [m4_strip([dnl my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: ])]) dnl firewall-offline-cmd FWD_OFFLINE_CHECK([--service=my-service-with-include --query-include=recursive-service], 0, [ignore], [ignore]) FWD_OFFLINE_CHECK([-q --service=my-service-with-include --add-include=ssh]) FWD_OFFLINE_CHECK([--service=my-service-with-include --query-include=ssh], 0, [ignore], [ignore]) AT_CHECK([grep '' ./services/my-service-with-include.xml ], 0, [ignore], [ignore]) FWD_OFFLINE_CHECK([-q --service=my-service-with-include --remove-include=ssh]) FWD_OFFLINE_CHECK([--service=my-service-with-include --query-include=ssh], 1, [ignore], [ignore]) AT_CHECK([grep '' ./services/my-service-with-include.xml ], 1, [ignore], [ignore]) FWD_OFFLINE_CHECK([--service=my-service-with-include --get-includes], 0, [dnl mdns recursive-service ssdp ]) FWD_OFFLINE_CHECK([--info-service=my-service-with-include | TRIM_WHITESPACE], 0, [m4_strip([dnl my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: ])]) dnl negative test for including service that doesn't exist FWD_CHECK([-q --permanent --zone=drop --add-interface=foobar0]) FWD_CHECK([-q --permanent --zone=drop --add-service=my-service-with-include]) FWD_CHECK([-q --permanent --service=my-service-with-include --add-include=does-not-exist]) FWD_RELOAD(101, [ignore], [ignore], 251) FWD_CHECK([--zone=public --list-services], 0, [dnl dhcpv6-client ssh ]) FWD_CHECK([-q --permanent --service=my-service-with-include --remove-include=does-not-exist]) FWD_RELOAD FWD_END_TEST([-e '/ERROR: INVALID_SERVICE: does-not-exist/d']) firewalld-1.1.1/src/tests/features/features.at0000644000000000000000000000121214217342322021370 0ustar00rootroot00000000000000AT_BANNER([features (FIREWALL_BACKEND)]) m4_include([features/rfc3964_ipv4.at]) m4_include([features/service_include.at]) m4_include([features/helpers_custom.at]) m4_include([features/policy.at]) m4_include([features/services.at]) m4_include([features/ports.at]) m4_include([features/source_ports.at]) m4_include([features/forward_ports.at]) m4_include([features/masquerade.at]) m4_include([features/protocols.at]) m4_include([features/rich_rules.at]) m4_include([features/icmp_blocks.at]) m4_include([features/rich_tcp_mss_clamp.at]) m4_include([features/rich_destination_ipset.at]) m4_include([features/zone.at]) m4_include([features/rpfilter.at]) firewalld-1.1.1/src/tests/features/policy.at0000644000000000000000000025713414217342322021071 0ustar00rootroot00000000000000dnl ############### dnl ## XML tests ## dnl ############### FWD_START_TEST([policy - xml]) AT_KEYWORDS(policy xml) AT_CHECK([mkdir -p ./policies]) dnl something in all elements AT_DATA([./policies/foobar.xml], [dnl foobar foobar policy ]) FWD_CHECK([--check-config], 0, [ignore], [ignore]) FWD_RELOAD FWD_END_TEST dnl ############### dnl ## CLI tests ## dnl ############### FWD_START_TEST([policy - create]) AT_KEYWORDS(policy) dnl create a few policies FWD_CHECK([--permanent --new-policy worldToHost], 0, [ignore]) FWD_CHECK([--permanent --new-policy hostToWorld], 0, [ignore]) FWD_CHECK([--permanent --new-policy zoneToZone], 0, [ignore]) FWD_CHECK([--permanent --get-policies], 0, [dnl allow-host-ipv6 hostToWorld worldToHost zoneToZone ]) FWD_RELOAD FWD_CHECK([--get-policies], 0, [dnl allow-host-ipv6 hostToWorld worldToHost zoneToZone ]) FWD_END_TEST FWD_START_TEST([policy - name]) AT_KEYWORDS(policy) dnl verify name length (18) FWD_CHECK([--permanent --new-policy 123456789012345678], 0, [ignore]) FWD_CHECK([--permanent --new-policy 1234567890123456789], 116, [ignore], [ignore]) dnl verify zone and policy can't have the same name. FWD_CHECK([--permanent --new-policy public], 26, [ignore], [ignore]) FWD_CHECK([--permanent --new-zone allow-host-ipv6], 26, [ignore], [ignore]) FWD_END_TEST([-e '/ERROR: INVALID_NAME:/d' -e '/ERROR: NAME_CONFLICT:/d']) FWD_START_TEST([policy - list]) AT_KEYWORDS(policy) FWD_CHECK([--info-policy allow-host-ipv6 | TRIM_WHITESPACE], 0, [m4_strip([dnl allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv6" icmp-type name="neighbour-advertisement" accept rule family="ipv6" icmp-type name="neighbour-solicitation" accept rule family="ipv6" icmp-type name="router-advertisement" accept rule family="ipv6" icmp-type name="redirect" accept ])]) FWD_CHECK([--permanent --info-policy allow-host-ipv6 | TRIM_WHITESPACE], 0, [m4_strip([dnl allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv6" icmp-type name="neighbour-advertisement" accept rule family="ipv6" icmp-type name="neighbour-solicitation" accept rule family="ipv6" icmp-type name="router-advertisement" accept rule family="ipv6" icmp-type name="redirect" accept ])]) FWD_CHECK([--list-all-policies | TRIM_WHITESPACE], 0, [m4_strip([dnl allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv6" icmp-type name="neighbour-advertisement" accept rule family="ipv6" icmp-type name="neighbour-solicitation" accept rule family="ipv6" icmp-type name="router-advertisement" accept rule family="ipv6" icmp-type name="redirect" accept ])]) FWD_CHECK([--permanent --list-all-policies | TRIM_WHITESPACE], 0, [m4_strip([dnl allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv6" icmp-type name="neighbour-advertisement" accept rule family="ipv6" icmp-type name="neighbour-solicitation" accept rule family="ipv6" icmp-type name="router-advertisement" accept rule family="ipv6" icmp-type name="redirect" accept ])]) FWD_CHECK([--policy allow-host-ipv6 --list-all | TRIM_WHITESPACE], 0, [m4_strip([dnl allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv6" icmp-type name="neighbour-advertisement" accept rule family="ipv6" icmp-type name="neighbour-solicitation" accept rule family="ipv6" icmp-type name="router-advertisement" accept rule family="ipv6" icmp-type name="redirect" accept ])]) FWD_CHECK([--permanent --policy allow-host-ipv6 --list-all | TRIM_WHITESPACE], 0, [m4_strip([dnl allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv6" icmp-type name="neighbour-advertisement" accept rule family="ipv6" icmp-type name="neighbour-solicitation" accept rule family="ipv6" icmp-type name="router-advertisement" accept rule family="ipv6" icmp-type name="redirect" accept ])]) FWD_END_TEST FWD_START_TEST([policy - options]) AT_KEYWORDS(policy) dnl verify --zone and --policy can't be used at the same time FWD_CHECK([--policy allow-host-ipv6 --zone public], 2, [ignore], [ignore]) FWD_CHECK([--permanent --policy allow-host-ipv6 --zone public], 2, [ignore], [ignore]) dnl verify --policy can't be used with {add,delete,list,query}-interface FWD_CHECK([--policy allow-host-ipv6 --add-interface foobar0], 2, [ignore], [ignore]) FWD_CHECK([--permanent --policy allow-host-ipv6 --add-interface foobar0], 2, [ignore], [ignore]) FWD_CHECK([--policy allow-host-ipv6 --remove-interface foobar0], 2, [ignore], [ignore]) FWD_CHECK([--permanent --policy allow-host-ipv6 --remove-interface foobar0], 2, [ignore], [ignore]) FWD_CHECK([--policy allow-host-ipv6 --query-interface foobar0], 2, [ignore], [ignore]) FWD_CHECK([--permanent --policy allow-host-ipv6 --query-interface foobar0], 2, [ignore], [ignore]) FWD_CHECK([--policy allow-host-ipv6 --list-interfaces], 2, [ignore], [ignore]) FWD_CHECK([--permanent --policy allow-host-ipv6 --list-interfaces], 2, [ignore], [ignore]) dnl verify --policy can't be used with {add,delete,list,query}-source FWD_CHECK([--policy allow-host-ipv6 --add-source 10.10.10.0/24], 2, [ignore], [ignore]) FWD_CHECK([--permanent --policy allow-host-ipv6 --add-source 10.10.10.0/24], 2, [ignore], [ignore]) FWD_CHECK([--policy allow-host-ipv6 --remove-source 10.10.10.0/24], 2, [ignore], [ignore]) FWD_CHECK([--permanent --policy allow-host-ipv6 --remove-source 10.10.10.0/24], 2, [ignore], [ignore]) FWD_CHECK([--policy allow-host-ipv6 --query-source 10.10.10.0/24], 2, [ignore], [ignore]) FWD_CHECK([--permanent --policy allow-host-ipv6 --query-source 10.10.10.0/24], 2, [ignore], [ignore]) FWD_CHECK([--policy allow-host-ipv6 --list-sources], 2, [ignore], [ignore]) FWD_CHECK([--permanent --policy allow-host-ipv6 --list-sources], 2, [ignore], [ignore]) dnl verify --policy can't be used with {add,delete,query}-forward FWD_CHECK([--policy allow-host-ipv6 --add-forward], 2, [ignore], [ignore]) FWD_CHECK([--permanent --policy allow-host-ipv6 --add-forward], 2, [ignore], [ignore]) FWD_CHECK([--policy allow-host-ipv6 --remove-forward], 2, [ignore], [ignore]) FWD_CHECK([--permanent --policy allow-host-ipv6 --remove-forward], 2, [ignore], [ignore]) FWD_CHECK([--policy allow-host-ipv6 --query-forward], 2, [ignore], [ignore]) FWD_CHECK([--permanent --policy allow-host-ipv6 --query-forward], 2, [ignore], [ignore]) dnl verify policy only options require --policy FWD_CHECK([--add-egress-zone public], 2, [ignore], [ignore]) FWD_CHECK([--remove-egress-zone public], 2, [ignore], [ignore]) FWD_CHECK([--query-egress-zone public], 2, [ignore], [ignore]) FWD_CHECK([--list-egress-zones], 2, [ignore], [ignore]) FWD_CHECK([--permanent --add-egress-zone public], 2, [ignore], [ignore]) FWD_CHECK([--permanent --remove-egress-zone public], 2, [ignore], [ignore]) FWD_CHECK([--permanent --query-egress-zone public], 2, [ignore], [ignore]) FWD_CHECK([--permanent --list-egress-zones], 2, [ignore], [ignore]) FWD_CHECK([--add-ingress-zone public], 2, [ignore], [ignore]) FWD_CHECK([--remove-ingress-zone public], 2, [ignore], [ignore]) FWD_CHECK([--query-ingress-zone public], 2, [ignore], [ignore]) FWD_CHECK([--list-ingress-zones], 2, [ignore], [ignore]) FWD_CHECK([--permanent --add-ingress-zone public], 2, [ignore], [ignore]) FWD_CHECK([--permanent --remove-ingress-zone public], 2, [ignore], [ignore]) FWD_CHECK([--permanent --query-ingress-zone public], 2, [ignore], [ignore]) FWD_CHECK([--permanent --list-ingress-zones], 2, [ignore], [ignore]) FWD_CHECK([--get-priority], 2, [ignore], [ignore]) FWD_CHECK([--set-priority 5], 2, [ignore], [ignore]) FWD_CHECK([--permanent --get-priority], 2, [ignore], [ignore]) FWD_CHECK([--permanent --set-priority 5], 2, [ignore], [ignore]) FWD_END_TEST FWD_START_TEST([policy - priority]) AT_KEYWORDS(policy) dnl priority < 0 goes into _pre (before zones) FWD_CHECK([--permanent --new-policy worldToHost], 0, [ignore]) FWD_CHECK([--permanent --policy worldToHost --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy worldToHost --add-egress-zone HOST], 0, [ignore]) FWD_CHECK([--permanent --policy worldToHost --set-priority -1], 0, [ignore]) FWD_CHECK([--permanent --policy worldToHost --get-priority], 0, [dnl -1 ]) FWD_RELOAD NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 jump filter_IN_policy_worldToHost } } ]) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_post], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_post { } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 IN_worldToHost all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_post], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 IN_worldToHost all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_post], 0, [dnl ]) dnl priority > 0 goes into _post (after zones) FWD_CHECK([--permanent --policy worldToHost --set-priority 1], 0, [ignore]) FWD_RELOAD NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } ]) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_post], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_post { jump filter_IN_policy_worldToHost } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_post], 0, [dnl IN_worldToHost all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_post], 0, [dnl IN_worldToHost all ::/0 ::/0 ]) dnl verify sorting by priority FWD_CHECK([--permanent --new-policy first], 0, [ignore]) FWD_CHECK([--permanent --policy first --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy first --add-egress-zone HOST], 0, [ignore]) FWD_CHECK([--permanent --new-policy second], 0, [ignore]) FWD_CHECK([--permanent --policy second --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy second --add-egress-zone HOST], 0, [ignore]) FWD_CHECK([--permanent --new-policy third], 0, [ignore]) FWD_CHECK([--permanent --policy third --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy third --add-egress-zone HOST], 0, [ignore]) FWD_CHECK([--permanent --new-policy fourth], 0, [ignore]) FWD_CHECK([--permanent --policy fourth --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy fourth --add-egress-zone HOST], 0, [ignore]) FWD_CHECK([--permanent --new-policy fifth], 0, [ignore]) FWD_CHECK([--permanent --policy fifth --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy fifth --add-egress-zone HOST], 0, [ignore]) dnl FWD_CHECK([--permanent --policy fourth --set-priority -100], 0, [ignore]) FWD_CHECK([--permanent --policy second --set-priority -5000], 0, [ignore]) FWD_CHECK([--permanent --policy first --set-priority -10000], 0, [ignore]) FWD_CHECK([--permanent --policy third --set-priority -1000], 0, [ignore]) FWD_CHECK([--permanent --policy fifth --set-priority -10], 0, [ignore]) FWD_RELOAD NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 jump filter_IN_policy_first jump filter_IN_policy_second jump filter_IN_policy_third jump filter_IN_policy_fourth jump filter_IN_policy_fifth } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 IN_first all -- 0.0.0.0/0 0.0.0.0/0 IN_second all -- 0.0.0.0/0 0.0.0.0/0 IN_third all -- 0.0.0.0/0 0.0.0.0/0 IN_fourth all -- 0.0.0.0/0 0.0.0.0/0 IN_fifth all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 IN_first all ::/0 ::/0 IN_second all ::/0 ::/0 IN_third all ::/0 ::/0 IN_fourth all ::/0 ::/0 IN_fifth all ::/0 ::/0 ]) dnl verify priority bounds FWD_CHECK([--permanent --policy worldToHost --set-priority 0], 139, [ignore], [ignore]) dnl reserved for zones FWD_CHECK([--permanent --policy worldToHost --set-priority -32769], 139, [ignore], [ignore]) FWD_CHECK([--permanent --policy worldToHost --set-priority -32768], 0, [ignore]) FWD_CHECK([--permanent --policy worldToHost --set-priority 32768], 139, [ignore], [ignore]) FWD_CHECK([--permanent --policy worldToHost --set-priority 32767], 0, [ignore]) FWD_END_TEST([-e '/ERROR: INVALID_PRIORITY/d']) FWD_START_TEST([policy - zones]) AT_KEYWORDS(policy) FWD_CHECK([--permanent --zone=public --add-interface=foobar0], 0, [ignore]) FWD_CHECK([--permanent --zone=internal --add-interface=foobar1], 0, [ignore]) FWD_CHECK([--permanent --new-policy=foobar], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --set-priority -1], 0, [ignore]) FWD_RELOAD dnl only one of HOST/ANY/zones allowed in ingress FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="HOST"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-ingress-zone="HOST"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="ANY"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="public"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-ingress-zone="HOST"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="HOST"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="public"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="public"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-ingress-zone="public"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="ANY"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="HOST"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --query-ingress-zone="ANY"], 1, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --query-ingress-zone="HOST"], 1, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-ingress-zone="public"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="HOST"], 0, [ignore]) FWD_CHECK([ --policy=foobar --query-ingress-zone="HOST"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="ANY"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="public"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --remove-ingress-zone="HOST"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([ --policy=foobar --query-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="HOST"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="public"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --remove-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="public"], 0, [ignore]) FWD_CHECK([ --policy=foobar --query-ingress-zone="public"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([ --policy=foobar --query-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="ANY"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="HOST"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --query-ingress-zone="ANY"], 1, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --query-ingress-zone="HOST"], 1, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --remove-ingress-zone="public"], 0, [ignore]) FWD_CHECK([ --policy=foobar --remove-ingress-zone="internal"], 0, [ignore]) dnl only one of HOST/ANY/zones allowed in egress FWD_CHECK([--permanent --policy=foobar --add-egress-zone="HOST"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="ANY"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="public"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone="HOST"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="ANY"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="HOST"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="public"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone="ANY"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="public"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="internal"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="ANY"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="HOST"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone="public"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone="internal"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="HOST"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="ANY"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="public"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --remove-egress-zone="HOST"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="ANY"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="HOST"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="public"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --remove-egress-zone="ANY"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="public"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="internal"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="ANY"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="HOST"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --remove-egress-zone="public"], 0, [ignore]) FWD_CHECK([ --policy=foobar --remove-egress-zone="internal"], 0, [ignore]) dnl verify ANY to ANY is possible FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="ANY"], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --query-egress-zone="ANY"], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --query-egress-zone="ANY"], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-ingress-zone="ANY"], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone="ANY"], 0, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="ANY"], 0, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --query-egress-zone="ANY"], 0, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --query-egress-zone="ANY"], 0, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --remove-ingress-zone="ANY"], 0, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --remove-egress-zone="ANY"], 0, [ignore], [ignore]) dnl zone's are allowed in both ingress and egress FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="public"], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="public"], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --query-egress-zone="public"], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --query-egress-zone="public"], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-ingress-zone="public"], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone="public"], 0, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="public"], 0, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="public"], 0, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --query-egress-zone="public"], 0, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --query-egress-zone="public"], 0, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --remove-ingress-zone="public"], 0, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --remove-egress-zone="public"], 0, [ignore], [ignore]) dnl negative test HOST to HOST not possible FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="HOST"], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="HOST"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-ingress-zone="HOST"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="HOST"], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="HOST"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --remove-ingress-zone="HOST"], 0, [ignore]) dnl negative test non existent zones FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="does_not_exist"], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="does_not_exist"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-ingress-zone="does_not_exist"], 112, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone="does_not_exist"], 112, [ignore], [ignore]) dnl verify we allow policies with missing ingress and/or egress zones. This dnl allows them to exist, but be un-applied. Useful for shipping "stock" dnl policies. FWD_CHECK([--permanent --policy=foobar --add-ingress-zone="public"], 0, [ignore]) FWD_RELOAD FWD_CHECK([--get-active-policies], 0, [dnl allow-host-ipv6 ingress-zones: ANY egress-zones: HOST ]) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone="internal"], 0, [ignore]) FWD_RELOAD FWD_CHECK([--get-active-policies], 0, [dnl allow-host-ipv6 ingress-zones: ANY egress-zones: HOST foobar ingress-zones: public egress-zones: internal ]) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname "foobar0" oifname "foobar1" jump filter_FWD_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all ::/0 ::/0 ]) FWD_CHECK([--permanent --policy=foobar --remove-ingress-zone="public"], 0, [ignore]) FWD_RELOAD FWD_CHECK([--get-active-policies], 0, [dnl allow-host-ipv6 ingress-zones: ANY egress-zones: HOST ]) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) FWD_END_TEST([-e '/ERROR: INVALID_ZONE:/d']) FWD_START_TEST([policy - dispatch]) AT_KEYWORDS(policy) FWD_CHECK([--permanent --zone=public --add-interface=foobar0], 0, [ignore]) FWD_CHECK([--permanent --zone=internal --add-interface=foobar1], 0, [ignore]) FWD_CHECK([--permanent --new-policy=foobar], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --set-priority -1], 0, [ignore]) FWD_RELOAD FWD_CHECK([--get-active-policies], 0, [dnl allow-host-ipv6 ingress-zones: ANY egress-zones: HOST ]) dnl Verify basic layout for dispatch. These are common amongst all policy types dnl and exist even if zero policies are active. dnl dnl (raw, output): only iptables uses raw for conntrack helpers IPTABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING], 0, [dnl table inet firewalld { chain nat_PREROUTING { jump nat_PREROUTING_ZONES } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 ]) dnl (nat, output) dnl No zones dispatch, so directly dispatch policies NFT_LIST_RULES([inet], [nat_OUTPUT], 0, [dnl table inet firewalld { chain nat_OUTPUT { jump nat_OUTPUT_POLICIES_pre jump nat_OUTPUT_POLICIES_post } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT], 0, [dnl OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 OUTPUT_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 OUTPUT_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [OUTPUT], 0, [dnl OUTPUT_direct all ::/0 ::/0 OUTPUT_POLICIES_pre all ::/0 ::/0 OUTPUT_POLICIES_post all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING], 0, [dnl table inet firewalld { chain nat_POSTROUTING { jump nat_POSTROUTING_ZONES } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl POSTROUTING_direct all ::/0 ::/0 POSTROUTING_ZONES all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING], 0, [dnl table inet firewalld { chain mangle_PREROUTING { jump mangle_PREROUTING_ZONES } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) dnl IPv6_rpfilter is in mangle for iptables, nftables is in (filter, dnl prerouting) IP6TABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 DROP all ::/0 ::/0 rpfilter validmark invert PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 ]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT], 0, [dnl table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname "lo" accept jump filter_INPUT_ZONES ct state invalid drop reject with icmpx admin-prohibited } } ]) IPTABLES_LIST_RULES([filter], [INPUT], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ]) IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 INPUT_direct all ::/0 ::/0 INPUT_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable jump filter_FORWARD_ZONES ct state invalid drop reject with icmpx admin-prohibited } } ]) IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ]) IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT], 0, [dnl table inet firewalld { chain filter_OUTPUT { ct state established,related accept oifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable jump filter_OUTPUT_POLICIES_pre jump filter_OUTPUT_POLICIES_post } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 OUTPUT_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 OUTPUT_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [OUTPUT], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED ACCEPT all ::/0 ::/0 OUTPUT_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 OUTPUT_POLICIES_pre all ::/0 ::/0 OUTPUT_POLICIES_post all ::/0 ::/0 ]) dnl Verify zone --> HOST is dispatched correctly (INPUT). dnl FWD_CHECK([--policy=foobar --add-ingress-zone="public"], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone="HOST"], 0, [ignore]) FWD_CHECK([--get-active-policies], 0, [dnl allow-host-ipv6 ingress-zones: ANY egress-zones: HOST foobar ingress-zones: public egress-zones: HOST ]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 iifname "foobar0" jump filter_IN_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 IN_foobar all ::/0 ::/0 ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) dnl (raw, prerouting) (helpers, iptables only) IPTABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) dnl (nat, output) NFT_LIST_RULES([inet], [nat_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) FWD_CHECK([--policy=foobar --remove-ingress-zone="public"], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone="HOST"], 0, [ignore]) dnl Verify ANY --> HOST is dispatched correctly (INPUT). dnl FWD_CHECK([--policy=foobar --add-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone="HOST"], 0, [ignore]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 jump filter_IN_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 IN_foobar all ::/0 ::/0 ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) dnl (raw, prerouting) (helpers, iptables only) IPTABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 jump mangle_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 jump nat_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) dnl (nat, output) NFT_LIST_RULES([inet], [nat_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) FWD_CHECK([--policy=foobar --remove-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone="HOST"], 0, [ignore]) dnl Verify HOST --> zone is dispatched correctly (OUTPUT). dnl FWD_CHECK([--policy=foobar --add-ingress-zone="HOST"], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone="public"], 0, [ignore]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_OUTPUT_POLICIES_pre { oifname "foobar0" jump filter_OUT_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl OUT_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl OUT_foobar all ::/0 ::/0 ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) dnl (raw, prerouting) (helpers, iptables only) IPTABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) dnl (nat, output) NFT_LIST_RULES([inet], [nat_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_OUTPUT_POLICIES_pre { oifname "foobar0" jump nat_OUT_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl OUT_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl OUT_foobar all ::/0 ::/0 ]) FWD_CHECK([--policy=foobar --remove-ingress-zone="HOST"], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone="public"], 0, [ignore]) dnl Verify HOST --> ANY is dispatched correctly (OUTPUT). dnl FWD_CHECK([--policy=foobar --add-ingress-zone="HOST"], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone="ANY"], 0, [ignore]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_OUTPUT_POLICIES_pre { jump filter_OUT_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl OUT_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl OUT_foobar all ::/0 ::/0 ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) dnl (raw, prerouting) (helpers, iptables only) IPTABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) dnl (nat, output) NFT_LIST_RULES([inet], [nat_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_OUTPUT_POLICIES_pre { jump nat_OUT_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl OUT_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl OUT_foobar all ::/0 ::/0 ]) FWD_CHECK([--policy=foobar --remove-ingress-zone="HOST"], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone="ANY"], 0, [ignore]) dnl Verify ANY --> ANY is dispatched correctly (FORWARD). dnl FWD_CHECK([--policy=foobar --add-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone="ANY"], 0, [ignore]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { jump filter_FWD_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all ::/0 ::/0 ]) dnl (raw, prerouting) (helpers, iptables only) IPTABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 jump mangle_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 jump nat_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { jump nat_POST_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl POST_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl POST_foobar all ::/0 ::/0 ]) dnl (nat, output) NFT_LIST_RULES([inet], [nat_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) FWD_CHECK([--policy=foobar --remove-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone="ANY"], 0, [ignore]) dnl Verify ANY --> zone is dispatched correctly (FORWARD). dnl egress-zone (public) has interfaces. FWD_CHECK([--policy=foobar --add-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone="public"], 0, [ignore]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { oifname "foobar0" jump filter_FWD_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all ::/0 ::/0 ]) dnl (raw, prerouting) (helpers, iptables only) IPTABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { oifname "foobar0" jump nat_POST_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl POST_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl POST_foobar all ::/0 ::/0 ]) dnl (nat, output) NFT_LIST_RULES([inet], [nat_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) FWD_CHECK([--policy=foobar --remove-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone="public"], 0, [ignore]) FWD_CHECK([--zone=internal --remove-interface=foobar1], 0, [ignore]) FWD_CHECK([--zone=public --remove-interface=foobar0], 0, [ignore]) dnl Verify ANY --> zone is dispatched correctly (FORWARD). dnl egress-zone (internal) has only sources. FWD_CHECK([--zone=internal --add-source=10.10.10.0/24], 0, [ignore]) FWD_CHECK([--policy=foobar --add-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone="internal"], 0, [ignore]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { ip daddr 10.10.10.0/24 jump filter_FWD_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) dnl (raw, prerouting) (helpers, iptables only) IPTABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 ip daddr 10.10.10.0/24 jump mangle_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 ip daddr 10.10.10.0/24 jump nat_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { ip daddr 10.10.10.0/24 jump nat_POST_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl POST_foobar all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) dnl (nat, output) NFT_LIST_RULES([inet], [nat_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) FWD_CHECK([--policy=foobar --remove-ingress-zone="ANY"], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone="internal"], 0, [ignore]) FWD_CHECK([--zone=internal --remove-source=10.10.10.0/24], 0, [ignore]) dnl Verify zone --> ANY is dispatched correctly (FORWARD). dnl ingress-zone (internal) has interfaces. FWD_CHECK([--zone=internal --add-interface=foobar1], 0, [ignore]) FWD_CHECK([--policy=foobar --add-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone="ANY"], 0, [ignore]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname "foobar1" jump filter_FWD_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all ::/0 ::/0 ]) dnl (raw, prerouting) (helpers, iptables only) IPTABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 iifname "foobar1" jump mangle_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 iifname "foobar1" jump nat_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) dnl (nat, output) NFT_LIST_RULES([inet], [nat_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) FWD_CHECK([--policy=foobar --remove-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone="ANY"], 0, [ignore]) FWD_CHECK([--zone=internal --remove-interface=foobar1], 0, [ignore]) dnl Verify zone --> ANY is dispatched correctly (FORWARD). dnl ingress-zone (internal) has only sources. FWD_CHECK([--zone=internal --add-source=10.10.10.0/24], 0, [ignore]) FWD_CHECK([--policy=foobar --add-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone="ANY"], 0, [ignore]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { ip saddr 10.10.10.0/24 jump filter_FWD_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all -- 10.10.10.0/24 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) dnl (raw, prerouting) (helpers, iptables only) IPTABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 ip saddr 10.10.10.0/24 jump mangle_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 ip saddr 10.10.10.0/24 jump nat_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { ip saddr 10.10.10.0/24 jump nat_POST_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl POST_foobar all -- 10.10.10.0/24 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) dnl (nat, output) NFT_LIST_RULES([inet], [nat_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) FWD_CHECK([--policy=foobar --remove-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone="ANY"], 0, [ignore]) FWD_CHECK([--zone=internal --remove-source=10.10.10.0/24], 0, [ignore]) dnl Verify zone --> zone is dispatched correctly (FORWARD). dnl ingress-zone (internal) has interfaces. dnl egress-zone (public) has interfaces. FWD_CHECK([--zone=public --add-interface=foobar0], 0, [ignore]) FWD_CHECK([--zone=internal --add-interface=foobar1], 0, [ignore]) FWD_CHECK([--policy=foobar --add-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone="public"], 0, [ignore]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname "foobar1" oifname "foobar0" jump filter_FWD_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all ::/0 ::/0 ]) dnl (raw, prerouting) (helpers, iptables only) IPTABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) dnl (nat, output) NFT_LIST_RULES([inet], [nat_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) FWD_CHECK([--policy=foobar --remove-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone="public"], 0, [ignore]) FWD_CHECK([--zone=public --remove-interface=foobar0], 0, [ignore]) FWD_CHECK([--zone=internal --remove-interface=foobar1], 0, [ignore]) dnl Verify zone --> zone is dispatched correctly (FORWARD). dnl ingress-zone (internal) has interfaces. dnl egress-zone (public) has only sources. FWD_CHECK([--zone=internal --add-interface=foobar1], 0, [ignore]) FWD_CHECK([--zone=public --add-source=10.10.10.0/24], 0, [ignore]) FWD_CHECK([--policy=foobar --add-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone="public"], 0, [ignore]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname "foobar1" ip daddr 10.10.10.0/24 jump filter_FWD_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) dnl (raw, prerouting) (helpers, iptables only) IPTABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 iifname "foobar1" ip daddr 10.10.10.0/24 jump mangle_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 iifname "foobar1" ip daddr 10.10.10.0/24 jump nat_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) dnl (nat, output) NFT_LIST_RULES([inet], [nat_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) FWD_CHECK([--policy=foobar --remove-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone="public"], 0, [ignore]) FWD_CHECK([--zone=internal --remove-interface=foobar1], 0, [ignore]) FWD_CHECK([--zone=public --remove-source=10.10.10.0/24], 0, [ignore]) dnl Verify zone --> zone is dispatched correctly (FORWARD). dnl ingress-zone (internal) has only sources. dnl egress-zone (public) has interfaces. FWD_CHECK([--zone=internal --add-source=10.10.10.0/24], 0, [ignore]) FWD_CHECK([--zone=public --add-interface=foobar0], 0, [ignore]) FWD_CHECK([--policy=foobar --add-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone="public"], 0, [ignore]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { ip saddr 10.10.10.0/24 oifname "foobar0" jump filter_FWD_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all -- 10.10.10.0/24 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) dnl (raw, prerouting) (helpers, iptables only) IPTABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { ip saddr 10.10.10.0/24 oifname "foobar0" jump nat_POST_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl POST_foobar all -- 10.10.10.0/24 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) dnl (nat, output) NFT_LIST_RULES([inet], [nat_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) FWD_CHECK([--policy=foobar --remove-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone="public"], 0, [ignore]) FWD_CHECK([--zone=internal --remove-source=10.10.10.0/24], 0, [ignore]) FWD_CHECK([--zone=public --remove-interface=foobar0], 0, [ignore]) dnl Verify zone --> zone is dispatched correctly (FORWARD). dnl ingress-zone (internal) has only sources. dnl egress-zone (public) has only sources. FWD_CHECK([--zone=internal --add-source=10.10.10.0/24], 0, [ignore]) FWD_CHECK([--zone=public --add-source=10.20.20.0/24], 0, [ignore]) FWD_CHECK([--policy=foobar --add-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone="public"], 0, [ignore]) dnl (filter, input) NFT_LIST_RULES([inet], [filter_INPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } ]) IPTABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [INPUT_POLICIES_pre], 0, [dnl IN_allow-host-ipv6 all ::/0 ::/0 ]) dnl (filter, output) NFT_LIST_RULES([inet], [filter_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [OUTPUT_POLICIES_pre], 0, [dnl ]) dnl (filter, forward) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { ip saddr 10.10.10.0/24 ip daddr 10.20.20.0/24 jump filter_FWD_policy_foobar } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all -- 10.10.10.0/24 10.20.20.0/24 ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) dnl (raw, prerouting) (helpers, iptables only) IPTABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 10.20.20.0/24 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (mangle, prerouting) NFT_LIST_RULES([inet], [mangle_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 ip saddr 10.10.10.0/24 ip daddr 10.20.20.0/24 jump mangle_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 10.20.20.0/24 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, prerouting) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 ip saddr 10.10.10.0/24 ip daddr 10.20.20.0/24 jump nat_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 10.20.20.0/24 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl (nat, postrouting) NFT_LIST_RULES([inet], [nat_POSTROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { ip saddr 10.10.10.0/24 ip daddr 10.20.20.0/24 jump nat_POST_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl POST_foobar all -- 10.10.10.0/24 10.20.20.0/24 ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_POLICIES_pre], 0, [dnl ]) dnl (nat, output) NFT_LIST_RULES([inet], [nat_OUTPUT_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([nat], [OUTPUT_POLICIES_pre], 0, [dnl ]) FWD_CHECK([--policy=foobar --remove-ingress-zone="internal"], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone="public"], 0, [ignore]) FWD_CHECK([--zone=internal --remove-source=10.10.10.0/24], 0, [ignore]) FWD_CHECK([--zone=public --remove-source=10.20.20.0/24], 0, [ignore]) FWD_END_TEST FWD_START_TEST([policy - interfaces/sources]) AT_KEYWORDS(policy) FWD_CHECK([--permanent --new-policy=foobar], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --add-ingress-zone internal], 0, [ignore]) FWD_CHECK([--permanent --zone internal --add-interface foobar0], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --add-egress-zone public], 0, [ignore]) FWD_RELOAD NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) dnl verify adding new interfaces updates the dispatch dnl catch edge cases (i.e. first interface) dnl FWD_CHECK([--zone public --add-interface foobar1], 0, [ignore]) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname "foobar0" oifname "foobar1" jump filter_FWD_policy_foobar } } ]) dnl Note: iptables has an extra rule because it can't use anonymous sets of interfaces like nftables. IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all ::/0 ::/0 ]) dnl verify adding new interfaces updates the dispatch dnl FWD_CHECK([--zone public --add-interface foobar2], 0, [ignore]) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname "foobar0" oifname { "foobar1", "foobar2" } jump filter_FWD_policy_foobar } } ]) dnl Note: iptables has an extra rule because it can't use anonymous sets of interfaces like nftables. IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all ::/0 ::/0 FWD_foobar all ::/0 ::/0 ]) dnl verify adding removing interfaces updates the dispatch dnl FWD_CHECK([--zone public --remove-interface foobar2], 0, [ignore]) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname "foobar0" oifname "foobar1" jump filter_FWD_policy_foobar } } ]) dnl Note: iptables has an extra rule because it can't use anonymous sets of interfaces like nftables. IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl FWD_foobar all ::/0 ::/0 ]) dnl verify adding removing interfaces updates the dispatch dnl catch edge cases (i.e. removed last) dnl FWD_CHECK([--zone public --remove-interface foobar1], 0, [ignore]) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) dnl verify adding new sources updates the dispatch dnl catch edge cases (i.e. first interface) dnl FWD_CHECK([--zone public --add-source 10.10.10.0/24], 0, [ignore]) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 iifname "foobar0" ip daddr 10.10.10.0/24 jump nat_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl verify adding new sources updates the dispatch dnl IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--zone public --add-source 1234::/64], 0, [ignore]) ]) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [stdout]) m4_if(nftables, FIREWALL_BACKEND, [ AT_CHECK([grep 'iifname "foobar0" ip6 daddr 1234::/64 jump nat_PRE_policy_foobar' ./stdout], 0, [ignore]) ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 1234::/64 ]) dnl verify adding removing sources updates the dispatch dnl IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--zone public --remove-source 1234::/64], 0, [ignore]) ]) NFT_LIST_RULES([inet], [nat_PREROUTING_POLICIES_pre], 0, [dnl table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 iifname "foobar0" ip daddr 10.10.10.0/24 jump nat_PRE_policy_foobar } } ]) IPTABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_POLICIES_pre], 0, [dnl PRE_allow-host-ipv6 all ::/0 ::/0 ]) dnl verify adding removing sources updates the dispatch dnl catch edge cases (i.e. removed last) dnl FWD_CHECK([--zone public --remove-source 10.10.10.0/24], 0, [ignore]) NFT_LIST_RULES([inet], [filter_FORWARD_POLICIES_pre], 0, [dnl table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } ]) IPTABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) IP6TABLES_LIST_RULES([filter], [FORWARD_POLICIES_pre], 0, [dnl ]) FWD_END_TEST FWD_START_TEST([policy - target]) AT_KEYWORDS(policy) FWD_CHECK([--permanent --new-policy=foobar], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --set-target=CONTINUE], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --set-target=ACCEPT], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --set-target=DROP], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --set-target=REJECT], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --set-target=DENY], 110, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --set-target=default], 110, [ignore], [ignore]) dnl verify rule generation for target. FWD_CHECK([--permanent --policy=foobar --set-target=ACCEPT], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --add-ingress-zone internal], 0, [ignore]) FWD_CHECK([--permanent --zone internal --add-interface foobar0 ], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --add-egress-zone HOST], 0, [ignore]) FWD_RELOAD NFT_LIST_RULES([inet], [filter_IN_policy_foobar], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar { jump filter_IN_policy_foobar_pre jump filter_IN_policy_foobar_log jump filter_IN_policy_foobar_deny jump filter_IN_policy_foobar_allow jump filter_IN_policy_foobar_post accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar], 0, [dnl IN_foobar_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_log all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_allow all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [IN_foobar], 0, [dnl IN_foobar_pre all ::/0 ::/0 IN_foobar_log all ::/0 ::/0 IN_foobar_deny all ::/0 ::/0 IN_foobar_allow all ::/0 ::/0 IN_foobar_post all ::/0 ::/0 ACCEPT all ::/0 ::/0 ]) FWD_END_TEST([ignore]) FWD_START_TEST([policy - from file]) AT_KEYWORDS(policy) FWD_CHECK([--permanent --policy allow-host-ipv6 --add-protocol ipv6-icmp], 0, [ignore]) AT_CHECK([ls "./policies/allow-host-ipv6.xml"], 0, [ignore]) FWD_CHECK([--permanent --new-policy-from-file "./policies/allow-host-ipv6.xml" --name my-allow-host-ipv6], 0, [ignore]) AT_CHECK([ls "./policies/my-allow-host-ipv6.xml"], 0, [ignore]) FWD_CHECK([--permanent --get-policies], 0, [dnl allow-host-ipv6 my-allow-host-ipv6 ]) FWD_RELOAD FWD_CHECK([--get-policies], 0, [dnl allow-host-ipv6 my-allow-host-ipv6 ]) FWD_END_TEST firewalld-1.1.1/src/tests/features/rpfilter.at0000644000000000000000000000147714217342322021416 0ustar00rootroot00000000000000FWD_START_TEST([rpfilter]) AT_KEYWORDS(rpfilter) IF_HOST_SUPPORTS_NFT_FIB([ NFT_LIST_RULES([inet], [filter_PREROUTING], 0, [dnl table inet firewalld { chain filter_PREROUTING { icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept meta nfproto ipv6 fib saddr . mark . iif oif missing drop } } ]) ], [ NFT_LIST_RULES([inet], [filter_PREROUTING], 0, [dnl table inet firewalld { chain filter_PREROUTING { } } ]) ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 DROP all ::/0 ::/0 rpfilter validmark invert PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 ]) FWD_END_TEST firewalld-1.1.1/src/tests/features/services.at0000644000000000000000000001274514217342322021412 0ustar00rootroot00000000000000FWD_START_TEST([services]) AT_KEYWORDS(policy service) FWD_CHECK([--permanent --new-policy=foobar], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone HOST], 0, [ignore]) dnl simple service dnl permanent --> runtime FWD_CHECK([--permanent --policy=foobar --add-service ssh], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-service ssh], 0, ignore) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept'], 0, [ignore]) FWD_RELOAD FWD_CHECK([--policy foobar --query-service ssh], 0, ignore) FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept'], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_allow], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_allow { tcp dport 22 ct state new,untracked accept ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 10.10.10.0/24 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ]) m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [ FWD_CHECK([--permanent --policy=foobar --remove-service-from-policy ssh], 0, [ignore]) ], [ FWD_CHECK([--permanent --policy=foobar --remove-service ssh], 0, [ignore]) ]) FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-service ssh], 1, ignore) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept'], 1, [ignore]) FWD_CHECK([--policy=foobar --remove-service ssh], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept'], 0, [ignore]) FWD_CHECK([--policy foobar --query-service ssh], 1, ignore) FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept'], 1, [ignore]) dnl service with helpers dnl runtime --> permanent m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ FWD_CHECK([--policy=foobar --add-service ftp], 0, [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept'], 0, [ignore]) FWD_CHECK([--policy foobar --query-service ftp], 0, ignore) FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept'], 0, [ignore]) FWD_CHECK([--runtime-to-permanent], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-service ftp], 0, ignore) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept'], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_allow], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_allow { tcp dport 21 ct helper set "helper-ftp-tcp" tcp dport 21 ct state new,untracked accept ip saddr 10.10.10.0/24 tcp dport 21 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED ACCEPT tcp -- 10.10.10.0/24 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:21 ctstate NEW,UNTRACKED ]) dnl iptables needs the helper rules in the raw table IPTABLES_LIST_RULES([raw], [PRE_foobar_allow], 0, [dnl CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 CT helper ftp CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 CT helper ftp ]) IP6TABLES_LIST_RULES([raw], [PRE_foobar_allow], 0, [dnl CT tcp ::/0 ::/0 tcp dpt:21 CT helper ftp ]) FWD_CHECK([--permanent --policy=foobar --remove-service ftp], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-service ftp], 1, ignore) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept'], 1, [ignore]) FWD_CHECK([--policy=foobar --remove-service ftp], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept'], 0, [ignore]) FWD_CHECK([--policy foobar --query-service ftp], 1, ignore) FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept'], 1, [ignore]) ]) dnl invalid services FWD_CHECK([--permanent --policy=foobar --add-service does-not-exist], 101, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-service does-not-exist], 101, [ignore], [ignore]) dnl invalid options FWD_CHECK([--permanent --policy=foobar --add-interface raboof0 --add-service ssh], 2, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-interface raboof0 --add-service ssh], 2, [ignore], [ignore]) FWD_END_TEST([-e '/ERROR: INVALID_SERVICE/d']) firewalld-1.1.1/src/tests/features/helpers_custom.at0000644000000000000000000001271414217342322022617 0ustar00rootroot00000000000000FWD_START_TEST([customer helpers]) AT_KEYWORDS(helpers rhbz1733066 gh514 rhbz1769520) FWD_CHECK([-q --permanent --new-helper="ftptest" --module="nf_conntrack_ftp"]) FWD_CHECK([-q --permanent --helper=ftptest --add-port="2121/tcp"]) FWD_CHECK([-q --permanent --new-service="ftptest"]) FWD_CHECK([-q --permanent --service=ftptest --add-module="ftptest"]) FWD_CHECK([-q --permanent --service=ftptest --query-module="ftptest"]) FWD_CHECK([-q --permanent --service=ftptest --add-port="2121/tcp"]) FWD_CHECK([--permanent --info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: ])]) FWD_RELOAD FWD_CHECK([--info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: ])]) FWD_CHECK([-q --add-service=ftptest]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 2121 ct helper set "helper-ftptest-tcp" tcp dport 2121 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED ]) dnl Same thing as above, but with the new "helper" in service. FWD_CHECK([-q --permanent --service=ftptest --remove-module="ftptest"]) FWD_CHECK([-q --permanent --service=ftptest --query-module="ftptest"], 1) FWD_CHECK([-q --permanent --service=ftptest --add-helper="ftptest"]) FWD_CHECK([--permanent --info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest ])]) FWD_RELOAD FWD_CHECK([--info-service=ftptest | TRIM_WHITESPACE], 0, [m4_strip([dnl ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest ])]) FWD_CHECK([-q --add-service=ftptest]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 2121 ct helper set "helper-ftptest-tcp" tcp dport 2121 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED ]) dnl again, but with both "module" and "helper" FWD_CHECK([-q --permanent --service=ftptest --add-module="ftptest"]) FWD_CHECK([-q --permanent --service=ftptest --remove-helper="ftptest"]) FWD_CHECK([-q --permanent --service=ftptest --add-helper="ftp"]) FWD_CHECK([-q --permanent --service=ftptest --add-port="21/tcp"]) FWD_RELOAD FWD_CHECK([-q --add-service=ftptest]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 21 ct helper set "helper-ftp-tcp" tcp dport 2121 ct helper set "helper-ftptest-tcp" tcp dport 2121 ct state new,untracked accept tcp dport 21 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 CT helper ftp CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([raw], [PRE_public_allow], 0, [dnl CT tcp ::/0 ::/0 tcp dpt:21 CT helper ftp CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:21 ctstate NEW,UNTRACKED ]) FWD_END_TEST firewalld-1.1.1/src/tests/features/rfc3964_ipv4.at0000644000000000000000000001154414217342322021625 0ustar00rootroot00000000000000FWD_START_TEST([RFC3964_IPv4]) AT_KEYWORDS(rfc3964_ipv4) AT_CHECK([sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf]) AT_CHECK([sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf]) FWD_RELOAD NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_REJECT: " reject with icmpv6 addr-unreachable jump filter_FORWARD_ZONES ct state invalid log prefix "STATE_INVALID_DROP: " ct state invalid drop log prefix "FINAL_REJECT: " reject with icmpx admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_OUTPUT], 0, [dnl table inet firewalld { chain filter_OUTPUT { ct state established,related accept oifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_REJECT: " reject with icmpv6 addr-unreachable jump filter_OUTPUT_POLICIES_pre jump filter_OUTPUT_POLICIES_post } } ]) IP6TABLES_LIST_RULES([filter], [RFC3964_IPv4], 0, [dnl LOG all ::/0 2002:e000::/19 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002:e000::/19 reject-with icmp6-addr-unreachable LOG all ::/0 2002:a9fe::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002:a9fe::/32 reject-with icmp6-addr-unreachable LOG all ::/0 2002:c0a8::/32 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002:c0a8::/32 reject-with icmp6-addr-unreachable LOG all ::/0 2002:ac10::/28 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002:ac10::/28 reject-with icmp6-addr-unreachable LOG all ::/0 2002:7f00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002:7f00::/24 reject-with icmp6-addr-unreachable LOG all ::/0 2002:a00::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002:a00::/24 reject-with icmp6-addr-unreachable LOG all ::/0 2002::/24 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 2002::/24 reject-with icmp6-addr-unreachable LOG all ::/0 ::ffff:0.0.0.0/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 ::ffff:0.0.0.0/96 reject-with icmp6-addr-unreachable LOG all ::/0 ::/96 LOG flags 0 level 4 prefix "RFC3964_IPv4_REJECT: " REJECT all ::/0 ::/96 reject-with icmp6-addr-unreachable ]) IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [OUTPUT], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED ACCEPT all ::/0 ::/0 OUTPUT_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 OUTPUT_POLICIES_pre all ::/0 ::/0 OUTPUT_POLICIES_post all ::/0 ::/0 ]) AT_CHECK([sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf]) FWD_RELOAD NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname "lo" accept jump filter_FORWARD_ZONES ct state invalid log prefix "STATE_INVALID_DROP: " ct state invalid drop log prefix "FINAL_REJECT: " reject with icmpx admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_OUTPUT], 0, [dnl table inet firewalld { chain filter_OUTPUT { ct state established,related accept oifname "lo" accept jump filter_OUTPUT_POLICIES_pre jump filter_OUTPUT_POLICIES_post } } ]) IP6TABLES_LIST_RULES([filter], [RFC3964_IPv4], 1, [ignore], [ignore]) IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 FORWARD_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [OUTPUT], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED ACCEPT all ::/0 ::/0 OUTPUT_direct all ::/0 ::/0 OUTPUT_POLICIES_pre all ::/0 ::/0 OUTPUT_POLICIES_post all ::/0 ::/0 ]) FWD_END_TEST firewalld-1.1.1/src/tests/features/rich_rules.at0000644000000000000000000003207414217342322021723 0ustar00rootroot00000000000000FWD_START_TEST([rich rules]) AT_KEYWORDS(policy rich) dnl dnl This is basic rich rule coverage. Each feature has its own coverage which dnl should include rich rules as well. FWD_CHECK([--permanent --new-policy=foobar], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone HOST], 0, [ignore]) FWD_RELOAD dnl basic layout dnl NFT_LIST_RULES([inet], [filter_IN_policy_foobar], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar { jump filter_IN_policy_foobar_pre jump filter_IN_policy_foobar_log jump filter_IN_policy_foobar_deny jump filter_IN_policy_foobar_allow jump filter_IN_policy_foobar_post } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar], 0, [dnl IN_foobar_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_log all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_allow all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_post all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [IN_foobar], 0, [dnl IN_foobar_pre all ::/0 ::/0 IN_foobar_log all ::/0 ::/0 IN_foobar_deny all ::/0 ::/0 IN_foobar_allow all ::/0 ::/0 IN_foobar_post all ::/0 ::/0 ]) dnl priority dnl FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.10 accept'], 0, ignore) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 log accept'], 0, ignore) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 audit accept'], 0, ignore) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.12 reject'], 0, ignore) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.13 drop'], 0, ignore) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.10.10.14 accept'], 0, ignore) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=1 source address=10.10.10.15 accept'], 0, ignore) FWD_RELOAD NFT_LIST_RULES([inet], [filter_IN_policy_foobar_pre], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_pre { ip saddr 10.10.10.14 accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_pre], 0, [dnl ACCEPT all -- 10.10.10.14 0.0.0.0/0 ]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_log], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_log { ip saddr 10.10.10.11 log ip saddr 10.10.10.11 log level audit } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_log], 0, [dnl LOG all -- 10.10.10.11 0.0.0.0/0 LOG flags 0 level 4 AUDIT all -- 10.10.10.11 0.0.0.0/0 AUDIT accept ]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_deny], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_deny { ip saddr 10.10.10.12 reject with icmp port-unreachable ip saddr 10.10.10.13 drop } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_deny], 0, [dnl REJECT all -- 10.10.10.12 0.0.0.0/0 reject-with icmp-port-unreachable DROP all -- 10.10.10.13 0.0.0.0/0 ]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_allow], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_allow { ip saddr 10.10.10.10 accept ip saddr 10.10.10.11 accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_allow], 0, [dnl ACCEPT all -- 10.10.10.10 0.0.0.0/0 ACCEPT all -- 10.10.10.11 0.0.0.0/0 ACCEPT all -- 10.10.10.11 0.0.0.0/0 ]) NFT_LIST_RULES([inet], [filter_IN_policy_foobar_post], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_post { ip saddr 10.10.10.15 accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_post], 0, [dnl ACCEPT all -- 10.10.10.15 0.0.0.0/0 ]) dnl source/destination dnl FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.20.20.20 accept'], 0, ignore) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-2 destination address=10.20.20.21 accept'], 0, ignore) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-3 source address=10.20.20.22 destination address=10.20.20.23 drop'], 0, ignore) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule family=ipv6 priority=-4 source address=1234::4321 destination address=1234::4444 drop'], 0, ignore) FWD_RELOAD NFT_LIST_RULES([inet], [filter_IN_policy_foobar_pre], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_pre { ip6 daddr 1234::4444 ip6 saddr 1234::4321 drop ip daddr 10.20.20.23 ip saddr 10.20.20.22 drop ip daddr 10.20.20.21 accept ip saddr 10.10.10.14 accept ip saddr 10.20.20.20 accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_pre], 0, [dnl DROP all -- 10.20.20.22 10.20.20.23 ACCEPT all -- 0.0.0.0/0 10.20.20.21 ACCEPT all -- 10.10.10.14 0.0.0.0/0 ACCEPT all -- 10.20.20.20 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_pre], 0, [dnl DROP all 1234::4321 1234::4444 ]) dnl icmp-type dnl FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule priority=-1 icmp-type name="neighbour-advertisement" accept'], 0, ignore) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule priority=-2 icmp-type name="echo-request" accept'], 0, ignore) FWD_RELOAD NFT_LIST_RULES([inet], [filter_IN_policy_foobar_pre], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_pre { ip6 daddr 1234::4444 ip6 saddr 1234::4321 drop ip daddr 10.20.20.23 ip saddr 10.20.20.22 drop ip daddr 10.20.20.21 accept icmp echo-request accept icmpv6 echo-request accept ip saddr 10.10.10.14 accept ip saddr 10.20.20.20 accept icmpv6 nd-neighbor-advert accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_pre], 0, [dnl DROP all -- 10.20.20.22 10.20.20.23 ACCEPT all -- 0.0.0.0/0 10.20.20.21 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ACCEPT all -- 10.10.10.14 0.0.0.0/0 ACCEPT all -- 10.20.20.20 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_pre], 0, [dnl DROP all 1234::4321 1234::4444 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 136 ]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone HOST], 0, [ignore]) dnl mark action dnl valid if egress zone is HOST dnl FWD_CHECK([--permanent --policy=foobar --add-egress-zone HOST], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule priority=-1 mark set=1234'], 0, ignore) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule priority=-2 mark set=0x6600/0xFF00'], 0, ignore) FWD_RELOAD NFT_LIST_RULES([inet], [mangle_PRE_policy_foobar_pre], 0, [dnl table inet firewalld { chain mangle_PRE_policy_foobar_pre { mark set mark & 0x0000ff00 ^ 0x00006600 mark set 0x000004d2 } } ]) IPTABLES_LIST_RULES([mangle], [PRE_foobar_pre], 0, [dnl MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK xset 0x6600/0xff00 MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x4d2 ]) IP6TABLES_LIST_RULES([mangle], [PRE_foobar_pre], 0, [dnl MARK all ::/0 ::/0 MARK xset 0x6600/0xff00 MARK all ::/0 ::/0 MARK set 0x4d2 ]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone HOST], 0, [ignore]) dnl mark action dnl valid if egress zone is ANY dnl FWD_CHECK([--permanent --policy=foobar --add-egress-zone ANY], 0, [ignore]) FWD_RELOAD NFT_LIST_RULES([inet], [mangle_PRE_policy_foobar_pre], 0, [dnl table inet firewalld { chain mangle_PRE_policy_foobar_pre { mark set mark & 0x0000ff00 ^ 0x00006600 mark set 0x000004d2 } } ]) IPTABLES_LIST_RULES([mangle], [PRE_foobar_pre], 0, [dnl MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK xset 0x6600/0xff00 MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x4d2 ]) IP6TABLES_LIST_RULES([mangle], [PRE_foobar_pre], 0, [dnl MARK all ::/0 ::/0 MARK xset 0x6600/0xff00 MARK all ::/0 ::/0 MARK set 0x4d2 ]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone ANY], 0, [ignore]) dnl mark action dnl valid if egress zone is source-based dnl FWD_CHECK([--permanent --zone=public --add-source 10.10.10.0/24], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone public], 0, [ignore]) FWD_RELOAD NFT_LIST_RULES([inet], [mangle_PRE_policy_foobar_pre], 0, [dnl table inet firewalld { chain mangle_PRE_policy_foobar_pre { mark set mark & 0x0000ff00 ^ 0x00006600 mark set 0x000004d2 } } ]) IPTABLES_LIST_RULES([mangle], [PRE_foobar_pre], 0, [dnl MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK xset 0x6600/0xff00 MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x4d2 ]) IP6TABLES_LIST_RULES([mangle], [PRE_foobar_pre], 0, [dnl MARK all ::/0 ::/0 MARK xset 0x6600/0xff00 MARK all ::/0 ::/0 MARK set 0x4d2 ]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone public], 0, [ignore]) FWD_CHECK([--permanent --zone=public --remove-source 10.10.10.0/24], 0, [ignore]) FWD_CHECK([ --policy=foobar --remove-egress-zone public], 0, [ignore]) FWD_CHECK([ --zone=public --remove-source 10.10.10.0/24], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --remove-rich-rule='rule priority=-1 mark set=1234'], 0, ignore) FWD_CHECK([ --policy foobar --remove-rich-rule='rule priority=-1 mark set=1234'], 0, ignore) FWD_CHECK([--permanent --policy foobar --remove-rich-rule='rule priority=-2 mark set=0x6600/0xFF00'], 0, ignore) FWD_CHECK([ --policy foobar --remove-rich-rule='rule priority=-2 mark set=0x6600/0xFF00'], 0, ignore) dnl mark action dnl invalid if egress zone is interface-based dnl FWD_CHECK([--permanent --zone=public --add-interface foobar0], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone public], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule priority=-1 mark set=1234'], 112, [ignore], [ignore]) FWD_CHECK([--permanent --zone=public --remove-interface foobar0], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone public], 0, [ignore]) FWD_CHECK([ --zone=public --add-interface foobar0], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-egress-zone public], 0, [ignore]) FWD_CHECK([ --policy foobar --add-rich-rule='rule priority=-1 mark set=1234'], 112, [ignore], [ignore]) FWD_CHECK([ --zone=public --remove-interface foobar0], 0, [ignore]) FWD_CHECK([ --policy=foobar --remove-egress-zone public], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone HOST], 0, [ignore]) dnl log/audit action dnl FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule priority=32000 log prefix="LOG: " level="warning"'], 0, ignore) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule priority=32001 audit accept'], 0, ignore) FWD_RELOAD NFT_LIST_RULES([inet], [filter_IN_policy_foobar_post], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_post { ip saddr 10.10.10.15 accept log prefix "LOG: " log level audit accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_post], 0, [dnl ACCEPT all -- 10.10.10.15 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "'LOG: '" AUDIT all -- 0.0.0.0/0 0.0.0.0/0 AUDIT accept ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_post], 0, [dnl LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "'LOG: '" AUDIT all ::/0 ::/0 AUDIT accept ACCEPT all ::/0 ::/0 ]) FWD_CHECK([--permanent --policy foobar --remove-rich-rule='rule priority=32000 log prefix="LOG: " level="warning"'], 0, ignore) FWD_CHECK([--permanent --policy foobar --remove-rich-rule='rule priority=32001 audit accept'], 0, ignore) FWD_RELOAD dnl nflog/audit action dnl FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule priority=32000 nflog prefix="NFLOG: " queue-size=10'], 0, ignore) FWD_CHECK([--permanent --policy foobar --add-rich-rule='rule priority=32001 audit accept'], 0, ignore) FWD_RELOAD NFT_LIST_RULES([inet], [filter_IN_policy_foobar_post], 0, [dnl table inet firewalld { chain filter_IN_policy_foobar_post { ip saddr 10.10.10.15 accept log prefix "NFLOG: " group 0 queue-threshold 10 log level audit accept } } ]) IPTABLES_LIST_RULES([filter], [IN_foobar_post], 0, [dnl ACCEPT all -- 10.10.10.15 0.0.0.0/0 NFLOG all -- 0.0.0.0/0 0.0.0.0/0 nflog-prefix "NFLOG: " nflog-threshold 10 AUDIT all -- 0.0.0.0/0 0.0.0.0/0 AUDIT accept ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ]) IP6TABLES_LIST_RULES([filter], [IN_foobar_post], 0, [dnl NFLOG all ::/0 ::/0 nflog-prefix "NFLOG: " nflog-threshold 10 AUDIT all ::/0 ::/0 AUDIT accept ACCEPT all ::/0 ::/0 ]) FWD_END_TEST([-e '/ERROR: INVALID_ZONE:/d']) firewalld-1.1.1/src/tests/features/forward_ports.at0000644000000000000000000004754114217342322022464 0ustar00rootroot00000000000000FWD_START_TEST([forward ports]) AT_KEYWORDS(policy forward_port) FWD_CHECK([--permanent --new-policy=foobar], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-ingress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone ANY], 0, [ignore]) dnl permanent --> runtime FWD_CHECK([--permanent --policy=foobar --add-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 0, [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --policy=foobar --add-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321], 0, [ignore]) ]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 0, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --policy foobar --query-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321], 0, ignore) ]) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore]) FWD_RELOAD FWD_CHECK([--policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 0, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--policy foobar --query-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321], 0, ignore) ]) FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore]) NFT_LIST_RULES([inet], [nat_PRE_policy_foobar_allow], 0, [dnl table inet firewalld { chain nat_PRE_policy_foobar_allow { meta nfproto ipv4 tcp dport 33 dnat ip to 10.10.10.10:33 meta nfproto ipv6 udp dport 44 dnat ip6 to [[1234::4321]:4444] meta nfproto ipv4 udp dport 444 dnat ip to 10.44.44.44:4444 } } ]) IPTABLES_LIST_RULES([nat], [PRE_foobar_allow], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:33 to:10.10.10.10:33 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:444 to:10.44.44.44:4444 ]) IP6TABLES_LIST_RULES([nat], [PRE_foobar_allow], 0, [dnl DNAT udp ::/0 ::/0 udp dpt:44 [to:[1234::4321]:4444] ]) FWD_CHECK([--permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 0, [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --policy=foobar --remove-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321], 0, [ignore]) ]) FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore]) FWD_CHECK([--policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 0, [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--policy=foobar --remove-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321], 0, [ignore]) ]) FWD_CHECK([--policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore]) dnl runtime --> permanent m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ FWD_CHECK([--policy=foobar --add-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 0, [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore]) FWD_CHECK([--policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 0, [ignore]) FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore]) FWD_CHECK([--runtime-to-permanent], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore]) NFT_LIST_RULES([inet], [nat_PRE_policy_foobar_allow], 0, [dnl table inet firewalld { chain nat_PRE_policy_foobar_allow { meta nfproto ipv4 tcp dport 33 dnat ip to 10.10.10.10:33 meta nfproto ipv4 udp dport 444 dnat ip to 10.44.44.44:4444 } } ]) IPTABLES_LIST_RULES([nat], [PRE_foobar_allow], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:33 to:10.10.10.10:33 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:444 to:10.44.44.44:4444 ]) IP6TABLES_LIST_RULES([nat], [PRE_foobar_allow], 0, [dnl ]) FWD_CHECK([--permanent --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 1, [ignore]) FWD_CHECK([--permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 1, [ignore]) FWD_CHECK([--policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore]) FWD_CHECK([--policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10], 1, [ignore]) FWD_CHECK([--policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 1, [ignore]) ]) dnl invalid ports FWD_CHECK([--permanent --policy=foobar --add-forward-port 1234], 106, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-forward-port 1234], 106, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=11:proto=tcp], 106, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-forward-port port=11:proto=tcp], 106, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=11:proto=tcpp:toport=1111], 103, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-forward-port port=11:proto=tcpp:toport=1111], 103, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=11:proto=tcp:toport=1111:toaddr=10.10.10.10.10], 105, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-forward-port port=11:proto=tcp:toport=1111:toaddr=10.10.10.10.10], 105, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444'], 103, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444'], 103, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp'], 102, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp'], 102, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcpp to-port=1111'], 103, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcpp to-port=1111'], 103, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp to-port=1111 to-addr=10.10.10.10.10'], 105, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp to-port=1111 to-addr=10.10.10.10.10'], 105, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone ANY], 0, [ignore]) FWD_CHECK([ --policy=foobar --remove-egress-zone ANY], 0, [ignore]) dnl if egress-zone is HOST then to-addr is invalid FWD_CHECK([--permanent --policy=foobar --add-egress-zone HOST], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 106, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 106, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444'], 0, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone HOST], 0, [ignore]) FWD_CHECK([--policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 106, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 106, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-forward-port port=22:proto=tcp:toport=2222], 0, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444'], 0, [ignore], [ignore]) NFT_LIST_RULES([inet], [nat_PRE_policy_foobar_allow], 0, [dnl table inet firewalld { chain nat_PRE_policy_foobar_allow { meta nfproto ipv4 tcp dport 22 redirect to :2222 meta nfproto ipv6 udp dport 444 redirect to :4444 } } ]) IPTABLES_LIST_RULES([nat], [PRE_foobar_allow], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 to::2222 ]) IP6TABLES_LIST_RULES([nat], [PRE_foobar_allow], 0, [dnl DNAT udp ::/0 ::/0 udp dpt:444 to::4444 ]) FWD_CHECK([--permanent --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444'], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone HOST], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222], 0, [ignore], [ignore]) FWD_CHECK([--policy=foobar --remove-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444'], 0, [ignore], [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone HOST], 0, [ignore]) dnl if egress-zone is ANY then to-addr is required FWD_CHECK([--permanent --policy=foobar --add-egress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222], 106, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 0, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone ANY], 0, [ignore]) FWD_CHECK([--policy=foobar --add-forward-port port=22:proto=tcp:toport=2222], 106, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --remove-egress-zone ANY], 0, [ignore]) FWD_CHECK([--policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 0, [ignore], [ignore]) FWD_CHECK([--policy=foobar --remove-egress-zone ANY], 0, [ignore]) dnl if egress-zone is a zone then the zone must not have interfaces FWD_CHECK([--permanent --zone internal --add-interface foobar0], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-egress-zone internal], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222], 106, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 112, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444'], 106, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 112, [ignore], [ignore]) FWD_CHECK([--zone internal --add-interface foobar0], 0, [ignore]) FWD_CHECK([--policy=foobar --add-egress-zone internal], 0, [ignore]) FWD_CHECK([--policy=foobar --add-forward-port port=22:proto=tcp:toport=2222], 106, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 112, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444'], 106, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 112, [ignore], [ignore]) FWD_CHECK([--permanent --zone internal --remove-interface foobar0], 0, [ignore]) FWD_CHECK([--zone internal --remove-interface foobar0], 0, [ignore]) dnl if egress-zone is a zone and it only has sources, then toaddr must be dnl specified FWD_CHECK([--permanent --zone internal --add-source 10.10.10.0/24], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222], 106, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444'], 106, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore], [ignore]) FWD_CHECK([--zone internal --add-source 10.10.10.0/24], 0, [ignore]) FWD_CHECK([--policy=foobar --add-forward-port port=22:proto=tcp:toport=2222], 106, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 0, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444'], 106, [ignore], [ignore]) FWD_CHECK([--policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore], [ignore]) NFT_LIST_RULES([inet], [nat_PRE_policy_foobar_allow], 0, [dnl table inet firewalld { chain nat_PRE_policy_foobar_allow { meta nfproto ipv4 tcp dport 22 dnat ip to 10.0.0.1:2222 meta nfproto ipv4 udp dport 444 dnat ip to 10.44.44.44:4444 } } ]) IPTABLES_LIST_RULES([nat], [PRE_foobar_allow], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 to:10.0.0.1:2222 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:444 to:10.44.44.44:4444 ]) FWD_END_TEST([-e '/ERROR: INVALID_FORWARD/d' -e '/ERROR: INVALID_ZONE/d']) FWD_START_TEST([forward ports [(OUTPUT)]]) AT_KEYWORDS(policy forward_port rhbz2039542) FWD_CHECK([--permanent --new-policy=foobar], 0, [ignore]) FWD_CHECK([--permanent --new-zone localhost], 0, [ignore]) FWD_RELOAD dnl ingress-zone=HOST, egress-zone=ANY to DNAT outgoing packets dnl podman uses this to redirect from host to containers. dnl FWD_CHECK([--permanent --policy foobar --add-ingress-zone HOST], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --add-egress-zone ANY], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222], 106, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444'], 106, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore], [ignore]) FWD_CHECK([ --policy foobar --add-ingress-zone HOST], 0, [ignore]) FWD_CHECK([ --policy foobar --add-egress-zone ANY], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222], 106, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 0, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444'], 106, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore], [ignore]) NFT_LIST_RULES([inet], [nat_OUT_policy_foobar_allow], 0, [dnl table inet firewalld { chain nat_OUT_policy_foobar_allow { meta nfproto ipv4 tcp dport 22 dnat ip to 10.0.0.1:2222 meta nfproto ipv4 udp dport 444 dnat ip to 10.44.44.44:4444 } } ]) IPTABLES_LIST_RULES([nat], [OUT_foobar_allow], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 to:10.0.0.1:2222 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:444 to:10.44.44.44:4444 ]) FWD_CHECK([--permanent --policy foobar --remove-ingress-zone HOST], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --remove-egress-zone ANY], 0, [ignore]) FWD_CHECK([ --policy foobar --remove-ingress-zone HOST], 0, [ignore]) FWD_CHECK([ --policy foobar --remove-egress-zone ANY], 0, [ignore]) dnl ingress-zone=HOST, egress-zone=zone dnl podman uses this to redirect from host to containers. dnl FWD_CHECK([--permanent --zone localhost --add-source 127.0.0.0/8], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --add-ingress-zone HOST], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --add-egress-zone localhost], 0, [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222], 106, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 0, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444'], 106, [ignore], [ignore]) FWD_CHECK([--permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore], [ignore]) FWD_CHECK([ --zone localhost --add-source 127.0.0.0/8], 0, [ignore]) FWD_CHECK([ --policy foobar --add-ingress-zone HOST], 0, [ignore]) FWD_CHECK([ --policy foobar --add-egress-zone localhost], 0, [ignore]) FWD_CHECK([ --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222], 106, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1], 0, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444'], 106, [ignore], [ignore]) FWD_CHECK([ --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44'], 0, [ignore], [ignore]) NFT_LIST_RULES([inet], [nat_OUT_policy_foobar_allow], 0, [dnl table inet firewalld { chain nat_OUT_policy_foobar_allow { meta nfproto ipv4 tcp dport 22 dnat ip to 10.0.0.1:2222 meta nfproto ipv4 udp dport 444 dnat ip to 10.44.44.44:4444 } } ]) IPTABLES_LIST_RULES([nat], [OUT_foobar_allow], 0, [dnl DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 to:10.0.0.1:2222 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:444 to:10.44.44.44:4444 ]) FWD_CHECK([--permanent --zone localhost --remove-source 127.0.0.0/8], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --remove-ingress-zone HOST], 0, [ignore]) FWD_CHECK([--permanent --policy foobar --remove-egress-zone localhost], 0, [ignore]) FWD_CHECK([ --zone localhost --remove-source 127.0.0.0/8], 0, [ignore]) FWD_CHECK([ --policy foobar --remove-ingress-zone HOST], 0, [ignore]) FWD_CHECK([ --policy foobar --remove-egress-zone localhost], 0, [ignore]) FWD_END_TEST([-e '/ERROR: INVALID_FORWARD/d' -e '/ERROR: INVALID_ZONE/d']) firewalld-1.1.1/src/tests/integration/0000755000000000000000000000000014217353201017733 5ustar00rootroot00000000000000firewalld-1.1.1/src/tests/integration/testsuite0000755000000000000000000060261114217353201021720 0ustar00rootroot00000000000000#! /bin/sh # Generated from integration/testsuite.at by GNU Autoconf 2.69. # # Copyright (C) 2009-2012 Free Software Foundation, Inc. # # This test suite is free software; the Free Software Foundation gives # unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" SHELL=${CONFIG_SHELL-/bin/sh} # How were we run? at_cli_args="$@" # Not all shells have the 'times' builtin; the subshell is needed to make # sure we discard the 'times: not found' message from the shell. at_times_p=false (times) >/dev/null 2>&1 && at_times_p=: # CLI Arguments to pass to the debugging scripts. at_debug_args= # -e sets to true at_errexit_p=false # Shall we be verbose? ':' means no, empty means yes. at_verbose=: at_quiet= # Running several jobs in parallel, 0 means as many as test groups. at_jobs=1 at_traceon=: at_trace_echo=: at_check_filter_trace=: # Shall we keep the debug scripts? Must be `:' when the suite is # run by a debug script, so that the script doesn't remove itself. at_debug_p=false # Display help message? at_help_p=false # Display the version message? at_version_p=false # List test groups? at_list_p=false # --clean at_clean=false # Test groups to run at_groups= # Whether to rerun failed tests. at_recheck= # Whether a write failure occurred at_write_fail=0 # The directory we run the suite in. Default to . if no -C option. at_dir=`pwd` # An absolute reference to this testsuite script. case $as_myself in [\\/]* | ?:[\\/]* ) at_myself=$as_myself ;; * ) at_myself=$at_dir/$as_myself ;; esac # Whether -C is in effect. at_change_dir=false # Whether to enable colored test results. at_color=auto # List of the tested programs. at_tested='' # As many question marks as there are digits in the last test group number. # Used to normalize the test group numbers so that `ls' lists them in # numerical order. at_format='?' # Description of all the test groups. at_help_all="1;rhbz1773809.at:1;NM overrides interface on reload;nftables zone reload rhbz1773809; 2;rhbz1928860.at:1;reload don't consider non IP capable interfaces;nftables reload rhbz1928860; 3;polkit_auth_server.at:1;polkit - auth server;nftables dbus polkit auth; 4;polkit_auth_desktop.at:1;polkit - auth desktop;nftables dbus polkit auth; 5;polkit_restart.at:1;polkit - restart;nftables dbus polkit auth; 6;dbus_auth_uid.at:1;dbus - UID auth, no polkit;nftables dbus auth; " # List of the all the test groups. at_groups_all=`$as_echo "$at_help_all" | sed 's/;.*//'` # at_fn_validate_ranges NAME... # ----------------------------- # Validate and normalize the test group number contained in each variable # NAME. Leading zeroes are treated as decimal. at_fn_validate_ranges () { for at_grp do eval at_value=\$$at_grp if test $at_value -lt 1 || test $at_value -gt 6; then $as_echo "invalid test group: $at_value" >&2 exit 1 fi case $at_value in 0*) # We want to treat leading 0 as decimal, like expr and test, but # AS_VAR_ARITH treats it as octal if it uses $(( )). # With XSI shells, ${at_value#${at_value%%[1-9]*}} avoids the # expr fork, but it is not worth the effort to determine if the # shell supports XSI when the user can just avoid leading 0. eval $at_grp='`expr $at_value + 0`' ;; esac done } at_prev= for at_option do # If the previous option needs an argument, assign it. if test -n "$at_prev"; then at_option=$at_prev=$at_option at_prev= fi case $at_option in *=?*) at_optarg=`expr "X$at_option" : '[^=]*=\(.*\)'` ;; *) at_optarg= ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $at_option in --help | -h ) at_help_p=: ;; --list | -l ) at_list_p=: ;; --version | -V ) at_version_p=: ;; --clean | -c ) at_clean=: ;; --color ) at_color=always ;; --color=* ) case $at_optarg in no | never | none) at_color=never ;; auto | tty | if-tty) at_color=auto ;; always | yes | force) at_color=always ;; *) at_optname=`echo " $at_option" | sed 's/^ //; s/=.*//'` as_fn_error $? "unrecognized argument to $at_optname: $at_optarg" ;; esac ;; --debug | -d ) at_debug_p=: ;; --errexit | -e ) at_debug_p=: at_errexit_p=: ;; --verbose | -v ) at_verbose=; at_quiet=: ;; --trace | -x ) at_traceon='set -x' at_trace_echo=echo at_check_filter_trace=at_fn_filter_trace ;; [0-9] | [0-9][0-9] | [0-9][0-9][0-9] | [0-9][0-9][0-9][0-9]) at_fn_validate_ranges at_option as_fn_append at_groups "$at_option$as_nl" ;; # Ranges [0-9]- | [0-9][0-9]- | [0-9][0-9][0-9]- | [0-9][0-9][0-9][0-9]-) at_range_start=`echo $at_option |tr -d X-` at_fn_validate_ranges at_range_start at_range=`$as_echo "$at_groups_all" | \ sed -ne '/^'$at_range_start'$/,$p'` as_fn_append at_groups "$at_range$as_nl" ;; -[0-9] | -[0-9][0-9] | -[0-9][0-9][0-9] | -[0-9][0-9][0-9][0-9]) at_range_end=`echo $at_option |tr -d X-` at_fn_validate_ranges at_range_end at_range=`$as_echo "$at_groups_all" | \ sed -ne '1,/^'$at_range_end'$/p'` as_fn_append at_groups "$at_range$as_nl" ;; [0-9]-[0-9] | [0-9]-[0-9][0-9] | [0-9]-[0-9][0-9][0-9] | \ [0-9]-[0-9][0-9][0-9][0-9] | [0-9][0-9]-[0-9][0-9] | \ [0-9][0-9]-[0-9][0-9][0-9] | [0-9][0-9]-[0-9][0-9][0-9][0-9] | \ [0-9][0-9][0-9]-[0-9][0-9][0-9] | \ [0-9][0-9][0-9]-[0-9][0-9][0-9][0-9] | \ [0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9] ) at_range_start=`expr $at_option : '\(.*\)-'` at_range_end=`expr $at_option : '.*-\(.*\)'` if test $at_range_start -gt $at_range_end; then at_tmp=$at_range_end at_range_end=$at_range_start at_range_start=$at_tmp fi at_fn_validate_ranges at_range_start at_range_end at_range=`$as_echo "$at_groups_all" | \ sed -ne '/^'$at_range_start'$/,/^'$at_range_end'$/p'` as_fn_append at_groups "$at_range$as_nl" ;; # Directory selection. --directory | -C ) at_prev=--directory ;; --directory=* ) at_change_dir=: at_dir=$at_optarg if test x- = "x$at_dir" ; then at_dir=./- fi ;; # Parallel execution. --jobs | -j ) at_jobs=0 ;; --jobs=* | -j[0-9]* ) if test -n "$at_optarg"; then at_jobs=$at_optarg else at_jobs=`expr X$at_option : 'X-j\(.*\)'` fi case $at_jobs in *[!0-9]*) at_optname=`echo " $at_option" | sed 's/^ //; s/[0-9=].*//'` as_fn_error $? "non-numeric argument to $at_optname: $at_jobs" ;; esac ;; # Keywords. --keywords | -k ) at_prev=--keywords ;; --keywords=* ) at_groups_selected=$at_help_all at_save_IFS=$IFS IFS=, set X $at_optarg shift IFS=$at_save_IFS for at_keyword do at_invert= case $at_keyword in '!'*) at_invert="-v" at_keyword=`expr "X$at_keyword" : 'X!\(.*\)'` ;; esac # It is on purpose that we match the test group titles too. at_groups_selected=`$as_echo "$at_groups_selected" | grep -i $at_invert "^[1-9][^;]*;.*[; ]$at_keyword[ ;]"` done # Smash the keywords. at_groups_selected=`$as_echo "$at_groups_selected" | sed 's/;.*//'` as_fn_append at_groups "$at_groups_selected$as_nl" ;; --recheck) at_recheck=: ;; *=*) at_envvar=`expr "x$at_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $at_envvar in '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$at_envvar'" ;; esac at_value=`$as_echo "$at_optarg" | sed "s/'/'\\\\\\\\''/g"` # Export now, but save eval for later and for debug scripts. export $at_envvar as_fn_append at_debug_args " $at_envvar='$at_value'" ;; *) $as_echo "$as_me: invalid option: $at_option" >&2 $as_echo "Try \`$0 --help' for more information." >&2 exit 1 ;; esac done # Verify our last option didn't require an argument if test -n "$at_prev"; then : as_fn_error $? "\`$at_prev' requires an argument" fi # The file containing the suite. at_suite_log=$at_dir/$as_me.log # Selected test groups. if test -z "$at_groups$at_recheck"; then at_groups=$at_groups_all else if test -n "$at_recheck" && test -r "$at_suite_log"; then at_oldfails=`sed -n ' /^Failed tests:$/,/^Skipped tests:$/{ s/^[ ]*\([1-9][0-9]*\):.*/\1/p } /^Unexpected passes:$/,/^## Detailed failed tests/{ s/^[ ]*\([1-9][0-9]*\):.*/\1/p } /^## Detailed failed tests/q ' "$at_suite_log"` as_fn_append at_groups "$at_oldfails$as_nl" fi # Sort the tests, removing duplicates. at_groups=`$as_echo "$at_groups" | sort -nu | sed '/^$/d'` fi if test x"$at_color" = xalways \ || { test x"$at_color" = xauto && test -t 1; }; then at_red=`printf '\033[0;31m'` at_grn=`printf '\033[0;32m'` at_lgn=`printf '\033[1;32m'` at_blu=`printf '\033[1;34m'` at_std=`printf '\033[m'` else at_red= at_grn= at_lgn= at_blu= at_std= fi # Help message. if $at_help_p; then cat <<_ATEOF || at_write_fail=1 Usage: $0 [OPTION]... [VARIABLE=VALUE]... [TESTS] Run all the tests, or the selected TESTS, given by numeric ranges, and save a detailed log file. Upon failure, create debugging scripts. Do not change environment variables directly. Instead, set them via command line arguments. Set \`AUTOTEST_PATH' to select the executables to exercise. Each relative directory is expanded as build and source directories relative to the top level of this distribution. E.g., from within the build directory /tmp/foo-1.0, invoking this: $ $0 AUTOTEST_PATH=bin is equivalent to the following, assuming the source directory is /src/foo-1.0: PATH=/tmp/foo-1.0/bin:/src/foo-1.0/bin:\$PATH $0 _ATEOF cat <<_ATEOF || at_write_fail=1 Operation modes: -h, --help print the help message, then exit -V, --version print version number, then exit -c, --clean remove all the files this test suite might create and exit -l, --list describes all the tests, or the selected TESTS _ATEOF cat <<_ATEOF || at_write_fail=1 Execution tuning: -C, --directory=DIR change to directory DIR before starting --color[=never|auto|always] disable colored test results, or enable even without terminal -j, --jobs[=N] Allow N jobs at once; infinite jobs with no arg (default 1) -k, --keywords=KEYWORDS select the tests matching all the comma-separated KEYWORDS multiple \`-k' accumulate; prefixed \`!' negates a KEYWORD --recheck select all tests that failed or passed unexpectedly last time -e, --errexit abort as soon as a test fails; implies --debug -v, --verbose force more detailed output default for debugging scripts -d, --debug inhibit clean up and top-level logging default for debugging scripts -x, --trace enable tests shell tracing _ATEOF cat <<_ATEOF || at_write_fail=1 Report bugs to . firewalld home page: . _ATEOF exit $at_write_fail fi # List of tests. if $at_list_p; then cat <<_ATEOF || at_write_fail=1 firewalld 1.1.1 test suite test groups: NUM: FILE-NAME:LINE TEST-GROUP-NAME KEYWORDS _ATEOF # Pass an empty line as separator between selected groups and help. $as_echo "$at_groups$as_nl$as_nl$at_help_all" | awk 'NF == 1 && FS != ";" { selected[$ 1] = 1 next } /^$/ { FS = ";" } NF > 0 { if (selected[$ 1]) { printf " %3d: %-18s %s\n", $ 1, $ 2, $ 3 if ($ 4) { lmax = 79 indent = " " line = indent len = length (line) n = split ($ 4, a, " ") for (i = 1; i <= n; i++) { l = length (a[i]) + 1 if (i > 1 && len + l > lmax) { print line line = indent " " a[i] len = length (line) } else { line = line " " a[i] len += l } } if (n) print line } } }' || at_write_fail=1 exit $at_write_fail fi if $at_version_p; then $as_echo "$as_me (firewalld 1.1.1)" && cat <<\_ATEOF || at_write_fail=1 Copyright (C) 2012 Free Software Foundation, Inc. This test suite is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ATEOF exit $at_write_fail fi # Should we print banners? Yes if more than one test is run. case $at_groups in #( *$as_nl* ) at_print_banners=: ;; #( * ) at_print_banners=false ;; esac # Text for banner N, set to a single space once printed. # Banner 1. networkmanager.at:1 # Category starts at test group 1. at_banner_text_1="NetworkManager (nftables)" # Banner 2. polkit.at:1 # Category starts at test group 3. at_banner_text_2="polkit" # Banner 3. dbus.at:1 # Category starts at test group 6. at_banner_text_3="dbus" # Take any -C into account. if $at_change_dir ; then test x != "x$at_dir" && cd "$at_dir" \ || as_fn_error $? "unable to change directory" at_dir=`pwd` fi # Load the config files for any default variable assignments. for at_file in atconfig atlocal do test -r $at_file || continue . ./$at_file || as_fn_error $? "invalid content: $at_file" done # Autoconf <=2.59b set at_top_builddir instead of at_top_build_prefix: : "${at_top_build_prefix=$at_top_builddir}" # Perform any assignments requested during argument parsing. eval "$at_debug_args" # atconfig delivers names relative to the directory the test suite is # in, but the groups themselves are run in testsuite-dir/group-dir. if test -n "$at_top_srcdir"; then builddir=../.. for at_dir_var in srcdir top_srcdir top_build_prefix do eval at_val=\$at_$at_dir_var case $at_val in [\\/$]* | ?:[\\/]* ) at_prefix= ;; *) at_prefix=../../ ;; esac eval "$at_dir_var=\$at_prefix\$at_val" done fi ## -------------------- ## ## Directory structure. ## ## -------------------- ## # This is the set of directories and files used by this script # (non-literals are capitalized): # # TESTSUITE - the testsuite # TESTSUITE.log - summarizes the complete testsuite run # TESTSUITE.dir/ - created during a run, remains after -d or failed test # + at-groups/ - during a run: status of all groups in run # | + NNN/ - during a run: meta-data about test group NNN # | | + check-line - location (source file and line) of current AT_CHECK # | | + status - exit status of current AT_CHECK # | | + stdout - stdout of current AT_CHECK # | | + stder1 - stderr, including trace # | | + stderr - stderr, with trace filtered out # | | + test-source - portion of testsuite that defines group # | | + times - timestamps for computing duration # | | + pass - created if group passed # | | + xpass - created if group xpassed # | | + fail - created if group failed # | | + xfail - created if group xfailed # | | + skip - created if group skipped # + at-stop - during a run: end the run if this file exists # + at-source-lines - during a run: cache of TESTSUITE line numbers for extraction # + 0..NNN/ - created for each group NNN, remains after -d or failed test # | + TESTSUITE.log - summarizes the group results # | + ... - files created during the group # The directory the whole suite works in. # Should be absolute to let the user `cd' at will. at_suite_dir=$at_dir/$as_me.dir # The file containing the suite ($at_dir might have changed since earlier). at_suite_log=$at_dir/$as_me.log # The directory containing helper files per test group. at_helper_dir=$at_suite_dir/at-groups # Stop file: if it exists, do not start new jobs. at_stop_file=$at_suite_dir/at-stop # The fifo used for the job dispatcher. at_job_fifo=$at_suite_dir/at-job-fifo if $at_clean; then test -d "$at_suite_dir" && find "$at_suite_dir" -type d ! -perm -700 -exec chmod u+rwx \{\} \; rm -f -r "$at_suite_dir" "$at_suite_log" exit $? fi # Don't take risks: use only absolute directories in PATH. # # For stand-alone test suites (ie. atconfig was not found), # AUTOTEST_PATH is relative to `.'. # # For embedded test suites, AUTOTEST_PATH is relative to the top level # of the package. Then expand it into build/src parts, since users # may create executables in both places. AUTOTEST_PATH=`$as_echo "$AUTOTEST_PATH" | sed "s|:|$PATH_SEPARATOR|g"` at_path= as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $AUTOTEST_PATH $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -n "$at_path" && as_fn_append at_path $PATH_SEPARATOR case $as_dir in [\\/]* | ?:[\\/]* ) as_fn_append at_path "$as_dir" ;; * ) if test -z "$at_top_build_prefix"; then # Stand-alone test suite. as_fn_append at_path "$as_dir" else # Embedded test suite. as_fn_append at_path "$at_top_build_prefix$as_dir$PATH_SEPARATOR" as_fn_append at_path "$at_top_srcdir/$as_dir" fi ;; esac done IFS=$as_save_IFS # Now build and simplify PATH. # # There might be directories that don't exist, but don't redirect # builtins' (eg., cd) stderr directly: Ultrix's sh hates that. at_new_path= as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $at_path do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -d "$as_dir" || continue case $as_dir in [\\/]* | ?:[\\/]* ) ;; * ) as_dir=`(cd "$as_dir" && pwd) 2>/dev/null` ;; esac case $PATH_SEPARATOR$at_new_path$PATH_SEPARATOR in *$PATH_SEPARATOR$as_dir$PATH_SEPARATOR*) ;; $PATH_SEPARATOR$PATH_SEPARATOR) at_new_path=$as_dir ;; *) as_fn_append at_new_path "$PATH_SEPARATOR$as_dir" ;; esac done IFS=$as_save_IFS PATH=$at_new_path export PATH # Setting up the FDs. # 5 is the log file. Not to be overwritten if `-d'. if $at_debug_p; then at_suite_log=/dev/null else : >"$at_suite_log" fi exec 5>>"$at_suite_log" # Banners and logs. $as_echo "## --------------------------- ## ## firewalld 1.1.1 test suite. ## ## --------------------------- ##" { $as_echo "## --------------------------- ## ## firewalld 1.1.1 test suite. ## ## --------------------------- ##" echo $as_echo "$as_me: command line was:" $as_echo " \$ $0 $at_cli_args" echo # If ChangeLog exists, list a few lines in case it might help determining # the exact version. if test -n "$at_top_srcdir" && test -f "$at_top_srcdir/ChangeLog"; then $as_echo "## ---------- ## ## ChangeLog. ## ## ---------- ##" echo sed 's/^/| /;10q' "$at_top_srcdir/ChangeLog" echo fi { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } echo # Contents of the config files. for at_file in atconfig atlocal do test -r $at_file || continue $as_echo "$as_me: $at_file:" sed 's/^/| /' $at_file echo done } >&5 ## ------------------------- ## ## Autotest shell functions. ## ## ------------------------- ## # at_fn_banner NUMBER # ------------------- # Output banner NUMBER, provided the testsuite is running multiple groups and # this particular banner has not yet been printed. at_fn_banner () { $at_print_banners || return 0 eval at_banner_text=\$at_banner_text_$1 test "x$at_banner_text" = "x " && return 0 eval "at_banner_text_$1=\" \"" if test -z "$at_banner_text"; then $at_first || echo else $as_echo "$as_nl$at_banner_text$as_nl" fi } # at_fn_banner # at_fn_check_prepare_notrace REASON LINE # --------------------------------------- # Perform AT_CHECK preparations for the command at LINE for an untraceable # command; REASON is the reason for disabling tracing. at_fn_check_prepare_notrace () { $at_trace_echo "Not enabling shell tracing (command contains $1)" $as_echo "$2" >"$at_check_line_file" at_check_trace=: at_check_filter=: : >"$at_stdout"; : >"$at_stderr" } # at_fn_check_prepare_trace LINE # ------------------------------ # Perform AT_CHECK preparations for the command at LINE for a traceable # command. at_fn_check_prepare_trace () { $as_echo "$1" >"$at_check_line_file" at_check_trace=$at_traceon at_check_filter=$at_check_filter_trace : >"$at_stdout"; : >"$at_stderr" } # at_fn_check_prepare_dynamic COMMAND LINE # ---------------------------------------- # Decide if COMMAND at LINE is traceable at runtime, and call the appropriate # preparation function. at_fn_check_prepare_dynamic () { case $1 in *$as_nl*) at_fn_check_prepare_notrace 'an embedded newline' "$2" ;; *) at_fn_check_prepare_trace "$2" ;; esac } # at_fn_filter_trace # ------------------ # Remove the lines in the file "$at_stderr" generated by "set -x" and print # them to stderr. at_fn_filter_trace () { mv "$at_stderr" "$at_stder1" grep '^ *+' "$at_stder1" >&2 grep -v '^ *+' "$at_stder1" >"$at_stderr" } # at_fn_log_failure FILE-LIST # --------------------------- # Copy the files in the list on stdout with a "> " prefix, and exit the shell # with a failure exit code. at_fn_log_failure () { for file do $as_echo "$file:"; sed 's/^/> /' "$file"; done echo 1 > "$at_status_file" exit 1 } # at_fn_check_skip EXIT-CODE LINE # ------------------------------- # Check whether EXIT-CODE is a special exit code (77 or 99), and if so exit # the test group subshell with that same exit code. Use LINE in any report # about test failure. at_fn_check_skip () { case $1 in 99) echo 99 > "$at_status_file"; at_failed=: $as_echo "$2: hard failure"; exit 99;; 77) echo 77 > "$at_status_file"; exit 77;; esac } # at_fn_check_status EXPECTED EXIT-CODE LINE # ------------------------------------------ # Check whether EXIT-CODE is the EXPECTED exit code, and if so do nothing. # Otherwise, if it is 77 or 99, exit the test group subshell with that same # exit code; if it is anything else print an error message referring to LINE, # and fail the test. at_fn_check_status () { case $2 in $1 ) ;; 77) echo 77 > "$at_status_file"; exit 77;; 99) echo 99 > "$at_status_file"; at_failed=: $as_echo "$3: hard failure"; exit 99;; *) $as_echo "$3: exit code was $2, expected $1" at_failed=:;; esac } # at_fn_diff_devnull FILE # ----------------------- # Emit a diff between /dev/null and FILE. Uses "test -s" to avoid useless diff # invocations. at_fn_diff_devnull () { test -s "$1" || return 0 $at_diff "$at_devnull" "$1" } # at_fn_test NUMBER # ----------------- # Parse out test NUMBER from the tail of this file. at_fn_test () { eval at_sed=\$at_sed$1 sed "$at_sed" "$at_myself" > "$at_test_source" } # at_fn_create_debugging_script # ----------------------------- # Create the debugging script $at_group_dir/run which will reproduce the # current test group. at_fn_create_debugging_script () { { echo "#! /bin/sh" && echo 'test "${ZSH_VERSION+set}" = set && alias -g '\''${1+"$@"}'\''='\''"$@"'\''' && $as_echo "cd '$at_dir'" && $as_echo "exec \${CONFIG_SHELL-$SHELL} \"$at_myself\" -v -d $at_debug_args $at_group \${1+\"\$@\"}" && echo 'exit 1' } >"$at_group_dir/run" && chmod +x "$at_group_dir/run" } ## -------------------------------- ## ## End of autotest shell functions. ## ## -------------------------------- ## { $as_echo "## ---------------- ## ## Tested programs. ## ## ---------------- ##" echo } >&5 # Report what programs are being tested. for at_program in : $at_tested do test "$at_program" = : && continue case $at_program in [\\/]* | ?:[\\/]* ) $at_program_=$at_program ;; * ) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -f "$as_dir/$at_program" && break done IFS=$as_save_IFS at_program_=$as_dir/$at_program ;; esac if test -f "$at_program_"; then { $as_echo "$at_srcdir/testsuite.at:1: $at_program_ --version" "$at_program_" --version &5 2>&1 else as_fn_error $? "cannot find $at_program" "$LINENO" 5 fi done { $as_echo "## ------------------ ## ## Running the tests. ## ## ------------------ ##" } >&5 at_start_date=`date` at_start_time=`date +%s 2>/dev/null` $as_echo "$as_me: starting at: $at_start_date" >&5 # Create the master directory if it doesn't already exist. as_dir="$at_suite_dir"; as_fn_mkdir_p || as_fn_error $? "cannot create \`$at_suite_dir'" "$LINENO" 5 # Can we diff with `/dev/null'? DU 5.0 refuses. if diff /dev/null /dev/null >/dev/null 2>&1; then at_devnull=/dev/null else at_devnull=$at_suite_dir/devnull >"$at_devnull" fi # Use `diff -u' when possible. if at_diff=`diff -u "$at_devnull" "$at_devnull" 2>&1` && test -z "$at_diff" then at_diff='diff -u' else at_diff=diff fi # Get the last needed group. for at_group in : $at_groups; do :; done # Extract the start and end lines of each test group at the tail # of this file awk ' BEGIN { FS="" } /^#AT_START_/ { start = NR } /^#AT_STOP_/ { test = substr ($ 0, 10) print "at_sed" test "=\"1," start "d;" (NR-1) "q\"" if (test == "'"$at_group"'") exit }' "$at_myself" > "$at_suite_dir/at-source-lines" && . "$at_suite_dir/at-source-lines" || as_fn_error $? "cannot create test line number cache" "$LINENO" 5 rm -f "$at_suite_dir/at-source-lines" # Set number of jobs for `-j'; avoid more jobs than test groups. set X $at_groups; shift; at_max_jobs=$# if test $at_max_jobs -eq 0; then at_jobs=1 fi if test $at_jobs -ne 1 && { test $at_jobs -eq 0 || test $at_jobs -gt $at_max_jobs; }; then at_jobs=$at_max_jobs fi # If parallel mode, don't output banners, don't split summary lines. if test $at_jobs -ne 1; then at_print_banners=false at_quiet=: fi # Set up helper dirs. rm -rf "$at_helper_dir" && mkdir "$at_helper_dir" && cd "$at_helper_dir" && { test -z "$at_groups" || mkdir $at_groups; } || as_fn_error $? "testsuite directory setup failed" "$LINENO" 5 # Functions for running a test group. We leave the actual # test group execution outside of a shell function in order # to avoid hitting zsh 4.x exit status bugs. # at_fn_group_prepare # ------------------- # Prepare for running a test group. at_fn_group_prepare () { # The directory for additional per-group helper files. at_job_dir=$at_helper_dir/$at_group # The file containing the location of the last AT_CHECK. at_check_line_file=$at_job_dir/check-line # The file containing the exit status of the last command. at_status_file=$at_job_dir/status # The files containing the output of the tested commands. at_stdout=$at_job_dir/stdout at_stder1=$at_job_dir/stder1 at_stderr=$at_job_dir/stderr # The file containing the code for a test group. at_test_source=$at_job_dir/test-source # The file containing dates. at_times_file=$at_job_dir/times # Be sure to come back to the top test directory. cd "$at_suite_dir" # Clearly separate the test groups when verbose. $at_first || $at_verbose echo at_group_normalized=$at_group eval 'while :; do case $at_group_normalized in #( '"$at_format"'*) break;; esac at_group_normalized=0$at_group_normalized done' # Create a fresh directory for the next test group, and enter. # If one already exists, the user may have invoked ./run from # within that directory; we remove the contents, but not the # directory itself, so that we aren't pulling the rug out from # under the shell's notion of the current directory. at_group_dir=$at_suite_dir/$at_group_normalized at_group_log=$at_group_dir/$as_me.log if test -d "$at_group_dir"; then find "$at_group_dir" -type d ! -perm -700 -exec chmod u+rwx {} \; rm -fr "$at_group_dir"/* "$at_group_dir"/.[!.] "$at_group_dir"/.??* fi || { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: test directory for $at_group_normalized could not be cleaned" >&5 $as_echo "$as_me: WARNING: test directory for $at_group_normalized could not be cleaned" >&2;} # Be tolerant if the above `rm' was not able to remove the directory. as_dir="$at_group_dir"; as_fn_mkdir_p echo 0 > "$at_status_file" # In verbose mode, append to the log file *and* show on # the standard output; in quiet mode only write to the log. if test -z "$at_verbose"; then at_tee_pipe='tee -a "$at_group_log"' else at_tee_pipe='cat >> "$at_group_log"' fi } # at_fn_group_banner ORDINAL LINE DESC PAD [BANNER] # ------------------------------------------------- # Declare the test group ORDINAL, located at LINE with group description DESC, # and residing under BANNER. Use PAD to align the status column. at_fn_group_banner () { at_setup_line="$2" test -n "$5" && at_fn_banner $5 at_desc="$3" case $1 in [0-9]) at_desc_line=" $1: ";; [0-9][0-9]) at_desc_line=" $1: " ;; *) at_desc_line="$1: " ;; esac as_fn_append at_desc_line "$3$4" $at_quiet $as_echo_n "$at_desc_line" echo "# -*- compilation -*-" >> "$at_group_log" } # at_fn_group_postprocess # ----------------------- # Perform cleanup after running a test group. at_fn_group_postprocess () { # Be sure to come back to the suite directory, in particular # since below we might `rm' the group directory we are in currently. cd "$at_suite_dir" if test ! -f "$at_check_line_file"; then sed "s/^ */$as_me: WARNING: /" <<_ATEOF A failure happened in a test group before any test could be run. This means that test suite is improperly designed. Please report this failure to . _ATEOF $as_echo "$at_setup_line" >"$at_check_line_file" at_status=99 fi $at_verbose $as_echo_n "$at_group. $at_setup_line: " $as_echo_n "$at_group. $at_setup_line: " >> "$at_group_log" case $at_xfail:$at_status in yes:0) at_msg="UNEXPECTED PASS" at_res=xpass at_errexit=$at_errexit_p at_color=$at_red ;; no:0) at_msg="ok" at_res=pass at_errexit=false at_color=$at_grn ;; *:77) at_msg='skipped ('`cat "$at_check_line_file"`')' at_res=skip at_errexit=false at_color=$at_blu ;; no:* | *:99) at_msg='FAILED ('`cat "$at_check_line_file"`')' at_res=fail at_errexit=$at_errexit_p at_color=$at_red ;; yes:*) at_msg='expected failure ('`cat "$at_check_line_file"`')' at_res=xfail at_errexit=false at_color=$at_lgn ;; esac echo "$at_res" > "$at_job_dir/$at_res" # In parallel mode, output the summary line only afterwards. if test $at_jobs -ne 1 && test -n "$at_verbose"; then $as_echo "$at_desc_line $at_color$at_msg$at_std" else # Make sure there is a separator even with long titles. $as_echo " $at_color$at_msg$at_std" fi at_log_msg="$at_group. $at_desc ($at_setup_line): $at_msg" case $at_status in 0|77) # $at_times_file is only available if the group succeeded. # We're not including the group log, so the success message # is written in the global log separately. But we also # write to the group log in case they're using -d. if test -f "$at_times_file"; then at_log_msg="$at_log_msg ("`sed 1d "$at_times_file"`')' rm -f "$at_times_file" fi $as_echo "$at_log_msg" >> "$at_group_log" $as_echo "$at_log_msg" >&5 # Cleanup the group directory, unless the user wants the files # or the success was unexpected. if $at_debug_p || test $at_res = xpass; then at_fn_create_debugging_script if test $at_res = xpass && $at_errexit; then echo stop > "$at_stop_file" fi else if test -d "$at_group_dir"; then find "$at_group_dir" -type d ! -perm -700 -exec chmod u+rwx \{\} \; rm -fr "$at_group_dir" fi rm -f "$at_test_source" fi ;; *) # Upon failure, include the log into the testsuite's global # log. The failure message is written in the group log. It # is later included in the global log. $as_echo "$at_log_msg" >> "$at_group_log" # Upon failure, keep the group directory for autopsy, and create # the debugging script. With -e, do not start any further tests. at_fn_create_debugging_script if $at_errexit; then echo stop > "$at_stop_file" fi ;; esac } ## ------------ ## ## Driver loop. ## ## ------------ ## if (set -m && set +m && set +b) >/dev/null 2>&1; then set +b at_job_control_on='set -m' at_job_control_off='set +m' at_job_group=- else at_job_control_on=: at_job_control_off=: at_job_group= fi for at_signal in 1 2 15; do trap 'set +x; set +e $at_job_control_off at_signal='"$at_signal"' echo stop > "$at_stop_file" trap "" $at_signal at_pgids= for at_pgid in `jobs -p 2>/dev/null`; do at_pgids="$at_pgids $at_job_group$at_pgid" done test -z "$at_pgids" || kill -$at_signal $at_pgids 2>/dev/null wait if test "$at_jobs" -eq 1 || test -z "$at_verbose"; then echo >&2 fi at_signame=`kill -l $at_signal 2>&1 || echo $at_signal` set x $at_signame test 0 -gt 2 && at_signame=$at_signal { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: caught signal $at_signame, bailing out" >&5 $as_echo "$as_me: WARNING: caught signal $at_signame, bailing out" >&2;} as_fn_arith 128 + $at_signal && exit_status=$as_val as_fn_exit $exit_status' $at_signal done rm -f "$at_stop_file" at_first=: if test $at_jobs -ne 1 && rm -f "$at_job_fifo" && test -n "$at_job_group" && ( mkfifo "$at_job_fifo" && trap 'exit 1' PIPE STOP TSTP ) 2>/dev/null then # FIFO job dispatcher. trap 'at_pids= for at_pid in `jobs -p`; do at_pids="$at_pids $at_job_group$at_pid" done if test -n "$at_pids"; then at_sig=TSTP test "${TMOUT+set}" = set && at_sig=STOP kill -$at_sig $at_pids 2>/dev/null fi kill -STOP $$ test -z "$at_pids" || kill -CONT $at_pids 2>/dev/null' TSTP echo # Turn jobs into a list of numbers, starting from 1. at_joblist=`$as_echo "$at_groups" | sed -n 1,${at_jobs}p` set X $at_joblist shift for at_group in $at_groups; do $at_job_control_on 2>/dev/null ( # Start one test group. $at_job_control_off if $at_first; then exec 7>"$at_job_fifo" else exec 6<&- fi trap 'set +x; set +e trap "" PIPE echo stop > "$at_stop_file" echo >&7 as_fn_exit 141' PIPE at_fn_group_prepare if cd "$at_group_dir" && at_fn_test $at_group && . "$at_test_source" then :; else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unable to parse test group: $at_group" >&5 $as_echo "$as_me: WARNING: unable to parse test group: $at_group" >&2;} at_failed=: fi at_fn_group_postprocess echo >&7 ) & $at_job_control_off if $at_first; then at_first=false exec 6<"$at_job_fifo" 7>"$at_job_fifo" fi shift # Consume one token. if test $# -gt 0; then :; else read at_token <&6 || break set x $* fi test -f "$at_stop_file" && break done exec 7>&- # Read back the remaining ($at_jobs - 1) tokens. set X $at_joblist shift if test $# -gt 0; then shift for at_job do read at_token done <&6 fi exec 6<&- wait else # Run serially, avoid forks and other potential surprises. for at_group in $at_groups; do at_fn_group_prepare if cd "$at_group_dir" && at_fn_test $at_group && . "$at_test_source"; then :; else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unable to parse test group: $at_group" >&5 $as_echo "$as_me: WARNING: unable to parse test group: $at_group" >&2;} at_failed=: fi at_fn_group_postprocess test -f "$at_stop_file" && break at_first=false done fi # Wrap up the test suite with summary statistics. cd "$at_helper_dir" # Use ?..???? when the list must remain sorted, the faster * otherwise. at_pass_list=`for f in */pass; do echo $f; done | sed '/\*/d; s,/pass,,'` at_skip_list=`for f in */skip; do echo $f; done | sed '/\*/d; s,/skip,,'` at_xfail_list=`for f in */xfail; do echo $f; done | sed '/\*/d; s,/xfail,,'` at_xpass_list=`for f in ?/xpass ??/xpass ???/xpass ????/xpass; do echo $f; done | sed '/?/d; s,/xpass,,'` at_fail_list=`for f in ?/fail ??/fail ???/fail ????/fail; do echo $f; done | sed '/?/d; s,/fail,,'` set X $at_pass_list $at_xpass_list $at_xfail_list $at_fail_list $at_skip_list shift; at_group_count=$# set X $at_xpass_list; shift; at_xpass_count=$#; at_xpass_list=$* set X $at_xfail_list; shift; at_xfail_count=$# set X $at_fail_list; shift; at_fail_count=$#; at_fail_list=$* set X $at_skip_list; shift; at_skip_count=$# as_fn_arith $at_group_count - $at_skip_count && at_run_count=$as_val as_fn_arith $at_xpass_count + $at_fail_count && at_unexpected_count=$as_val as_fn_arith $at_xfail_count + $at_fail_count && at_total_fail_count=$as_val # Back to the top directory. cd "$at_dir" rm -rf "$at_helper_dir" # Compute the duration of the suite. at_stop_date=`date` at_stop_time=`date +%s 2>/dev/null` $as_echo "$as_me: ending at: $at_stop_date" >&5 case $at_start_time,$at_stop_time in [0-9]*,[0-9]*) as_fn_arith $at_stop_time - $at_start_time && at_duration_s=$as_val as_fn_arith $at_duration_s / 60 && at_duration_m=$as_val as_fn_arith $at_duration_m / 60 && at_duration_h=$as_val as_fn_arith $at_duration_s % 60 && at_duration_s=$as_val as_fn_arith $at_duration_m % 60 && at_duration_m=$as_val at_duration="${at_duration_h}h ${at_duration_m}m ${at_duration_s}s" $as_echo "$as_me: test suite duration: $at_duration" >&5 ;; esac echo $as_echo "## ------------- ## ## Test results. ## ## ------------- ##" echo { echo $as_echo "## ------------- ## ## Test results. ## ## ------------- ##" echo } >&5 if test $at_run_count = 1; then at_result="1 test" at_were=was else at_result="$at_run_count tests" at_were=were fi if $at_errexit_p && test $at_unexpected_count != 0; then if test $at_xpass_count = 1; then at_result="$at_result $at_were run, one passed" else at_result="$at_result $at_were run, one failed" fi at_result="$at_result unexpectedly and inhibited subsequent tests." at_color=$at_red else # Don't you just love exponential explosion of the number of cases? at_color=$at_red case $at_xpass_count:$at_fail_count:$at_xfail_count in # So far, so good. 0:0:0) at_result="$at_result $at_were successful." at_color=$at_grn ;; 0:0:*) at_result="$at_result behaved as expected." at_color=$at_lgn ;; # Some unexpected failures 0:*:0) at_result="$at_result $at_were run, $at_fail_count failed unexpectedly." ;; # Some failures, both expected and unexpected 0:*:1) at_result="$at_result $at_were run, $at_total_fail_count failed ($at_xfail_count expected failure)." ;; 0:*:*) at_result="$at_result $at_were run, $at_total_fail_count failed ($at_xfail_count expected failures)." ;; # No unexpected failures, but some xpasses *:0:*) at_result="$at_result $at_were run, $at_xpass_count passed unexpectedly." ;; # No expected failures, but failures and xpasses *:1:0) at_result="$at_result $at_were run, $at_unexpected_count did not behave as expected ($at_fail_count unexpected failure)." ;; *:*:0) at_result="$at_result $at_were run, $at_unexpected_count did not behave as expected ($at_fail_count unexpected failures)." ;; # All of them. *:*:1) at_result="$at_result $at_were run, $at_xpass_count passed unexpectedly, $at_total_fail_count failed ($at_xfail_count expected failure)." ;; *:*:*) at_result="$at_result $at_were run, $at_xpass_count passed unexpectedly, $at_total_fail_count failed ($at_xfail_count expected failures)." ;; esac if test $at_skip_count = 0 && test $at_run_count -gt 1; then at_result="All $at_result" fi fi # Now put skips in the mix. case $at_skip_count in 0) ;; 1) at_result="$at_result 1 test was skipped." ;; *) at_result="$at_result $at_skip_count tests were skipped." ;; esac if test $at_unexpected_count = 0; then echo "$at_color$at_result$at_std" echo "$at_result" >&5 else echo "${at_color}ERROR: $at_result$at_std" >&2 echo "ERROR: $at_result" >&5 { echo $as_echo "## ------------------------ ## ## Summary of the failures. ## ## ------------------------ ##" # Summary of failed and skipped tests. if test $at_fail_count != 0; then echo "Failed tests:" $SHELL "$at_myself" $at_fail_list --list echo fi if test $at_skip_count != 0; then echo "Skipped tests:" $SHELL "$at_myself" $at_skip_list --list echo fi if test $at_xpass_count != 0; then echo "Unexpected passes:" $SHELL "$at_myself" $at_xpass_list --list echo fi if test $at_fail_count != 0; then $as_echo "## ---------------------- ## ## Detailed failed tests. ## ## ---------------------- ##" echo for at_group in $at_fail_list do at_group_normalized=$at_group eval 'while :; do case $at_group_normalized in #( '"$at_format"'*) break;; esac at_group_normalized=0$at_group_normalized done' cat "$at_suite_dir/$at_group_normalized/$as_me.log" echo done echo fi if test -n "$at_top_srcdir"; then sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## ${at_top_build_prefix}config.log ## _ASBOX sed 's/^/| /' ${at_top_build_prefix}config.log echo fi } >&5 sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## $as_me.log was created. ## _ASBOX echo if $at_debug_p; then at_msg='per-test log files' else at_msg="\`${at_testdir+${at_testdir}/}$as_me.log'" fi $as_echo "Please send $at_msg and all information you think might help: To: Subject: [firewalld 1.1.1] $as_me: $at_fail_list${at_fail_list:+ failed${at_xpass_list:+, }}$at_xpass_list${at_xpass_list:+ passed unexpectedly} You may investigate any problem if you feel able to do so, in which case the test suite provides a good starting point. Its output may be found below \`${at_testdir+${at_testdir}/}$as_me.dir'. " exit 1 fi exit 0 ## ------------- ## ## Actual tests. ## ## ------------- ## #AT_START_1 at_fn_group_banner 1 'rhbz1773809.at:1' \ "NM overrides interface on reload" " " 1 at_xfail=no ( $as_echo "1. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1773809.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1773809.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF $as_echo "rhbz1773809.at:1" >"$at_check_line_file" ( ip netns exec fwd-test-${at_group_normalized} pgrep firewalld >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:1" $as_echo "rhbz1773809.at:1" >"$at_check_line_file" (! test -r /usr/share/dbus-1/system.d/FirewallD.conf) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:1" $as_echo "rhbz1773809.at:1" >"$at_check_line_file" (! test -r /usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:1" $as_echo "rhbz1773809.at:1" >"$at_check_line_file" (! test -r /usr/share/polkit-1/actions/org.fedoraproject.FirewallD1.policy) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:1" cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1773809.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:1: ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1773809.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1773809.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:1" $as_echo "rhbz1773809.at:4" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} which NetworkManager >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:4" $as_echo "rhbz1773809.at:4" >"$at_check_line_file" ( ip netns exec fwd-test-${at_group_normalized} pgrep NetworkManager >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:4" $as_echo "rhbz1773809.at:4" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} which nmcli >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:4" cat >./NetworkManager.conf <<'_ATEOF' [main] plugins= [logging] #level=DEBUG #domains=ALL _ATEOF NM_ARGS="--no-daemon --config ./NetworkManager.conf" ip netns exec fwd-test-${at_group_normalized} NetworkManager $NM_ARGS & if test $? -ne 0; then $as_echo "rhbz1773809.at:4" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:4" fi echo "$!" > networkmanager.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if ip netns exec fwd-test-${at_group_normalized} nmcli general status >/dev/null 2>&1 ; then up=1 break fi sleep 1 done $as_echo "rhbz1773809.at:4" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:4" $as_echo "rhbz1773809.at:6" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:6" { set +x $as_echo "$at_srcdir/rhbz1773809.at:6: ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli connection add type dummy con-name dummy0 ifname dummy0 ip4 10.0.0.2 gw4 10.0.0.1; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1773809.at:6" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli connection add type dummy con-name dummy0 ifname dummy0 ip4 10.0.0.2 gw4 10.0.0.1; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:6" $at_failed && at_fn_log_failure $at_traceon; } echo ip netns exec fwd-test-${at_group_normalized} nmcli connection delete dummy0 >> ./cleanup $as_echo "rhbz1773809.at:8" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:8" { set +x $as_echo "$at_srcdir/rhbz1773809.at:8: ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli connection show dummy0; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1773809.at:8" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli connection show dummy0; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:8" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1773809.at:9" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:9" { set +x $as_echo "$at_srcdir/rhbz1773809.at:9: ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli connection up dummy0; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1773809.at:9" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli connection up dummy0; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:9" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rhbz1773809.at:13: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --zone internal --add-interface dummy0" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone internal --add-interface dummy0" "rhbz1773809.at:13" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone internal --add-interface dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:14: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:14" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:14: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:14" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:17: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone trusted --change-interface dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:17" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone trusted --change-interface dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:17" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1773809.at:18" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1773809.at:18" { set +x $as_echo "$at_srcdir/rhbz1773809.at:18: ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli -f connection.zone connection show dummy0; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1773809.at:18" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli -f connection.zone connection show dummy0; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "connection.zone: trusted " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:22: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:22" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:22: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:22" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1773809.at:23: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1773809.at:23" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "trusted " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1773809.at:23" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1773809.at:27" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1773809.at:27" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_1 #AT_START_2 at_fn_group_banner 2 'rhbz1928860.at:1' \ "reload don't consider non IP capable interfaces" "" 1 at_xfail=no ( $as_echo "2. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1928860.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1928860.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1928860.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1928860.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1928860.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1928860.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1928860.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1928860.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF $as_echo "rhbz1928860.at:1" >"$at_check_line_file" ( ip netns exec fwd-test-${at_group_normalized} pgrep firewalld >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1928860.at:1" $as_echo "rhbz1928860.at:1" >"$at_check_line_file" (! test -r /usr/share/dbus-1/system.d/FirewallD.conf) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1928860.at:1" $as_echo "rhbz1928860.at:1" >"$at_check_line_file" (! test -r /usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1928860.at:1" $as_echo "rhbz1928860.at:1" >"$at_check_line_file" (! test -r /usr/share/polkit-1/actions/org.fedoraproject.FirewallD1.policy) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1928860.at:1" cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1928860.at:1: ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1928860.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1928860.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1928860.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1928860.at:1: ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1928860.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1928860.at:1: ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1928860.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1928860.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1928860.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1928860.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1928860.at:1" $as_echo "rhbz1928860.at:4" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} which NetworkManager >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1928860.at:4" $as_echo "rhbz1928860.at:4" >"$at_check_line_file" ( ip netns exec fwd-test-${at_group_normalized} pgrep NetworkManager >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1928860.at:4" $as_echo "rhbz1928860.at:4" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} which nmcli >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1928860.at:4" cat >./NetworkManager.conf <<'_ATEOF' [main] plugins= [logging] #level=DEBUG #domains=ALL _ATEOF NM_ARGS="--no-daemon --config ./NetworkManager.conf" ip netns exec fwd-test-${at_group_normalized} NetworkManager $NM_ARGS & if test $? -ne 0; then $as_echo "rhbz1928860.at:4" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1928860.at:4" fi echo "$!" > networkmanager.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if ip netns exec fwd-test-${at_group_normalized} nmcli general status >/dev/null 2>&1 ; then up=1 break fi sleep 1 done $as_echo "rhbz1928860.at:4" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1928860.at:4" $as_echo "rhbz1928860.at:7" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1928860.at:7" { set +x $as_echo "$at_srcdir/rhbz1928860.at:7: ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli connection add type ovs-bridge conn.interface ovs-br con-name ovs-br; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1928860.at:7" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli connection add type ovs-bridge conn.interface ovs-br con-name ovs-br; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:7" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1928860.at:8" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1928860.at:8" { set +x $as_echo "$at_srcdir/rhbz1928860.at:8: ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli connection add type ovs-port conn.interface ovs-interface-port master ovs-br con-name ovs-interface-port; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1928860.at:8" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli connection add type ovs-port conn.interface ovs-interface-port master ovs-br con-name ovs-interface-port; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:8" $at_failed && at_fn_log_failure $at_traceon; } echo ip netns exec fwd-test-${at_group_normalized} nmcli connection delete ovs-br >> ./cleanup echo ip netns exec fwd-test-${at_group_normalized} nmcli connection delete ovs-interface-port >> ./cleanup $as_echo "rhbz1928860.at:13" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1928860.at:13" { set +x $as_echo "$at_srcdir/rhbz1928860.at:13: ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli connection up ovs-br; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1928860.at:13" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli connection up ovs-br; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:13" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1928860.at:14" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} nmcli connection show >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1928860.at:14" { set +x $as_echo "$at_srcdir/rhbz1928860.at:14: ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nmcli connection up ovs-interface-port; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1928860.at:14" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nmcli connection up ovs-interface-port; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1928860.at:24: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1928860.at:24" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1928860.at:24: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1928860.at:24" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1928860.at:24" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1928860.at:26" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1928860.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_2 #AT_START_3 at_fn_group_banner 3 'polkit_auth_server.at:1' \ "polkit - auth server" " " 2 at_xfail=no ( $as_echo "3. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/polkit_auth_server.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/polkit_auth_server.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "polkit_auth_server.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/polkit_auth_server.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "polkit_auth_server.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/polkit_auth_server.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF $as_echo "polkit_auth_server.at:1" >"$at_check_line_file" ( ip netns exec fwd-test-${at_group_normalized} pgrep firewalld >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_server.at:1" $as_echo "polkit_auth_server.at:1" >"$at_check_line_file" (! test -r /usr/share/dbus-1/system.d/FirewallD.conf) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_server.at:1" $as_echo "polkit_auth_server.at:1" >"$at_check_line_file" (! test -r /usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_server.at:1" $as_echo "polkit_auth_server.at:1" >"$at_check_line_file" (! test -r /usr/share/polkit-1/actions/org.fedoraproject.FirewallD1.policy) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_server.at:1" cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/polkit_auth_server.at:1: ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/polkit_auth_server.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "polkit_auth_server.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/polkit_auth_server.at:1: ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:1: ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "polkit_auth_server.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/polkit_auth_server.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "polkit_auth_server.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/polkit_auth_server.at:1" $as_echo "polkit_auth_server.at:4" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} which sudo >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_server.at:4" $as_echo "polkit_auth_server.at:5" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} which getent >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_server.at:5" $as_echo "polkit_auth_server.at:6" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} getent passwd nobody >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_server.at:6" FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/polkit_auth_server.at:16: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy-server" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy-server" "polkit_auth_server.at:16" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy-server ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:16" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "polkit_auth_server.at:17" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/polkit_auth_server.at:17" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "polkit_auth_server.at:17" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/polkit_auth_server.at:17" { set +x $as_echo "$at_srcdir/polkit_auth_server.at:25: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:25" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/polkit_auth_server.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:26: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:26" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/polkit_auth_server.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:29: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --add-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:29" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/polkit_auth_server.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:30: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:30" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:33: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:33" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/polkit_auth_server.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:34: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:34" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:34" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:37: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:37" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/polkit_auth_server.at:37" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:38: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:38" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:41: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --direct --get-all-rules " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:41" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --direct --get-all-rules ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/polkit_auth_server.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:42: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:42" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:45: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --add-lockdown-whitelist-command=\"/usr/bin/firewall-cmd\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:45" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-lockdown-whitelist-command="/usr/bin/firewall-cmd" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/polkit_auth_server.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:46: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-command=\"/usr/bin/firewall-cmd\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:46" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-command="/usr/bin/firewall-cmd" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_server.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:49: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --query-lockdown " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:49" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-lockdown ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/polkit_auth_server.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_server.at:50: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_server.at:50" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/polkit_auth_server.at:50" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "polkit_auth_server.at:52" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/polkit_auth_server.at:52" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_3 #AT_START_4 at_fn_group_banner 4 'polkit_auth_desktop.at:1' \ "polkit - auth desktop" " " 2 at_xfail=no ( $as_echo "4. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "polkit_auth_desktop.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "polkit_auth_desktop.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF $as_echo "polkit_auth_desktop.at:1" >"$at_check_line_file" ( ip netns exec fwd-test-${at_group_normalized} pgrep firewalld >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_desktop.at:1" $as_echo "polkit_auth_desktop.at:1" >"$at_check_line_file" (! test -r /usr/share/dbus-1/system.d/FirewallD.conf) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_desktop.at:1" $as_echo "polkit_auth_desktop.at:1" >"$at_check_line_file" (! test -r /usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_desktop.at:1" $as_echo "polkit_auth_desktop.at:1" >"$at_check_line_file" (! test -r /usr/share/polkit-1/actions/org.fedoraproject.FirewallD1.policy) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_desktop.at:1" cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:1: ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "polkit_auth_desktop.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:1: ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:1: ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "polkit_auth_desktop.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/polkit_auth_desktop.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "polkit_auth_desktop.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/polkit_auth_desktop.at:1" $as_echo "polkit_auth_desktop.at:4" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} which sudo >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_desktop.at:4" $as_echo "polkit_auth_desktop.at:5" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} which getent >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_desktop.at:5" $as_echo "polkit_auth_desktop.at:6" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} getent passwd nobody >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/polkit_auth_desktop.at:6" FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:16: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy-desktop" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy-desktop" "polkit_auth_desktop.at:16" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy-desktop ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:16" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "polkit_auth_desktop.at:17" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/polkit_auth_desktop.at:17" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "polkit_auth_desktop.at:17" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/polkit_auth_desktop.at:17" { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:25: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:25" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/polkit_auth_desktop.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:26: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:26" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/polkit_auth_desktop.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:29: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --add-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:29" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/polkit_auth_desktop.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:30: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:30" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:33: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:33" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:34: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:34" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:34" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:37: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:37" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/polkit_auth_desktop.at:37" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:38: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:38" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:41: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --direct --get-all-rules " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:41" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --direct --get-all-rules ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:42: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:42" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:45: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --add-lockdown-whitelist-command=\"/usr/bin/firewall-cmd\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:45" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-lockdown-whitelist-command="/usr/bin/firewall-cmd" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/polkit_auth_desktop.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:46: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-command=\"/usr/bin/firewall-cmd\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:46" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-command="/usr/bin/firewall-cmd" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_auth_desktop.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:49: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --query-lockdown " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:49" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-lockdown ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/polkit_auth_desktop.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_auth_desktop.at:50: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_auth_desktop.at:50" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/polkit_auth_desktop.at:50" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "polkit_auth_desktop.at:52" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/polkit_auth_desktop.at:52" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_4 #AT_START_5 at_fn_group_banner 5 'polkit_restart.at:1' \ "polkit - restart" " " 2 at_xfail=no ( $as_echo "5. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/polkit_restart.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/polkit_restart.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "polkit_restart.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/polkit_restart.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "polkit_restart.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/polkit_restart.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF $as_echo "polkit_restart.at:1" >"$at_check_line_file" ( ip netns exec fwd-test-${at_group_normalized} pgrep firewalld >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/polkit_restart.at:1" $as_echo "polkit_restart.at:1" >"$at_check_line_file" (! test -r /usr/share/dbus-1/system.d/FirewallD.conf) \ && at_fn_check_skip 77 "$at_srcdir/polkit_restart.at:1" $as_echo "polkit_restart.at:1" >"$at_check_line_file" (! test -r /usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service) \ && at_fn_check_skip 77 "$at_srcdir/polkit_restart.at:1" $as_echo "polkit_restart.at:1" >"$at_check_line_file" (! test -r /usr/share/polkit-1/actions/org.fedoraproject.FirewallD1.policy) \ && at_fn_check_skip 77 "$at_srcdir/polkit_restart.at:1" cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/polkit_restart.at:1: ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/polkit_restart.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "polkit_restart.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/polkit_restart.at:1: ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_restart.at:1: ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "polkit_restart.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/polkit_restart.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "polkit_restart.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/polkit_restart.at:1" $as_echo "polkit_restart.at:4" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} which sudo >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/polkit_restart.at:4" $as_echo "polkit_restart.at:5" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} which getent >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/polkit_restart.at:5" $as_echo "polkit_restart.at:6" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} getent passwd nobody >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/polkit_restart.at:6" $as_echo "polkit_restart.at:7" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} systemctl >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/polkit_restart.at:7" FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/polkit_restart.at:9: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy-server" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy-server" "polkit_restart.at:9" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy-server ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:9" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "polkit_restart.at:10" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/polkit_restart.at:10" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "polkit_restart.at:10" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/polkit_restart.at:10" { set +x $as_echo "$at_srcdir/polkit_restart.at:14: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:14" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/polkit_restart.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_restart.at:15: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --add-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:15" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/polkit_restart.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_restart.at:16: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:16" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_restart.at:17: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:17" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_restart.at:19: ip netns exec fwd-test-\${at_group_normalized} systemctl restart polkit " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:19" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} systemctl restart polkit ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_restart.at:21: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:21" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/polkit_restart.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_restart.at:22: ip netns exec fwd-test-\${at_group_normalized} sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --add-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:22" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/polkit_restart.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_restart.at:23: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:23" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/polkit_restart.at:24: ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "polkit_restart.at:24" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/polkit_restart.at:24" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "polkit_restart.at:26" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/polkit_restart.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_5 #AT_START_6 at_fn_group_banner 6 'dbus_auth_uid.at:1' \ "dbus - UID auth, no polkit" " " 3 at_xfail=no ( $as_echo "6. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "dbus_auth_uid.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/dbus_auth_uid.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "dbus_auth_uid.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/dbus_auth_uid.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "dbus_auth_uid.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/dbus_auth_uid.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "dbus_auth_uid.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/dbus_auth_uid.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF $as_echo "dbus_auth_uid.at:1" >"$at_check_line_file" ( ip netns exec fwd-test-${at_group_normalized} pgrep firewalld >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/dbus_auth_uid.at:1" $as_echo "dbus_auth_uid.at:1" >"$at_check_line_file" (! test -r /usr/share/dbus-1/system.d/FirewallD.conf) \ && at_fn_check_skip 77 "$at_srcdir/dbus_auth_uid.at:1" $as_echo "dbus_auth_uid.at:1" >"$at_check_line_file" (! test -r /usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service) \ && at_fn_check_skip 77 "$at_srcdir/dbus_auth_uid.at:1" $as_echo "dbus_auth_uid.at:1" >"$at_check_line_file" (! test -r /usr/share/polkit-1/actions/org.fedoraproject.FirewallD1.policy) \ && at_fn_check_skip 77 "$at_srcdir/dbus_auth_uid.at:1" cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:1: ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "dbus_auth_uid.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/dbus_auth_uid.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "dbus_auth_uid.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/dbus_auth_uid.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:1: ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "dbus_auth_uid.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/dbus_auth_uid.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:1: ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "dbus_auth_uid.at:1" ( $at_check_trace; ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/dbus_auth_uid.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "dbus_auth_uid.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/dbus_auth_uid.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "dbus_auth_uid.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/dbus_auth_uid.at:1" $as_echo "dbus_auth_uid.at:4" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} which sudo >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/dbus_auth_uid.at:4" $as_echo "dbus_auth_uid.at:5" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} which getent >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/dbus_auth_uid.at:5" $as_echo "dbus_auth_uid.at:6" >"$at_check_line_file" (! ip netns exec fwd-test-${at_group_normalized} getent passwd nobody >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/dbus_auth_uid.at:6" echo "systemctl unmask polkit" >> ./cleanup systemctl mask polkit systemctl stop polkit { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:19: sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --add-service http" at_fn_check_prepare_dynamic "sudo -E -u nobody env PATH=\"$PATH\" firewall-cmd --add-service http" "dbus_auth_uid.at:19" ( $at_check_trace; sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/dbus_auth_uid.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:20: sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --list-all" at_fn_check_prepare_dynamic "sudo -E -u nobody env PATH=\"$PATH\" firewall-cmd --list-all" "dbus_auth_uid.at:20" ( $at_check_trace; sudo -E -u nobody env PATH="$PATH" firewall-cmd --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/dbus_auth_uid.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:21: sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --query-panic" at_fn_check_prepare_dynamic "sudo -E -u nobody env PATH=\"$PATH\" firewall-cmd --query-panic" "dbus_auth_uid.at:21" ( $at_check_trace; sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/dbus_auth_uid.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:22: sudo -E -u nobody env PATH=\"\$PATH\" firewall-cmd --state" at_fn_check_prepare_dynamic "sudo -E -u nobody env PATH=\"$PATH\" firewall-cmd --state" "dbus_auth_uid.at:22" ( $at_check_trace; sudo -E -u nobody env PATH="$PATH" firewall-cmd --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 253 $at_status "$at_srcdir/dbus_auth_uid.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:23: firewall-cmd --add-service http" at_fn_check_prepare_trace "dbus_auth_uid.at:23" ( $at_check_trace; firewall-cmd --add-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/dbus_auth_uid.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:24: firewall-cmd --list-all" at_fn_check_prepare_trace "dbus_auth_uid.at:24" ( $at_check_trace; firewall-cmd --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/dbus_auth_uid.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:25: firewall-cmd --query-panic" at_fn_check_prepare_trace "dbus_auth_uid.at:25" ( $at_check_trace; firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/dbus_auth_uid.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/dbus_auth_uid.at:26: firewall-cmd --state" at_fn_check_prepare_trace "dbus_auth_uid.at:26" ( $at_check_trace; firewall-cmd --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/dbus_auth_uid.at:26" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "dbus_auth_uid.at:28" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/dbus_auth_uid.at:28" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_6 firewalld-1.1.1/src/tests/integration/dbus_auth_uid.at0000644000000000000000000000236114217342322023104 0ustar00rootroot00000000000000FWD_START_TEST([dbus - UID auth, no polkit]) AT_KEYWORDS(dbus auth) AT_SKIP_IF([! NS_CMD([which sudo >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([which getent >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([getent passwd nobody >/dev/null 2>&1])]) dnl polkit will automatically be started by dbus. The only way to prevent it is dnl to mask the service. polkit must be stopped to exercises the UID auth. dnl echo "systemctl unmask polkit" >> ./cleanup systemctl mask polkit systemctl stop polkit dnl Verify we check the UID if polkit is not running. dnl dnl Note: must explicitly pass $PATH because sudo may scrub it. dnl AT_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-service http], 253, [ignore], [ignore]) AT_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --list-all], 253, [ignore], [ignore]) AT_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-panic], 253, [ignore], [ignore]) AT_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --state], 253, [ignore], [ignore]) AT_CHECK([firewall-cmd --add-service http], 0, [ignore], [ignore]) AT_CHECK([firewall-cmd --list-all], 0, [ignore], [ignore]) AT_CHECK([firewall-cmd --query-panic], 1, [ignore], [ignore]) AT_CHECK([firewall-cmd --state], 0, [ignore], [ignore]) FWD_END_TEST firewalld-1.1.1/src/tests/integration/polkit.at0000644000000000000000000000024114217342322021562 0ustar00rootroot00000000000000AT_BANNER([polkit]) m4_include([integration/polkit_auth_server.at]) m4_include([integration/polkit_auth_desktop.at]) m4_include([integration/polkit_restart.at]) firewalld-1.1.1/src/tests/integration/rhbz1773809.at0000644000000000000000000000156514217342322022022 0ustar00rootroot00000000000000FWD_START_TEST([NM overrides interface on reload]) AT_KEYWORDS(zone reload rhbz1773809) START_NETWORKMANAGER NMCLI_CHECK([connection add type dummy con-name dummy0 ifname dummy0 ip4 10.0.0.2 gw4 10.0.0.1], 0, [ignore]) echo NS_CMD([nmcli connection delete dummy0]) >> ./cleanup NMCLI_CHECK([connection show dummy0], 0, [ignore]) NMCLI_CHECK([connection up dummy0], 0, [ignore]) dnl Use firewall-offline-cmd otherwise the request will be forwarded to dnl NetworkManager. FWD_OFFLINE_CHECK([-q --zone internal --add-interface dummy0]) FWD_RELOAD dnl firewall-cmd should forward the request to NetworkManager. FWD_CHECK([-q --permanent --zone trusted --change-interface dummy0]) NMCLI_CHECK([-f connection.zone connection show dummy0], 0, [dnl connection.zone: trusted ]) FWD_RELOAD FWD_CHECK([--get-zone-of-interface dummy0], 0, [dnl trusted ]) FWD_END_TEST firewalld-1.1.1/src/tests/integration/polkit_auth_server.at0000644000000000000000000000472214217342322024201 0ustar00rootroot00000000000000FWD_START_TEST([polkit - auth server]) AT_KEYWORDS(dbus polkit auth) AT_SKIP_IF([! NS_CMD([which sudo >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([which getent >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([getent passwd nobody >/dev/null 2>&1])]) dnl This test verifies the different policy permissions. It does not verify dnl every (dbus API, policy) pair. It is only using a subset of the dbus dnl interfaces sufficient to verify the policy actions. It's only verifying dnl that policy kit auth is functional. dnl dnl A prime example of this is that both permanent and runtime config changes dnl fall under the "config" polkit action. FWD_OFFLINE_CHECK([--policy-server], 0, [ignore], [ignore]) FWD_RESTART dnl org.fedoraproject.FirewallD1.all dnl dnl implicitly covered by org.fedoraproject.FirewallD1.config because the CLI dnl does authorizeAll() when it has command sequences. dnl org.fedoraproject.FirewallD1.info NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-panic], 1, [ignore], [ignore]) NS_CHECK([firewall-cmd --query-panic], 1, [ignore], [ignore]) dnl org.fedoraproject.FirewallD1.config NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-service http], 253, [ignore], [ignore]) NS_CHECK([firewall-cmd --add-service http], 0, [ignore], [ignore]) dnl org.fedoraproject.FirewallD1.config.info NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --list-all], 253, [ignore], [ignore]) NS_CHECK([firewall-cmd --list-all], 0, [ignore], [ignore]) dnl org.fedoraproject.FirewallD1.direct NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -j ACCEPT], 253, [ignore], [ignore]) NS_CHECK([firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -j ACCEPT], 0, [ignore], [ignore]) dnl org.fedoraproject.FirewallD1.direct.info NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --direct --get-all-rules], 253, [ignore], [ignore]) NS_CHECK([firewall-cmd --direct --get-all-rules], 0, [ignore], [ignore]) dnl org.fedoraproject.FirewallD1.policies NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-lockdown-whitelist-command="/usr/bin/firewall-cmd"], 253, [ignore], [ignore]) NS_CHECK([firewall-cmd --add-lockdown-whitelist-command="/usr/bin/firewall-cmd"], 0, [ignore], [ignore]) dnl org.fedoraproject.FirewallD1.policies.info NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-lockdown], 253, [ignore], [ignore]) NS_CHECK([firewall-cmd --query-lockdown], 1, [ignore], [ignore]) FWD_END_TEST firewalld-1.1.1/src/tests/integration/dbus.at0000644000000000000000000000007514217342322021222 0ustar00rootroot00000000000000AT_BANNER([dbus]) m4_include([integration/dbus_auth_uid.at]) firewalld-1.1.1/src/tests/integration/networkmanager.at0000644000000000000000000000020114217342322023300 0ustar00rootroot00000000000000AT_BANNER([NetworkManager (FIREWALL_BACKEND)]) m4_include([integration/rhbz1773809.at]) m4_include([integration/rhbz1928860.at]) firewalld-1.1.1/src/tests/integration/polkit_auth_desktop.at0000644000000000000000000000471614217342322024347 0ustar00rootroot00000000000000FWD_START_TEST([polkit - auth desktop]) AT_KEYWORDS(dbus polkit auth) AT_SKIP_IF([! NS_CMD([which sudo >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([which getent >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([getent passwd nobody >/dev/null 2>&1])]) dnl This test verifies the different policy permissions. It does not verify dnl every (dbus API, policy) pair. It is only using a subset of the dbus dnl interfaces sufficient to verify the policy actions. It's only verifying dnl that policy kit auth is functional. dnl dnl A prime example of this is that both permanent and runtime config changes dnl fall under the "config" polkit action. FWD_OFFLINE_CHECK([--policy-desktop], 0, [ignore], [ignore]) FWD_RESTART dnl org.fedoraproject.FirewallD1.all dnl dnl implicitly covered by org.fedoraproject.FirewallD1.config because the CLI dnl does authorizeAll() when it has command sequences. dnl org.fedoraproject.FirewallD1.info NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-panic], 1, [ignore], [ignore]) NS_CHECK([firewall-cmd --query-panic], 1, [ignore], [ignore]) dnl org.fedoraproject.FirewallD1.config NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-service http], 253, [ignore], [ignore]) NS_CHECK([firewall-cmd --add-service http], 0, [ignore], [ignore]) dnl org.fedoraproject.FirewallD1.config.info NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --list-all], 0, [ignore], [ignore]) NS_CHECK([firewall-cmd --list-all], 0, [ignore], [ignore]) dnl org.fedoraproject.FirewallD1.direct NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -j ACCEPT], 253, [ignore], [ignore]) NS_CHECK([firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -j ACCEPT], 0, [ignore], [ignore]) dnl org.fedoraproject.FirewallD1.direct.info NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --direct --get-all-rules], 0, [ignore], [ignore]) NS_CHECK([firewall-cmd --direct --get-all-rules], 0, [ignore], [ignore]) dnl org.fedoraproject.FirewallD1.policies NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-lockdown-whitelist-command="/usr/bin/firewall-cmd"], 253, [ignore], [ignore]) NS_CHECK([firewall-cmd --add-lockdown-whitelist-command="/usr/bin/firewall-cmd"], 0, [ignore], [ignore]) dnl org.fedoraproject.FirewallD1.policies.info NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-lockdown], 1, [ignore], [ignore]) NS_CHECK([firewall-cmd --query-lockdown], 1, [ignore], [ignore]) FWD_END_TEST firewalld-1.1.1/src/tests/integration/testsuite.at0000644000000000000000000000061314217342322022314 0ustar00rootroot00000000000000AT_INIT AT_COLOR_TESTS dnl Override m4_include to avoid warning about inclusion dnl m4_define([m4_include], [m4_builtin([include], [$1])]) m4_define([TESTING_INTEGRATION]) m4_define([FIREWALL_BACKEND], [nftables]) m4_include([functions.at]) m4_include([integration/networkmanager.at]) m4_include([integration/polkit.at]) m4_include([integration/dbus.at]) m4_undefine([TESTING_INTEGRATION]) firewalld-1.1.1/src/tests/integration/polkit_restart.at0000644000000000000000000000223314217342322023331 0ustar00rootroot00000000000000FWD_START_TEST([polkit - restart]) AT_KEYWORDS(dbus polkit auth) AT_SKIP_IF([! NS_CMD([which sudo >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([which getent >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([getent passwd nobody >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([systemctl >/dev/null 2>&1])]) FWD_OFFLINE_CHECK([--policy-server], 0, [ignore], [ignore]) FWD_RESTART dnl Verify auth works before and after a policy kit restart dnl NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-panic], 1, [ignore], [ignore]) NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-service http], 253, [ignore], [ignore]) NS_CHECK([firewall-cmd --add-service http], 0, [ignore], [ignore]) NS_CHECK([firewall-cmd --remove-service http], 0, [ignore], [ignore]) NS_CHECK([systemctl restart polkit], 0, [ignore], [ignore]) NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --query-panic], 1, [ignore], [ignore]) NS_CHECK([sudo -E -u nobody env PATH="$PATH" firewall-cmd --add-service http], 253, [ignore], [ignore]) NS_CHECK([firewall-cmd --add-service http], 0, [ignore], [ignore]) NS_CHECK([firewall-cmd --remove-service http], 0, [ignore], [ignore]) FWD_END_TEST firewalld-1.1.1/src/tests/integration/rhbz1928860.at0000644000000000000000000000217214217342322022014 0ustar00rootroot00000000000000FWD_START_TEST([reload don't consider non IP capable interfaces]) AT_KEYWORDS(reload rhbz1928860) START_NETWORKMANAGER dnl OVS bridge and port NMCLI_CHECK([connection add type ovs-bridge conn.interface ovs-br con-name ovs-br], 0, [ignore]) NMCLI_CHECK([connection add type ovs-port conn.interface ovs-interface-port master ovs-br con-name ovs-interface-port], 0, [ignore]) echo NS_CMD([nmcli connection delete ovs-br]) >> ./cleanup echo NS_CMD([nmcli connection delete ovs-interface-port]) >> ./cleanup dnl Up them NMCLI_CHECK([connection up ovs-br], 0, [ignore]) NMCLI_CHECK([connection up ovs-interface-port], 0, [ignore]) dnl Omit the actual linux interface because it requires the OVS daemon to be dnl running. The bug is reproducible without it. dnl dnl NMCLI_CHECK([connection add type ovs-interface slave-type ovs-port conn.interface ovs-br master ovs-interface-port con-name ovs-interface ipv4.method disabled ipv6.method disabled], 0, [ignore]) dnl echo NS_CMD([nmcli connection delete ovs-interface]) >> ./cleanup dnl NMCLI_CHECK([connection up ovs-interface], 0, [ignore]) dnl just need to verify reload FWD_RELOAD FWD_END_TEST firewalld-1.1.1/src/tests/python/0000755000000000000000000000000014217353201016731 5ustar00rootroot00000000000000firewalld-1.1.1/src/tests/python/firewalld_config.py0000755000000000000000000003663314217342322022621 0ustar00rootroot00000000000000#!/usr/bin/python # -*- coding: utf-8 -*- # # Copyright (C) 2010-2012 Red Hat, Inc. # # Authors: # Thomas Woerner # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # To use in git tree: PYTHONPATH=.. python firewalld-test.py import sys import unittest import firewall from firewall.client import FirewallClient, \ FirewallClientZoneSettings, \ FirewallClientServiceSettings, \ FirewallClientIcmpTypeSettings from firewall.core.base import DEFAULT_ZONE_TARGET class TestFirewallDInterfaceConfig(unittest.TestCase): """ For testing of permanent changes, ie. those that survive restart: """ def setUp(self): unittest.TestCase.setUp(self) self.fw = FirewallClient() def tearDown(self): unittest.TestCase.tearDown(self) def test_zones(self): """ /org/fedoraproject/FirewallD1/config listZones() getZoneByName(String name) addZone(String name, Dict of {String, Variant} zone_settings) /org/fedoraproject/FirewallD1/config/zone/ getSettings() loadDefaults() update() rename() remove() """ print ("\nGetting invalid zone") self.assertRaisesRegexp(Exception, 'INVALID_ZONE', self.fw.config().getZoneByName, "dummyname") zone_version = "1.0" zone_short = "Testing" zone_description = "this is just a testing zone" zone_target = DEFAULT_ZONE_TARGET zone_services = ["dhcpv6-client", "ssh"] zone_ports = [("123", "tcp"), ("666-667", "udp")] zone_icmpblocks = ["redirect", "echo-reply"] zone_masquerade = False zone_forward_ports = [("443", "tcp", "441", "192.168.0.2"), ("123", "udp", "321", "192.168.1.1")] settings = FirewallClientZoneSettings() settings.setVersion(zone_version) settings.setShort(zone_short) settings.setDescription(zone_description) settings.setTarget(zone_target) settings.setServices(zone_services) settings.setPorts(zone_ports) settings.setIcmpBlocks(zone_icmpblocks) settings.setMasquerade(zone_masquerade) settings.setForwardPorts(zone_forward_ports) print ("Adding zone with name that already exists") self.assertRaisesRegexp(Exception, 'NAME_CONFLICT', self.fw.config().addZone, "home", settings) print ("Adding zone with empty name") self.assertRaisesRegexp(Exception, 'INVALID_NAME', self.fw.config().addZone, "", settings) zone_name = "test" print ("Adding proper zone") self.fw.config().addZone (zone_name, settings) print ("Checking the saved (permanent) settings") config_zone = self.fw.config().getZoneByName(zone_name) self.assertIsInstance(config_zone, firewall.client.FirewallClientConfigZone) zone_settings = config_zone.getSettings() self.assertIsInstance(zone_settings, firewall.client.FirewallClientZoneSettings) self.assertEquals(zone_settings.getVersion(), zone_version) self.assertEquals(zone_settings.getShort(), zone_short) self.assertEquals(zone_settings.getDescription(), zone_description) self.assertEquals(zone_settings.getTarget(), "default") self.assertEquals(zone_settings.getServices().sort(), zone_services.sort()) self.assertEquals(zone_settings.getPorts().sort(), zone_ports.sort()) self.assertEquals(zone_settings.getIcmpBlocks().sort(), zone_icmpblocks.sort()) self.assertEquals(zone_settings.getMasquerade(), zone_masquerade) self.assertEquals(zone_settings.getForwardPorts().sort(), zone_forward_ports.sort()) print ("Updating settings") zone_services.append("mdns") zone_settings.setServices(zone_services) config_zone.update(zone_settings) print ("Reloading firewalld") self.fw.reload() print ("Checking of runtime settings") self.assertTrue(zone_name in self.fw.getZones()) self.assertEquals(self.fw.getServices(zone_name).sort(), zone_services.sort()) self.assertEquals(self.fw.getPorts(zone_name).sort(), zone_ports.sort()) self.assertEquals(self.fw.getIcmpBlocks(zone_name).sort(), zone_icmpblocks.sort()) self.assertEquals(self.fw.queryMasquerade(zone_name), zone_masquerade) self.assertEquals(self.fw.getForwardPorts(zone_name).sort(), zone_forward_ports.sort()) print ("Checking that settings can be roundtripped through setZoneSettings") self.fw.setZoneSettings(zone_name, zone_settings) print ("Renaming zone to name that already exists") config_zone = self.fw.config().getZoneByName(zone_name) self.assertRaisesRegexp(Exception, 'NAME_CONFLICT', config_zone.rename, "home") new_zone_name = "renamed" print ("Renaming zone '%s' to '%s'" % (zone_name, new_zone_name)) config_zone.rename(new_zone_name) print ("Checking whether the zone '%s' is accessible (it shouldn't be)" % zone_name) self.assertRaisesRegexp(Exception, 'INVALID_ZONE', self.fw.config().getZoneByName, zone_name) print ("Checking whether the zone '%s' is accessible" % new_zone_name) config_zone = self.fw.config().getZoneByName(new_zone_name) zone_settings = config_zone.getSettings() self.assertEquals(zone_settings.getVersion(), zone_version) self.assertEquals(zone_settings.getShort(), zone_short) self.assertEquals(zone_settings.getDescription(), zone_description) self.assertEquals(zone_settings.getTarget(), "default") self.assertEquals(zone_settings.getServices().sort(), zone_services.sort()) self.assertEquals(zone_settings.getPorts().sort(), zone_ports.sort()) self.assertEquals(zone_settings.getIcmpBlocks().sort(), zone_icmpblocks.sort()) self.assertEquals(zone_settings.getMasquerade(), zone_masquerade) self.assertEquals(zone_settings.getForwardPorts().sort(), zone_forward_ports.sort()) print ("Removing the zone '%s'" % new_zone_name) config_zone.remove() print ("Checking whether the removed zone is accessible (it shouldn't be)") self.assertRaisesRegexp(Exception, 'INVALID_ZONE', self.fw.config().getZoneByName, new_zone_name) # TODO test loadDefaults() ? def test_services(self): """ /org/fedoraproject/FirewallD1/config listServices() getServiceByName(String name) addService(String name, Dict of {String, Variant} settings) /org/fedoraproject/FirewallD1/config/service/ getSettings() loadDefaults() update() rename() remove() """ print ("\nGetting invalid service") self.assertRaisesRegexp(Exception, 'INVALID_SERVICE', self.fw.config().getServiceByName, "dummyname") service_version = "1.0" service_short = "Testing" service_description = "this is just a testing service" service_ports = [("123", "tcp"), ("666-667", "udp")] service_modules = ["nf_conntrack_tftp"] service_destinations = {'ipv4': '1.2.3.4', 'ipv6': 'dead::beef'} settings = FirewallClientServiceSettings() # ["", "", "", [], [], {}] settings.setVersion(service_version) settings.setShort(service_short) settings.setDescription(service_description) settings.setPorts(service_ports) settings.setModules(service_modules) settings.setDestinations(service_destinations) print ("Adding service with name that already exists") self.assertRaisesRegexp(Exception, 'NAME_CONFLICT', self.fw.config().addService, "mdns", settings) print ("Adding service with empty name") self.assertRaisesRegexp(Exception, 'INVALID_NAME', self.fw.config().addService, "", settings) service_name = "test" print ("Adding proper service") self.fw.config().addService (service_name, settings) print ("Checking the saved (permanent) settings") config_service = self.fw.config().getServiceByName(service_name) self.assertIsInstance(config_service, firewall.client.FirewallClientConfigService) service_settings = config_service.getSettings() self.assertIsInstance(service_settings, firewall.client.FirewallClientServiceSettings) print ("Updating settings") service_modules.append("nf_conntrack_sip") service_destinations["ipv6"] = "3ffe:501:ffff::" service_settings.setModules(service_modules) service_settings.setDestinations(service_destinations) config_service.update(service_settings) self.assertEquals(service_settings.getVersion(), service_version) self.assertEquals(service_settings.getShort(), service_short) self.assertEquals(service_settings.getDescription(), service_description) self.assertEquals(service_settings.getPorts().sort(), service_ports.sort()) self.assertEquals(service_settings.getModules().sort(), service_modules.sort()) self.assertDictEqual(service_settings.getDestinations(), service_destinations) print ("Renaming service to name that already exists") config_service = self.fw.config().getServiceByName(service_name) self.assertRaisesRegexp(Exception, 'NAME_CONFLICT', config_service.rename, "mdns") new_service_name = "renamed" print ("Renaming service '%s' to '%s'" % (service_name, new_service_name)) config_service.rename(new_service_name) print ("Checking whether the service '%s' is accessible (it shouldn't be)" % service_name) self.assertRaisesRegexp(Exception, 'INVALID_SERVICE', self.fw.config().getServiceByName, service_name) print ("Checking whether the service '%s' is accessible" % new_service_name) config_service = self.fw.config().getServiceByName(new_service_name) service_settings = config_service.getSettings() self.assertEquals(service_settings.getVersion(), service_version) self.assertEquals(service_settings.getShort(), service_short) self.assertEquals(service_settings.getDescription(), service_description) self.assertEquals(service_settings.getPorts().sort(), service_ports.sort()) self.assertEquals(service_settings.getModules().sort(), service_modules.sort()) self.assertDictEqual(service_settings.getDestinations(), service_destinations) print ("Removing the service '%s'" % new_service_name) config_service.remove() print ("Checking whether the removed service is accessible (it shouldn't be)") self.assertRaisesRegexp(Exception, 'INVALID_SERVICE', self.fw.config().getServiceByName, new_service_name) # TODO test loadDefaults() ? def test_icmptypes(self): """ /org/fedoraproject/FirewallD1/config listIcmpTypes() getIcmpTypeByName(String name) addIcmpType(String name, Dict of {String, Variant} settings) /org/fedoraproject/FirewallD1/config/icmptype/ getSettings() loadDefaults() update() rename() remove() """ print ("\nGetting invalid icmp-type") self.assertRaisesRegexp(Exception, 'INVALID_ICMPTYPE', self.fw.config().getIcmpTypeByName, "dummyname") icmptype_version = "1.0" icmptype_short = "Testing" icmptype_description = "this is just a testing icmp type" icmptype_destinations = ['ipv4'] settings = FirewallClientIcmpTypeSettings() # ["", "", "", []] settings.setVersion(icmptype_version) settings.setShort(icmptype_short) settings.setDescription(icmptype_description) settings.setDestinations(icmptype_destinations) print ("Adding icmp type with name that already exists") self.assertRaisesRegexp(Exception, 'NAME_CONFLICT', self.fw.config().addIcmpType, "echo-reply", settings) print ("Adding icmp type with empty name") self.assertRaisesRegexp(Exception, 'INVALID_NAME', self.fw.config().addIcmpType, "", settings) icmptype_name = "test" print ("Adding proper icmp type") self.fw.config().addIcmpType (icmptype_name, settings) print ("Checking the saved (permanent) settings") config_icmptype = self.fw.config().getIcmpTypeByName(icmptype_name) self.assertIsInstance(config_icmptype, firewall.client.FirewallClientConfigIcmpType) icmptype_settings = config_icmptype.getSettings() self.assertIsInstance(icmptype_settings, firewall.client.FirewallClientIcmpTypeSettings) print ("Updating settings") icmptype_destinations.append("ipv6") icmptype_settings.setDestinations(icmptype_destinations) config_icmptype.update(icmptype_settings) self.assertEquals(icmptype_settings.getVersion(), icmptype_version) self.assertEquals(icmptype_settings.getShort(), icmptype_short) self.assertEquals(icmptype_settings.getDescription(), icmptype_description) self.assertEquals(icmptype_settings.getDestinations().sort(), icmptype_destinations.sort()) print ("Renaming icmp type to name that already exists") config_icmptype = self.fw.config().getIcmpTypeByName(icmptype_name) self.assertRaisesRegexp(Exception, 'NAME_CONFLICT', config_icmptype.rename, "echo-reply") new_icmptype_name = "renamed" print ("Renaming icmp type '%s' to '%s'" % (icmptype_name, new_icmptype_name)) config_icmptype.rename(new_icmptype_name) print ("Checking whether the icmp type '%s' is accessible (it shouldn't be)" % icmptype_name) self.assertRaisesRegexp(Exception, 'INVALID_ICMPTYPE', self.fw.config().getIcmpTypeByName, icmptype_name) print ("Checking whether the icmp type '%s' is accessible" % new_icmptype_name) config_icmptype = self.fw.config().getIcmpTypeByName(new_icmptype_name) icmptype_settings = config_icmptype.getSettings() self.assertEquals(icmptype_settings.getVersion(), icmptype_version) self.assertEquals(icmptype_settings.getShort(), icmptype_short) self.assertEquals(icmptype_settings.getDescription(), icmptype_description) self.assertEquals(icmptype_settings.getDestinations().sort(), icmptype_destinations.sort()) print ("Removing the icmp type '%s'" % new_icmptype_name) config_icmptype.remove() print ("Checking whether the removed icmp type is accessible (it shouldn't be)") self.assertRaisesRegexp(Exception, 'INVALID_ICMPTYPE', self.fw.config().getIcmpTypeByName, new_icmptype_name) # TODO test loadDefaults() ? if __name__ == '__main__': suite = unittest.TestLoader().loadTestsFromTestCase(TestFirewallDInterfaceConfig) results = unittest.TextTestRunner(verbosity=2).run(suite) sys.exit(0 if results.wasSuccessful() else 1) firewalld-1.1.1/src/tests/python/firewalld_direct.py0000755000000000000000000001433014217342322022614 0ustar00rootroot00000000000000#!/usr/bin/python # -*- coding: utf-8 -*- # # Copyright (C) 2012 Red Hat, Inc. # # Authors: # Thomas Woerner # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # To use in git tree: PYTHONPATH=.. python firewalld-test.py import dbus import sys import unittest from firewall import config from firewall.dbus_utils import dbus_to_python class TestFirewallDInterfaceDirect(unittest.TestCase): def setUp(self): unittest.TestCase.setUp(self) bus = dbus.SystemBus() dbus_obj = bus.get_object(config.dbus.DBUS_INTERFACE, config.dbus.DBUS_PATH) dbus_obj_config = bus.get_object(config.dbus.DBUS_INTERFACE, config.dbus.DBUS_PATH_CONFIG) self.fw = dbus.Interface(dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE) self.fw_direct = dbus.Interface( dbus_obj, dbus_interface=config.dbus.DBUS_INTERFACE_DIRECT) self.config_properties = dbus.Interface(dbus_obj_config, dbus_interface='org.freedesktop.DBus.Properties') self.config_properties.Set(config.dbus.DBUS_INTERFACE_CONFIG, "FlushAllOnReload", "no") self.fw.reload() # always have "direct_foo1" available self.fw_direct.addChain("ipv4", "filter", "direct_foo1") def tearDown(self): unittest.TestCase.tearDown(self) self.fw_direct.removeChain("ipv4", "filter", "direct_foo1") def test_add_removeChain(self): self.fw_direct.addChain("ipv4", "filter", "direct_foo2") # Re-adding self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_direct.addChain, "ipv4", "filter", "direct_foo2") ret = self.fw_direct.getChains("ipv4", "filter") self.assertTrue(len(ret)==2) # "direct_foo1" and "direct_foo2" #pprint (dbus_to_python(ret)) ret = self.fw_direct.queryChain("ipv4", "filter", "direct_foo2") self.assertTrue(dbus_to_python(ret)) self.fw_direct.removeChain("ipv4", "filter", "direct_foo2") # Re-removing self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_direct.removeChain, "ipv4", "filter", "direct_foo2") ret = self.fw_direct.getChains("ipv4", "filter") self.assertTrue(len(ret)==1) # "direct_foo1" ret = self.fw_direct.queryChain("ipv4", "filter", "direct_foo2") self.assertFalse(dbus_to_python(ret)) def test_add_removeRule(self): self.fw_direct.addRule("ipv4", "filter", "direct_foo1", 0, [ "-m", "tcp", "-p", "tcp", "--dport", "332", "-j", "ACCEPT" ]) self.fw_direct.addRule("ipv4", "filter", "direct_foo1", 0, [ "-m", "tcp", "-p", "tcp", "--dport", "333", "-j", "ACCEPT" ]) self.fw_direct.addRule("ipv4", "filter", "direct_foo1", 1, [ "-m", "tcp", "-p", "tcp", "--dport", "334", "-j", "ACCEPT" ]) self.fw_direct.addRule("ipv4", "filter", "direct_foo1", -5, [ "-m", "tcp", "-p", "tcp", "--dport", "331", "-j", "ACCEPT" ]) self.fw_direct.addRule("ipv4", "filter", "direct_foo1", -10, [ "-m", "tcp", "-p", "tcp", "--dport", "330", "-j", "ACCEPT" ]) self.fw_direct.addRule("ipv4", "filter", "direct_foo1", -5, [ "-m", "udp", "-p", "udp", "--dport", "331", "-j", "ACCEPT" ]) # Re-adding self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_direct.addRule, "ipv4", "filter", "direct_foo1", -5, [ "-m", "udp", "-p", "udp", "--dport", "331", "-j", "ACCEPT" ]) ret = self.fw_direct.queryRule("ipv4", "filter", "direct_foo1", -5, [ "-m", "udp", "-p", "udp", "--dport", "331", "-j", "ACCEPT" ]) self.assertTrue(dbus_to_python(ret)) ret = self.fw_direct.getRules("ipv4", "filter", "direct_foo1") self.assertTrue(len(ret) == 6) #pprint (dbus_to_python(ret)) self.fw_direct.removeRule("ipv4", "filter", "direct_foo1", -10, [ "-m", "tcp", "-p", "tcp", "--dport", "330", "-j", "ACCEPT" ]) self.fw_direct.removeRule("ipv4", "filter", "direct_foo1", -5, [ "-m", "tcp", "-p", "tcp", "--dport", "331", "-j", "ACCEPT" ]) self.fw_direct.removeRule("ipv4", "filter", "direct_foo1", -5, [ "-m", "udp", "-p", "udp", "--dport", "331", "-j", "ACCEPT" ]) self.fw_direct.removeRule("ipv4", "filter", "direct_foo1", 0, [ "-m", "tcp", "-p", "tcp", "--dport", "332", "-j", "ACCEPT" ]) self.fw_direct.removeRule("ipv4", "filter", "direct_foo1", 0, [ "-m", "tcp", "-p", "tcp", "--dport", "333", "-j", "ACCEPT" ]) self.fw_direct.removeRule("ipv4", "filter", "direct_foo1", 1, [ "-m", "tcp", "-p", "tcp", "--dport", "334", "-j", "ACCEPT" ]) # Re-removing self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_direct.removeRule, "ipv4", "filter", "direct_foo1", 1, [ "-m", "tcp", "-p", "tcp", "--dport", "334", "-j", "ACCEPT" ]) ret = self.fw_direct.queryRule("ipv4", "filter", "direct_foo1", 1, [ "-m", "tcp", "-p", "tcp", "--dport", "334", "-j", "ACCEPT" ]) self.assertFalse(dbus_to_python(ret)) ret = self.fw_direct.getRules("ipv4", "filter", "direct_foo1") self.assertTrue(ret == []) def test_passthrough(self): self.fw_direct.passthrough("ipv4", [ "-t", "filter", "-N", "foobar" ]) #fw_direct.passthrough("ipv4", [ "-t", "filter", "-L" ]) def test_reload(self): self.fw.reload() if __name__ == '__main__': suite = unittest.TestLoader().loadTestsFromTestCase(TestFirewallDInterfaceDirect) results = unittest.TextTestRunner(verbosity=2).run(suite) sys.exit(0 if results.wasSuccessful() else 1) firewalld-1.1.1/src/tests/python/firewalld_rich.py0000755000000000000000000000627114217342322022274 0ustar00rootroot00000000000000#!/usr/bin/python # -*- coding: utf-8 -*- # # Copyright (C) 2013 Red Hat, Inc. # # Authors: # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # To use in git tree: PYTHONPATH=.. python firewalld-test.py import dbus from firewall.client import FirewallClientConfig, FirewallClientZoneSettings bus = dbus.SystemBus() fw_config = FirewallClientConfig(bus) rule = ['rule service name=ftp audit limit value="1/m" accept ', 'rule protocol value=ah accept ', 'rule protocol value=esp accept '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone1", zone.settings) nz.remove() rule = ['rule family=ipv4 source address="192.168.0.0/24" service name=tftp log prefix=tftp level=info limit value=1/m accept'] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone2", zone.settings) nz.remove() rule = ['rule family=ipv4 source not address=192.168.0.0/24 service name=dns log prefix=dns level=info limit value=2/m accept '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone3", zone.settings) nz.remove() rule = ['rule family=ipv6 source address=1:2:3:4:6:: service name=radius log prefix=dns level=info limit value=3/m reject limit value=20/m '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone4", zone.settings) nz.remove() rule = ['rule family=ipv6 source address=1:2:3:4:5:: port port=4011 protocol=tcp log prefix="port 4011/tcp" level=info limit value=4/m drop '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone5", zone.settings) nz.remove() rule = ['rule family=ipv6 source address=1:2:3:4:6:: forward-port port=4011 protocol=tcp to-port=4012 to-addr=1::2:3:4:7 '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone6", zone.settings) nz.remove() rule = ['rule family=ipv4 source address=192.168.0.0/24 icmp-block name=source-quench log level=info prefix=source-quench limit value=4/m '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone7", zone.settings) nz.remove() rule = ['rule family=ipv6 source address=1:2:3:4:6:: icmp-block name=redirect log prefix=redirect level=info limit value=4/m '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone8", zone.settings) nz.remove() rule = ['rule family=ipv4 source address=192.168.1.0/24 masquerade ', 'rule family=ipv6 masquerade '] zone = FirewallClientZoneSettings() zone.setRichRules(rule) nz = fw_config.addZone("zone9", zone.settings) nz.remove() firewalld-1.1.1/src/tests/python/firewalld_test.py0000755000000000000000000003253514217342322022330 0ustar00rootroot00000000000000#!/usr/bin/python # -*- coding: utf-8 -*- # # Copyright (C) 2010-2012 Red Hat, Inc. # # Authors: # Thomas Woerner # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # To use in git tree: PYTHONPATH=.. python firewalld-test.py import dbus import sys import time import unittest from firewall.config.dbus import DBUS_PATH, DBUS_PATH_CONFIG, DBUS_INTERFACE, \ DBUS_INTERFACE_ZONE, DBUS_INTERFACE_CONFIG from firewall.dbus_utils import dbus_to_python from pprint import pprint class TestFirewallD(unittest.TestCase): """ For testing of temporary changes, ie. those that disappear with restart: adding/removing interfaces to zones, setting/changing of default zone adding/removing of services, ports, forward ports, icmp blocks """ def setUp(self): unittest.TestCase.setUp(self) bus = dbus.SystemBus() dbus_obj = bus.get_object(DBUS_INTERFACE, DBUS_PATH) dbus_obj_config = bus.get_object(DBUS_INTERFACE, DBUS_PATH_CONFIG) self.fw = dbus.Interface(dbus_obj, dbus_interface=DBUS_INTERFACE) self.fw_zone = dbus.Interface(dbus_obj, dbus_interface=DBUS_INTERFACE_ZONE) self.config_properties = dbus.Interface(dbus_obj_config, dbus_interface='org.freedesktop.DBus.Properties') self.config_properties.Set(DBUS_INTERFACE_CONFIG, "FlushAllOnReload", "no") self.fw.reload() def test_get_setDefaultZone(self): old_zone = dbus_to_python(self.fw.getDefaultZone()) print ("\nCurrent default zone is '%s'" % old_zone) self.fw_zone.addInterface("", "foo") self.fw_zone.addInterface(old_zone, "bar") print ("Setting default zone to 'external'") self.fw.setDefaultZone("external") # make sure the default zone was properly set self.assertEqual(self.fw.getDefaultZone(), "external") # check that *only* foo interface was moved to new default zone self.assertTrue(self.fw_zone.queryInterface("external", "foo")) self.assertTrue(self.fw_zone.queryInterface(old_zone, "bar")) print ("Re-setting default zone back to '%s'" % old_zone) self.fw.setDefaultZone(old_zone) self.fw_zone.removeInterface("", "foo") self.fw_zone.removeInterface("", "bar") def test_zone_getActiveZones(self): interface = "baz" zone = "home" print ("\nAdding interface '%s' to '%s' zone" % (interface, zone)) self.fw_zone.addInterface(zone, interface) print ("Getting active zones: ") ret = self.fw_zone.getActiveZones() self.assertTrue(len(ret)>0) pprint (dbus_to_python(ret)) self.fw_zone.removeInterface(zone, interface) #cleanup def test_zone_getZones(self): z = self.fw_zone.getZones() print ("\nZones:") pprint(dbus_to_python(z)) def test_zone_add_remove_queryInterface(self): interface = "foo" zone = "trusted" print ("\nAdding interface '%s' to '%s' zone" % (interface, zone)) ret = self.fw_zone.addInterface(zone, interface) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryInterface(zone, interface)) print ("Re-adding") self.assertRaisesRegexp(Exception, 'ZONE_ALREADY_SET', self.fw_zone.addInterface, zone, interface) zone = "block" print ("Re-adding interface '%s' to '%s' zone" % (interface, zone)) self.assertRaisesRegexp(Exception, 'ZONE_CONFLICT', self.fw_zone.addInterface, zone, interface) print ("Removing interface '%s' from '%s' zone" % (interface, zone)) self.assertRaisesRegexp(Exception, 'ZONE_CONFLICT', self.fw_zone.removeInterface, zone, interface) zone = "trusted" print ("Removing interface '%s' from '%s' zone" % (interface, zone)) ret = self.fw_zone.removeInterface(zone, interface) self.assertEqual(ret, zone) self.assertFalse(self.fw_zone.queryInterface(zone, interface)) print ("Re-removing") self.assertRaises(Exception, self.fw_zone.removeInterface, zone, interface) print ("Add again and remove interface '%s' from zone it belongs to" % interface) self.fw_zone.addInterface(zone, interface) self.assertTrue(self.fw_zone.queryInterface(zone, interface)) ret = self.fw_zone.removeInterface("", interface) self.assertEqual(ret, zone) self.assertFalse(self.fw_zone.queryInterface(zone, interface)) print ("Re-removing") self.assertRaises(Exception, self.fw_zone.removeInterface, "", interface) def test_zone_change_queryZone(self): interface = "foo" zone = "internal" print ("\nChanging zone of interface '%s' to '%s'" % (interface, zone)) ret = self.fw_zone.changeZone(zone, interface) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryInterface(zone, interface)) print ("Get zone of interface '%s': " % (interface)) ret = self.fw_zone.getZoneOfInterface(interface) self.assertEqual(ret, zone) print (dbus_to_python(ret)) self.fw_zone.removeInterface(zone, interface) #cleanup def test_zone_add_get_query_removeService(self): service = "samba" zone = "external" print ("\nAdding service '%s' to '%s' zone" % (service, zone)) ret = self.fw_zone.addService(zone, service, 0) self.assertEqual(ret, zone) print ("Re-adding") self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_zone.addService, zone, service, 0) print ("Get services of zone '%s'" % (zone)) ret = self.fw_zone.getServices(zone) self.assertTrue(len(ret)>0) pprint (dbus_to_python(ret)) print ("Removing service '%s' from '%s' zone" % (service, zone)) ret = self.fw_zone.removeService(zone, service) self.assertEqual(ret, zone) print ("Re-removing") self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_zone.removeService, zone, service) zone = "dmz" timeout = 2 print ("Adding timed service '%s' to '%s' zone, active for %d seconds" % (service, zone, timeout)) ret = self.fw_zone.addService(zone, service, timeout) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryService(zone, service)) time.sleep(timeout+1) print ("Checking if timeout has been working") self.assertFalse(self.fw_zone.queryService(zone, service)) def test_zone_add_get_query_removePort(self): port = "443" protocol="tcp" zone = "public" print ("\nAdding port '%s/%s' to '%s' zone" % (port, protocol, zone)) ret = self.fw_zone.addPort(zone, port, protocol, 0) self.assertEqual(ret, zone) print ("Re-adding port") self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_zone.addPort, zone, port, protocol, 0) print ("Get ports of zone '%s': " % (zone)) ret = self.fw_zone.getPorts(zone) self.assertTrue(len(ret)>0) pprint (dbus_to_python(ret)) print ("Removing port '%s/%s' from '%s' zone" % (port, protocol, zone)) ret = self.fw_zone.removePort(zone, port, protocol) self.assertEqual(ret, zone) print ("Re-removing") self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_zone.removePort, zone, port, protocol) port = "443-445" protocol="udp" zone = "dmz" timeout = 2 print ("Adding timed port '%s/%s' to '%s' zone, active for %d seconds" % (port, protocol, zone, timeout)) ret = self.fw_zone.addPort(zone, port, protocol, timeout) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryPort(zone, port, protocol)) time.sleep(timeout+1) print ("Checking if timeout has been working") self.assertFalse(self.fw_zone.queryPort(zone, port, protocol)) def test_zone_add_query_removeMasquerade(self): zone = "public" print ("\nAdd masquerade to '%s' zone" % (zone)) ret = self.fw_zone.addMasquerade(zone, 0) self.assertEqual(ret, zone) print ("Re-adding") self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_zone.addMasquerade, zone, 0) print ("Checking if masquerade is added to zone '%s'" % (zone)) self.assertTrue(self.fw_zone.queryMasquerade(zone)) print ("Remove masquerade from '%s' zone" % (zone)) ret = self.fw_zone.removeMasquerade(zone) self.assertEqual(ret, zone) print ("Re-adding") self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_zone.removeMasquerade, zone) zone = "dmz" timeout = 2 print ("Add timed masquerade to '%s' zone, active for %d seconds" % (zone, timeout)) ret = self.fw_zone.addMasquerade(zone, timeout) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryMasquerade(zone)) time.sleep(timeout+1) print ("Checking if timeout has been working") self.assertFalse(self.fw_zone.queryMasquerade(zone)) def test_zone_add_get_query_removeForwardPort(self): port = "443" protocol="tcp" toport = "441" toaddr = "192.168.0.2" zone = "public" print ("\nAdding forward port '%s/%s' to '%s:%s' to '%s' zone" % (port, protocol, toaddr, toport, zone)) ret = self.fw_zone.addForwardPort(zone, port, protocol, toport, toaddr, 0) self.assertEqual(ret, zone) print ("Re-adding") self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_zone.addForwardPort, zone, port, protocol, toport, toaddr, 0) print ("Get forward ports of zone '%s': " % (zone)) ret = self.fw_zone.getForwardPorts(zone) self.assertTrue(len(ret)>0) pprint (dbus_to_python(ret)) print ("Removing forward port '%s/%s' to '%s:%s' from '%s' zone" % (port, protocol, toaddr, toport, zone)) ret = self.fw_zone.removeForwardPort(zone, port, protocol, toport, toaddr) self.assertEqual(ret, zone) print ("Re-removing") self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_zone.removeForwardPort, zone, port, protocol, toport, toaddr) port = "443-445" protocol="udp" toport = "" toaddr = "192.168.0.3" zone = "dmz" timeout = 2 print ("Adding timed forward port '%s/%s' to '%s:%s' to '%s' zone, active for %d seconds" % (port, protocol, toaddr, toport, zone, timeout)) ret = self.fw_zone.addForwardPort(zone, port, protocol, toport, toaddr, timeout) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryForwardPort(zone, port, protocol, toport, toaddr)) time.sleep(timeout+1) print ("Checking if timeout has been working") self.assertFalse(self.fw_zone.queryForwardPort(zone, port, protocol, toport, toaddr)) def test_zone_add_get_query_removeIcmpBlock(self): icmp = "parameter-problem" zone = "external" print ("\nAdding icmp block '%s' to '%s' zone" % (icmp, zone)) ret = self.fw_zone.addIcmpBlock(zone, icmp, 0) self.assertEqual(ret, zone) print ("Re-adding") self.assertRaisesRegexp(Exception, 'ALREADY_ENABLED', self.fw_zone.addIcmpBlock, zone, icmp, 0) print ("Get icmp blocks of zone '%s': " % (zone)) ret = self.fw_zone.getIcmpBlocks(zone) self.assertTrue(len(ret)>0) pprint (dbus_to_python(ret)) print ("Removing icmp block '%s' from '%s' zone" % (icmp, zone)) ret = self.fw_zone.removeIcmpBlock(zone, icmp) self.assertEqual(ret, zone) print ("Re-removing") self.assertRaisesRegexp(Exception, 'NOT_ENABLED', self.fw_zone.removeIcmpBlock, zone, icmp) icmp = "redirect" zone = "dmz" timeout = 2 print ("Adding timed icmp block '%s' to '%s' zone, active for %d seconds: " % (icmp, zone, timeout)) ret = self.fw_zone.addIcmpBlock(zone, icmp, timeout) self.assertEqual(ret, zone) self.assertTrue(self.fw_zone.queryIcmpBlock(zone, icmp)) time.sleep(timeout+1) print ("Checking if timeout has been working: ") self.assertFalse(self.fw_zone.queryIcmpBlock(zone, icmp)) def test_reload(self): interface = "foo" zone = "work" self.fw_zone.addInterface(zone, interface) self.fw.reload() print ("\nChecking if interface remains in zone after service reload: ") self.assertTrue(self.fw_zone.queryInterface(zone, interface)) self.fw_zone.removeInterface(zone, interface) #cleanup if __name__ == '__main__': suite = unittest.TestLoader().loadTestsFromTestCase(TestFirewallD) results = unittest.TextTestRunner(verbosity=2).run(suite) sys.exit(0 if results.wasSuccessful() else 1) firewalld-1.1.1/src/tests/python/python.at0000644000000000000000000000135614217342322020607 0ustar00rootroot00000000000000AT_BANNER([python (FIREWALL_BACKEND)]) FWD_START_TEST([firewalld_test.py]) AT_KEYWORDS(python) NS_CHECK([$PYTHON $(dirname ${at_myself})/python/firewalld_test.py], 0, [ignore], [ignore]) FWD_END_TEST([ignore]) FWD_START_TEST([firewalld_config.py]) AT_KEYWORDS(python) NS_CHECK([$PYTHON $(dirname ${at_myself})/python/firewalld_config.py], 0, [ignore], [ignore]) FWD_END_TEST([ignore]) FWD_START_TEST([firewalld_rich.py]) AT_KEYWORDS(python) NS_CHECK([$PYTHON $(dirname ${at_myself})/python/firewalld_rich.py], 0, [ignore], [ignore]) FWD_END_TEST([ignore]) FWD_START_TEST([firewalld_direct.py]) AT_KEYWORDS(python) CHECK_IPTABLES NS_CHECK([$PYTHON $(dirname ${at_myself})/python/firewalld_direct.py], 0, [ignore], [ignore]) FWD_END_TEST([ignore]) firewalld-1.1.1/src/tests/regression/0000755000000000000000000000000014217353201017570 5ustar00rootroot00000000000000firewalld-1.1.1/src/tests/regression/rhbz1779835.at0000644000000000000000000000321314217342322021654 0ustar00rootroot00000000000000FWD_START_TEST([ipv6 address with brackets]) AT_KEYWORDS(rhbz1779835 ipset) CHECK_IPSET IF_HOST_SUPPORTS_IPV6_RULES([], [AT_SKIP_IF([:])]) dnl ipset FWD_CHECK([-q --permanent --new-ipset=foobar --type=hash:ip --family=inet6]) FWD_CHECK([[-q --permanent --ipset foobar --add-entry='[1234::4321]']]) FWD_CHECK([-q --permanent --new-ipset=foobar2 --type=hash:net --family=inet6]) FWD_CHECK([[-q --permanent --ipset foobar2 --add-entry='[1234::]/64']]) FWD_RELOAD FWD_END_TEST FWD_START_TEST([ipv6 address with brackets]) AT_KEYWORDS(rhbz1779835 zone forward_port rich) IF_HOST_SUPPORTS_IPV6_RULES([], [AT_SKIP_IF([:])]) dnl zone source FWD_CHECK([[-q --zone internal --add-source='[::1234]']]) FWD_CHECK([[-q --zone internal --add-source='[1234::]/64']]) dnl forward ports FWD_CHECK([[-q --zone internal --add-forward-port=port=1234:proto=tcp:toport=4321:toaddr=[::1234]]]) FWD_CHECK([[-q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] forward-port port="1234" protocol=tcp to-port="4321" to-addr="[::1234]"']]) FWD_CHECK([[-q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 forward-port port="1234" protocol=tcp to-port="4321" to-addr="[::1234]"']]) dnl rich rule source/destination FWD_CHECK([[-q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] accept']]) FWD_CHECK([[-q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 accept']]) FWD_CHECK([[-q --zone internal --add-rich-rule='rule family=ipv6 destination address=[::4321] accept']]) FWD_CHECK([[-q --zone internal --add-rich-rule='rule family=ipv6 destination address=[1234::]/64 accept']]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1541077.at0000644000000000000000000000060714217342322021641 0ustar00rootroot00000000000000FWD_START_TEST([hash:mac and family mutually exclusive]) AT_KEYWORDS(ipset rhbz1541077) FWD_CHECK([--permanent --new-ipset hashmacv6 --type hash:mac --family inet6], 2, [ignore], [ignore]) FWD_CHECK([--new-ipset hashmacv6 --type hash:mac --family inet6], 2, [ignore], [ignore]) FWD_OFFLINE_CHECK([--new-ipset hashmacv6 --type hash:mac --family inet6], 2, [ignore], [ignore]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1936896.at0000644000000000000000000000142114217342322021655 0ustar00rootroot00000000000000FWD_START_TEST([ipset type hash:net,net]) AT_KEYWORDS(rhbz1936896) CHECK_IPSET FWD_CHECK([-q --permanent --new-ipset testset --type hash:net,net]) FWD_CHECK([--permanent --ipset=testset --add-entry=192.168.0.0/24,10.0.1.0/24], 0, ignore) FWD_RELOAD FWD_CHECK([--permanent --info-ipset=testset | TRIM_WHITESPACE], 0, [m4_strip([dnl testset type: hash:net,net options: entries: 192.168.0.0/24,10.0.1.0/24 ])]) IPSET_LIST_SET([testset], 0, [dnl Name: testset Type: hash:net,net Members: 192.168.0.0/24,10.0.1.0/24 ]) NFT_LIST_SET([testset], 0, [dnl table inet firewalld { set testset { type ipv4_addr . ipv4_addr flags interval elements = { 192.168.0.0/24 . 10.0.1.0/24 } } } ]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1498923.at0000644000000000000000000000326514217342322021657 0ustar00rootroot00000000000000FWD_START_TEST([invalid direct rule causes reload error]) AT_KEYWORDS(direct reload rhbz1498923) CHECK_IPTABLES dnl Verify runtime interface to zone assignment is gone after reload AT_CHECK([sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf]) FWD_RELOAD FWD_CHECK([-q --zone=public --add-interface=foobar0]) FWD_CHECK([--get-zone-of-interface=foobar0], 0, [dnl public ]) FWD_RELOAD FWD_CHECK([--get-zone-of-interface=foobar0], 2, [], [dnl no zone ]) dnl Below we test retention of some items applicable to FlushAllOnReload=no AT_CHECK([sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf]) FWD_RELOAD FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 8080 -j ACCEPT]) FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 1 --a-bogus-flag]) dnl add some non-permanent things that should persist a reload FWD_CHECK([-q --zone=public --add-interface=foobar0]) FWD_CHECK([-q --direct --direct --add-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT]) FWD_RELOAD(13, [ignore], [ignore], 251) FWD_CHECK([--state], 251, [ignore], [failed ]) dnl verify the non-permanent stuff we set above remained FWD_CHECK([--get-zone-of-interface=foobar0], 0, [dnl public ]) FWD_CHECK([-q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT]) dnl now remove the bad rule and reload successfully FWD_CHECK([-q --permanent --direct --remove-rule ipv4 filter INPUT 1 --a-bogus-flag]) FWD_RELOAD dnl verify the non-permanent stuff we set above remained FWD_CHECK([--get-zone-of-interface=foobar0], 0, [dnl public ]) FWD_CHECK([-q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT]) FWD_END_TEST([-e '/.*a-bogus-flag.*/d']) firewalld-1.1.1/src/tests/regression/rhbz1829104.at0000644000000000000000000000762014217342322021643 0ustar00rootroot00000000000000m4_if(iptables, FIREWALL_BACKEND, [ FWD_START_TEST([direct rule in zone chain]) AT_KEYWORDS(direct rhbz1829104) CHECK_IPTABLES FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 raw PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 mangle PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 nat PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 filter IN_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 filter FWD_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 filter FWD_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 filter FWD_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 filter FWD_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 filter FWD_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 filter FWD_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_CHECK([-q --direct --add-rule ipv4 nat POST_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT]) FWD_END_TEST ]) firewalld-1.1.1/src/tests/regression/service_includes_for_builtin.at0000644000000000000000000000232114217342322026040 0ustar00rootroot00000000000000FWD_START_TEST([service include for built-in]) AT_KEYWORDS(dbus service service_includes_for_builtin service_includes_for_built-in) dnl get a built-in (anything outside of /etc/firewalld) service dnl DBUS_CHECK([config], [config.getServiceByName], ["ssh"], 0, [stdout]) SERVICE_OBJ=[$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout)] export SERVICE_OBJ dnl literally copy/paste from src/tests/dbus/service.at, but this copy is dnl against a built-in service dnl DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getIncludes], [], 0, [dnl [(@as [],)] ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.setIncludes], [['["https", "http"]']], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.getIncludes], [], 0, [dnl [(['https', 'http'],)] ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.addInclude], ['"http"'], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.queryInclude], ['"http"'], 0, [dnl [(true,)] ]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.removeInclude], ['"http"'], 0, [ignore]) DBUS_CHECK([config/service/${SERVICE_OBJ}], [config.service.queryInclude], ['"http"'], 0, [dnl [(false,)] ]) FWD_END_TEST() firewalld-1.1.1/src/tests/regression/pr181.at0000644000000000000000000000275014217342322020777 0ustar00rootroot00000000000000FWD_START_TEST([combined zones name length check]) AT_KEYWORDS(zone gh181) AT_CHECK([mkdir -p ./zones/foobar]) AT_CHECK([echo '' > ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo 'foobar' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo 'foobar desc' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' > ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo 'foobar' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo 'foobar desc' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml]) AT_CHECK([echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml]) FWD_RELOAD FWD_CHECK([--zone=foobar --list-all | TRIM | grep ^services], 0, [dnl services: http ssh ]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1483921.at0000644000000000000000000000060614217342322021643 0ustar00rootroot00000000000000FWD_START_TEST([direct and zone mutually exclusive]) AT_KEYWORDS(direct rhbz1483921) CHECK_IPTABLES FWD_CHECK([--zone=public --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443], 2, [ignore], [ignore]) FWD_CHECK([--zone=public --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443], 2, [ignore], [ignore]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/gh330.at0000644000000000000000000000733514217342322020754 0ustar00rootroot00000000000000FWD_START_TEST([ipset cleanup on reload/stop]) AT_KEYWORDS(ipset reload gh330 rhbz1682913 rhbz1790948 rhbz1809225) AT_CHECK([sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf]) FWD_CHECK([-q --permanent --new-ipset foobar --type hash:ip]) FWD_CHECK([-q --permanent --ipset foobar --add-entry 1.2.3.4]) FWD_RELOAD FWD_CHECK([-q --permanent --delete-ipset foobar]) dnl make sure ipset still in system IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip Members: 1.2.3.4 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4 } } } ]) FWD_RELOAD dnl make sure reload removed ipset from system IPSET_LIST_SET([foobar], 1, [ignore], [ignore]) NFT_LIST_SET([foobar], 1, [ignore], [ignore]) AT_CHECK([sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf]) FWD_CHECK([-q --permanent --new-ipset foobar --type hash:ip]) FWD_CHECK([-q --permanent --ipset foobar --add-entry 1.2.3.4]) FWD_RELOAD FWD_CHECK([-q --ipset foobar --add-entry 10.10.10.10]) dnl make sure ipset still in system IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4, 10.10.10.10 } } } ]) FWD_RELOAD dnl make sure ipset still in system with runtime entries IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4, 10.10.10.10 } } } ]) FWD_CHECK([-q --permanent --delete-ipset foobar]) FWD_CHECK([-q --ipset foobar --add-entry 4.3.2.1]) FWD_RELOAD dnl Make sure ipset still in system with runtime entries. IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 4.3.2.1 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4, 4.3.2.1, 10.10.10.10 } } } ]) dnl Verify re-adding the set is not problematic. And the runtime entries dnl should be implicitly added. FWD_CHECK([-q --permanent --new-ipset foobar --type hash:ip]) FWD_CHECK([-q --permanent --ipset foobar --add-entry 1.2.3.4]) FWD_CHECK([-q --permanent --ipset foobar --add-entry 6.6.6.6]) FWD_RELOAD IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 4.3.2.1 6.6.6.6 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4, 4.3.2.1, 6.6.6.6, 10.10.10.10 } } } ]) FWD_CHECK([-q --permanent --delete-ipset foobar]) dnl do all again, but with CleanupOnExit=no and stop AT_CHECK([sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf]) FWD_CHECK([-q --permanent --new-ipset foobar --type hash:ip]) FWD_CHECK([-q --permanent --ipset foobar --add-entry 1.2.3.4]) FWD_RESTART FWD_CHECK([-q --permanent --delete-ipset foobar]) FWD_STOP_FIREWALLD dnl make sure ipset still in system IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip Members: 1.2.3.4 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4 } } } ]) FWD_START_FIREWALLD FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz2014383.at0000644000000000000000000000223014217342322021627 0ustar00rootroot00000000000000FWD_START_TEST([same source in two zone xml]) AT_KEYWORDS(zone rhbz2014383) AT_CHECK([mkdir -p ./zones]) AT_DATA([./zones/foobar.xml], [dnl foobar foobar ]) AT_DATA([./zones/foobar2.xml], [dnl foobar2 foobar2 ]) FWD_CHECK([--check-config], 105, [ignore], [ignore]) dnl Do the same thing, but with interfaces AT_DATA([./zones/foobar.xml], [dnl foobar foobar ]) AT_DATA([./zones/foobar2.xml], [dnl foobar2 foobar2 ]) FWD_CHECK([--check-config], 104, [ignore], [ignore]) FWD_END_TEST([ignore]) firewalld-1.1.1/src/tests/regression/gh881.at0000644000000000000000000000335614217342322020766 0ustar00rootroot00000000000000FWD_START_TEST([ipset entry overlap detect perf]) AT_KEYWORDS(ipset gh881) dnl build a large ipset dnl AT_DATA([./deny_cidr], []) NS_CHECK([sh -c ' for I in $(seq 250); do for J in $(seq 250); do echo "10.${I}.${J}.0/24" >> ./deny_cidr done done ']) NS_CHECK([echo "10.254.0.0/16" >> ./deny_cidr]) dnl verify non-overlapping does not error dnl FWD_CHECK([--permanent --new-ipset=deny_set --type=hash:net --option=family=inet --option=hashsize=16384 --option=maxelem=20000], 0, [ignore]) NS_CHECK([time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr], 0, [ignore], [ignore]) dnl still no overlap dnl AT_DATA([./deny_cidr], [ 9.0.0.0/8 11.1.0.0/16 ]) NS_CHECK([time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr], 0, [ignore], [ignore]) dnl verify overlap detection actually detects an overlap dnl AT_DATA([./deny_cidr], [ 10.1.0.0/16 10.2.0.0/16 10.250.0.0/16 ]) NS_CHECK([time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr], 136, [ignore], [ignore]) AT_DATA([./deny_cidr], [ 10.253.0.0/16 10.253.128.0/17 ]) NS_CHECK([time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr], 136, [ignore], [ignore]) AT_DATA([./deny_cidr], [ 10.1.1.1/32 ]) NS_CHECK([time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr], 136, [ignore], [ignore]) AT_DATA([./deny_cidr], [ 10.0.0.0/8 10.0.0.0/25 ]) NS_CHECK([time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr], 136, [ignore], [ignore]) dnl empty file, no additions, but previous ones will remain AT_DATA([./deny_cidr], []) FWD_CHECK([--permanent --ipset=deny_set --add-entries-from-file=./deny_cidr], 0, [ignore], [ignore]) FWD_END_TEST() firewalld-1.1.1/src/tests/regression/rhbz1594657.at0000644000000000000000000000151714217342322021656 0ustar00rootroot00000000000000FWD_START_TEST([no log untracked passthrough queries]) AT_KEYWORDS(direct passthrough rhbz1594657) CHECK_IPTABLES FWD_CHECK([--direct --passthrough eb -t filter -L dummy_chain], 13, [ignore], [ignore]) FWD_CHECK([--direct --passthrough eb -t filter -L INPUT], 0, [ignore]) FWD_CHECK([--direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT], 13, [ignore], [ignore]) FWD_CHECK([--direct --passthrough ipv4 -t filter -L dummy_chain], 13, [ignore], [ignore]) FWD_CHECK([--direct --passthrough ipv4 -t filter -L INPUT], 0, [ignore]) IF_HOST_SUPPORTS_IP6TABLES([ FWD_CHECK([--direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT], 13, [ignore], [ignore]) FWD_CHECK([--direct --passthrough ipv6 -t filter -L dummy_chain], 13, [ignore], [ignore]) FWD_CHECK([--direct --passthrough ipv6 -t filter -L INPUT], 0, [ignore]) ]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1514043.at0000644000000000000000000000674014217342322021636 0ustar00rootroot00000000000000FWD_START_TEST([--set-log-denied does not zero config]) AT_KEYWORDS(log_denied rhbz1514043) FWD_CHECK([-q --set-log-denied=all]) FWD_CHECK([-q --permanent --zone=public --add-service=samba]) FWD_RELOAD FWD_CHECK([--zone=public --list-all | TRIM | grep ^services], 0, [dnl services: dhcpv6-client samba ssh ]) dnl check that log denied actually took effect NFT_LIST_RULES([inet], [filter_INPUT], 0, [dnl table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname "lo" accept jump filter_INPUT_ZONES ct state invalid log prefix "STATE_INVALID_DROP: " ct state invalid drop log prefix "FINAL_REJECT: " reject with icmpx admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix "RFC3964_IPv4_REJECT: " reject with icmpv6 addr-unreachable jump filter_FORWARD_ZONES ct state invalid log prefix "STATE_INVALID_DROP: " ct state invalid drop log prefix "FINAL_REJECT: " reject with icmpx admin-prohibited } } ]) IPTABLES_LIST_RULES([filter], [INPUT], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ]) IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_ZONES all -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ]) IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 INPUT_direct all ::/0 ::/0 INPUT_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix "STATE_INVALID_DROP: " DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix "FINAL_REJECT: " REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/gh366.at0000644000000000000000000000264514217342322020764 0ustar00rootroot00000000000000FWD_START_TEST([service destination multiple IP versions]) AT_KEYWORDS(service gh366) m4_define([check_firewall_backend_output], [ NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ])]) FWD_CHECK([-q --zone=public --add-service=mdns]) check_firewall_backend_output FWD_CHECK([-q --zone=public --remove-service=mdns]) FWD_CHECK([-q --zone=public --add-rich-rule="rule service name="mdns" accept"]) check_firewall_backend_output dnl negative tests FWD_CHECK([-q --zone=public --add-rich-rule='rule family="ipv4" destination address="10.10.10.0/24" service name="mdns" accept'], 122) m4_undefine([check_firewall_backend_output]) FWD_END_TEST([-e '/ERROR: INVALID_RULE: Destination conflict with service/d']) firewalld-1.1.1/src/tests/regression/gh478.at0000644000000000000000000000177014217342322020766 0ustar00rootroot00000000000000FWD_START_TEST([rich rule marks every packet]) AT_KEYWORDS(rich mark gh478) FWD_CHECK([-q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10']) FWD_CHECK([-q --add-rich-rule='rule protocol value=icmp mark set=11']) FWD_CHECK([-q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12']) NFT_LIST_RULES([inet], [mangle_PRE_public_allow], 0, [dnl table inet firewalld { chain mangle_PRE_public_allow { tcp dport 1234 mark set 0x0000000a meta l4proto icmp mark set 0x0000000b tcp sport 4321 mark set 0x0000000c } } ]) IPTABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234 MARK set 0xa MARK icmp -- 0.0.0.0/0 0.0.0.0/0 MARK set 0xb MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:4321 MARK set 0xc ]) IP6TABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl MARK tcp ::/0 ::/0 tcp dpt:1234 MARK set 0xa MARK icmp ::/0 ::/0 MARK set 0xb MARK tcp ::/0 ::/0 tcp spt:4321 MARK set 0xc ]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1734765.at0000644000000000000000000002065414217342322021655 0ustar00rootroot00000000000000FWD_START_TEST([zone sources ordered by name]) AT_KEYWORDS(zone rhbz1734765 rhbz1421222 gh166 rhbz1738545) dnl dnl Users depend on firewalld ordering source-based zone dispatch by zone name. dnl FWD_CHECK([-q --permanent --new-zone=foobar_00]) FWD_CHECK([-q --permanent --new-zone=foobar_05]) FWD_CHECK([-q --permanent --new-zone=foobar_02]) FWD_CHECK([-q --permanent --new-zone=foobar_03]) FWD_CHECK([-q --permanent --new-zone=foobar_01]) FWD_CHECK([-q --permanent --new-zone=foobar_04]) FWD_CHECK([-q --permanent --new-zone=foobar_010]) FWD_CHECK([-q --permanent --new-zone=foobar_011]) FWD_CHECK([-q --permanent --new-zone=foobar_012]) FWD_CHECK([-q --permanent --new-ipset 'ipsetv4' --type hash:ip]) FWD_CHECK([-q --permanent --new-ipset 'ipsetv6' --type hash:ip --family=inet6]) FWD_CHECK([-q --permanent --ipset ipsetv4 --add-entry '192.0.2.12']) FWD_CHECK([-q --permanent --ipset ipsetv6 --add-entry '::2']) FWD_CHECK([-q --permanent --zone=foobar_011 --add-source ipset:ipsetv4]) FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="10.1.1.0/24"]) FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="10.1.0.0/16"]) FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="10.2.0.0/16"]) FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="10.1.1.1"]) FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="10.2.2.0/24"]) FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="10.0.0.0/8"]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([-q --permanent --zone=foobar_01 --add-source="1234:5678::1:1:0/112"]) FWD_CHECK([-q --permanent --zone=foobar_02 --add-source="1234:5678::1:0:0/96"]) FWD_CHECK([-q --permanent --zone=foobar_04 --add-source="1234:5678::2:0:0/96"]) FWD_CHECK([-q --permanent --zone=foobar_03 --add-source="1234:5678::2:2:0/112"]) FWD_CHECK([-q --permanent --zone=foobar_05 --add-source="1234:5678::0:0:0/80"]) FWD_CHECK([-q --permanent --zone=foobar_00 --add-source="1234:5678::1:1:1"]) ]) FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0]) FWD_CHECK([-q --permanent --zone=trusted --add-interface=foobar1]) FWD_RELOAD NFT_LIST_SET([ipsetv4], 0, [dnl table inet firewalld { set ipsetv4 { type ipv4_addr flags interval elements = { 192.0.2.12 } } } ]) NFT_LIST_SET([ipsetv6], 0, [dnl table inet firewalld { set ipsetv6 { type ipv6_addr flags interval elements = { ::2 } } } ]) FWD_CHECK([-q --zone=foobar_010 --add-source="10.10.10.10"]) FWD_CHECK([-q --zone=public --add-source="20.20.20.20"]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([-q --zone=foobar_010 --add-source="1234:5678::10:10:10"]) FWD_CHECK([-q --zone=public --add-source="1234:5678::20:20:20"]) FWD_CHECK([-q --zone=foobar_012 --add-source ipset:ipsetv6]) ]) FWD_CHECK([-q --zone=foobar_010 --add-interface=foobar2]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { ip saddr 10.1.1.1 goto filter_IN_foobar_00 ip6 saddr 1234:5678::1:1:1 goto filter_IN_foobar_00 ip saddr 10.1.1.0/24 goto filter_IN_foobar_01 ip6 saddr 1234:5678::1:1:0/112 goto filter_IN_foobar_01 ip saddr 10.10.10.10 goto filter_IN_foobar_010 ip6 saddr 1234:5678::10:10:10 goto filter_IN_foobar_010 ip saddr @ipsetv4 goto filter_IN_foobar_011 ip6 saddr @ipsetv6 goto filter_IN_foobar_012 ip saddr 10.1.0.0/16 goto filter_IN_foobar_02 ip6 saddr 1234:5678::1:0:0/96 goto filter_IN_foobar_02 ip saddr 10.2.2.0/24 goto filter_IN_foobar_03 ip6 saddr 1234:5678::2:2:0/112 goto filter_IN_foobar_03 ip saddr 10.2.0.0/16 goto filter_IN_foobar_04 ip6 saddr 1234:5678::2:0:0/96 goto filter_IN_foobar_04 ip saddr 10.0.0.0/8 goto filter_IN_foobar_05 ip6 saddr 1234:5678::/80 goto filter_IN_foobar_05 ip saddr 20.20.20.20 goto filter_IN_public ip6 saddr 1234:5678::20:20:20 goto filter_IN_public iifname "foobar2" goto filter_IN_foobar_010 iifname "foobar1" goto filter_IN_trusted iifname "foobar0" goto filter_IN_internal goto filter_IN_public } } ]) NFT_LIST_RULES([inet], [nat_POSTROUTING_ZONES], 0, [dnl table inet firewalld { chain nat_POSTROUTING_ZONES { ip daddr 10.1.1.1 goto nat_POST_foobar_00 ip6 daddr 1234:5678::1:1:1 goto nat_POST_foobar_00 ip daddr 10.1.1.0/24 goto nat_POST_foobar_01 ip6 daddr 1234:5678::1:1:0/112 goto nat_POST_foobar_01 ip daddr 10.10.10.10 goto nat_POST_foobar_010 ip6 daddr 1234:5678::10:10:10 goto nat_POST_foobar_010 ip daddr @ipsetv4 goto nat_POST_foobar_011 ip6 daddr @ipsetv6 goto nat_POST_foobar_012 ip daddr 10.1.0.0/16 goto nat_POST_foobar_02 ip6 daddr 1234:5678::1:0:0/96 goto nat_POST_foobar_02 ip daddr 10.2.2.0/24 goto nat_POST_foobar_03 ip6 daddr 1234:5678::2:2:0/112 goto nat_POST_foobar_03 ip daddr 10.2.0.0/16 goto nat_POST_foobar_04 ip6 daddr 1234:5678::2:0:0/96 goto nat_POST_foobar_04 ip daddr 10.0.0.0/8 goto nat_POST_foobar_05 ip6 daddr 1234:5678::/80 goto nat_POST_foobar_05 ip daddr 20.20.20.20 goto nat_POST_public ip6 daddr 1234:5678::20:20:20 goto nat_POST_public oifname "foobar2" goto nat_POST_foobar_010 oifname "foobar1" goto nat_POST_trusted oifname "foobar0" goto nat_POST_internal goto nat_POST_public } } ]) IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [[IN_foobar_00 all -- 10.1.1.1 0.0.0.0/0 [goto] IN_foobar_01 all -- 10.1.1.0/24 0.0.0.0/0 [goto] IN_foobar_010 all -- 10.10.10.10 0.0.0.0/0 [goto] IN_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 src IN_foobar_02 all -- 10.1.0.0/16 0.0.0.0/0 [goto] IN_foobar_03 all -- 10.2.2.0/24 0.0.0.0/0 [goto] IN_foobar_04 all -- 10.2.0.0/16 0.0.0.0/0 [goto] IN_foobar_05 all -- 10.0.0.0/8 0.0.0.0/0 [goto] IN_public all -- 20.20.20.20 0.0.0.0/0 [goto] IN_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [[IN_foobar_00 all 1234:5678::1:1:1 ::/0 [goto] IN_foobar_01 all 1234:5678::1:1:0/112 ::/0 [goto] IN_foobar_010 all 1234:5678::10:10:10 ::/0 [goto] IN_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 src IN_foobar_02 all 1234:5678::1:0:0/96 ::/0 [goto] IN_foobar_03 all 1234:5678::2:2:0/112 ::/0 [goto] IN_foobar_04 all 1234:5678::2:0:0/96 ::/0 [goto] IN_foobar_05 all 1234:5678::/80 ::/0 [goto] IN_public all 1234:5678::20:20:20 ::/0 [goto] IN_foobar_010 all ::/0 ::/0 [goto] IN_trusted all ::/0 ::/0 [goto] IN_internal all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] ]]) IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [[POST_foobar_00 all -- 0.0.0.0/0 10.1.1.1 [goto] POST_foobar_01 all -- 0.0.0.0/0 10.1.1.0/24 [goto] POST_foobar_010 all -- 0.0.0.0/0 10.10.10.10 [goto] POST_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 dst POST_foobar_02 all -- 0.0.0.0/0 10.1.0.0/16 [goto] POST_foobar_03 all -- 0.0.0.0/0 10.2.2.0/24 [goto] POST_foobar_04 all -- 0.0.0.0/0 10.2.0.0/16 [goto] POST_foobar_05 all -- 0.0.0.0/0 10.0.0.0/8 [goto] POST_public all -- 0.0.0.0/0 20.20.20.20 [goto] POST_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [[POST_foobar_00 all ::/0 1234:5678::1:1:1 [goto] POST_foobar_01 all ::/0 1234:5678::1:1:0/112 [goto] POST_foobar_010 all ::/0 1234:5678::10:10:10 [goto] POST_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 dst POST_foobar_02 all ::/0 1234:5678::1:0:0/96 [goto] POST_foobar_03 all ::/0 1234:5678::2:2:0/112 [goto] POST_foobar_04 all ::/0 1234:5678::2:0:0/96 [goto] POST_foobar_05 all ::/0 1234:5678::/80 [goto] POST_public all ::/0 1234:5678::20:20:20 [goto] POST_foobar_010 all ::/0 ::/0 [goto] POST_trusted all ::/0 ::/0 [goto] POST_internal all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] ]]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1534571.at0000644000000000000000000000102414217342322021634 0ustar00rootroot00000000000000dnl Either don't deduplicate rules, or make sure deduplication does not break dnl cleanup of those rules. Both removes should succeed. FWD_START_TEST([rule deduplication]) AT_KEYWORDS(rhbz1534571) dnl runtime config FWD_CHECK([-q --add-service nfs --add-service nfs3]) FWD_CHECK([-q --remove-service nfs3]) FWD_CHECK([-q --remove-service nfs]) dnl permanent config FWD_CHECK([-q --permanent --add-service nfs --add-service nfs3]) FWD_RELOAD FWD_CHECK([-q --remove-service nfs3]) FWD_CHECK([-q --remove-service nfs]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/ipset_netmask_allowed.at0000644000000000000000000000217514217342322024502 0ustar00rootroot00000000000000FWD_START_TEST([ipset netmask allowed type hash:ip]) AT_KEYWORDS(ipset reload) FWD_CHECK([--permanent --new-ipset foobar --type hash:ip], 0, [ignore]) FWD_RELOAD dnl ipset allows specifying a mask for hash:ip, but it will translate it into dnl an add for the whole range. i.e. 1.2.3.4/24 --> 1.2.3.[0.255] (256 dnl entries). dnl dnl In nftables, we allow this by using actual intervals. FWD_CHECK([--permanent --ipset foobar --add-entry 1.2.3.4/24], 0, [ignore]) FWD_CHECK([ --ipset foobar --add-entry 1.2.3.4/24], 0, [ignore]) dnl check the edge case FWD_CHECK([--permanent --ipset foobar --add-entry 4.3.2.1/32], 0, [ignore]) FWD_CHECK([ --ipset foobar --add-entry 4.3.2.1/32], 0, [ignore]) dnl overlaps should be denied FWD_CHECK([--permanent --ipset foobar --add-entry 1.2.3.0/22], 136, [ignore], [ignore]) FWD_CHECK([ --ipset foobar --add-entry 1.2.3.0/22], 136, [ignore], [ignore]) FWD_CHECK([--permanent --ipset foobar --add-entry 1.2.3.4/30], 136, [ignore], [ignore]) FWD_CHECK([ --ipset foobar --add-entry 1.2.3.4/30], 136, [ignore], [ignore]) FWD_END_TEST([-e '/ERROR: INVALID_ENTRY:/d']) firewalld-1.1.1/src/tests/regression/gh303.at0000644000000000000000000000103514217342322020743 0ustar00rootroot00000000000000FWD_START_TEST([unicode in XML]) AT_KEYWORDS(xml unicode service gh303) AT_CHECK([mkdir -p ./services]) AT_CHECK([cat < ./services/unicode-service-test.xml unicode-service-test A string with unicode characters; Ð ÏŽ € ⇶ â–œ â—¯ ★ ☠ ☯ ☺ â™» HERE ]) LC_ALL="C" export LC_ALL FWD_RESTART FWD_CHECK([-q --permanent --add-service=unicode-service-test]) FWD_RELOAD FWD_END_TEST firewalld-1.1.1/src/tests/regression/gh874.at0000644000000000000000000000177714217342322020775 0ustar00rootroot00000000000000FWD_START_TEST([policy masquerade w/ ingress interface]) AT_KEYWORDS(policy zone masquerade gh874) FWD_CHECK([--permanent --new-zone foobar_zone], 0, [ignore]) FWD_CHECK([--permanent --new-policy foobar_policy], 0, [ignore]) FWD_CHECK([--permanent --policy foobar_policy --add-masquerade], 0, [ignore]) FWD_CHECK([--permanent --policy foobar_policy --add-ingress-zone foobar_zone], 0, [ignore]) FWD_CHECK([--permanent --policy foobar_policy --add-egress-zone ANY], 0, [ignore]) FWD_RELOAD() dnl It's invalid to use masquerade when a zone in the ingress_zones list has dnl assigned interfaces. This is due to the underlying firewalls (nftables, dnl iptables) not supporting matching iifname in postrouting hooks. dnl FWD_CHECK([--permanent --zone foobar_zone --add-interface foobar0], 112, [ignore], [ignore]) dnl make sure the on-disk config check also fails dnl NS_CHECK([sed -i '2a \ ' ./zones/foobar_zone.xml ]) FWD_CHECK([--check-config], 112, [ignore], [ignore]) FWD_END_TEST([ignore]) firewalld-1.1.1/src/tests/regression/individual_calls.at0000644000000000000000000000025314217342322023426 0ustar00rootroot00000000000000FWD_START_TEST([individual calls]) AT_KEYWORDS(individual_calls) AT_CHECK([sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf]) FWD_RELOAD FWD_END_TEST firewalld-1.1.1/src/tests/regression/gh599.at0000644000000000000000000000120014217342322020756 0ustar00rootroot00000000000000FWD_START_TEST([writing to log after copytruncate]) AT_KEYWORDS(gh599) AT_SKIP_IF([! NS_CMD([which truncate >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([which wc >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([which expr >/dev/null 2>&1])]) dnl Verify we continue to write to the log file after it's truncated. That is, dnl simulate logrotate's copytruncate. NS_CHECK([truncate -s 0 ./firewalld.log]) dnl generate some logs FWD_CHECK([-q --add-service=this_does_not_exist], 101, [ignore], [ignore]) NS_CHECK([expr $(cat ./firewalld.log | wc -c) ">" 0], 0, [ignore], [ignore]) FWD_END_TEST([-e '/ERROR: INVALID_SERVICE: this_does_not_exist/d']) firewalld-1.1.1/src/tests/regression/rhbz1855140.at0000644000000000000000000000474114217342322021643 0ustar00rootroot00000000000000FWD_START_TEST([rich rule icmptypes with one family]) AT_KEYWORDS(rich icmp rhbz1855140) FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="echo-request" accept'], 0, ignore) FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="neighbour-advertisement" accept'], 0, ignore) FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="timestamp-request" accept'], 0, ignore) FWD_CHECK([--permanent --zone public --add-rich-rule 'rule icmp-type name=bad-header mark set=0x86/0x86'], 0, ignore) FWD_RELOAD NFT_LIST_RULES([inet], [mangle_PRE_public_allow], 0, [dnl table inet firewalld { chain mangle_PRE_public_allow { icmpv6 parameter-problem icmpv6 code no-route mark set mark & 0x00000086 ^ 0x00000086 } } ]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept icmp echo-request accept icmpv6 echo-request accept icmpv6 nd-neighbor-advert accept icmp timestamp-request accept } } ]) IPTABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 13 ]) IP6TABLES_LIST_RULES([mangle], [PRE_public_allow], 0, [dnl MARK icmpv6 ::/0 ::/0 ipv6-icmptype 4 code 0 MARK or 0x86 ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 136 ]) dnl verify bad icmptypes are rejected FWD_CHECK([--permanent --add-rich-rule 'rule icmp-type name=bogus mark set=0x86/0x86'], 107, [ignore], [ignore]) FWD_CHECK([ --add-rich-rule 'rule icmp-type name=bogus mark set=0x86/0x86'], 107, [ignore], [ignore]) FWD_CHECK([--permanent --add-rich-rule 'rule family=ipv6 icmp-type name=timestamp-request drop'], 107, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([ --add-rich-rule 'rule family=ipv6 icmp-type name=timestamp-request drop'], 107, [ignore], [ignore]) ]) FWD_END_TEST([-e '/ERROR: INVALID_ICMPTYPE:/d']) firewalld-1.1.1/src/tests/regression/gh258.at0000644000000000000000000002277614217342322020773 0ustar00rootroot00000000000000FWD_START_TEST([zone dispatch layout]) AT_KEYWORDS(zone gh258 gh441 rhbz1713823) FWD_CHECK([--permanent --zone=trusted --add-source="1.2.3.0/24"], 0, ignore) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([--permanent --zone=public --add-source="dead:beef::/54"], 0, ignore) ]) FWD_CHECK([--permanent --zone=trusted --add-interface=dummy0], 0, ignore) FWD_CHECK([--permanent --zone=public --add-interface=dummy1], 0, ignore) FWD_RELOAD dnl verify layout of zone dispatch NFT_LIST_RULES([inet], [filter_INPUT], 0, [dnl table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname "lo" accept jump filter_INPUT_ZONES ct state invalid drop reject with icmpx admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl table inet firewalld { chain filter_INPUT_ZONES { ip6 saddr dead:beef::/54 goto filter_IN_public ip saddr 1.2.3.0/24 goto filter_IN_trusted iifname "dummy0" goto filter_IN_trusted iifname "dummy1" goto filter_IN_public goto filter_IN_public } } ]) NFT_LIST_RULES([inet], [filter_FORWARD], 0, [dnl table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname "lo" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable jump filter_FORWARD_ZONES ct state invalid drop reject with icmpx admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_FORWARD_ZONES], 0, [dnl table inet firewalld { chain filter_FORWARD_ZONES { ip6 saddr dead:beef::/54 goto filter_FWD_public ip saddr 1.2.3.0/24 goto filter_FWD_trusted iifname "dummy0" goto filter_FWD_trusted iifname "dummy1" goto filter_FWD_public goto filter_FWD_public } } ]) IF_HOST_SUPPORTS_NFT_FIB([ NFT_LIST_RULES([inet], [filter_PREROUTING], 0, [dnl table inet firewalld { chain filter_PREROUTING { icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept meta nfproto ipv6 fib saddr . mark . iif oif missing drop } } ]) ], [ NFT_LIST_RULES([inet], [filter_PREROUTING], 0, [dnl table inet firewalld { chain filter_PREROUTING { } } ]) ]) NFT_LIST_RULES([inet], [mangle_PREROUTING], 0, [dnl table inet firewalld { chain mangle_PREROUTING { jump mangle_PREROUTING_ZONES } } ]) NFT_LIST_RULES([inet], [mangle_PREROUTING_ZONES], 0, [dnl table inet firewalld { chain mangle_PREROUTING_ZONES { ip6 saddr dead:beef::/54 goto mangle_PRE_public ip saddr 1.2.3.0/24 goto mangle_PRE_trusted iifname "dummy0" goto mangle_PRE_trusted iifname "dummy1" goto mangle_PRE_public goto mangle_PRE_public } } ]) NFT_LIST_RULES([inet], [nat_PREROUTING], 0, [dnl table inet firewalld { chain nat_PREROUTING { jump nat_PREROUTING_ZONES } } ]) NFT_LIST_RULES([inet], [nat_PREROUTING_ZONES], 0, [dnl table inet firewalld { chain nat_PREROUTING_ZONES { ip6 saddr dead:beef::/54 goto nat_PRE_public ip saddr 1.2.3.0/24 goto nat_PRE_trusted iifname "dummy0" goto nat_PRE_trusted iifname "dummy1" goto nat_PRE_public goto nat_PRE_public } } ]) NFT_LIST_RULES([inet], [nat_POSTROUTING], 0, [dnl table inet firewalld { chain nat_POSTROUTING { jump nat_POSTROUTING_ZONES } } ]) NFT_LIST_RULES([inet], [nat_POSTROUTING_ZONES], 0, [dnl table inet firewalld { chain nat_POSTROUTING_ZONES { ip6 daddr dead:beef::/54 goto nat_POST_public ip daddr 1.2.3.0/24 goto nat_POST_trusted oifname "dummy0" goto nat_POST_trusted oifname "dummy1" goto nat_POST_public goto nat_POST_public } } ]) IPTABLES_LIST_RULES([filter], [INPUT], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ]) IPTABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [[IN_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ]) IPTABLES_LIST_RULES([filter], [FORWARD_ZONES], 0, [[FWD_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] FWD_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWD_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWD_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, [[PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, [[PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, [[PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IPTABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ]) IPTABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [[POST_trusted all -- 0.0.0.0/0 1.2.3.0/24 [goto] POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [INPUT], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 INPUT_direct all ::/0 ::/0 INPUT_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [INPUT_ZONES], 0, [[IN_public all dead:beef::/54 ::/0 [goto] IN_trusted all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([filter], [FORWARD], 0, [dnl ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited ]) IP6TABLES_LIST_RULES([filter], [FORWARD_ZONES], 0, [[FWD_public all dead:beef::/54 ::/0 [goto] FWD_trusted all ::/0 ::/0 [goto] FWD_public all ::/0 ::/0 [goto] FWD_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([raw], [PREROUTING], 0, [dnl PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([raw], [PREROUTING_ZONES], 0, [[PRE_public all dead:beef::/54 ::/0 [goto] PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([mangle], [PREROUTING], 0, [dnl ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 DROP all ::/0 ::/0 rpfilter validmark invert PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([mangle], [PREROUTING_ZONES], 0, [[PRE_public all dead:beef::/54 ::/0 [goto] PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([nat], [PREROUTING], 0, [dnl PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([nat], [PREROUTING_ZONES], 0, [[PRE_public all dead:beef::/54 ::/0 [goto] PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] ]]) IP6TABLES_LIST_RULES([nat], [POSTROUTING], 0, [dnl POSTROUTING_direct all ::/0 ::/0 POSTROUTING_ZONES all ::/0 ::/0 ]) IP6TABLES_LIST_RULES([nat], [POSTROUTING_ZONES], 0, [[POST_public all ::/0 dead:beef::/54 [goto] POST_trusted all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] ]]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1723610.at0000644000000000000000000000461714217342322021641 0ustar00rootroot00000000000000FWD_START_TEST([direct remove-rules per family]) AT_KEYWORDS(direct rhbz1723610 gh385) CHECK_IPTABLES FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT]) FWD_CHECK([-q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT]) FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 0) FWD_RELOAD FWD_CHECK([-q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --permanent --direct --remove-rules ipv6 filter INPUT]) FWD_CHECK([-q --permanent --direct --remove-rules ipv4 filter INPUT]) FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) FWD_CHECK([-q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 1) FWD_RELOAD FWD_CHECK([-q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 1) FWD_CHECK([-q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT]) FWD_CHECK([-q --direct --remove-rules ipv4 filter OUTPUT]) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT], 0) FWD_CHECK([-q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT], 1) FWD_CHECK([-q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT], 1) FWD_END_TEST firewalld-1.1.1/src/tests/regression/regression.at0000644000000000000000000000366314217342322022310 0ustar00rootroot00000000000000AT_BANNER([regression (FIREWALL_BACKEND)]) m4_include([regression/rhbz1514043.at]) m4_include([regression/rhbz1498923.at]) m4_include([regression/pr181.at]) m4_include([regression/gh287.at]) m4_include([regression/individual_calls.at]) m4_include([regression/rhbz1534571.at]) m4_include([regression/gh290.at]) m4_include([regression/icmp_block_in_forward_chain.at]) m4_include([regression/pr323.at]) m4_include([regression/rhbz1506742.at]) m4_include([regression/rhbz1594657.at]) m4_include([regression/rhbz1571957.at]) m4_include([regression/rhbz1404076.at]) m4_include([regression/gh366.at]) m4_include([regression/rhbz1601610.at]) m4_include([regression/gh303.at]) m4_include([regression/gh335.at]) m4_include([regression/gh482.at]) m4_include([regression/gh478.at]) m4_include([regression/gh453.at]) m4_include([regression/gh258.at]) m4_include([regression/rhbz1715977.at]) m4_include([regression/rhbz1723610.at]) m4_include([regression/rhbz1734765.at]) m4_include([regression/gh509.at]) m4_include([regression/gh567.at]) m4_include([regression/rhbz1779835.at]) m4_include([regression/gh330.at]) m4_include([regression/gh599.at]) m4_include([regression/rhbz1829104.at]) m4_include([regression/rhbz1843398.at]) m4_include([regression/rhbz1839781.at]) m4_include([regression/rhbz1689429.at]) m4_include([regression/rhbz1483921.at]) m4_include([regression/rhbz1541077.at]) m4_include([regression/rhbz1855140.at]) m4_include([regression/rhbz1871298.at]) m4_include([regression/rhbz1596304.at]) m4_include([regression/gh703.at]) m4_include([regression/ipset_netmask_allowed.at]) m4_include([regression/rhbz1940928.at]) m4_include([regression/rhbz1936896.at]) m4_include([regression/gh795.at]) m4_include([regression/rhbz1914935.at]) m4_include([regression/gh696.at]) m4_include([regression/rhbz1917766.at]) m4_include([regression/rhbz2014383.at]) m4_include([regression/gh874.at]) m4_include([regression/gh881.at]) m4_include([regression/service_includes_for_builtin.at]) firewalld-1.1.1/src/tests/regression/icmp_block_in_forward_chain.at0000644000000000000000000000152514217342322025601 0ustar00rootroot00000000000000FWD_START_TEST([ICMP block not present FORWARD chain]) AT_KEYWORDS(icmp) FWD_CHECK([-q --zone=public --add-icmp-block=host-prohibited]) NFT_LIST_RULES([inet], [filter_IN_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'], 0, [dnl table inet firewalld { chain filter_IN_public_deny { icmp destination-unreachable icmp code host-prohibited reject with icmpx admin-prohibited } } ]) NFT_LIST_RULES([inet], [filter_FWD_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'], 0, [dnl table inet firewalld { chain filter_FWD_public_deny { } } ]) IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 10 reject-with icmp-host-prohibited ]) IPTABLES_LIST_RULES([filter], [FWD_public_deny], 0, [dnl ]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/gh290.at0000644000000000000000000000245314217342322020755 0ustar00rootroot00000000000000FWD_START_TEST([invalid syntax in xml files]) AT_KEYWORDS(xml direct gh290) CHECK_IPTABLES dnl direct.xml AT_CHECK([mkdir -p ./zones]) AT_CHECK([echo '' > ./direct.xml]) AT_CHECK([echo '' >> ./direct.xml]) AT_CHECK([echo '' >> ./direct.xml]) AT_CHECK([echo '--destination 127.0.0.1 --jump RETURN' >> ./direct.xml]) dnl missing closing AT_CHECK([echo '' >> ./direct.xml]) FWD_RESTART FWD_GREP_LOG([ERROR:.*mismatched tag]) FWD_END_TEST([-e '/ERROR:.*mismatched tag.*/d']) FWD_START_TEST([invalid syntax in xml files]) AT_KEYWORDS(xml zone gh290) dnl zone.xml AT_CHECK([mkdir -p ./zones]) AT_CHECK([echo '' > ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo 'foobar' >> ./zones/foobar.xml]) dnl port missing required protocol AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) FWD_RESTART FWD_GREP_LOG([ERROR:.*Missing attribute protocol for port]) FWD_END_TEST([-e '/ERROR:.*Missing attribute protocol for port.*/d']) firewalld-1.1.1/src/tests/regression/rhbz1596304.at0000644000000000000000000000141514217342322021642 0ustar00rootroot00000000000000FWD_START_TEST([rich rules strip non-printable characters]) AT_KEYWORDS(rich rhbz1596304) dnl source address contains a tab character FWD_CHECK([--permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="104.243.250.0/22 " port port=80 protocol=tcp accept'],0,ignore) FWD_RELOAD FWD_CHECK([--list-all | TRIM_WHITESPACE], 0, [m4_strip([dnl public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="104.243.250.0/22" port port="80" protocol="tcp" accept ])]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1404076.at0000644000000000000000000000726214217342322021642 0ustar00rootroot00000000000000FWD_START_TEST([query single port added with range]) AT_KEYWORDS(port rhbz1404076) m4_define([test_rhbz1404076], [ dnl add some udp/sctp ports that overlap with the below ranges FWD_CHECK([-q $2 --add-$1=8070-8080/udp]) FWD_CHECK([-q $2 --add-$1=9050-10050/sctp]) FWD_CHECK([-q $2 --add-$1=9000/dccp]) dnl add a set of ports by range, then query a specific port inside that range. FWD_CHECK([-q $2 --add-$1=8080-8090/tcp]) FWD_CHECK([-q $2 --query-$1=8085/tcp]) FWD_CHECK([-q $2 --query-$1=8085-8087/tcp]) FWD_CHECK([-q $2 --query-$1=8080-8090/tcp]) FWD_CHECK([-q $2 --query-$1=8080-8089/tcp]) FWD_CHECK([-q $2 --query-$1=8081-8090/tcp]) FWD_CHECK([-q $2 --query-$1=webcache/tcp]) dnl named port FWD_CHECK([-q $2 --query-$1=8091/tcp], 1) dnl negative test FWD_CHECK([-q $2 --query-$1=8085/udp], 1) dnl negative test FWD_CHECK([$2 --list-$1s], 0, [dnl 9000/dccp 9050-10050/sctp 8080-8090/tcp 8070-8080/udp ]) dnl verify coalescing of ranges and overlapping FWD_CHECK([-q $2 --add-$1=10000-10010/tcp]) FWD_CHECK([-q $2 --add-$1=9000/tcp]) dnl add one, no grow existing FWD_CHECK([-q $2 --add-$1=9010-9020/tcp]) dnl add range before, no grow existing FWD_CHECK([-q $2 --add-$1=10050-10060/tcp]) dnl add range after, no grow existing FWD_CHECK([-q $2 --add-$1=9999/tcp]) dnl grow start by one FWD_CHECK([-q $2 --add-$1=10011/tcp]) dnl grow end by one FWD_CHECK([-q $2 --add-$1=9095-10000/tcp]) dnl grow beginning FWD_CHECK([-q $2 --add-$1=9090-9094/tcp]) dnl grow beginning adjacent FWD_CHECK([-q $2 --query-$1=9099-10001/tcp]) FWD_CHECK([-q $2 --add-$1=10005-10020/tcp]) dnl grow end FWD_CHECK([-q $2 --add-$1=10021-10022/tcp]) dnl grow end adjacent FWD_CHECK([-q $2 --query-$1=10010-10015/tcp]) FWD_CHECK([-q $2 --add-$1=9080-10040/tcp]) dnl grow both FWD_CHECK([-q $2 --add-$1=9079-10041/tcp]) dnl grow both adjacent FWD_CHECK([-q $2 --query-$1=9093-10025/tcp]) FWD_CHECK([-q $2 --add-$1=10010-10015/tcp]) dnl will throw log FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public']) FWD_CHECK([-q $2 --query-$1=9090-10030/tcp]) FWD_CHECK([$2 --list-$1s], 0, [dnl 9000/dccp 9050-10050/sctp 8080-8090/tcp 9000/tcp 9010-9020/tcp 9079-10041/tcp 10050-10060/tcp 8070-8080/udp ]) dnl verify removing a sub range FWD_CHECK([-q $2 --remove-$1=9000/tcp]) dnl remove one, but no break FWD_CHECK([-q $2 --remove-$1=9010-9020/tcp]) dnl remove range, but no break FWD_CHECK([-q $2 --remove-$1=10050-10060/tcp]) dnl remove range, but no break FWD_CHECK([-q $2 --remove-$1=9079/tcp]) dnl shrink start by one FWD_CHECK([-q $2 --remove-$1=10041/tcp]) dnl shrink end by one FWD_CHECK([-q $2 --remove-$1=9080-9085/tcp]) dnl shrink start by range FWD_CHECK([-q $2 --remove-$1=10035-10040/tcp]) dnl shrink end by range FWD_CHECK([-q $2 --remove-$1=10005-10009/tcp]) dnl shrink range in the middle FWD_CHECK([-q $2 --remove-$1=10100-10110/tcp]) dnl remove non-existent FWD_GREP_LOG([WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public']) FWD_CHECK([-q $2 --query-$1=10001-10004/tcp]) FWD_CHECK([-q $2 --query-$1=10016-10019/tcp]) FWD_CHECK([-q $2 --query-$1=10005/tcp], 1) dnl negative test FWD_CHECK([-q $2 --query-$1=10003-10030/tcp], 1) dnl negative test FWD_CHECK([-q $2 --query-$1=10004-10005/tcp], 1) dnl negative test FWD_CHECK([-q $2 --query-$1=10009-10010/tcp], 1) dnl negative test FWD_CHECK([$2 --list-$1s], 0, [dnl 9000/dccp 9050-10050/sctp 8080-8090/tcp 9086-10004/tcp 10010-10034/tcp 8070-8080/udp ]) ]) dnl m4_define dnl run the test for both ports and source-ports test_rhbz1404076([port]) test_rhbz1404076([port], [--permanent]) test_rhbz1404076([source-port]) test_rhbz1404076([source-port], [--permanent]) m4_undefine([test_rhbz1404076]) FWD_END_TEST([-e '/WARNING: ALREADY_ENABLED:/d'dnl -e '/WARNING: NOT_ENABLED:/d']) firewalld-1.1.1/src/tests/regression/gh795.at0000644000000000000000000000266514217342322020774 0ustar00rootroot00000000000000FWD_START_TEST([ipset entry delete w/ timeout=0]) AT_KEYWORDS(ipset gh794 gh795) FWD_CHECK([--permanent --new-ipset foobar --type=hash:ip --option=timeout=0], 0, [ignore]) FWD_CHECK([--permanent --ipset foobar --add-entry 1.2.3.4], 0, [ignore]) FWD_CHECK([--permanent --ipset foobar --remove-entry 1.2.3.4], 0, [ignore]) FWD_CHECK([--permanent --ipset foobar --add-entry 1.2.3.4], 0, [ignore]) FWD_CHECK([--permanent --ipset foobar --get-entries], 0, [dnl 1.2.3.4 ]) FWD_CHECK([--permanent --ipset foobar --remove-entry 1.2.3.4], 0, [ignore]) FWD_CHECK([--permanent --ipset foobar --get-entries], 0, [dnl ]) FWD_RELOAD FWD_CHECK([--ipset foobar --add-entry 1.2.3.4], 0, [ignore]) FWD_CHECK([--ipset foobar --add-entry 1.2.3.4], 0, [ignore], [dnl Warning: ALREADY_ENABLED: '1.2.3.4' already is in 'foobar' ]) FWD_CHECK([--ipset foobar --remove-entry 1.2.3.4], 0, [ignore]) FWD_CHECK([--ipset foobar --add-entry 1.2.3.4], 0, [ignore]) FWD_CHECK([--ipset foobar --get-entries], 0, [dnl 1.2.3.4 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4 } } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:ip Members: 1.2.3.4 timeout 0 ]) FWD_CHECK([--ipset foobar --remove-entry 1.2.3.4], 0, [ignore]) FWD_CHECK([--ipset foobar --get-entries], 0, [dnl ]) FWD_END_TEST([-e '/WARNING: ALREADY_ENABLED:/d']) firewalld-1.1.1/src/tests/regression/rhbz1917766.at0000644000000000000000000000143114217342322021651 0ustar00rootroot00000000000000FWD_START_TEST([rich rule source with netmask]) AT_KEYWORDS(rich rhbz1917766) dnl Note: IPv6 only supports CIDR notation. It does not support address/netmask dnl notation. FWD_CHECK([ --zone public --add-rich-rule='rule family=ipv4 source address="192.168.1.0/255.255.255.0" accept'], 0, [ignore]) FWD_CHECK([--permanent --zone public --add-rich-rule='rule family=ipv4 source address="192.168.1.0/255.255.255.0" accept'], 0, [ignore]) AT_DATA([./zones/foobar.xml], [dnl foobar foobar ]) FWD_RELOAD() FWD_CHECK([--zone foobar --add-interface foobar0], 0, [ignore]) FWD_END_TEST() firewalld-1.1.1/src/tests/regression/rhbz1601610.at0000644000000000000000000000507014217342322021626 0ustar00rootroot00000000000000FWD_START_TEST([ipset duplicate entries]) AT_KEYWORDS(ipset rhbz1601610) CHECK_IPSET FWD_CHECK([-q --new-ipset=foobar --permanent --type=hash:net]) FWD_RELOAD FWD_CHECK([--ipset=foobar --add-entry=10.1.1.0/22], 0, [ignore]) FWD_CHECK([--ipset=foobar --query-entry 10.1.2.0/22], 0, [ignore]) FWD_CHECK([--ipset=foobar --add-entry=10.1.2.0/22], 0, [ignore], [dnl Warning: ALREADY_ENABLED: '10.1.0.0/22' already is in 'foobar' ]) FWD_CHECK([--ipset=foobar --add-entry=10.2.0.0/22], 0, [ignore]) FWD_CHECK([--ipset=foobar --get-entries], 0, [dnl 10.1.0.0/22 10.2.0.0/22 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.1.0.0/22, 10.2.0.0/22 } } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:net Members: 10.1.0.0/22 10.2.0.0/22 ]) FWD_CHECK([-q --ipset=foobar --remove-entry=10.1.1.0/22]) FWD_CHECK([--ipset=foobar --query-entry 10.1.1.0/22], 1, [ignore]) FWD_CHECK([--ipset=foobar --query-entry 10.1.2.0/22], 1, [ignore]) FWD_CHECK([--ipset=foobar --query-entry 10.2.0.0/22], 0, [ignore]) FWD_CHECK([--ipset=foobar --get-entries], 0, [dnl 10.2.0.0/22 ]) NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.2.0.0/22 } } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:net Members: 10.2.0.0/22 ]) FWD_CHECK([-q --permanent --ipset=foobar --add-entry=10.1.1.0/22]) FWD_CHECK([--permanent --ipset=foobar --get-entries], 0, [dnl 10.1.0.0/22 ]) FWD_CHECK([-q --permanent --ipset=foobar --remove-entry=10.1.1.0/22]) FWD_CHECK([--permanent --ipset=foobar --get-entries], 0, [ ]) dnl rhbz 1644834 FWD_CHECK([-q --ipset=foobar --add-entry=10.3.0.0/22]) FWD_CHECK([-q --runtime-to-permanent]) FWD_RELOAD NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.2.0.0/22, 10.3.0.0/22 } } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:net Members: 10.2.0.0/22 10.3.0.0/22 ]) dnl rhbz 1644834, again with IndividualCalls=yes AT_CHECK([sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf]) FWD_RELOAD NFT_LIST_SET([foobar], 0, [dnl table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.2.0.0/22, 10.3.0.0/22 } } } ]) IPSET_LIST_SET([foobar], 0, [dnl Name: foobar Type: hash:net Members: 10.2.0.0/22 10.3.0.0/22 ]) FWD_END_TEST([-e '/ERROR: COMMAND_FAILED:.*already added.*/d'dnl -e '/ERROR: COMMAND_FAILED:.*element.*exists/d'dnl -e '/Kernel support protocol versions/d'dnl -e '/WARNING: ALREADY_ENABLED:/d']) firewalld-1.1.1/src/tests/regression/rhbz1871298.at0000644000000000000000000000150214217342322021647 0ustar00rootroot00000000000000FWD_START_TEST([rich rule parsing bottleneck]) AT_KEYWORDS(rich offline rhbz1871298) AT_SKIP_IF([! NS_CMD([which timeout >/dev/null 2>&1])]) NS_CHECK([mkdir -p ./zones]) NS_CHECK([echo '' > ./zones/foobar.xml]) NS_CHECK([echo "" >> ./zones/foobar.xml]) NS_CHECK([echo "foobar" >> ./zones/foobar.xml]) NS_CHECK([sh -c 'for I in $(seq 10000); do echo "" >> ./zones/foobar.xml; done']) NS_CHECK([echo "" >> ./zones/foobar.xml]) if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi NS_CHECK([timeout 45 firewall-offline-cmd --system-config ./ $FIREWALL_OFFLINE_CMD_ARGS --check-config], 0, [ignore]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1839781.at0000644000000000000000000001453514217342322021662 0ustar00rootroot00000000000000FWD_START_TEST([service RH-Satellite-6]) AT_KEYWORDS(service rhbz1839781) FWD_CHECK([--zone trusted --add-interface dummy0], 0, [ignore]) FWD_CHECK([--zone trusted --add-service RH-Satellite-6], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_trusted_allow], 0, [dnl table inet firewalld { chain filter_IN_trusted_allow { tcp dport 53 ct state new,untracked accept udp dport 53 ct state new,untracked accept tcp dport 80 ct state new,untracked accept tcp dport 443 ct state new,untracked accept udp dport 67 ct state new,untracked accept udp dport 69 ct helper set "helper-tftp-udp" udp dport 69 ct state new,untracked accept udp dport 68 ct state new,untracked accept tcp dport 8140 ct state new,untracked accept tcp dport 5000 ct state new,untracked accept tcp dport 5646-5647 ct state new,untracked accept tcp dport 5671 ct state new,untracked accept tcp dport 8000 ct state new,untracked accept tcp dport 8080 ct state new,untracked accept tcp dport 9090 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_trusted_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:69 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8140 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5646:5647 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5671 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_trusted_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:53 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:53 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:67 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:69 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:68 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8140 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:5000 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpts:5646:5647 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:5671 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8000 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8080 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED ]) FWD_CHECK([--zone trusted --remove-service RH-Satellite-6], 0, [ignore]) FWD_CHECK([--zone trusted --add-service RH-Satellite-6-capsule], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_trusted_allow], 0, [dnl table inet firewalld { chain filter_IN_trusted_allow { tcp dport 53 ct state new,untracked accept udp dport 53 ct state new,untracked accept tcp dport 80 ct state new,untracked accept tcp dport 443 ct state new,untracked accept udp dport 67 ct state new,untracked accept udp dport 69 ct helper set "helper-tftp-udp" udp dport 69 ct state new,untracked accept udp dport 68 ct state new,untracked accept tcp dport 8140 ct state new,untracked accept tcp dport 5000 ct state new,untracked accept tcp dport 5646-5647 ct state new,untracked accept tcp dport 5671 ct state new,untracked accept tcp dport 8000 ct state new,untracked accept tcp dport 8080 ct state new,untracked accept tcp dport 9090 ct state new,untracked accept tcp dport 8443 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_trusted_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:69 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8140 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5646:5647 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5671 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_trusted_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:53 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:53 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:67 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:69 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:68 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8140 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:5000 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpts:5646:5647 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:5671 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8000 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8080 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8443 ctstate NEW,UNTRACKED ]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1843398.at0000644000000000000000000000045314217342322021653 0ustar00rootroot00000000000000FWD_START_TEST([rich rule source mac]) AT_KEYWORDS(rich rhbz1843398 gh643) FWD_CHECK([--permanent --add-rich-rule='rule source mac="11:22:33:44:55:66" reject'], 0, [ignore]) FWD_CHECK([ --add-rich-rule='rule source mac="11:22:33:44:55:66" reject'], 0, [ignore]) FWD_RELOAD FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1571957.at0000644000000000000000000000056714217342322021660 0ustar00rootroot00000000000000FWD_START_TEST([set-log-denied w/ ICMP block inversion]) AT_KEYWORDS(log_denied rhbz1571957 icmp) FWD_CHECK([-q --permanent --zone=public --add-icmp-block-inversion]) FWD_RELOAD FWD_CHECK([-q --set-log-denied=all]) AT_CHECK([sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf]) FWD_RELOAD FWD_CHECK([-q --set-log-denied=broadcast]) FWD_RELOAD FWD_END_TEST firewalld-1.1.1/src/tests/regression/gh567.at0000644000000000000000000000042114217342322020755 0ustar00rootroot00000000000000FWD_START_TEST([rich rule source w/ mark action]) AT_KEYWORDS(gh567 rich ipset) CHECK_IPSET FWD_CHECK([-q --permanent --new-ipset=Teste --type=hash:net]) FWD_CHECK([-q --permanent --add-rich-rule "rule family=ipv4 source ipset=Teste mark set=2"]) FWD_RELOAD FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1914935.at0000644000000000000000000000353214217342322021650 0ustar00rootroot00000000000000FWD_START_TEST([zone overlapping ports]) AT_KEYWORDS(zone port rhbz1914935) AT_CHECK([mkdir -p ./zones]) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_RELOAD FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar']) FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar']) FWD_CHECK([--zone foobar --list-ports], 0, [dnl 1024-65535/tcp ]) AT_DATA([./zones/foobar.xml], [dnl ]) FWD_RELOAD FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar']) FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar']) FWD_CHECK([--zone foobar --list-source-ports], 0, [dnl 1024-65535/tcp ]) dnl this one partially overlaps so it should not throw a warning. AT_DATA([./zones/foobar.xml], [dnl ]) FWD_RELOAD FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'], 1) FWD_CHECK([--zone foobar --list-ports], 0, [dnl 1024-2500/tcp ]) dnl this one partially overlaps so it should not throw a warning. AT_DATA([./zones/foobar.xml], [dnl ]) FWD_RELOAD FWD_GREP_LOG([WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'], 1) FWD_CHECK([--zone foobar --list-source-ports], 0, [dnl 1024-2500/tcp ]) FWD_END_TEST([-e '/WARNING: ALREADY_ENABLED:/d']) firewalld-1.1.1/src/tests/regression/rhbz1940928.at0000644000000000000000000000567014217342322021656 0ustar00rootroot00000000000000FWD_START_TEST([direct -s/-d multiple addresses]) AT_KEYWORDS(direct rhbz1940928 rhbz1949552) CHECK_IPTABLES dnl test triggers a limitation in iptables-restore dnl AT_CHECK([sed -i 's/^IndividualCalls.*/IndividualCalls=no/' ./firewalld.conf]) FWD_RELOAD FWD_CHECK([--direct --add-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT], 0, [ignore], [ignore]) FWD_CHECK([--direct --add-rule ipv4 filter OUTPUT 2 -p tcp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT], 0, [ignore], [ignore]) FWD_CHECK([--direct --add-rule ipv4 filter OUTPUT 2 -p udp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT], 0, [ignore], [ignore]) FWD_CHECK([--direct --add-rule ipv4 filter OUTPUT 9 -j DROP], 0, [ignore], [ignore]) IPTABLES_LIST_RULES_ALWAYS([filter], [m4_if(iptables, FIREWALL_BACKEND, [OUTPUT_direct], [OUTPUT])], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT tcp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT tcp -- 0.0.0.0/0 192.168.0.0/24 ACCEPT udp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT udp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT udp -- 0.0.0.0/0 192.168.0.0/24 DROP all -- 0.0.0.0/0 0.0.0.0/0 ]) FWD_CHECK([--direct --add-rule ipv4 filter OUTPUT 1 -p sctp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT], 0, [ignore], [ignore]) IPTABLES_LIST_RULES_ALWAYS([filter], [m4_if(iptables, FIREWALL_BACKEND, [OUTPUT_direct], [OUTPUT])], 0, [dnl ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT sctp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT sctp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT sctp -- 0.0.0.0/0 192.168.0.0/24 ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT tcp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT tcp -- 0.0.0.0/0 192.168.0.0/24 ACCEPT udp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT udp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT udp -- 0.0.0.0/0 192.168.0.0/24 DROP all -- 0.0.0.0/0 0.0.0.0/0 ]) FWD_CHECK([--direct --remove-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT], 0, [ignore], [ignore]) FWD_CHECK([--direct --remove-rule ipv4 filter OUTPUT 1 -p sctp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT], 0, [ignore], [ignore]) FWD_CHECK([--direct --remove-rule ipv4 filter OUTPUT 2 -p tcp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT], 0, [ignore], [ignore]) FWD_CHECK([--direct --remove-rule ipv4 filter OUTPUT 2 -p udp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT], 0, [ignore], [ignore]) FWD_CHECK([--direct --remove-rule ipv4 filter OUTPUT 9 -j DROP], 0, [ignore], [ignore]) IPTABLES_LIST_RULES_ALWAYS([filter], [m4_if(iptables, FIREWALL_BACKEND, [OUTPUT_direct], [OUTPUT])], 0, [dnl ]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/gh482.at0000644000000000000000000000175114217342322020760 0ustar00rootroot00000000000000FWD_START_TEST([remove forward-port after reload]) AT_KEYWORDS(gh482 rhbz1637675 rich forward_port) FWD_CHECK([-q --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) FWD_CHECK([-q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) FWD_CHECK([-q --permanent --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) FWD_RELOAD FWD_CHECK([-q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) FWD_CHECK([-q --permanent --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"']) FWD_CHECK([-q --permanent --add-forward-port=port=1234:proto=tcp:toport=4321]) FWD_RELOAD FWD_CHECK([-q --remove-forward-port=port=1234:proto=tcp:toport=4321]) FWD_CHECK([-q --permanent --remove-forward-port=port=1234:proto=tcp:toport=4321]) FWD_END_TEST firewalld-1.1.1/src/tests/regression/gh335.at0000644000000000000000000000647714217342322020767 0ustar00rootroot00000000000000FWD_START_TEST([forward-port toaddr enables IP forwarding]) AT_KEYWORDS(port forward_port gh335) NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ]) FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10]) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) FWD_RELOAD IF_HOST_SUPPORTS_IPV6_RULES([ NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ]) FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321"]) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) ]) FWD_RELOAD ]) NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ]) FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="10.10.10.10"']) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) FWD_RELOAD IF_HOST_SUPPORTS_IPV6_RULES([ NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ]) FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"']) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 0, [ignore], [ignore]) ]) FWD_RELOAD ]) dnl following tests should _not_ enable IP forwarding NS_CHECK([sysctl -w net.ipv4.conf.all.forwarding=0], 0, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6([ NS_CHECK([sysctl -w net.ipv6.conf.all.forwarding=0], 0, [ignore], [ignore]) ]) FWD_CHECK([-q --add-forward-port=port=12345:proto=tcp:toport=54321]) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) FWD_CHECK([-q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321"']) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) IF_HOST_SUPPORTS_IPV6_RULES([ FWD_CHECK([-q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"']) NS_CHECK([[sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) NS_CHECK([[sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1"]], 1, [ignore], [ignore]) ]) FWD_END_TEST([-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d']) firewalld-1.1.1/src/tests/regression/gh703.at0000644000000000000000000000072514217342322020754 0ustar00rootroot00000000000000FWD_START_TEST([add source with mac address]) AT_KEYWORDS(gh703) FWD_CHECK([--zone=home --add-source=34:7e:5c:3a:4c:32], 0, [ignore]) NFT_LIST_RULES([inet], [nat_POSTROUTING_ZONES], 0, [dnl table inet firewalld { chain nat_POSTROUTING_ZONES { ether daddr 34:7e:5c:3a:4c:32 goto nat_POST_home goto nat_POST_public } } ]) dnl NOTE: iptables does _not_ support matching mac destination. FWD_END_TEST firewalld-1.1.1/src/tests/regression/gh509.at0000644000000000000000000000110714217342322020753 0ustar00rootroot00000000000000m4_if(nftables, FIREWALL_BACKEND, [ FWD_START_TEST([missing firewalld.conf file]) AT_KEYWORDS(gh509) dnl We're going to wipe the config below and therefore use the defaults. As dnl such, if our test host doesn't support defaults then we must skip this test dnl group. IF_HOST_SUPPORTS_NFT_FIB([], [AT_SKIP_IF([:])]) AT_CHECK([if ! rm ./firewalld.conf; then exit 77; fi]) FWD_RESTART FWD_END_TEST([-e '/ERROR: Failed to load/d' dnl -e '/WARNING:.*No such file or directory:.*/d' dnl -e '/WARNING: Using fallback firewalld configuration settings/d']) ]) firewalld-1.1.1/src/tests/regression/rhbz1689429.at0000644000000000000000000000062114217342322021653 0ustar00rootroot00000000000000FWD_START_TEST([rich rule invalid priority]) AT_KEYWORDS(rich rhbz1689429) FWD_CHECK([--add-rich-rule='rule priority=foo accept'], 139, [], [Error: INVALID_PRIORITY: invalid 'priority' attribute value 'foo'. ]) FWD_CHECK([--permanent --add-rich-rule='rule priority=foo accept'], 139, [], [Error: INVALID_PRIORITY: invalid 'priority' attribute value 'foo'. ]) FWD_RELOAD FWD_END_TEST([ignore]) firewalld-1.1.1/src/tests/regression/gh696.at0000644000000000000000000000761714217342322020776 0ustar00rootroot00000000000000FWD_START_TEST([icmp-block-inversion no log blocked]) AT_KEYWORDS(icmp gh696 rhbz1945833) FWD_CHECK([--permanent --zone public --remove-icmp-block-inversion], 0, [ignore], [ignore]) FWD_CHECK([--permanent --zone public --add-icmp-block echo-request], 0, [ignore]) FWD_RELOAD() NFT_LIST_RULES([inet], [filter_IN_public_deny], 0, [dnl table inet firewalld { chain filter_IN_public_deny { icmp echo-request reject with icmpx admin-prohibited icmpv6 echo-request reject with icmpx admin-prohibited } } ]) IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 reject-with icmp-host-prohibited ]) IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 128 reject-with icmp6-adm-prohibited ]) dnl since inversion is disabled we should get logs when the ICMP is blocked. FWD_CHECK([--set-log-denied all], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_public_deny], 0, [dnl table inet firewalld { chain filter_IN_public_deny { icmp echo-request log prefix ""filter_zone_public_HOST_ICMP_BLOCK: "" icmp echo-request reject with icmpx admin-prohibited icmpv6 echo-request log prefix ""filter_zone_public_HOST_ICMP_BLOCK: "" icmpv6 echo-request reject with icmpx admin-prohibited } } ]) IPTABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 LOG flags 0 level 4 prefix "zone_public_HOST_ICMP_BLOCK: " REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 reject-with icmp-host-prohibited ]) IP6TABLES_LIST_RULES([filter], [IN_public_deny], 0, [dnl LOG icmpv6 ::/0 ::/0 ipv6-icmptype 128 LOG flags 0 level 4 prefix "zone_public_HOST_ICMP_BLOCK: " REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 128 reject-with icmp6-adm-prohibited ]) dnl ######################################## dnl ######################################## dnl Same as above, but with icmp block inversion. dnl ######################################## dnl ######################################## FWD_CHECK([--permanent --zone public --add-icmp-block-inversion], 0, [ignore]) FWD_CHECK([--set-log-denied off], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept icmp echo-request accept icmpv6 echo-request accept } } ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 ]) dnl since inversion is enabled, it should be the same whether set-log-denied is dnl enabled or not. FWD_CHECK([--set-log-denied all], 0, [ignore]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept icmp echo-request accept icmpv6 echo-request accept } } ]) IPTABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ]) IP6TABLES_LIST_RULES([filter], [IN_public_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 ]) FWD_END_TEST([-d '/WARNING: NOT_ENABLED: icmp-block-inversion/d']) firewalld-1.1.1/src/tests/regression/pr323.at0000644000000000000000000000041314217342322020767 0ustar00rootroot00000000000000FWD_START_TEST([GRE proto helper]) AT_KEYWORDS(helper gh323) CHECK_MODULE_PROTO_GRE FWD_CHECK([-q --add-protocol=gre]) FWD_CHECK([-q --remove-protocol=gre]) FWD_CHECK([-q --add-service=gre]) AT_CHECK([lsmod | grep nf_conntrack_proto_gre], 0, ignore) FWD_END_TEST firewalld-1.1.1/src/tests/regression/rhbz1506742.at0000644000000000000000000000201014217342322021627 0ustar00rootroot00000000000000FWD_START_TEST([ipset with timeout]) AT_KEYWORDS(ipset rhbz1506742) CHECK_IPSET FWD_CHECK([-q --permanent --new-ipset=foobar --type=hash:ip --option=maxelem=1000000 --option=family=inet --option=hashsize=4096 --option=timeout=600]) FWD_RELOAD FWD_CHECK([--permanent --ipset=foobar --add-entry=1.2.3.4], 32, ignore, ignore) FWD_CHECK([-q --ipset=foobar --add-entry=1.2.3.4]) FWD_CHECK([-q --ipset=foobar --query-entry=1.2.3.4], 32, ignore, ignore) FWD_CHECK([-q --ipset=foobar --remove-entry=1.2.3.4]) AT_DATA([foobar_entries.txt], [ 1.2.3.4 10.0.1.1 ]) FWD_CHECK([--permanent --ipset=foobar --add-entries-from-file=foobar_entries.txt], 32, ignore, ignore) FWD_CHECK([-q --ipset=foobar --add-entries-from-file=foobar_entries.txt]) FWD_CHECK([-q --ipset=foobar --query-entry=1.2.3.4], 32, ignore, ignore) FWD_CHECK([-q --ipset=foobar --remove-entries-from-file=foobar_entries.txt]) FWD_END_TEST([-e '/Error: IPSET_WITH_TIMEOUT/d' dnl -e '/ERROR: IPSET_WITH_TIMEOUT/d' dnl -e '/WARNING: NOT_ENABLED/d']) firewalld-1.1.1/src/tests/regression/gh453.at0000644000000000000000000000325514217342322020757 0ustar00rootroot00000000000000m4_if(nftables, FIREWALL_BACKEND, [ FWD_START_TEST([nftables helper objects]) AT_KEYWORDS(helper gh453) CHECK_NFT_CT_HELPER FWD_CHECK([-q --set-automatic-helpers=no]) FWD_CHECK([-q --add-service=ftp]) NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-ftp-tcp"], 0, [m4_strip([dnl ct helper helper-ftp-tcp { type "ftp" protocol tcp l3proto inet } ])]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 21 ct helper set "helper-ftp-tcp" tcp dport 21 ct state new,untracked accept } } ]) FWD_CHECK([-q --add-service=sip]) NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-sip-tcp"], 0, [m4_strip([dnl ct helper helper-sip-tcp { type "sip" protocol tcp l3proto inet } ])]) NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-sip-udp"], 0, [m4_strip([dnl ct helper helper-sip-udp { type "sip" protocol udp l3proto inet } ])]) NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 21 ct helper set "helper-ftp-tcp" tcp dport 21 ct state new,untracked accept tcp dport 5060 ct helper set "helper-sip-tcp" udp dport 5060 ct helper set "helper-sip-udp" tcp dport 5060 ct state new,untracked accept udp dport 5060 ct state new,untracked accept } } ]) FWD_END_TEST ]) firewalld-1.1.1/src/tests/regression/rhbz1715977.at0000644000000000000000000001360114217342322021653 0ustar00rootroot00000000000000FWD_START_TEST([rich rule src/dst with service destination]) AT_KEYWORDS(rich service rhbz1715977 rhbz1729097 rhbz1791783) FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0]) FWD_CHECK([-q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="ssh" accept']) FWD_RELOAD NFT_LIST_RULES([inet], [filter_IN_internal_allow], 0, [dnl table inet firewalld { chain filter_IN_internal_allow { tcp dport 22 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept udp dport 137 ct helper set "helper-netbios-ns-udp" udp dport 137 ct state new,untracked accept udp dport 138 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ]) FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.111.222/32" source address="10.10.10.0/24" service name="ssh" accept']) NFT_LIST_RULES([inet], [filter_IN_internal_allow], 0, [dnl table inet firewalld { chain filter_IN_internal_allow { tcp dport 22 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept udp dport 137 ct helper set "helper-netbios-ns-udp" udp dport 137 ct state new,untracked accept udp dport 138 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept ip daddr 192.168.111.222 ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 10.10.10.0/24 192.168.111.222 tcp dpt:22 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ]) FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 service name="ssdp" accept']) NFT_LIST_RULES([inet], [filter_IN_internal_allow], 0, [dnl table inet firewalld { chain filter_IN_internal_allow { tcp dport 22 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept udp dport 137 ct helper set "helper-netbios-ns-udp" udp dport 137 ct state new,untracked accept udp dport 138 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept ip daddr 192.168.111.222 ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept ip daddr 239.255.255.250 udp dport 1900 ct state new,untracked accept } } ]) IPTABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 10.10.10.0/24 192.168.111.222 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900 ctstate NEW,UNTRACKED ]) IP6TABLES_LIST_RULES([filter], [IN_internal_allow], 0, [dnl ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ]) FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept'], 122, [ignore], [ignore]) FWD_CHECK([-q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept']) FWD_RELOAD(122, [ignore], [ignore], 251) FWD_END_TEST([-e '/ERROR: INVALID_RULE: Destination conflict with service/d']) firewalld-1.1.1/src/tests/regression/gh287.at0000644000000000000000000000120314217342322020753 0ustar00rootroot00000000000000FWD_START_TEST([ICMP block inversion]) AT_KEYWORDS(icmp gh287) AT_CHECK([mkdir -p ./zones]) AT_CHECK([echo '' > ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo 'foobar' >> ./zones/foobar.xml]) AT_CHECK([echo 'foobar desc' >> ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) AT_CHECK([echo '' >> ./zones/foobar.xml]) FWD_RELOAD FWD_END_TEST firewalld-1.1.1/src/tests/Makefile.am0000644000000000000000000001257614217342322017461 0ustar00rootroot00000000000000TESTSUITE = $(srcdir)/testsuite TESTSUITE_INTEGRATION = $(srcdir)/integration/testsuite TESTSUITE_FILES = \ $(wildcard $(srcdir)/*.at) \ $(wildcard $(srcdir)/cli/*.at) \ $(wildcard $(srcdir)/dbus/*.at) \ $(wildcard $(srcdir)/features/*.at) \ $(wildcard $(srcdir)/integration/*.at) \ $(wildcard $(srcdir)/python/*.at) \ $(wildcard $(srcdir)/regression/*.at) EXTRA_DIST = \ $(TESTSUITE) \ $(TESTSUITE_INTEGRATION) \ $(TESTSUITE_FILES) \ $(wildcard $(srcdir)/python/*.py) \ $(srcdir)/package.m4 \ atlocal.in DISTCLEANFILES = atconfig testsuitedir = $(pkgdatadir)/testsuite dist_testsuite_SCRIPTS = $(TESTSUITE) dist_testsuite_DATA = README testsuite_integrationdir = $(pkgdatadir)/testsuite/integration dist_testsuite_integration_SCRIPTS = $(TESTSUITE_INTEGRATION) testsuite_pythondir = $(pkgdatadir)/testsuite/python dist_testsuite_python_DATA = python/*.py $(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec $(srcdir)/Makefile :;{ \ echo 'm4_define([AT_PACKAGE_NAME],[$(PACKAGE_NAME)])' && \ echo 'm4_define([AT_PACKAGE_VERSION],[$(PACKAGE_VERSION)])' && \ echo 'm4_define([AT_PACKAGE_STRING],[$(PACKAGE_STRING)])' && \ echo 'm4_define([AT_PACKAGE_URL],[http://firewalld.org/])' && \ echo 'm4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])' ; \ } > "$@" check-local: atconfig atlocal $(TESTSUITE) $(SHELL) '$(TESTSUITE)' $(TESTSUITEFLAGS) \ AUTOTEST_PATH="src" \ PYTHONPATH="${abs_top_srcdir}/src:${PYTHONPATH}" \ FIREWALLD_DEFAULT_CONFIG="${abs_top_srcdir}/config" installcheck-local: atconfig atlocal $(TESTSUITE) $(SHELL) '$(TESTSUITE)' $(TESTSUITEFLAGS) clean-local: test ! -f '$(TESTSUITE)' || $(SHELL) '$(TESTSUITE)' --clean -rm $(srcdir)/package.m4 AUTOM4TE = $(SHELL) $(top_srcdir)/missing --run autom4te AUTOTEST = $(AUTOM4TE) --language=autotest $(TESTSUITE) $(TESTSUITE_INTEGRATION): $(TESTSUITE_FILES) $(srcdir)/package.m4 $(AUTOTEST) -I '$(srcdir)' -o $@.tmp $@.at mv $@.tmp $@ CONTAINER_TARGETS = check-container-debian-sid check-container-fedora-rawhide check-container-centos8-stream check-container-debian-sid-image: check-container-%-image: (cd $(abs_top_srcdir) && { \ echo "FROM debian:sid" && \ echo "RUN apt-get update" && \ echo "RUN apt-get install -y autoconf automake pkg-config intltool libglib2.0-dev \ xsltproc docbook-xsl docbook-xml iproute2 iptables ipset ebtables \ nftables libxml2-utils libdbus-1-dev libgirepository1.0-dev \ python3-dbus python3-gi python3-nftables \ procps network-manager gir1.2-nm-1.0" && \ echo "COPY . /tmp/firewalld"; \ } | $(PODMAN) build -t firewalld-testsuite-$* -f - . ) check-container-fedora-rawhide-image: check-container-%-image: (cd $(abs_top_srcdir) && { \ echo "FROM fedora:rawhide" && \ echo "RUN dnf -y makecache" && \ echo "RUN dnf -y install autoconf automake conntrack-tools desktop-file-utils \ docbook-style-xsl file gettext glib2-devel intltool ipset \ iptables iptables-nft libtool libxml2 libxslt make nftables \ python3-nftables python3-gobject-base \ diffutils procps-ng iproute which dbus-daemon \ NetworkManager NetworkManager-ovs" && \ echo "RUN alternatives --set ebtables /usr/sbin/ebtables-nft" && \ echo "COPY . /tmp/firewalld"; \ } | $(PODMAN) build -t firewalld-testsuite-$* -f - . ) check-container-centos8-stream-image: check-container-%-image: (cd $(abs_top_srcdir) && { \ echo "FROM centos:8" && \ echo "RUN dnf -y makecache" && \ echo "RUN dnf -y install centos-release-stream" && \ echo "RUN dnf -y install autoconf automake conntrack-tools desktop-file-utils \ docbook-style-xsl file gettext glib2-devel intltool ipset \ iptables iptables-ebtables nftables libtool libxml2 \ libxslt make nftables python3-nftables \ python3-gobject-base diffutils procps-ng iproute which dbus-daemon \ NetworkManager NetworkManager-ovs" && \ echo "COPY . /tmp/firewalld"; \ } | $(PODMAN) build -t firewalld-testsuite-$* -f - . ) check-container-debian-sid: PYTHON=/usr/bin/python3 check-container-fedora-rawhide: PYTHON=/usr/bin/python3 check-container-centos8-stream: PYTHON=/usr/libexec/platform-python $(CONTAINER_TARGETS): check-container-%: check-container-%-image $(PODMAN) run -i --rm --privileged firewalld-testsuite-$* bash -c " \ cd /tmp/firewalld && \ ./autogen.sh && \ ./configure PYTHON=\"${PYTHON}\" && \ make && \ { make -C src/tests check-local TESTSUITEFLAGS=\"$(TESTSUITEFLAGS)\" || \ make -C src/tests check-local TESTSUITEFLAGS=\"--recheck --errexit --verbose\" ; } && \ make -C src/tests check-integration TESTSUITEFLAGS=\"$(TESTSUITEFLAGS)\" " $(PODMAN) rmi firewalld-testsuite-$* check-container: $(CONTAINER_TARGETS) .PHONY: check-container .PHONY: $(CONTAINER_TARGETS) $(foreach container,$(CONTAINER_TARGETS),$(container)-image) check-integration: atconfig atlocal $(TESTSUITE_INTEGRATION) $(SHELL) '$(TESTSUITE_INTEGRATION)' $(TESTSUITEFLAGS) -j1 \ AUTOTEST_PATH="src" \ PYTHONPATH="${abs_top_srcdir}/src:${PYTHONPATH}" \ FIREWALLD_DEFAULT_CONFIG="${abs_top_srcdir}/config" installcheck-integration: atconfig atlocal $(TESTSUITE_INTEGRATION) $(SHELL) '$(TESTSUITE_INTEGRATION)' $(TESTSUITEFLAGS) -j1 .PHONY: check-integration installcheck-integration firewalld-1.1.1/src/tests/testsuite0000755000000000000000005776336414217353201017426 0ustar00rootroot00000000000000#! /bin/sh # Generated from testsuite.at by GNU Autoconf 2.69. # # Copyright (C) 2009-2012 Free Software Foundation, Inc. # # This test suite is free software; the Free Software Foundation gives # unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" SHELL=${CONFIG_SHELL-/bin/sh} # How were we run? at_cli_args="$@" # Not all shells have the 'times' builtin; the subshell is needed to make # sure we discard the 'times: not found' message from the shell. at_times_p=false (times) >/dev/null 2>&1 && at_times_p=: # CLI Arguments to pass to the debugging scripts. at_debug_args= # -e sets to true at_errexit_p=false # Shall we be verbose? ':' means no, empty means yes. at_verbose=: at_quiet= # Running several jobs in parallel, 0 means as many as test groups. at_jobs=1 at_traceon=: at_trace_echo=: at_check_filter_trace=: # Shall we keep the debug scripts? Must be `:' when the suite is # run by a debug script, so that the script doesn't remove itself. at_debug_p=false # Display help message? at_help_p=false # Display the version message? at_version_p=false # List test groups? at_list_p=false # --clean at_clean=false # Test groups to run at_groups= # Whether to rerun failed tests. at_recheck= # Whether a write failure occurred at_write_fail=0 # The directory we run the suite in. Default to . if no -C option. at_dir=`pwd` # An absolute reference to this testsuite script. case $as_myself in [\\/]* | ?:[\\/]* ) at_myself=$as_myself ;; * ) at_myself=$at_dir/$as_myself ;; esac # Whether -C is in effect. at_change_dir=false # Whether to enable colored test results. at_color=auto # List of the tested programs. at_tested='' # As many question marks as there are digits in the last test group number. # Used to normalize the test group numbers so that `ls' lists them in # numerical order. at_format='???' # Description of all the test groups. at_help_all="1;firewall-cmd.at:5;basic options;offline panic reload; 2;firewall-cmd.at:28;get/list options;offline zone service icmp; 3;firewall-cmd.at:44;default zone;offline zone; 4;firewall-cmd.at:56;user zone;offline zone; 5;firewall-cmd.at:76;zone interfaces;offline zone; 6;firewall-cmd.at:174;zone sources;offline zone; 7;firewall-cmd.at:227;services;offline service; 8;firewall-cmd.at:271;user services;offline service; 9;firewall-cmd.at:353;ports;offline port; 10;firewall-cmd.at:410;source ports;offline port; 11;firewall-cmd.at:447;protocols;offline protocol; 12;firewall-cmd.at:475;masquerade;offline masquerade nat; 13;firewall-cmd.at:502;forward;offline forward gh586 gh613; 14;firewall-cmd.at:690;forward ports;offline port forward_port; 15;firewall-cmd.at:789;ICMP block;offline icmp; 16;firewall-cmd.at:835;user ICMP types;offline icmp; 17;firewall-cmd.at:858;ipset;offline ipset rhbz1685256; 18;firewall-cmd.at:1055;user helpers;offline helper; 19;firewall-cmd.at:1083;direct;offline direct; 20;firewall-cmd.at:1157;direct nat;offline direct nat; 21;firewall-cmd.at:1182;direct passthrough;offline direct passthrough; 22;firewall-cmd.at:1220;direct ebtables;offline direct ebtables; 23;firewall-cmd.at:1266;lockdown;offline lockdown; 24;firewall-cmd.at:1333;rich rules good;offline rich; 25;firewall-cmd.at:1367;rich rules audit;offline rich; 26;firewall-cmd.at:1375;rich rules priority;offline rich; 27;firewall-cmd.at:1946;rich rules bad;offline rich; 28;firewall-cmd.at:1989;config validation;offline check_config; 29;rfc3964_ipv4.at:1;RFC3964_IPv4;offline rfc3964_ipv4; 30;service_include.at:1;service include;offline service xml gh273 rhbz1720300; 31;helpers_custom.at:1;customer helpers;offline helpers rhbz1733066 gh514 rhbz1769520; 32;policy.at:5;policy - xml;offline policy xml; 33;policy.at:79;policy - create;offline policy; 34;policy.at:96;policy - name;offline policy; 35;policy.at:109;policy - list;offline policy; 36;policy.at:231;policy - options;offline policy; 37;policy.at:290;policy - priority;offline policy; 38;policy.at:420;policy - zones;offline policy; 39;policy.at:607;policy - dispatch;offline policy; 40;policy.at:2239;policy - interfaces/sources;offline policy; 41;policy.at:2406;policy - target;offline policy; 42;policy.at:2455;policy - from file;offline policy; 43;services.at:1;services;offline policy service; 44;ports.at:1;ports;offline policy port; 45;source_ports.at:1;source ports;offline policy source_port; 46;forward_ports.at:1;forward ports;offline policy forward_port; 47;forward_ports.at:199;forward ports (OUTPUT);offline policy forward_port rhbz2039542; 48;masquerade.at:1;masquerade;offline policy masquerade; 49;protocols.at:1;protocols;offline policy protocol; 50;rich_rules.at:1;rich rules;offline policy rich; 51;icmp_blocks.at:1;ICMP blocks;offline policy icmp_block; 52;rich_tcp_mss_clamp.at:5;tcp-mss-clamp;offline tcp-mss-clamp; 53;rich_destination_ipset.at:1;rich destination ipset;offline rich ipset; 54;zone.at:1;zone - target;offline zone; 55;rpfilter.at:1;rpfilter;offline rpfilter; 56;firewall-offline-cmd.at:19;lokkit migration;offline lokkit; 57;firewalld.conf.at:1;firewalld.conf;nftables dbus; 58;service.at:1;dbus api - services;nftables dbus service rhbz1721414 rhbz1737045 gh514; 59;zone_permanent_signatures.at:1;dbus api - zone permanent signatures;nftables dbus zone gh586 gh613; 60;zone_runtime_signatures.at:1;dbus api - zone runtime signatures;nftables dbus zone gh586 gh613; 61;zone_permanent_functional.at:1;dbus api - zone permanent functional;nftables dbus zone gh586 gh613; 62;zone_runtime_functional.at:1;dbus api - zone runtime functional;nftables dbus zone gh586 gh613; 63;policy_permanent_signatures.at:1;dbus api - policy permanent signatures;nftables dbus policy; 64;policy_runtime_signatures.at:1;dbus api - policy runtime signatures;nftables dbus policy; 65;policy_permanent_functional.at:1;dbus api - policy permanent functional;nftables dbus policy; 66;policy_runtime_functional.at:1;dbus api - policy runtime functional;nftables dbus policy; 67;direct.at:1;dbus api - direct signatures;nftables dbus direct; 68;firewall-cmd.at:5;basic options;nftables panic reload; 69;firewall-cmd.at:28;get/list options;nftables zone service icmp; 70;firewall-cmd.at:44;default zone;nftables zone; 71;firewall-cmd.at:56;user zone;nftables zone; 72;firewall-cmd.at:76;zone interfaces;nftables zone; 73;firewall-cmd.at:174;zone sources;nftables zone; 74;firewall-cmd.at:227;services;nftables service; 75;firewall-cmd.at:271;user services;nftables service; 76;firewall-cmd.at:353;ports;nftables port; 77;firewall-cmd.at:410;source ports;nftables port; 78;firewall-cmd.at:447;protocols;nftables protocol; 79;firewall-cmd.at:475;masquerade;nftables masquerade nat; 80;firewall-cmd.at:502;forward;nftables forward gh586 gh613; 81;firewall-cmd.at:690;forward ports;nftables port forward_port; 82;firewall-cmd.at:789;ICMP block;nftables icmp; 83;firewall-cmd.at:835;user ICMP types;nftables icmp; 84;firewall-cmd.at:858;ipset;nftables ipset rhbz1685256; 85;firewall-cmd.at:1055;user helpers;nftables helper; 86;firewall-cmd.at:1083;direct;nftables direct; 87;firewall-cmd.at:1157;direct nat;nftables direct nat; 88;firewall-cmd.at:1182;direct passthrough;nftables direct passthrough; 89;firewall-cmd.at:1220;direct ebtables;nftables direct ebtables; 90;firewall-cmd.at:1266;lockdown;nftables lockdown; 91;firewall-cmd.at:1333;rich rules good;nftables rich; 92;firewall-cmd.at:1367;rich rules audit;nftables rich; 93;firewall-cmd.at:1375;rich rules priority;nftables rich; 94;firewall-cmd.at:1946;rich rules bad;nftables rich; 95;firewall-cmd.at:1989;config validation;nftables check_config; 96;rhbz1514043.at:1;--set-log-denied does not zero config;nftables log_denied rhbz1514043; 97;rhbz1498923.at:1;invalid direct rule causes reload error;nftables direct reload rhbz1498923; 98;pr181.at:1;combined zones name length check;nftables zone gh181; 99;gh287.at:1;ICMP block inversion;nftables icmp gh287; 100;individual_calls.at:1;individual calls;nftables individual_calls; 101;rhbz1534571.at:3;rule deduplication;nftables rhbz1534571; 102;gh290.at:1;invalid syntax in xml files;nftables xml direct gh290; 103;gh290.at:19;invalid syntax in xml files;nftables xml zone gh290; 104;icmp_block_in_forward_chain.at:1;ICMP block not present FORWARD chain;nftables icmp; 105;pr323.at:1;GRE proto helper;nftables helper gh323; 106;rhbz1506742.at:1;ipset with timeout;nftables ipset rhbz1506742; 107;rhbz1594657.at:1;no log untracked passthrough queries;nftables direct passthrough rhbz1594657; 108;rhbz1571957.at:1;set-log-denied w/ ICMP block inversion;nftables log_denied rhbz1571957 icmp; 109;rhbz1404076.at:1;query single port added with range;nftables port rhbz1404076; 110;gh366.at:1;service destination multiple IP versions;nftables service gh366; 111;rhbz1601610.at:1;ipset duplicate entries;nftables ipset rhbz1601610; 112;gh303.at:1;unicode in XML;nftables xml unicode service gh303; 113;gh335.at:1;forward-port toaddr enables IP forwarding;nftables port forward_port gh335; 114;gh482.at:1;remove forward-port after reload;nftables gh482 rhbz1637675 rich forward_port; 115;gh478.at:1;rich rule marks every packet;nftables rich mark gh478; 116;gh453.at:1;nftables helper objects;nftables helper gh453; 117;gh258.at:1;zone dispatch layout;nftables zone gh258 gh441 rhbz1713823; 118;rhbz1715977.at:1;rich rule src/dst with service destination;nftables rich service rhbz1715977 rhbz1729097 rhbz1791783; 119;rhbz1723610.at:1;direct remove-rules per family;nftables direct rhbz1723610 gh385; 120;rhbz1734765.at:1;zone sources ordered by name;nftables zone rhbz1734765 rhbz1421222 gh166 rhbz1738545; 121;gh509.at:1;missing firewalld.conf file;nftables gh509; 122;gh567.at:1;rich rule source w/ mark action;nftables gh567 rich ipset; 123;rhbz1779835.at:1;ipv6 address with brackets;nftables rhbz1779835 ipset; 124;rhbz1779835.at:16;ipv6 address with brackets;nftables rhbz1779835 zone forward_port rich; 125;gh330.at:1;ipset cleanup on reload/stop;nftables ipset reload gh330 rhbz1682913 rhbz1790948 rhbz1809225; 126;gh599.at:1;writing to log after copytruncate;nftables gh599; 127;rhbz1843398.at:1;rich rule source mac;nftables rich rhbz1843398 gh643; 128;rhbz1839781.at:1;service RH-Satellite-6;nftables service rhbz1839781; 129;rhbz1689429.at:1;rich rule invalid priority;nftables rich rhbz1689429; 130;rhbz1483921.at:1;direct and zone mutually exclusive;nftables direct rhbz1483921; 131;rhbz1541077.at:1;hash:mac and family mutually exclusive;nftables ipset rhbz1541077; 132;rhbz1855140.at:1;rich rule icmptypes with one family;nftables rich icmp rhbz1855140; 133;rhbz1871298.at:1;rich rule parsing bottleneck;nftables rich offline rhbz1871298; 134;rhbz1596304.at:1;rich rules strip non-printable characters;nftables rich rhbz1596304; 135;gh703.at:1;add source with mac address;nftables gh703; 136;ipset_netmask_allowed.at:1;ipset netmask allowed type hash:ip;nftables ipset reload; 137;rhbz1940928.at:1;direct -s/-d multiple addresses;nftables direct rhbz1940928 rhbz1949552; 138;rhbz1936896.at:1;ipset type hash:net,net;nftables rhbz1936896; 139;gh795.at:1;ipset entry delete w/ timeout=0;nftables ipset gh794 gh795; 140;rhbz1914935.at:1;zone overlapping ports;nftables zone port rhbz1914935; 141;gh696.at:1;icmp-block-inversion no log blocked;nftables icmp gh696 rhbz1945833; 142;rhbz1917766.at:1;rich rule source with netmask;nftables rich rhbz1917766; 143;rhbz2014383.at:1;same source in two zone xml;nftables zone rhbz2014383; 144;gh874.at:1;policy masquerade w/ ingress interface;nftables policy zone masquerade gh874; 145;gh881.at:1;ipset entry overlap detect perf;nftables ipset gh881; 146;service_includes_for_builtin.at:1;service include for built-in;nftables dbus service service_includes_for_builtin service_includes_for_built-in; 147;python.at:3;firewalld_test.py;nftables python; 148;python.at:8;firewalld_config.py;nftables python; 149;python.at:13;firewalld_rich.py;nftables python; 150;python.at:18;firewalld_direct.py;nftables python; 151;rfc3964_ipv4.at:1;RFC3964_IPv4;nftables rfc3964_ipv4; 152;service_include.at:1;service include;nftables service xml gh273 rhbz1720300; 153;helpers_custom.at:1;customer helpers;nftables helpers rhbz1733066 gh514 rhbz1769520; 154;policy.at:5;policy - xml;nftables policy xml; 155;policy.at:79;policy - create;nftables policy; 156;policy.at:96;policy - name;nftables policy; 157;policy.at:109;policy - list;nftables policy; 158;policy.at:231;policy - options;nftables policy; 159;policy.at:290;policy - priority;nftables policy; 160;policy.at:420;policy - zones;nftables policy; 161;policy.at:607;policy - dispatch;nftables policy; 162;policy.at:2239;policy - interfaces/sources;nftables policy; 163;policy.at:2406;policy - target;nftables policy; 164;policy.at:2455;policy - from file;nftables policy; 165;services.at:1;services;nftables policy service; 166;ports.at:1;ports;nftables policy port; 167;source_ports.at:1;source ports;nftables policy source_port; 168;forward_ports.at:1;forward ports;nftables policy forward_port; 169;forward_ports.at:199;forward ports (OUTPUT);nftables policy forward_port rhbz2039542; 170;masquerade.at:1;masquerade;nftables policy masquerade; 171;protocols.at:1;protocols;nftables policy protocol; 172;rich_rules.at:1;rich rules;nftables policy rich; 173;icmp_blocks.at:1;ICMP blocks;nftables policy icmp_block; 174;rich_tcp_mss_clamp.at:5;tcp-mss-clamp;nftables tcp-mss-clamp; 175;rich_destination_ipset.at:1;rich destination ipset;nftables rich ipset; 176;zone.at:1;zone - target;nftables zone; 177;rpfilter.at:1;rpfilter;nftables rpfilter; 178;firewall-cmd.at:5;basic options;iptables panic reload; 179;firewall-cmd.at:28;get/list options;iptables zone service icmp; 180;firewall-cmd.at:44;default zone;iptables zone; 181;firewall-cmd.at:56;user zone;iptables zone; 182;firewall-cmd.at:76;zone interfaces;iptables zone; 183;firewall-cmd.at:174;zone sources;iptables zone; 184;firewall-cmd.at:227;services;iptables service; 185;firewall-cmd.at:271;user services;iptables service; 186;firewall-cmd.at:353;ports;iptables port; 187;firewall-cmd.at:410;source ports;iptables port; 188;firewall-cmd.at:447;protocols;iptables protocol; 189;firewall-cmd.at:475;masquerade;iptables masquerade nat; 190;firewall-cmd.at:502;forward;iptables forward gh586 gh613; 191;firewall-cmd.at:690;forward ports;iptables port forward_port; 192;firewall-cmd.at:789;ICMP block;iptables icmp; 193;firewall-cmd.at:835;user ICMP types;iptables icmp; 194;firewall-cmd.at:858;ipset;iptables ipset rhbz1685256; 195;firewall-cmd.at:1055;user helpers;iptables helper; 196;firewall-cmd.at:1083;direct;iptables direct; 197;firewall-cmd.at:1157;direct nat;iptables direct nat; 198;firewall-cmd.at:1182;direct passthrough;iptables direct passthrough; 199;firewall-cmd.at:1220;direct ebtables;iptables direct ebtables; 200;firewall-cmd.at:1266;lockdown;iptables lockdown; 201;firewall-cmd.at:1333;rich rules good;iptables rich; 202;firewall-cmd.at:1367;rich rules audit;iptables rich; 203;firewall-cmd.at:1375;rich rules priority;iptables rich; 204;firewall-cmd.at:1946;rich rules bad;iptables rich; 205;firewall-cmd.at:1989;config validation;iptables check_config; 206;rhbz1514043.at:1;--set-log-denied does not zero config;iptables log_denied rhbz1514043; 207;rhbz1498923.at:1;invalid direct rule causes reload error;iptables direct reload rhbz1498923; 208;pr181.at:1;combined zones name length check;iptables zone gh181; 209;gh287.at:1;ICMP block inversion;iptables icmp gh287; 210;individual_calls.at:1;individual calls;iptables individual_calls; 211;rhbz1534571.at:3;rule deduplication;iptables rhbz1534571; 212;gh290.at:1;invalid syntax in xml files;iptables xml direct gh290; 213;gh290.at:19;invalid syntax in xml files;iptables xml zone gh290; 214;icmp_block_in_forward_chain.at:1;ICMP block not present FORWARD chain;iptables icmp; 215;pr323.at:1;GRE proto helper;iptables helper gh323; 216;rhbz1506742.at:1;ipset with timeout;iptables ipset rhbz1506742; 217;rhbz1594657.at:1;no log untracked passthrough queries;iptables direct passthrough rhbz1594657; 218;rhbz1571957.at:1;set-log-denied w/ ICMP block inversion;iptables log_denied rhbz1571957 icmp; 219;rhbz1404076.at:1;query single port added with range;iptables port rhbz1404076; 220;gh366.at:1;service destination multiple IP versions;iptables service gh366; 221;rhbz1601610.at:1;ipset duplicate entries;iptables ipset rhbz1601610; 222;gh303.at:1;unicode in XML;iptables xml unicode service gh303; 223;gh335.at:1;forward-port toaddr enables IP forwarding;iptables port forward_port gh335; 224;gh482.at:1;remove forward-port after reload;iptables gh482 rhbz1637675 rich forward_port; 225;gh478.at:1;rich rule marks every packet;iptables rich mark gh478; 226;gh258.at:1;zone dispatch layout;iptables zone gh258 gh441 rhbz1713823; 227;rhbz1715977.at:1;rich rule src/dst with service destination;iptables rich service rhbz1715977 rhbz1729097 rhbz1791783; 228;rhbz1723610.at:1;direct remove-rules per family;iptables direct rhbz1723610 gh385; 229;rhbz1734765.at:1;zone sources ordered by name;iptables zone rhbz1734765 rhbz1421222 gh166 rhbz1738545; 230;gh567.at:1;rich rule source w/ mark action;iptables gh567 rich ipset; 231;rhbz1779835.at:1;ipv6 address with brackets;iptables rhbz1779835 ipset; 232;rhbz1779835.at:16;ipv6 address with brackets;iptables rhbz1779835 zone forward_port rich; 233;gh330.at:1;ipset cleanup on reload/stop;iptables ipset reload gh330 rhbz1682913 rhbz1790948 rhbz1809225; 234;gh599.at:1;writing to log after copytruncate;iptables gh599; 235;rhbz1829104.at:1;direct rule in zone chain;iptables direct rhbz1829104; 236;rhbz1843398.at:1;rich rule source mac;iptables rich rhbz1843398 gh643; 237;rhbz1839781.at:1;service RH-Satellite-6;iptables service rhbz1839781; 238;rhbz1689429.at:1;rich rule invalid priority;iptables rich rhbz1689429; 239;rhbz1483921.at:1;direct and zone mutually exclusive;iptables direct rhbz1483921; 240;rhbz1541077.at:1;hash:mac and family mutually exclusive;iptables ipset rhbz1541077; 241;rhbz1855140.at:1;rich rule icmptypes with one family;iptables rich icmp rhbz1855140; 242;rhbz1871298.at:1;rich rule parsing bottleneck;iptables rich offline rhbz1871298; 243;rhbz1596304.at:1;rich rules strip non-printable characters;iptables rich rhbz1596304; 244;gh703.at:1;add source with mac address;iptables gh703; 245;ipset_netmask_allowed.at:1;ipset netmask allowed type hash:ip;iptables ipset reload; 246;rhbz1940928.at:1;direct -s/-d multiple addresses;iptables direct rhbz1940928 rhbz1949552; 247;rhbz1936896.at:1;ipset type hash:net,net;iptables rhbz1936896; 248;gh795.at:1;ipset entry delete w/ timeout=0;iptables ipset gh794 gh795; 249;rhbz1914935.at:1;zone overlapping ports;iptables zone port rhbz1914935; 250;gh696.at:1;icmp-block-inversion no log blocked;iptables icmp gh696 rhbz1945833; 251;rhbz1917766.at:1;rich rule source with netmask;iptables rich rhbz1917766; 252;rhbz2014383.at:1;same source in two zone xml;iptables zone rhbz2014383; 253;gh874.at:1;policy masquerade w/ ingress interface;iptables policy zone masquerade gh874; 254;gh881.at:1;ipset entry overlap detect perf;iptables ipset gh881; 255;service_includes_for_builtin.at:1;service include for built-in;iptables dbus service service_includes_for_builtin service_includes_for_built-in; 256;python.at:3;firewalld_test.py;iptables python; 257;python.at:8;firewalld_config.py;iptables python; 258;python.at:13;firewalld_rich.py;iptables python; 259;python.at:18;firewalld_direct.py;iptables python; 260;rfc3964_ipv4.at:1;RFC3964_IPv4;iptables rfc3964_ipv4; 261;service_include.at:1;service include;iptables service xml gh273 rhbz1720300; 262;helpers_custom.at:1;customer helpers;iptables helpers rhbz1733066 gh514 rhbz1769520; 263;policy.at:5;policy - xml;iptables policy xml; 264;policy.at:79;policy - create;iptables policy; 265;policy.at:96;policy - name;iptables policy; 266;policy.at:109;policy - list;iptables policy; 267;policy.at:231;policy - options;iptables policy; 268;policy.at:290;policy - priority;iptables policy; 269;policy.at:420;policy - zones;iptables policy; 270;policy.at:607;policy - dispatch;iptables policy; 271;policy.at:2239;policy - interfaces/sources;iptables policy; 272;policy.at:2406;policy - target;iptables policy; 273;policy.at:2455;policy - from file;iptables policy; 274;services.at:1;services;iptables policy service; 275;ports.at:1;ports;iptables policy port; 276;source_ports.at:1;source ports;iptables policy source_port; 277;forward_ports.at:1;forward ports;iptables policy forward_port; 278;forward_ports.at:199;forward ports (OUTPUT);iptables policy forward_port rhbz2039542; 279;masquerade.at:1;masquerade;iptables policy masquerade; 280;protocols.at:1;protocols;iptables policy protocol; 281;rich_rules.at:1;rich rules;iptables policy rich; 282;icmp_blocks.at:1;ICMP blocks;iptables policy icmp_block; 283;rich_tcp_mss_clamp.at:5;tcp-mss-clamp;iptables tcp-mss-clamp; 284;rich_destination_ipset.at:1;rich destination ipset;iptables rich ipset; 285;zone.at:1;zone - target;iptables zone; 286;rpfilter.at:1;rpfilter;iptables rpfilter; " # List of the all the test groups. at_groups_all=`$as_echo "$at_help_all" | sed 's/;.*//'` # at_fn_validate_ranges NAME... # ----------------------------- # Validate and normalize the test group number contained in each variable # NAME. Leading zeroes are treated as decimal. at_fn_validate_ranges () { for at_grp do eval at_value=\$$at_grp if test $at_value -lt 1 || test $at_value -gt 286; then $as_echo "invalid test group: $at_value" >&2 exit 1 fi case $at_value in 0*) # We want to treat leading 0 as decimal, like expr and test, but # AS_VAR_ARITH treats it as octal if it uses $(( )). # With XSI shells, ${at_value#${at_value%%[1-9]*}} avoids the # expr fork, but it is not worth the effort to determine if the # shell supports XSI when the user can just avoid leading 0. eval $at_grp='`expr $at_value + 0`' ;; esac done } at_prev= for at_option do # If the previous option needs an argument, assign it. if test -n "$at_prev"; then at_option=$at_prev=$at_option at_prev= fi case $at_option in *=?*) at_optarg=`expr "X$at_option" : '[^=]*=\(.*\)'` ;; *) at_optarg= ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $at_option in --help | -h ) at_help_p=: ;; --list | -l ) at_list_p=: ;; --version | -V ) at_version_p=: ;; --clean | -c ) at_clean=: ;; --color ) at_color=always ;; --color=* ) case $at_optarg in no | never | none) at_color=never ;; auto | tty | if-tty) at_color=auto ;; always | yes | force) at_color=always ;; *) at_optname=`echo " $at_option" | sed 's/^ //; s/=.*//'` as_fn_error $? "unrecognized argument to $at_optname: $at_optarg" ;; esac ;; --debug | -d ) at_debug_p=: ;; --errexit | -e ) at_debug_p=: at_errexit_p=: ;; --verbose | -v ) at_verbose=; at_quiet=: ;; --trace | -x ) at_traceon='set -x' at_trace_echo=echo at_check_filter_trace=at_fn_filter_trace ;; [0-9] | [0-9][0-9] | [0-9][0-9][0-9] | [0-9][0-9][0-9][0-9]) at_fn_validate_ranges at_option as_fn_append at_groups "$at_option$as_nl" ;; # Ranges [0-9]- | [0-9][0-9]- | [0-9][0-9][0-9]- | [0-9][0-9][0-9][0-9]-) at_range_start=`echo $at_option |tr -d X-` at_fn_validate_ranges at_range_start at_range=`$as_echo "$at_groups_all" | \ sed -ne '/^'$at_range_start'$/,$p'` as_fn_append at_groups "$at_range$as_nl" ;; -[0-9] | -[0-9][0-9] | -[0-9][0-9][0-9] | -[0-9][0-9][0-9][0-9]) at_range_end=`echo $at_option |tr -d X-` at_fn_validate_ranges at_range_end at_range=`$as_echo "$at_groups_all" | \ sed -ne '1,/^'$at_range_end'$/p'` as_fn_append at_groups "$at_range$as_nl" ;; [0-9]-[0-9] | [0-9]-[0-9][0-9] | [0-9]-[0-9][0-9][0-9] | \ [0-9]-[0-9][0-9][0-9][0-9] | [0-9][0-9]-[0-9][0-9] | \ [0-9][0-9]-[0-9][0-9][0-9] | [0-9][0-9]-[0-9][0-9][0-9][0-9] | \ [0-9][0-9][0-9]-[0-9][0-9][0-9] | \ [0-9][0-9][0-9]-[0-9][0-9][0-9][0-9] | \ [0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9] ) at_range_start=`expr $at_option : '\(.*\)-'` at_range_end=`expr $at_option : '.*-\(.*\)'` if test $at_range_start -gt $at_range_end; then at_tmp=$at_range_end at_range_end=$at_range_start at_range_start=$at_tmp fi at_fn_validate_ranges at_range_start at_range_end at_range=`$as_echo "$at_groups_all" | \ sed -ne '/^'$at_range_start'$/,/^'$at_range_end'$/p'` as_fn_append at_groups "$at_range$as_nl" ;; # Directory selection. --directory | -C ) at_prev=--directory ;; --directory=* ) at_change_dir=: at_dir=$at_optarg if test x- = "x$at_dir" ; then at_dir=./- fi ;; # Parallel execution. --jobs | -j ) at_jobs=0 ;; --jobs=* | -j[0-9]* ) if test -n "$at_optarg"; then at_jobs=$at_optarg else at_jobs=`expr X$at_option : 'X-j\(.*\)'` fi case $at_jobs in *[!0-9]*) at_optname=`echo " $at_option" | sed 's/^ //; s/[0-9=].*//'` as_fn_error $? "non-numeric argument to $at_optname: $at_jobs" ;; esac ;; # Keywords. --keywords | -k ) at_prev=--keywords ;; --keywords=* ) at_groups_selected=$at_help_all at_save_IFS=$IFS IFS=, set X $at_optarg shift IFS=$at_save_IFS for at_keyword do at_invert= case $at_keyword in '!'*) at_invert="-v" at_keyword=`expr "X$at_keyword" : 'X!\(.*\)'` ;; esac # It is on purpose that we match the test group titles too. at_groups_selected=`$as_echo "$at_groups_selected" | grep -i $at_invert "^[1-9][^;]*;.*[; ]$at_keyword[ ;]"` done # Smash the keywords. at_groups_selected=`$as_echo "$at_groups_selected" | sed 's/;.*//'` as_fn_append at_groups "$at_groups_selected$as_nl" ;; --recheck) at_recheck=: ;; *=*) at_envvar=`expr "x$at_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $at_envvar in '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$at_envvar'" ;; esac at_value=`$as_echo "$at_optarg" | sed "s/'/'\\\\\\\\''/g"` # Export now, but save eval for later and for debug scripts. export $at_envvar as_fn_append at_debug_args " $at_envvar='$at_value'" ;; *) $as_echo "$as_me: invalid option: $at_option" >&2 $as_echo "Try \`$0 --help' for more information." >&2 exit 1 ;; esac done # Verify our last option didn't require an argument if test -n "$at_prev"; then : as_fn_error $? "\`$at_prev' requires an argument" fi # The file containing the suite. at_suite_log=$at_dir/$as_me.log # Selected test groups. if test -z "$at_groups$at_recheck"; then at_groups=$at_groups_all else if test -n "$at_recheck" && test -r "$at_suite_log"; then at_oldfails=`sed -n ' /^Failed tests:$/,/^Skipped tests:$/{ s/^[ ]*\([1-9][0-9]*\):.*/\1/p } /^Unexpected passes:$/,/^## Detailed failed tests/{ s/^[ ]*\([1-9][0-9]*\):.*/\1/p } /^## Detailed failed tests/q ' "$at_suite_log"` as_fn_append at_groups "$at_oldfails$as_nl" fi # Sort the tests, removing duplicates. at_groups=`$as_echo "$at_groups" | sort -nu | sed '/^$/d'` fi if test x"$at_color" = xalways \ || { test x"$at_color" = xauto && test -t 1; }; then at_red=`printf '\033[0;31m'` at_grn=`printf '\033[0;32m'` at_lgn=`printf '\033[1;32m'` at_blu=`printf '\033[1;34m'` at_std=`printf '\033[m'` else at_red= at_grn= at_lgn= at_blu= at_std= fi # Help message. if $at_help_p; then cat <<_ATEOF || at_write_fail=1 Usage: $0 [OPTION]... [VARIABLE=VALUE]... [TESTS] Run all the tests, or the selected TESTS, given by numeric ranges, and save a detailed log file. Upon failure, create debugging scripts. Do not change environment variables directly. Instead, set them via command line arguments. Set \`AUTOTEST_PATH' to select the executables to exercise. Each relative directory is expanded as build and source directories relative to the top level of this distribution. E.g., from within the build directory /tmp/foo-1.0, invoking this: $ $0 AUTOTEST_PATH=bin is equivalent to the following, assuming the source directory is /src/foo-1.0: PATH=/tmp/foo-1.0/bin:/src/foo-1.0/bin:\$PATH $0 _ATEOF cat <<_ATEOF || at_write_fail=1 Operation modes: -h, --help print the help message, then exit -V, --version print version number, then exit -c, --clean remove all the files this test suite might create and exit -l, --list describes all the tests, or the selected TESTS _ATEOF cat <<_ATEOF || at_write_fail=1 Execution tuning: -C, --directory=DIR change to directory DIR before starting --color[=never|auto|always] disable colored test results, or enable even without terminal -j, --jobs[=N] Allow N jobs at once; infinite jobs with no arg (default 1) -k, --keywords=KEYWORDS select the tests matching all the comma-separated KEYWORDS multiple \`-k' accumulate; prefixed \`!' negates a KEYWORD --recheck select all tests that failed or passed unexpectedly last time -e, --errexit abort as soon as a test fails; implies --debug -v, --verbose force more detailed output default for debugging scripts -d, --debug inhibit clean up and top-level logging default for debugging scripts -x, --trace enable tests shell tracing _ATEOF cat <<_ATEOF || at_write_fail=1 Report bugs to . firewalld home page: . _ATEOF exit $at_write_fail fi # List of tests. if $at_list_p; then cat <<_ATEOF || at_write_fail=1 firewalld 1.1.1 test suite test groups: NUM: FILE-NAME:LINE TEST-GROUP-NAME KEYWORDS _ATEOF # Pass an empty line as separator between selected groups and help. $as_echo "$at_groups$as_nl$as_nl$at_help_all" | awk 'NF == 1 && FS != ";" { selected[$ 1] = 1 next } /^$/ { FS = ";" } NF > 0 { if (selected[$ 1]) { printf " %3d: %-18s %s\n", $ 1, $ 2, $ 3 if ($ 4) { lmax = 79 indent = " " line = indent len = length (line) n = split ($ 4, a, " ") for (i = 1; i <= n; i++) { l = length (a[i]) + 1 if (i > 1 && len + l > lmax) { print line line = indent " " a[i] len = length (line) } else { line = line " " a[i] len += l } } if (n) print line } } }' || at_write_fail=1 exit $at_write_fail fi if $at_version_p; then $as_echo "$as_me (firewalld 1.1.1)" && cat <<\_ATEOF || at_write_fail=1 Copyright (C) 2012 Free Software Foundation, Inc. This test suite is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ATEOF exit $at_write_fail fi # Should we print banners? Yes if more than one test is run. case $at_groups in #( *$as_nl* ) at_print_banners=: ;; #( * ) at_print_banners=false ;; esac # Text for banner N, set to a single space once printed. # Banner 1. firewall-offline-cmd.at:1 # Category starts at test group 1. at_banner_text_1="firewall-offline-cmd" # Banner 2. features.at:1 # Category starts at test group 29. at_banner_text_2="features (offline)" # Banner 3. dbus.at:1 # Category starts at test group 57. at_banner_text_3="dbus" # Banner 4. firewall-cmd.at:1 # Category starts at test group 68. at_banner_text_4="firewall-cmd (nftables)" # Banner 5. regression.at:1 # Category starts at test group 96. at_banner_text_5="regression (nftables)" # Banner 6. python.at:1 # Category starts at test group 147. at_banner_text_6="python (nftables)" # Banner 7. features.at:1 # Category starts at test group 151. at_banner_text_7="features (nftables)" # Banner 8. firewall-cmd.at:1 # Category starts at test group 178. at_banner_text_8="firewall-cmd (iptables)" # Banner 9. regression.at:1 # Category starts at test group 206. at_banner_text_9="regression (iptables)" # Banner 10. python.at:1 # Category starts at test group 256. at_banner_text_10="python (iptables)" # Banner 11. features.at:1 # Category starts at test group 260. at_banner_text_11="features (iptables)" # Take any -C into account. if $at_change_dir ; then test x != "x$at_dir" && cd "$at_dir" \ || as_fn_error $? "unable to change directory" at_dir=`pwd` fi # Load the config files for any default variable assignments. for at_file in atconfig atlocal do test -r $at_file || continue . ./$at_file || as_fn_error $? "invalid content: $at_file" done # Autoconf <=2.59b set at_top_builddir instead of at_top_build_prefix: : "${at_top_build_prefix=$at_top_builddir}" # Perform any assignments requested during argument parsing. eval "$at_debug_args" # atconfig delivers names relative to the directory the test suite is # in, but the groups themselves are run in testsuite-dir/group-dir. if test -n "$at_top_srcdir"; then builddir=../.. for at_dir_var in srcdir top_srcdir top_build_prefix do eval at_val=\$at_$at_dir_var case $at_val in [\\/$]* | ?:[\\/]* ) at_prefix= ;; *) at_prefix=../../ ;; esac eval "$at_dir_var=\$at_prefix\$at_val" done fi ## -------------------- ## ## Directory structure. ## ## -------------------- ## # This is the set of directories and files used by this script # (non-literals are capitalized): # # TESTSUITE - the testsuite # TESTSUITE.log - summarizes the complete testsuite run # TESTSUITE.dir/ - created during a run, remains after -d or failed test # + at-groups/ - during a run: status of all groups in run # | + NNN/ - during a run: meta-data about test group NNN # | | + check-line - location (source file and line) of current AT_CHECK # | | + status - exit status of current AT_CHECK # | | + stdout - stdout of current AT_CHECK # | | + stder1 - stderr, including trace # | | + stderr - stderr, with trace filtered out # | | + test-source - portion of testsuite that defines group # | | + times - timestamps for computing duration # | | + pass - created if group passed # | | + xpass - created if group xpassed # | | + fail - created if group failed # | | + xfail - created if group xfailed # | | + skip - created if group skipped # + at-stop - during a run: end the run if this file exists # + at-source-lines - during a run: cache of TESTSUITE line numbers for extraction # + 0..NNN/ - created for each group NNN, remains after -d or failed test # | + TESTSUITE.log - summarizes the group results # | + ... - files created during the group # The directory the whole suite works in. # Should be absolute to let the user `cd' at will. at_suite_dir=$at_dir/$as_me.dir # The file containing the suite ($at_dir might have changed since earlier). at_suite_log=$at_dir/$as_me.log # The directory containing helper files per test group. at_helper_dir=$at_suite_dir/at-groups # Stop file: if it exists, do not start new jobs. at_stop_file=$at_suite_dir/at-stop # The fifo used for the job dispatcher. at_job_fifo=$at_suite_dir/at-job-fifo if $at_clean; then test -d "$at_suite_dir" && find "$at_suite_dir" -type d ! -perm -700 -exec chmod u+rwx \{\} \; rm -f -r "$at_suite_dir" "$at_suite_log" exit $? fi # Don't take risks: use only absolute directories in PATH. # # For stand-alone test suites (ie. atconfig was not found), # AUTOTEST_PATH is relative to `.'. # # For embedded test suites, AUTOTEST_PATH is relative to the top level # of the package. Then expand it into build/src parts, since users # may create executables in both places. AUTOTEST_PATH=`$as_echo "$AUTOTEST_PATH" | sed "s|:|$PATH_SEPARATOR|g"` at_path= as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $AUTOTEST_PATH $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -n "$at_path" && as_fn_append at_path $PATH_SEPARATOR case $as_dir in [\\/]* | ?:[\\/]* ) as_fn_append at_path "$as_dir" ;; * ) if test -z "$at_top_build_prefix"; then # Stand-alone test suite. as_fn_append at_path "$as_dir" else # Embedded test suite. as_fn_append at_path "$at_top_build_prefix$as_dir$PATH_SEPARATOR" as_fn_append at_path "$at_top_srcdir/$as_dir" fi ;; esac done IFS=$as_save_IFS # Now build and simplify PATH. # # There might be directories that don't exist, but don't redirect # builtins' (eg., cd) stderr directly: Ultrix's sh hates that. at_new_path= as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $at_path do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -d "$as_dir" || continue case $as_dir in [\\/]* | ?:[\\/]* ) ;; * ) as_dir=`(cd "$as_dir" && pwd) 2>/dev/null` ;; esac case $PATH_SEPARATOR$at_new_path$PATH_SEPARATOR in *$PATH_SEPARATOR$as_dir$PATH_SEPARATOR*) ;; $PATH_SEPARATOR$PATH_SEPARATOR) at_new_path=$as_dir ;; *) as_fn_append at_new_path "$PATH_SEPARATOR$as_dir" ;; esac done IFS=$as_save_IFS PATH=$at_new_path export PATH # Setting up the FDs. # 5 is the log file. Not to be overwritten if `-d'. if $at_debug_p; then at_suite_log=/dev/null else : >"$at_suite_log" fi exec 5>>"$at_suite_log" # Banners and logs. $as_echo "## --------------------------- ## ## firewalld 1.1.1 test suite. ## ## --------------------------- ##" { $as_echo "## --------------------------- ## ## firewalld 1.1.1 test suite. ## ## --------------------------- ##" echo $as_echo "$as_me: command line was:" $as_echo " \$ $0 $at_cli_args" echo # If ChangeLog exists, list a few lines in case it might help determining # the exact version. if test -n "$at_top_srcdir" && test -f "$at_top_srcdir/ChangeLog"; then $as_echo "## ---------- ## ## ChangeLog. ## ## ---------- ##" echo sed 's/^/| /;10q' "$at_top_srcdir/ChangeLog" echo fi { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } echo # Contents of the config files. for at_file in atconfig atlocal do test -r $at_file || continue $as_echo "$as_me: $at_file:" sed 's/^/| /' $at_file echo done } >&5 ## ------------------------- ## ## Autotest shell functions. ## ## ------------------------- ## # at_fn_banner NUMBER # ------------------- # Output banner NUMBER, provided the testsuite is running multiple groups and # this particular banner has not yet been printed. at_fn_banner () { $at_print_banners || return 0 eval at_banner_text=\$at_banner_text_$1 test "x$at_banner_text" = "x " && return 0 eval "at_banner_text_$1=\" \"" if test -z "$at_banner_text"; then $at_first || echo else $as_echo "$as_nl$at_banner_text$as_nl" fi } # at_fn_banner # at_fn_check_prepare_notrace REASON LINE # --------------------------------------- # Perform AT_CHECK preparations for the command at LINE for an untraceable # command; REASON is the reason for disabling tracing. at_fn_check_prepare_notrace () { $at_trace_echo "Not enabling shell tracing (command contains $1)" $as_echo "$2" >"$at_check_line_file" at_check_trace=: at_check_filter=: : >"$at_stdout"; : >"$at_stderr" } # at_fn_check_prepare_trace LINE # ------------------------------ # Perform AT_CHECK preparations for the command at LINE for a traceable # command. at_fn_check_prepare_trace () { $as_echo "$1" >"$at_check_line_file" at_check_trace=$at_traceon at_check_filter=$at_check_filter_trace : >"$at_stdout"; : >"$at_stderr" } # at_fn_check_prepare_dynamic COMMAND LINE # ---------------------------------------- # Decide if COMMAND at LINE is traceable at runtime, and call the appropriate # preparation function. at_fn_check_prepare_dynamic () { case $1 in *$as_nl*) at_fn_check_prepare_notrace 'an embedded newline' "$2" ;; *) at_fn_check_prepare_trace "$2" ;; esac } # at_fn_filter_trace # ------------------ # Remove the lines in the file "$at_stderr" generated by "set -x" and print # them to stderr. at_fn_filter_trace () { mv "$at_stderr" "$at_stder1" grep '^ *+' "$at_stder1" >&2 grep -v '^ *+' "$at_stder1" >"$at_stderr" } # at_fn_log_failure FILE-LIST # --------------------------- # Copy the files in the list on stdout with a "> " prefix, and exit the shell # with a failure exit code. at_fn_log_failure () { for file do $as_echo "$file:"; sed 's/^/> /' "$file"; done echo 1 > "$at_status_file" exit 1 } # at_fn_check_skip EXIT-CODE LINE # ------------------------------- # Check whether EXIT-CODE is a special exit code (77 or 99), and if so exit # the test group subshell with that same exit code. Use LINE in any report # about test failure. at_fn_check_skip () { case $1 in 99) echo 99 > "$at_status_file"; at_failed=: $as_echo "$2: hard failure"; exit 99;; 77) echo 77 > "$at_status_file"; exit 77;; esac } # at_fn_check_status EXPECTED EXIT-CODE LINE # ------------------------------------------ # Check whether EXIT-CODE is the EXPECTED exit code, and if so do nothing. # Otherwise, if it is 77 or 99, exit the test group subshell with that same # exit code; if it is anything else print an error message referring to LINE, # and fail the test. at_fn_check_status () { case $2 in $1 ) ;; 77) echo 77 > "$at_status_file"; exit 77;; 99) echo 99 > "$at_status_file"; at_failed=: $as_echo "$3: hard failure"; exit 99;; *) $as_echo "$3: exit code was $2, expected $1" at_failed=:;; esac } # at_fn_diff_devnull FILE # ----------------------- # Emit a diff between /dev/null and FILE. Uses "test -s" to avoid useless diff # invocations. at_fn_diff_devnull () { test -s "$1" || return 0 $at_diff "$at_devnull" "$1" } # at_fn_test NUMBER # ----------------- # Parse out test NUMBER from the tail of this file. at_fn_test () { eval at_sed=\$at_sed$1 sed "$at_sed" "$at_myself" > "$at_test_source" } # at_fn_create_debugging_script # ----------------------------- # Create the debugging script $at_group_dir/run which will reproduce the # current test group. at_fn_create_debugging_script () { { echo "#! /bin/sh" && echo 'test "${ZSH_VERSION+set}" = set && alias -g '\''${1+"$@"}'\''='\''"$@"'\''' && $as_echo "cd '$at_dir'" && $as_echo "exec \${CONFIG_SHELL-$SHELL} \"$at_myself\" -v -d $at_debug_args $at_group \${1+\"\$@\"}" && echo 'exit 1' } >"$at_group_dir/run" && chmod +x "$at_group_dir/run" } ## -------------------------------- ## ## End of autotest shell functions. ## ## -------------------------------- ## { $as_echo "## ---------------- ## ## Tested programs. ## ## ---------------- ##" echo } >&5 # Report what programs are being tested. for at_program in : $at_tested do test "$at_program" = : && continue case $at_program in [\\/]* | ?:[\\/]* ) $at_program_=$at_program ;; * ) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -f "$as_dir/$at_program" && break done IFS=$as_save_IFS at_program_=$as_dir/$at_program ;; esac if test -f "$at_program_"; then { $as_echo "$at_srcdir/testsuite.at:1: $at_program_ --version" "$at_program_" --version &5 2>&1 else as_fn_error $? "cannot find $at_program" "$LINENO" 5 fi done { $as_echo "## ------------------ ## ## Running the tests. ## ## ------------------ ##" } >&5 at_start_date=`date` at_start_time=`date +%s 2>/dev/null` $as_echo "$as_me: starting at: $at_start_date" >&5 # Create the master directory if it doesn't already exist. as_dir="$at_suite_dir"; as_fn_mkdir_p || as_fn_error $? "cannot create \`$at_suite_dir'" "$LINENO" 5 # Can we diff with `/dev/null'? DU 5.0 refuses. if diff /dev/null /dev/null >/dev/null 2>&1; then at_devnull=/dev/null else at_devnull=$at_suite_dir/devnull >"$at_devnull" fi # Use `diff -u' when possible. if at_diff=`diff -u "$at_devnull" "$at_devnull" 2>&1` && test -z "$at_diff" then at_diff='diff -u' else at_diff=diff fi # Get the last needed group. for at_group in : $at_groups; do :; done # Extract the start and end lines of each test group at the tail # of this file awk ' BEGIN { FS="" } /^#AT_START_/ { start = NR } /^#AT_STOP_/ { test = substr ($ 0, 10) print "at_sed" test "=\"1," start "d;" (NR-1) "q\"" if (test == "'"$at_group"'") exit }' "$at_myself" > "$at_suite_dir/at-source-lines" && . "$at_suite_dir/at-source-lines" || as_fn_error $? "cannot create test line number cache" "$LINENO" 5 rm -f "$at_suite_dir/at-source-lines" # Set number of jobs for `-j'; avoid more jobs than test groups. set X $at_groups; shift; at_max_jobs=$# if test $at_max_jobs -eq 0; then at_jobs=1 fi if test $at_jobs -ne 1 && { test $at_jobs -eq 0 || test $at_jobs -gt $at_max_jobs; }; then at_jobs=$at_max_jobs fi # If parallel mode, don't output banners, don't split summary lines. if test $at_jobs -ne 1; then at_print_banners=false at_quiet=: fi # Set up helper dirs. rm -rf "$at_helper_dir" && mkdir "$at_helper_dir" && cd "$at_helper_dir" && { test -z "$at_groups" || mkdir $at_groups; } || as_fn_error $? "testsuite directory setup failed" "$LINENO" 5 # Functions for running a test group. We leave the actual # test group execution outside of a shell function in order # to avoid hitting zsh 4.x exit status bugs. # at_fn_group_prepare # ------------------- # Prepare for running a test group. at_fn_group_prepare () { # The directory for additional per-group helper files. at_job_dir=$at_helper_dir/$at_group # The file containing the location of the last AT_CHECK. at_check_line_file=$at_job_dir/check-line # The file containing the exit status of the last command. at_status_file=$at_job_dir/status # The files containing the output of the tested commands. at_stdout=$at_job_dir/stdout at_stder1=$at_job_dir/stder1 at_stderr=$at_job_dir/stderr # The file containing the code for a test group. at_test_source=$at_job_dir/test-source # The file containing dates. at_times_file=$at_job_dir/times # Be sure to come back to the top test directory. cd "$at_suite_dir" # Clearly separate the test groups when verbose. $at_first || $at_verbose echo at_group_normalized=$at_group eval 'while :; do case $at_group_normalized in #( '"$at_format"'*) break;; esac at_group_normalized=0$at_group_normalized done' # Create a fresh directory for the next test group, and enter. # If one already exists, the user may have invoked ./run from # within that directory; we remove the contents, but not the # directory itself, so that we aren't pulling the rug out from # under the shell's notion of the current directory. at_group_dir=$at_suite_dir/$at_group_normalized at_group_log=$at_group_dir/$as_me.log if test -d "$at_group_dir"; then find "$at_group_dir" -type d ! -perm -700 -exec chmod u+rwx {} \; rm -fr "$at_group_dir"/* "$at_group_dir"/.[!.] "$at_group_dir"/.??* fi || { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: test directory for $at_group_normalized could not be cleaned" >&5 $as_echo "$as_me: WARNING: test directory for $at_group_normalized could not be cleaned" >&2;} # Be tolerant if the above `rm' was not able to remove the directory. as_dir="$at_group_dir"; as_fn_mkdir_p echo 0 > "$at_status_file" # In verbose mode, append to the log file *and* show on # the standard output; in quiet mode only write to the log. if test -z "$at_verbose"; then at_tee_pipe='tee -a "$at_group_log"' else at_tee_pipe='cat >> "$at_group_log"' fi } # at_fn_group_banner ORDINAL LINE DESC PAD [BANNER] # ------------------------------------------------- # Declare the test group ORDINAL, located at LINE with group description DESC, # and residing under BANNER. Use PAD to align the status column. at_fn_group_banner () { at_setup_line="$2" test -n "$5" && at_fn_banner $5 at_desc="$3" case $1 in [0-9]) at_desc_line=" $1: ";; [0-9][0-9]) at_desc_line=" $1: " ;; *) at_desc_line="$1: " ;; esac as_fn_append at_desc_line "$3$4" $at_quiet $as_echo_n "$at_desc_line" echo "# -*- compilation -*-" >> "$at_group_log" } # at_fn_group_postprocess # ----------------------- # Perform cleanup after running a test group. at_fn_group_postprocess () { # Be sure to come back to the suite directory, in particular # since below we might `rm' the group directory we are in currently. cd "$at_suite_dir" if test ! -f "$at_check_line_file"; then sed "s/^ */$as_me: WARNING: /" <<_ATEOF A failure happened in a test group before any test could be run. This means that test suite is improperly designed. Please report this failure to . _ATEOF $as_echo "$at_setup_line" >"$at_check_line_file" at_status=99 fi $at_verbose $as_echo_n "$at_group. $at_setup_line: " $as_echo_n "$at_group. $at_setup_line: " >> "$at_group_log" case $at_xfail:$at_status in yes:0) at_msg="UNEXPECTED PASS" at_res=xpass at_errexit=$at_errexit_p at_color=$at_red ;; no:0) at_msg="ok" at_res=pass at_errexit=false at_color=$at_grn ;; *:77) at_msg='skipped ('`cat "$at_check_line_file"`')' at_res=skip at_errexit=false at_color=$at_blu ;; no:* | *:99) at_msg='FAILED ('`cat "$at_check_line_file"`')' at_res=fail at_errexit=$at_errexit_p at_color=$at_red ;; yes:*) at_msg='expected failure ('`cat "$at_check_line_file"`')' at_res=xfail at_errexit=false at_color=$at_lgn ;; esac echo "$at_res" > "$at_job_dir/$at_res" # In parallel mode, output the summary line only afterwards. if test $at_jobs -ne 1 && test -n "$at_verbose"; then $as_echo "$at_desc_line $at_color$at_msg$at_std" else # Make sure there is a separator even with long titles. $as_echo " $at_color$at_msg$at_std" fi at_log_msg="$at_group. $at_desc ($at_setup_line): $at_msg" case $at_status in 0|77) # $at_times_file is only available if the group succeeded. # We're not including the group log, so the success message # is written in the global log separately. But we also # write to the group log in case they're using -d. if test -f "$at_times_file"; then at_log_msg="$at_log_msg ("`sed 1d "$at_times_file"`')' rm -f "$at_times_file" fi $as_echo "$at_log_msg" >> "$at_group_log" $as_echo "$at_log_msg" >&5 # Cleanup the group directory, unless the user wants the files # or the success was unexpected. if $at_debug_p || test $at_res = xpass; then at_fn_create_debugging_script if test $at_res = xpass && $at_errexit; then echo stop > "$at_stop_file" fi else if test -d "$at_group_dir"; then find "$at_group_dir" -type d ! -perm -700 -exec chmod u+rwx \{\} \; rm -fr "$at_group_dir" fi rm -f "$at_test_source" fi ;; *) # Upon failure, include the log into the testsuite's global # log. The failure message is written in the group log. It # is later included in the global log. $as_echo "$at_log_msg" >> "$at_group_log" # Upon failure, keep the group directory for autopsy, and create # the debugging script. With -e, do not start any further tests. at_fn_create_debugging_script if $at_errexit; then echo stop > "$at_stop_file" fi ;; esac } ## ------------ ## ## Driver loop. ## ## ------------ ## if (set -m && set +m && set +b) >/dev/null 2>&1; then set +b at_job_control_on='set -m' at_job_control_off='set +m' at_job_group=- else at_job_control_on=: at_job_control_off=: at_job_group= fi for at_signal in 1 2 15; do trap 'set +x; set +e $at_job_control_off at_signal='"$at_signal"' echo stop > "$at_stop_file" trap "" $at_signal at_pgids= for at_pgid in `jobs -p 2>/dev/null`; do at_pgids="$at_pgids $at_job_group$at_pgid" done test -z "$at_pgids" || kill -$at_signal $at_pgids 2>/dev/null wait if test "$at_jobs" -eq 1 || test -z "$at_verbose"; then echo >&2 fi at_signame=`kill -l $at_signal 2>&1 || echo $at_signal` set x $at_signame test 0 -gt 2 && at_signame=$at_signal { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: caught signal $at_signame, bailing out" >&5 $as_echo "$as_me: WARNING: caught signal $at_signame, bailing out" >&2;} as_fn_arith 128 + $at_signal && exit_status=$as_val as_fn_exit $exit_status' $at_signal done rm -f "$at_stop_file" at_first=: if test $at_jobs -ne 1 && rm -f "$at_job_fifo" && test -n "$at_job_group" && ( mkfifo "$at_job_fifo" && trap 'exit 1' PIPE STOP TSTP ) 2>/dev/null then # FIFO job dispatcher. trap 'at_pids= for at_pid in `jobs -p`; do at_pids="$at_pids $at_job_group$at_pid" done if test -n "$at_pids"; then at_sig=TSTP test "${TMOUT+set}" = set && at_sig=STOP kill -$at_sig $at_pids 2>/dev/null fi kill -STOP $$ test -z "$at_pids" || kill -CONT $at_pids 2>/dev/null' TSTP echo # Turn jobs into a list of numbers, starting from 1. at_joblist=`$as_echo "$at_groups" | sed -n 1,${at_jobs}p` set X $at_joblist shift for at_group in $at_groups; do $at_job_control_on 2>/dev/null ( # Start one test group. $at_job_control_off if $at_first; then exec 7>"$at_job_fifo" else exec 6<&- fi trap 'set +x; set +e trap "" PIPE echo stop > "$at_stop_file" echo >&7 as_fn_exit 141' PIPE at_fn_group_prepare if cd "$at_group_dir" && at_fn_test $at_group && . "$at_test_source" then :; else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unable to parse test group: $at_group" >&5 $as_echo "$as_me: WARNING: unable to parse test group: $at_group" >&2;} at_failed=: fi at_fn_group_postprocess echo >&7 ) & $at_job_control_off if $at_first; then at_first=false exec 6<"$at_job_fifo" 7>"$at_job_fifo" fi shift # Consume one token. if test $# -gt 0; then :; else read at_token <&6 || break set x $* fi test -f "$at_stop_file" && break done exec 7>&- # Read back the remaining ($at_jobs - 1) tokens. set X $at_joblist shift if test $# -gt 0; then shift for at_job do read at_token done <&6 fi exec 6<&- wait else # Run serially, avoid forks and other potential surprises. for at_group in $at_groups; do at_fn_group_prepare if cd "$at_group_dir" && at_fn_test $at_group && . "$at_test_source"; then :; else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unable to parse test group: $at_group" >&5 $as_echo "$as_me: WARNING: unable to parse test group: $at_group" >&2;} at_failed=: fi at_fn_group_postprocess test -f "$at_stop_file" && break at_first=false done fi # Wrap up the test suite with summary statistics. cd "$at_helper_dir" # Use ?..???? when the list must remain sorted, the faster * otherwise. at_pass_list=`for f in */pass; do echo $f; done | sed '/\*/d; s,/pass,,'` at_skip_list=`for f in */skip; do echo $f; done | sed '/\*/d; s,/skip,,'` at_xfail_list=`for f in */xfail; do echo $f; done | sed '/\*/d; s,/xfail,,'` at_xpass_list=`for f in ?/xpass ??/xpass ???/xpass ????/xpass; do echo $f; done | sed '/?/d; s,/xpass,,'` at_fail_list=`for f in ?/fail ??/fail ???/fail ????/fail; do echo $f; done | sed '/?/d; s,/fail,,'` set X $at_pass_list $at_xpass_list $at_xfail_list $at_fail_list $at_skip_list shift; at_group_count=$# set X $at_xpass_list; shift; at_xpass_count=$#; at_xpass_list=$* set X $at_xfail_list; shift; at_xfail_count=$# set X $at_fail_list; shift; at_fail_count=$#; at_fail_list=$* set X $at_skip_list; shift; at_skip_count=$# as_fn_arith $at_group_count - $at_skip_count && at_run_count=$as_val as_fn_arith $at_xpass_count + $at_fail_count && at_unexpected_count=$as_val as_fn_arith $at_xfail_count + $at_fail_count && at_total_fail_count=$as_val # Back to the top directory. cd "$at_dir" rm -rf "$at_helper_dir" # Compute the duration of the suite. at_stop_date=`date` at_stop_time=`date +%s 2>/dev/null` $as_echo "$as_me: ending at: $at_stop_date" >&5 case $at_start_time,$at_stop_time in [0-9]*,[0-9]*) as_fn_arith $at_stop_time - $at_start_time && at_duration_s=$as_val as_fn_arith $at_duration_s / 60 && at_duration_m=$as_val as_fn_arith $at_duration_m / 60 && at_duration_h=$as_val as_fn_arith $at_duration_s % 60 && at_duration_s=$as_val as_fn_arith $at_duration_m % 60 && at_duration_m=$as_val at_duration="${at_duration_h}h ${at_duration_m}m ${at_duration_s}s" $as_echo "$as_me: test suite duration: $at_duration" >&5 ;; esac echo $as_echo "## ------------- ## ## Test results. ## ## ------------- ##" echo { echo $as_echo "## ------------- ## ## Test results. ## ## ------------- ##" echo } >&5 if test $at_run_count = 1; then at_result="1 test" at_were=was else at_result="$at_run_count tests" at_were=were fi if $at_errexit_p && test $at_unexpected_count != 0; then if test $at_xpass_count = 1; then at_result="$at_result $at_were run, one passed" else at_result="$at_result $at_were run, one failed" fi at_result="$at_result unexpectedly and inhibited subsequent tests." at_color=$at_red else # Don't you just love exponential explosion of the number of cases? at_color=$at_red case $at_xpass_count:$at_fail_count:$at_xfail_count in # So far, so good. 0:0:0) at_result="$at_result $at_were successful." at_color=$at_grn ;; 0:0:*) at_result="$at_result behaved as expected." at_color=$at_lgn ;; # Some unexpected failures 0:*:0) at_result="$at_result $at_were run, $at_fail_count failed unexpectedly." ;; # Some failures, both expected and unexpected 0:*:1) at_result="$at_result $at_were run, $at_total_fail_count failed ($at_xfail_count expected failure)." ;; 0:*:*) at_result="$at_result $at_were run, $at_total_fail_count failed ($at_xfail_count expected failures)." ;; # No unexpected failures, but some xpasses *:0:*) at_result="$at_result $at_were run, $at_xpass_count passed unexpectedly." ;; # No expected failures, but failures and xpasses *:1:0) at_result="$at_result $at_were run, $at_unexpected_count did not behave as expected ($at_fail_count unexpected failure)." ;; *:*:0) at_result="$at_result $at_were run, $at_unexpected_count did not behave as expected ($at_fail_count unexpected failures)." ;; # All of them. *:*:1) at_result="$at_result $at_were run, $at_xpass_count passed unexpectedly, $at_total_fail_count failed ($at_xfail_count expected failure)." ;; *:*:*) at_result="$at_result $at_were run, $at_xpass_count passed unexpectedly, $at_total_fail_count failed ($at_xfail_count expected failures)." ;; esac if test $at_skip_count = 0 && test $at_run_count -gt 1; then at_result="All $at_result" fi fi # Now put skips in the mix. case $at_skip_count in 0) ;; 1) at_result="$at_result 1 test was skipped." ;; *) at_result="$at_result $at_skip_count tests were skipped." ;; esac if test $at_unexpected_count = 0; then echo "$at_color$at_result$at_std" echo "$at_result" >&5 else echo "${at_color}ERROR: $at_result$at_std" >&2 echo "ERROR: $at_result" >&5 { echo $as_echo "## ------------------------ ## ## Summary of the failures. ## ## ------------------------ ##" # Summary of failed and skipped tests. if test $at_fail_count != 0; then echo "Failed tests:" $SHELL "$at_myself" $at_fail_list --list echo fi if test $at_skip_count != 0; then echo "Skipped tests:" $SHELL "$at_myself" $at_skip_list --list echo fi if test $at_xpass_count != 0; then echo "Unexpected passes:" $SHELL "$at_myself" $at_xpass_list --list echo fi if test $at_fail_count != 0; then $as_echo "## ---------------------- ## ## Detailed failed tests. ## ## ---------------------- ##" echo for at_group in $at_fail_list do at_group_normalized=$at_group eval 'while :; do case $at_group_normalized in #( '"$at_format"'*) break;; esac at_group_normalized=0$at_group_normalized done' cat "$at_suite_dir/$at_group_normalized/$as_me.log" echo done echo fi if test -n "$at_top_srcdir"; then sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## ${at_top_build_prefix}config.log ## _ASBOX sed 's/^/| /' ${at_top_build_prefix}config.log echo fi } >&5 sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## $as_me.log was created. ## _ASBOX echo if $at_debug_p; then at_msg='per-test log files' else at_msg="\`${at_testdir+${at_testdir}/}$as_me.log'" fi $as_echo "Please send $at_msg and all information you think might help: To: Subject: [firewalld 1.1.1] $as_me: $at_fail_list${at_fail_list:+ failed${at_xpass_list:+, }}$at_xpass_list${at_xpass_list:+ passed unexpectedly} You may investigate any problem if you feel able to do so, in which case the test suite provides a good starting point. Its output may be found below \`${at_testdir+${at_testdir}/}$as_me.dir'. " exit 1 fi exit 0 ## ------------- ## ## Actual tests. ## ## ------------- ## #AT_START_1 at_fn_group_banner 1 'firewall-cmd.at:5' \ "basic options" " " 1 at_xfail=no ( $as_echo "1. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:5" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:5" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:17: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --complete-reload " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --complete-reload " "firewall-cmd.at:17" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --complete-reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:17" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_1 #AT_START_2 at_fn_group_banner 2 'firewall-cmd.at:28' \ "get/list options" " " 1 at_xfail=no ( $as_echo "2. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:28" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:28" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:34: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zones " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zones " "firewall-cmd.at:34" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:34" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:35: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-services " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-services " "firewall-cmd.at:35" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:35" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:36: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-icmptypes " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-icmptypes " "firewall-cmd.at:36" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:36" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:40: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-all-zones " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-all-zones " "firewall-cmd.at:40" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-all-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:40" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:41: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-all " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-all " "firewall-cmd.at:41" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:41" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_2 #AT_START_3 at_fn_group_banner 3 'firewall-cmd.at:44' \ "default zone" " " 1 at_xfail=no ( $as_echo "3. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:44" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:44" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:47: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-default-zone" "firewall-cmd.at:47" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:47" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:49: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=\"home\"" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=\"home\"" "firewall-cmd.at:49" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone="home" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:49" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:50: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-default-zone" "firewall-cmd.at:50" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "home " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:50" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:52: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=\"public\"" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=\"public\"" "firewall-cmd.at:52" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:52" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:53: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --set-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone" "firewall-cmd.at:53" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:53" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_3 #AT_START_4 at_fn_group_banner 4 'firewall-cmd.at:56' \ "user zone" " " 1 at_xfail=no ( $as_echo "4. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:56" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:56" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:60: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-zone=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-zone=foobar " "firewall-cmd.at:60" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-zone=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:60" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:61: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zones | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:61" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zones | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:61" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:62: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --get-target | grep default " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:62" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --get-target | grep default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:62" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:63: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=BAD " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=BAD " "firewall-cmd.at:63" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=BAD ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/firewall-cmd.at:63" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:64: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=%%REJECT%% " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=%%REJECT%% " "firewall-cmd.at:64" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=%%REJECT%% ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:64" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:65: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=DROP " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=DROP " "firewall-cmd.at:65" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:65" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:66: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=ACCEPT " "firewall-cmd.at:66" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:66" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:67: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --get-target | grep ACCEPT " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:67" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --get-target | grep ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:67" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:68: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --add-service=ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --add-service=ssh " "firewall-cmd.at:68" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --add-service=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:68" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:71: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --new-zone=123456789abcefghi " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-zone=123456789abcefghi " "firewall-cmd.at:71" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-zone=123456789abcefghi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:71" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:72: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --new-zone=123456789abcefghij " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-zone=123456789abcefghij " "firewall-cmd.at:72" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-zone=123456789abcefghij ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 116 $at_status "$at_srcdir/firewall-cmd.at:72" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_4 #AT_START_5 at_fn_group_banner 5 'firewall-cmd.at:76' \ "zone interfaces" " " 1 at_xfail=no ( $as_echo "5. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:76" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:76" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:108: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=dmz --get-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=dmz --get-default-zone" "firewall-cmd.at:108" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=dmz --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:108" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:109: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=dmz --set-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=dmz --set-default-zone" "firewall-cmd.at:109" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=dmz --set-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:109" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:112: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --add-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --add-interface=perm_dummy " "firewall-cmd.at:112" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --add-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:112" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:113: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --add-interface=perm_dummy2 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --add-interface=perm_dummy2 " "firewall-cmd.at:113" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --add-interface=perm_dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:113" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:115: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy " "firewall-cmd.at:115" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:115" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:117: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone work --query-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-interface=perm_dummy " "firewall-cmd.at:117" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:117" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:118: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --list-interfaces " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --list-interfaces " "firewall-cmd.at:118" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "perm_dummy " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:118" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:124: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --change-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --change-interface=perm_dummy " "firewall-cmd.at:124" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --change-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:124" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:125: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy " "firewall-cmd.at:125" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:125" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:127: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface=perm_dummy " "firewall-cmd.at:127" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:127" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:128: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --query-interface perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --query-interface perm_dummy " "firewall-cmd.at:128" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --query-interface perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:128" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:129: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --change-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --change-interface=perm_dummy " "firewall-cmd.at:129" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --change-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:129" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:130: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy " "firewall-cmd.at:130" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:130" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:132: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface=perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface=perm_dummy " "firewall-cmd.at:132" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:132" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:133: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --query-interface perm_dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --query-interface perm_dummy " "firewall-cmd.at:133" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --query-interface perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:133" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:134: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --remove-interface=perm_dummy2 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --remove-interface=perm_dummy2 " "firewall-cmd.at:134" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --remove-interface=perm_dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:134" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:139: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=trusted" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=trusted" "firewall-cmd.at:139" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:139" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:140: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-default-zone" "firewall-cmd.at:140" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "trusted " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:140" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:146: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=public" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=public" "firewall-cmd.at:146" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-default-zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:146" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:169: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-interface=foobar+ " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-interface=foobar+ " "firewall-cmd.at:169" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:169" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:170: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-interface=foobar+ " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-interface=foobar+ " "firewall-cmd.at:170" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:170" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_5 #AT_START_6 at_fn_group_banner 6 'firewall-cmd.at:174' \ "zone sources" " " 1 at_xfail=no ( $as_echo "6. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:174" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:174" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=1.2.3.4 " "firewall-cmd.at:215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=192.168.1.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=192.168.1.0/24 " "firewall-cmd.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=192.168.1.1/255.255.255.0 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.1/255.255.255.0 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.1/255.255.255.0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.1/255.255.255.0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=192.168.1.1/255.255.255.0 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=192.168.1.1/255.255.255.0 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.1/255.255.255.0 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=192.168.1.1/255.255.255.0 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=192.168.1.1/255.255.255.0 " "firewall-cmd.at:217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=3ffe:501:ffff::/64 " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=3ffe:501:ffff::/64 " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=3ffe:501:ffff::/64 " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=3ffe:501:ffff::/64 " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=3ffe:501:ffff::/64 " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=3ffe:501:ffff::/64 " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=3ffe:501:ffff::/64 " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=dead:beef::babe " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=dead:beef::babe " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=dead:beef::babe " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone public --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=dead:beef::babe " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --change-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=dead:beef::babe " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=dead:beef::babe " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=work --remove-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=dead:beef::babe " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=dead:beef::babe " "firewall-cmd.at:218" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone work --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_6 #AT_START_7 at_fn_group_banner 7 'firewall-cmd.at:227' \ "services" " " 1 at_xfail=no ( $as_echo "7. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:227" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:227" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:239: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service dns " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service dns " "firewall-cmd.at:239" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:239" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:240: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --list-services " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --list-services " "firewall-cmd.at:240" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dns ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:240" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:242: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-service dns " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-service dns " "firewall-cmd.at:242" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:242" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:243: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-service-from-zone=dns " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-service-from-zone=dns " "firewall-cmd.at:243" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-service-from-zone=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:243" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:248: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-service=dns " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-service=dns " "firewall-cmd.at:248" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:248" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:249: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service=smtpssssssss " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service=smtpssssssss " "firewall-cmd.at:249" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service=smtpssssssss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:249" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:250: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service=dns --add-interface=dummy0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service=dns --add-interface=dummy0 " "firewall-cmd.at:250" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-service=dns --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:250" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:259: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-service=http --add-service=nfs " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-service=http --add-service=nfs " "firewall-cmd.at:259" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-service=http --add-service=nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:259" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:260: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service http " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service http " "firewall-cmd.at:260" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:260" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:261: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service=nfs --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service=nfs --zone=public " "firewall-cmd.at:261" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service=nfs --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:261" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:262: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-service-from-zone=nfs --remove-service-from-zone=http " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-service-from-zone=nfs --remove-service-from-zone=http " "firewall-cmd.at:262" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-service-from-zone=nfs --remove-service-from-zone=http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:262" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:267: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service http " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service http " "firewall-cmd.at:267" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:267" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:268: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service nfs " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service nfs " "firewall-cmd.at:268" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:268" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_7 #AT_START_8 at_fn_group_banner 8 'firewall-cmd.at:271' \ "user services" " " 1 at_xfail=no ( $as_echo "8. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:271" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:271" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:274: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-service=ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-service=ssh " "firewall-cmd.at:274" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-service=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/firewall-cmd.at:274" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:276: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-service=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-service=foobar " "firewall-cmd.at:276" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:276" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:277: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-services | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:277" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:277" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:279: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666 " "firewall-cmd.at:279" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:279" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:280: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/dummy " "firewall-cmd.at:280" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:280" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:281: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/tcp " "firewall-cmd.at:281" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:281" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:282: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=666/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=666/tcp " "firewall-cmd.at:282" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:282" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:283: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=111-222/udp " "firewall-cmd.at:283" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:283" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:284: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=111-222/udp " "firewall-cmd.at:284" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:284" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:285: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 111-222/udp " "firewall-cmd.at:285" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:285" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:286: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=111-222/udp " "firewall-cmd.at:286" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:286" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:287: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/sctp " "firewall-cmd.at:287" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:287" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:288: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=666/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=666/sctp " "firewall-cmd.at:288" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:288" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:289: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 666/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 666/sctp " "firewall-cmd.at:289" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:289" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:290: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=666/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=666/sctp " "firewall-cmd.at:290" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:290" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:291: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=999/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=999/dccp " "firewall-cmd.at:291" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:291" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:292: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=999/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=999/dccp " "firewall-cmd.at:292" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:292" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:293: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 999/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 999/dccp " "firewall-cmd.at:293" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-port 999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:293" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:294: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=999/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=999/dccp " "firewall-cmd.at:294" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:294" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:295: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/sctp " "firewall-cmd.at:295" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:295" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:296: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=999/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=999/dccp " "firewall-cmd.at:296" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:296" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:298: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-protocol=ddp --add-protocol gre " "firewall-cmd.at:298" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:298" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:299: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=ddp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=ddp " "firewall-cmd.at:299" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:299" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:300: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=gre " "firewall-cmd.at:300" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:300" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:301: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-protocol ddp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-protocol ddp " "firewall-cmd.at:301" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-protocol ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:301" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:302: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-protocol gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-protocol gre " "firewall-cmd.at:302" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:302" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:303: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=ddp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=ddp " "firewall-cmd.at:303" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:303" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:304: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=gre " "firewall-cmd.at:304" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:304" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:306: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-module=sip " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-module=sip " "firewall-cmd.at:306" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-module=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:306" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:307: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-module=sip " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-module=sip " "firewall-cmd.at:307" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-module=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:307" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:308: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-module=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-module=ftp " "firewall-cmd.at:308" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:308" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:309: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-module=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-module=ftp " "firewall-cmd.at:309" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:309" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:310: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-module=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-module=ftp " "firewall-cmd.at:310" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:310" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:311: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-module=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-module=ftp " "firewall-cmd.at:311" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:311" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:313: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-helper=sip " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-helper=sip " "firewall-cmd.at:313" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-helper=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:313" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:314: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-helper=sip " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-helper=sip " "firewall-cmd.at:314" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-helper=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:314" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:315: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-helper=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-helper=ftp " "firewall-cmd.at:315" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --add-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:315" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:316: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-helper=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-helper=ftp " "firewall-cmd.at:316" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:316" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:317: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --get-service-helpers " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --get-service-helpers " "firewall-cmd.at:317" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --get-service-helpers ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:317" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:320: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-helper=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-helper=ftp " "firewall-cmd.at:320" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:320" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:321: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-helper=ftp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-helper=ftp " "firewall-cmd.at:321" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:321" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:323: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4 " "firewall-cmd.at:323" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/firewall-cmd.at:323" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:324: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4:foo " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4:foo " "firewall-cmd.at:324" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4:foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:324" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:325: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4:1.2.3.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4:1.2.3.4 " "firewall-cmd.at:325" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv4:1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:325" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-destination=ipv4 " "firewall-cmd.at:326" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:327: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 " "firewall-cmd.at:327" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:327" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:327: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " "firewall-cmd.at:327" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:327" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:327: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-destination=ipv6 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-destination=ipv6 " "firewall-cmd.at:327" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --remove-destination=ipv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:327" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:327: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " "firewall-cmd.at:327" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:327" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:334: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-service=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-service=foobar " "firewall-cmd.at:334" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:334" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:335: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-services | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:335" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:335" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:336: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-service=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-service=foobar " "firewall-cmd.at:336" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:336" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:337: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-services | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:337" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:337" $at_failed && at_fn_log_failure $at_traceon; } cat >./foobar-to-be-renamed <<'_ATEOF' FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:339: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-service-from-file=\"./foobar-to-be-renamed\" --name=\"foobar-from-file\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-service-from-file=\"./foobar-to-be-renamed\" --name=\"foobar-from-file\" " "firewall-cmd.at:339" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-service-from-file="./foobar-to-be-renamed" --name="foobar-from-file" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:339" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:339: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-services | grep foobar-from-file " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:339" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-services | grep foobar-from-file ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:339" $at_failed && at_fn_log_failure $at_traceon; } _ATEOF set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_8 #AT_START_9 at_fn_group_banner 9 'firewall-cmd.at:353' \ "ports" " " 1 at_xfail=no ( $as_echo "9. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:353" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:353" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:377: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=666 " "firewall-cmd.at:377" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:377" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:378: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=666/dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=666/dummy " "firewall-cmd.at:378" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:378" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:379: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=666/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=666/tcp " "firewall-cmd.at:379" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:379" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:380: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-port=666/tcp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port=666/tcp --zone=public " "firewall-cmd.at:380" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port=666/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:380" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:381: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=111-222/udp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=111-222/udp --zone=public " "firewall-cmd.at:381" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:381" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:382: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=111-222/udp " "firewall-cmd.at:382" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:382" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:383: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-port 111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 111-222/udp " "firewall-cmd.at:383" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:383" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:384: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=111-222/udp " "firewall-cmd.at:384" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:384" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:386: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=5000/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=5000/sctp " "firewall-cmd.at:386" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:386" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:387: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=5000/sctp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=5000/sctp --zone=public " "firewall-cmd.at:387" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=5000/sctp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:387" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:388: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-port 5000/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 5000/sctp " "firewall-cmd.at:388" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:388" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:389: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=5000/sctp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=5000/sctp " "firewall-cmd.at:389" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:389" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:390: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=222/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=222/dccp " "firewall-cmd.at:390" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:390" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:391: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=222/dccp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=222/dccp --zone=public " "firewall-cmd.at:391" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=222/dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:391" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:392: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-port 222/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 222/dccp " "firewall-cmd.at:392" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:392" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:393: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=222/dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=222/dccp " "firewall-cmd.at:393" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:393" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:402: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-port=80/tcp --add-port 443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=80/tcp --add-port 443-444/udp " "firewall-cmd.at:402" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-port=80/tcp --add-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:402" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:403: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=80/tcp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=80/tcp --zone=public " "firewall-cmd.at:403" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:403" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:404: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=443-444/udp " "firewall-cmd.at:404" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:404" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:405: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-port 80/tcp --remove-port=443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 80/tcp --remove-port=443-444/udp " "firewall-cmd.at:405" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-port 80/tcp --remove-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:405" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:406: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=80/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=80/tcp " "firewall-cmd.at:406" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:406" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:407: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-port=443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=443-444/udp " "firewall-cmd.at:407" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:407" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_9 #AT_START_10 at_fn_group_banner 10 'firewall-cmd.at:410' \ "source ports" " " 1 at_xfail=no ( $as_echo "10. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:410" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:410" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:423: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666 " "firewall-cmd.at:423" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:423" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:424: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666/dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666/dummy " "firewall-cmd.at:424" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:424" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:425: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666/tcp " "firewall-cmd.at:425" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:425" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:426: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-source-port=666/tcp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-source-port=666/tcp --zone=public " "firewall-cmd.at:426" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-source-port=666/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:426" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:427: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-source-port=111-222/udp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=111-222/udp --zone=public " "firewall-cmd.at:427" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:427" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:428: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-source-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=111-222/udp " "firewall-cmd.at:428" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:428" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:429: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-source-port 111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-source-port 111-222/udp " "firewall-cmd.at:429" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-source-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:429" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:430: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-source-port=111-222/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=111-222/udp " "firewall-cmd.at:430" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:430" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:439: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-source-port=80/tcp --add-source-port 443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=80/tcp --add-source-port 443-444/udp " "firewall-cmd.at:439" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-source-port=80/tcp --add-source-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:439" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:440: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-source-port=80/tcp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=80/tcp --zone=public " "firewall-cmd.at:440" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:440" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:441: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-source-port=443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=443-444/udp " "firewall-cmd.at:441" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:441" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:442: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-source-port 80/tcp --remove-source-port=443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-source-port 80/tcp --remove-source-port=443-444/udp " "firewall-cmd.at:442" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-source-port 80/tcp --remove-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:442" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:443: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-source-port=80/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=80/tcp " "firewall-cmd.at:443" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:443" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:444: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-source-port=443-444/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=443-444/udp " "firewall-cmd.at:444" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:444" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_10 #AT_START_11 at_fn_group_banner 11 'firewall-cmd.at:447' \ "protocols" " " 1 at_xfail=no ( $as_echo "11. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:447" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:447" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:455: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-protocol=dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-protocol=dummy " "firewall-cmd.at:455" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-protocol=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:455" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:456: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-protocol=dccp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-protocol=dccp --zone=public " "firewall-cmd.at:456" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-protocol=dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:456" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:457: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-protocol=dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=dccp " "firewall-cmd.at:457" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:457" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:458: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-protocol dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-protocol dccp " "firewall-cmd.at:458" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:458" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:459: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-protocol=dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=dccp " "firewall-cmd.at:459" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:459" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:467: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-protocol=ddp --add-protocol gre " "firewall-cmd.at:467" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:467" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:468: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-protocol=ddp --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=ddp --zone=public " "firewall-cmd.at:468" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=ddp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:468" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:469: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-protocol=gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=gre " "firewall-cmd.at:469" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:469" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:470: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-protocol ddp --remove-protocol=gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-protocol ddp --remove-protocol=gre " "firewall-cmd.at:470" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-protocol ddp --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:470" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:471: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-protocol=ddp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=ddp " "firewall-cmd.at:471" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:471" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:472: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-protocol=gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=gre " "firewall-cmd.at:472" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:472" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_11 #AT_START_12 at_fn_group_banner 12 'firewall-cmd.at:475' \ "masquerade" " " 1 at_xfail=no ( $as_echo "12. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:475" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:475" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:496: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-masquerade --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-masquerade --zone=public " "firewall-cmd.at:496" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-masquerade --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:496" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:497: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-masquerade " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-masquerade " "firewall-cmd.at:497" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:497" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:498: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-masquerade " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-masquerade " "firewall-cmd.at:498" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:498" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:499: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-masquerade " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-masquerade " "firewall-cmd.at:499" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:499" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_12 #AT_START_13 at_fn_group_banner 13 'firewall-cmd.at:502' \ "forward" " " 1 at_xfail=no ( $as_echo "13. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:502" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:502" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:575: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=home --add-forward " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=home --add-forward " "firewall-cmd.at:575" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=home --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:575" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:576: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --zone=home --add-interface=dummy --add-interface=dummy3 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=home --add-interface=dummy --add-interface=dummy3 " "firewall-cmd.at:576" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=home --add-interface=dummy --add-interface=dummy3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:576" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:577: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --zone=home --add-source=10.10.10.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=home --add-source=10.10.10.0/24 " "firewall-cmd.at:577" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=home --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:577" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:579: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=home --query-forward " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=home --query-forward " "firewall-cmd.at:579" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=home --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:579" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:598: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=home --remove-forward " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=home --remove-forward " "firewall-cmd.at:598" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=home --remove-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:598" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:599: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=home --query-forward " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=home --query-forward " "firewall-cmd.at:599" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=home --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:599" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:600: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --zone=home --remove-interface=dummy --remove-interface=dummy3 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=home --remove-interface=dummy --remove-interface=dummy3 " "firewall-cmd.at:600" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=home --remove-interface=dummy --remove-interface=dummy3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:600" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:601: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --zone=home --remove-source=10.10.10.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=home --remove-source=10.10.10.0/24 " "firewall-cmd.at:601" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=home --remove-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:601" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:605: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-default-zone |grep public" at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:605" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-default-zone |grep public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:605" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_13 #AT_START_14 at_fn_group_banner 14 'firewall-cmd.at:690' \ "forward ports" " " 1 at_xfail=no ( $as_echo "14. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:690" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:690" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:760: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=666 " "firewall-cmd.at:760" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/firewall-cmd.at:760" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:761: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=11:proto=tcp:toport=22 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=11:proto=tcp:toport=22 " "firewall-cmd.at:761" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=11:proto=tcp:toport=22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:761" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:762: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public " "firewall-cmd.at:762" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:762" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:763: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=33:proto=tcp:toaddr=4444 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=33:proto=tcp:toaddr=4444 " "firewall-cmd.at:763" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=33:proto=tcp:toaddr=4444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:763" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:764: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public " "firewall-cmd.at:764" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:764" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:765: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 " "firewall-cmd.at:765" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:765" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:766: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " "firewall-cmd.at:766" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:766" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:767: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public " "firewall-cmd.at:767" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:767" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:768: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " "firewall-cmd.at:768" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:768" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:769: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " "firewall-cmd.at:769" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:769" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:770: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " "firewall-cmd.at:770" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:770" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:771: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public " "firewall-cmd.at:771" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:771" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:772: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " "firewall-cmd.at:772" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:772" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:773: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " "firewall-cmd.at:773" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:773" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:774: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " "firewall-cmd.at:774" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:774" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:774: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public " "firewall-cmd.at:774" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:774" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:774: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " "firewall-cmd.at:774" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:774" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:774: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " "firewall-cmd.at:774" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:774" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:780: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 " "firewall-cmd.at:780" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:780" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:781: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=100:proto=tcp:toport=200 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=100:proto=tcp:toport=200 " "firewall-cmd.at:781" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:781" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:782: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=88:proto=udp:toport=99 --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=88:proto=udp:toport=99 --zone=public " "firewall-cmd.at:782" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=88:proto=udp:toport=99 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:782" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:783: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 " "firewall-cmd.at:783" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:783" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:784: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=100:proto=tcp:toport=200 " "firewall-cmd.at:784" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:784" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:785: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=88:proto=udp:toport=99 " "firewall-cmd.at:785" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:785" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:786: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-forward-ports " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-forward-ports " "firewall-cmd.at:786" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-forward-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:786" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_14 #AT_START_15 at_fn_group_banner 15 'firewall-cmd.at:789' \ "ICMP block" " " 1 at_xfail=no ( $as_echo "15. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:789" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:789" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:799: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=dummyblock " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=dummyblock " "firewall-cmd.at:799" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=dummyblock ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/firewall-cmd.at:799" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:800: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=redirect " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=redirect " "firewall-cmd.at:800" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:800" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:801: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=redirect " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=redirect " "firewall-cmd.at:801" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:801" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:802: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-icmp-block redirect " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-icmp-block redirect " "firewall-cmd.at:802" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:802" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:803: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=redirect " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=redirect " "firewall-cmd.at:803" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:803" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:809: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-icmp-block-inversion --zone=public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-icmp-block-inversion --zone=public " "firewall-cmd.at:809" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-icmp-block-inversion --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:809" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:810: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block-inversion " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block-inversion " "firewall-cmd.at:810" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:810" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:811: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-icmp-block-inversion " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-icmp-block-inversion " "firewall-cmd.at:811" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:811" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:812: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block-inversion " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block-inversion " "firewall-cmd.at:812" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:812" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:827: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation " "firewall-cmd.at:827" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:827" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:828: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=echo-reply " "firewall-cmd.at:828" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:828" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:829: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=router-solicitation " "firewall-cmd.at:829" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:829" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:830: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation " "firewall-cmd.at:830" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:830" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:831: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=echo-reply " "firewall-cmd.at:831" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:831" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:832: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=router-solicitation " "firewall-cmd.at:832" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:832" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_15 #AT_START_16 at_fn_group_banner 16 'firewall-cmd.at:835' \ "user ICMP types" " " 1 at_xfail=no ( $as_echo "16. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:835" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:835" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:838: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-icmptype=redirect " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-icmptype=redirect " "firewall-cmd.at:838" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-icmptype=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/firewall-cmd.at:838" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:840: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-icmptype=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-icmptype=foobar " "firewall-cmd.at:840" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-icmptype=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:840" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:841: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-icmptypes | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:841" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-icmptypes | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:841" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:843: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv5 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv5 " "firewall-cmd.at:843" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:843" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:844: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv4 " "firewall-cmd.at:844" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:844" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:845: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --remove-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --remove-destination=ipv4 " "firewall-cmd.at:845" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:845" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:846: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv4 " "firewall-cmd.at:846" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --add-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:846" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:847: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --query-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --query-destination=ipv4 " "firewall-cmd.at:847" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --query-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:847" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:848: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --remove-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --remove-destination=ipv4 " "firewall-cmd.at:848" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:848" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:849: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --query-destination=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --query-destination=ipv4 " "firewall-cmd.at:849" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --icmptype=foobar --query-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:849" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:851: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-icmp-block=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-icmp-block=foobar " "firewall-cmd.at:851" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-icmp-block=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:851" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:852: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-icmp-blocks | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:852" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-icmp-blocks | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:852" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:854: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-icmptype=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-icmptype=foobar " "firewall-cmd.at:854" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-icmptype=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:854" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:855: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-icmp-blocks | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:855" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --list-icmp-blocks | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:855" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_16 #AT_START_17 at_fn_group_banner 17 'firewall-cmd.at:858' \ "ipset" " " 1 at_xfail=no ( $as_echo "17. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:858" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:858" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:864: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip " "firewall-cmd.at:864" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:864" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:882: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:882" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:882" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:886: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port " "firewall-cmd.at:886" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:886" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:887: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,1234 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,1234 " "firewall-cmd.at:887" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:887" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:888: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,2000-2100 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,2000-2100 " "firewall-cmd.at:888" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,2000-2100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:888" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:901: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:901" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:901" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:905: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port " "firewall-cmd.at:905" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:905" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:906: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,sctp:1234 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,sctp:1234 " "firewall-cmd.at:906" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,sctp:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:906" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:907: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002 " "firewall-cmd.at:907" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:907" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:941: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:941" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:941" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:945: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,mark " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,mark " "firewall-cmd.at:945" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,mark ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:945" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:946: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,0x100 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,0x100 " "firewall-cmd.at:946" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,0x100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:946" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:975: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:975" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:975" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:979: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:net,port " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:net,port " "firewall-cmd.at:979" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:net,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:979" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:980: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 " "firewall-cmd.at:980" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:980" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:983: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:983" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:983" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:987: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port,net " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port,net " "firewall-cmd.at:987" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip,port,net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:987" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:988: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 " "firewall-cmd.at:988" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:988" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1008: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:1008" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1008" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1012: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:net,iface " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:net,iface " "firewall-cmd.at:1012" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:net,iface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1012" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1013: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.0/24,foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.0/24,foobar0 " "firewall-cmd.at:1013" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=10.10.10.0/24,foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1013" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1042: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:1042" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1042" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:mac " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:mac " "firewall-cmd.at:1045" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:mac ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=12:34:56:78:90:ab " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=12:34:56:78:90:ab " "firewall-cmd.at:1045" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --ipset=foobar --add-entry=12:34:56:78:90:ab ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar " "firewall-cmd.at:1045" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_17 #AT_START_18 at_fn_group_banner 18 'firewall-cmd.at:1055' \ "user helpers" " " 1 at_xfail=no ( $as_echo "18. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1055" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1055" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1058: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-helper=foobar --module=foo " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-helper=foobar --module=foo " "firewall-cmd.at:1058" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-helper=foobar --module=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 132 $at_status "$at_srcdir/firewall-cmd.at:1058" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1059: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-helper=foobar --module=nf_conntrack_foo " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-helper=foobar --module=nf_conntrack_foo " "firewall-cmd.at:1059" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-helper=foobar --module=nf_conntrack_foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1059" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1060: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-helpers | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1060" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-helpers | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1060" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1061: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family | grep ipv4 " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1061" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family | grep ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1061" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1062: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family=ipv5 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family=ipv5 " "firewall-cmd.at:1062" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family=ipv5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1062" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1063: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family=ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family=ipv4 " "firewall-cmd.at:1063" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1063" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1064: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family | grep ipv4 " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1064" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family | grep ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1064" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1065: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family= " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family= " "firewall-cmd.at:1065" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --set-family= ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1065" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1067: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family " "firewall-cmd.at:1067" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-family ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1067" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1069: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports " "firewall-cmd.at:1069" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1069" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1072: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --add-port=44/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --add-port=44/tcp " "firewall-cmd.at:1072" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --add-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1072" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1073: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports | grep 44 " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1073" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports | grep 44 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1073" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1074: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --query-port=44/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --query-port=44/tcp " "firewall-cmd.at:1074" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --query-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1074" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1075: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --remove-port=44/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --remove-port=44/tcp " "firewall-cmd.at:1075" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --remove-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1075" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1076: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --query-port=44/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --query-port=44/tcp " "firewall-cmd.at:1076" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --query-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1076" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1077: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports " "firewall-cmd.at:1077" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --helper=foobar --get-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1077" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1079: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --delete-helper=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-helper=foobar " "firewall-cmd.at:1079" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --delete-helper=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1079" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1080: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-helpers | grep foobar " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1080" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-helpers | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1080" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_18 #AT_START_19 at_fn_group_banner 19 'firewall-cmd.at:1083' \ "direct" " " 1 at_xfail=no ( $as_echo "19. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1083" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1083" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1127: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-default-zone" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-default-zone" "firewall-cmd.at:1127" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1127" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1129: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --list-all " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --list-all " "firewall-cmd.at:1129" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1129" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1132: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-chain ipv4 filter žluÅ¥ouÄký " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-chain ipv4 filter žluÅ¥ouÄký " "firewall-cmd.at:1132" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-chain ipv4 filter žluÅ¥ouÄký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1132" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1133: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-chains ipv4 filter |grep \"žluÅ¥ouÄký\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1133" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-chains ipv4 filter |grep "žluÅ¥ouÄký" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1133" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1134: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-chains | grep \"ipv4 filter žluÅ¥ouÄký\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1134" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-chains | grep "ipv4 filter žluÅ¥ouÄký" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1134" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1135: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --query-chain ipv4 filter žluÅ¥ouÄký " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-chain ipv4 filter žluÅ¥ouÄký " "firewall-cmd.at:1135" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-chain ipv4 filter žluÅ¥ouÄký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1135" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1136: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " "firewall-cmd.at:1136" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1136" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1137: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-rules ipv4 filter žluÅ¥ouÄký | grep ACCEPT " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1137" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-rules ipv4 filter žluÅ¥ouÄký | grep ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1137" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1138: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-rules | grep \"ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1138" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-rules | grep "ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1138" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1139: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " "firewall-cmd.at:1139" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1139" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1140: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " "firewall-cmd.at:1140" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1140" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1141: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " "firewall-cmd.at:1141" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1141" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1142: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --remove-chain ipv4 filter žluÅ¥ouÄký " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-chain ipv4 filter žluÅ¥ouÄký " "firewall-cmd.at:1142" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-chain ipv4 filter žluÅ¥ouÄký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1142" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1143: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --query-chain ipv4 filter žluÅ¥ouÄký " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-chain ipv4 filter žluÅ¥ouÄký " "firewall-cmd.at:1143" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-chain ipv4 filter žluÅ¥ouÄký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1143" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1152: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT " "firewall-cmd.at:1152" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1152" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_19 #AT_START_20 at_fn_group_banner 20 'firewall-cmd.at:1157' \ "direct nat" " " 1 at_xfail=no ( $as_echo "20. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1157" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1157" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " "firewall-cmd.at:1165" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1166" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1169: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " "firewall-cmd.at:1169" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1169" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1170: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " "firewall-cmd.at:1170" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1170" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1171: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1171" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1171" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " "firewall-cmd.at:1175" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_20 #AT_START_21 at_fn_group_banner 21 'firewall-cmd.at:1182' \ "direct passthrough" " " 1 at_xfail=no ( $as_echo "21. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1182" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1182" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } fi if $IP6TABLES -L >/dev/null 2>&1; then : else : fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1210: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv4 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv4 " "firewall-cmd.at:1210" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1210" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1211: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv5 -nvL " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv5 -nvL " "firewall-cmd.at:1211" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv5 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1211" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1212: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv4 -nvL " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv4 -nvL " "firewall-cmd.at:1212" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1212" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1213: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-passthroughs ipv4 | grep \"\\-nvL\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1213" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-passthroughs ipv4 | grep "\-nvL" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1213" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1214: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-passthroughs | grep \"ipv4 \\-nvL\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1214" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-all-passthroughs | grep "ipv4 \-nvL" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1214" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1215: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --query-passthrough ipv4 -nvL " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-passthrough ipv4 -nvL " "firewall-cmd.at:1215" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1215" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --remove-passthrough ipv4 -nvL " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-passthrough ipv4 -nvL " "firewall-cmd.at:1216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --remove-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1217: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --query-passthrough ipv4 -nvL " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-passthrough ipv4 -nvL " "firewall-cmd.at:1217" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --query-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1217" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_21 #AT_START_22 at_fn_group_banner 22 'firewall-cmd.at:1220' \ "direct ebtables" " " 1 at_xfail=no ( $as_echo "22. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1220" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1220" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1256: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-chain eb filter mychain " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-chain eb filter mychain " "firewall-cmd.at:1256" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-chain eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1256" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1257: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --get-chains eb filter | grep mychain " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1257" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --get-chains eb filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1257" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1258: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP " "firewall-cmd.at:1258" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1258" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_22 #AT_START_23 at_fn_group_banner 23 'firewall-cmd.at:1266' \ "lockdown" " " 1 at_xfail=no ( $as_echo "23. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1266" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1266" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1274: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-command /usr/bin/command " "firewall-cmd.at:1274" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1274" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1275: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-command /usr/bin/command " "firewall-cmd.at:1275" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1275" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1276: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-commands | grep \"/usr/bin/command\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1276" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-commands | grep "/usr/bin/command" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1276" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1277: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-command /usr/bin/command " "firewall-cmd.at:1277" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1277" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1278: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-command /usr/bin/command " "firewall-cmd.at:1278" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1278" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1285: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " "firewall-cmd.at:1285" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1285" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1286: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " "firewall-cmd.at:1286" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1286" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1287: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-contexts | grep \"system_u:system_r:MadDaemon_t:s0\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1287" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1287" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1288: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " "firewall-cmd.at:1288" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1288" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1289: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " "firewall-cmd.at:1289" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1289" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1297: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-uid 6666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-uid 6666 " "firewall-cmd.at:1297" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1297" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1298: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-uid 6666 " "firewall-cmd.at:1298" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1298" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1299: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-uids | grep \"6666\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1299" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-uids | grep "6666" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1299" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1300: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-uid 6666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-uid 6666 " "firewall-cmd.at:1300" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1300" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1301: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-uid 6666 " "firewall-cmd.at:1301" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1301" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1302: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-uid 6666x " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-uid 6666x " "firewall-cmd.at:1302" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-uid 6666x ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1302" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1309: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-user theboss " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-user theboss " "firewall-cmd.at:1309" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1309" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1310: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-user theboss " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-user theboss " "firewall-cmd.at:1310" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1310" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1311: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-users | grep \"theboss\" " at_fn_check_prepare_notrace 'a shell pipeline' "firewall-cmd.at:1311" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-lockdown-whitelist-users | grep "theboss" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1311" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1312: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-user theboss " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-user theboss " "firewall-cmd.at:1312" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1312" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1313: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-user theboss " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-user theboss " "firewall-cmd.at:1313" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1313" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1315" >"$at_check_line_file" (test `whoami` != 'root') \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1315" set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_23 #AT_START_24 at_fn_group_banner 24 'firewall-cmd.at:1333' \ "rich rules good" " " 1 at_xfail=no ( $as_echo "24. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1333" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1333" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"ah\" reject' " "firewall-cmd.at:1336" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"ah\" reject' " "firewall-cmd.at:1336" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"ah\" reject' " "firewall-cmd.at:1336" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"ah\" reject' " "firewall-cmd.at:1336" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"esp\" accept' " "firewall-cmd.at:1337" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"esp\" accept' " "firewall-cmd.at:1337" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"esp\" accept' " "firewall-cmd.at:1337" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"esp\" accept' " "firewall-cmd.at:1337" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"sctp\" log' " "firewall-cmd.at:1338" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"sctp\" log' " "firewall-cmd.at:1338" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"sctp\" log' " "firewall-cmd.at:1338" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"sctp\" log' " "firewall-cmd.at:1338" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"igmp\" log' " "firewall-cmd.at:1339" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"igmp\" log' " "firewall-cmd.at:1339" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value=\"igmp\" log' " "firewall-cmd.at:1339" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value=\"igmp\" log' " "firewall-cmd.at:1339" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " "firewall-cmd.at:1340" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " "firewall-cmd.at:1340" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " "firewall-cmd.at:1340" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " "firewall-cmd.at:1340" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " "firewall-cmd.at:1341" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " "firewall-cmd.at:1341" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " "firewall-cmd.at:1341" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " "firewall-cmd.at:1341" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " "firewall-cmd.at:1342" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " "firewall-cmd.at:1342" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " "firewall-cmd.at:1342" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " "firewall-cmd.at:1342" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " "firewall-cmd.at:1343" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " "firewall-cmd.at:1343" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " "firewall-cmd.at:1343" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " "firewall-cmd.at:1343" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " "firewall-cmd.at:1344" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " "firewall-cmd.at:1344" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " "firewall-cmd.at:1344" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " "firewall-cmd.at:1344" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " "firewall-cmd.at:1345" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " "firewall-cmd.at:1345" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " "firewall-cmd.at:1345" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " "firewall-cmd.at:1345" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" masquerade' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" masquerade' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv6\" masquerade' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv6\" masquerade' " "firewall-cmd.at:1346" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " "firewall-cmd.at:1354" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " "firewall-cmd.at:1354" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " "firewall-cmd.at:1354" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " "firewall-cmd.at:1354" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1355" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1355" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1355" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " "firewall-cmd.at:1355" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1356" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1356" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1356" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1356" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " "firewall-cmd.at:1357" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " "firewall-cmd.at:1357" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " "firewall-cmd.at:1357" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " "firewall-cmd.at:1357" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1358" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1358" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1358" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " "firewall-cmd.at:1358" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1359" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1359" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1359" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1359" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1360" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1360" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1360" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " "firewall-cmd.at:1360" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1361" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1361" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1361" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1361" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1361" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1361" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1361" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " "firewall-cmd.at:1361" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " "firewall-cmd.at:1365" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " "firewall-cmd.at:1365" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " "firewall-cmd.at:1365" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " "firewall-cmd.at:1365" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_24 #AT_START_25 at_fn_group_banner 25 'firewall-cmd.at:1367' \ "rich rules audit" " " 1 at_xfail=no ( $as_echo "25. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1367" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1367" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " "firewall-cmd.at:1371" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " "firewall-cmd.at:1371" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " "firewall-cmd.at:1371" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " "firewall-cmd.at:1371" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_25 #AT_START_26 at_fn_group_banner 26 'firewall-cmd.at:1375' \ "rich rules priority" " " 1 at_xfail=no ( $as_echo "26. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1375" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1375" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1544: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule priority=127 drop' " "firewall-cmd.at:1544" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1544" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1545: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule priority=127 drop' " "firewall-cmd.at:1545" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1545" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1546: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule priority=127 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule priority=127 drop' " "firewall-cmd.at:1546" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1546" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1547: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule priority=127 drop' " "firewall-cmd.at:1547" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1547" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_26 #AT_START_27 at_fn_group_banner 27 'firewall-cmd.at:1946' \ "rich rules bad" " " 1 at_xfail=no ( $as_echo "27. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1946" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1946" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1953: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='' " "firewall-cmd.at:1953" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1953" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1954: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='name=\"dns\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='name=\"dns\" accept' " "firewall-cmd.at:1954" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1954" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1955: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='protocol value=\"ah\" reject' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='protocol value=\"ah\" reject' " "firewall-cmd.at:1955" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1955" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1956: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"ah\" reject type=\"icmp-host-prohibited\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"ah\" reject type=\"icmp-host-prohibited\"' " "firewall-cmd.at:1956" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="ah" reject type="icmp-host-prohibited"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1956" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1957: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" protocol value=\"ah\" reject type=\"dummy\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" protocol value=\"ah\" reject type=\"dummy\"' " "firewall-cmd.at:1957" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" protocol value="ah" reject type="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1957" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1958: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule' " "firewall-cmd.at:1958" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1958" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1959: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule bad_element' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule bad_element' " "firewall-cmd.at:1959" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule bad_element' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1959" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1960: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv5\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv5\"' " "firewall-cmd.at:1960" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv5"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1960" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1961: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule name=\"dns\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule name=\"dns\" accept' " "firewall-cmd.at:1961" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1961" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1962: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol=\"ah\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol=\"ah\" accept' " "firewall-cmd.at:1962" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol="ah" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1962" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1963: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"ah\" accept drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"ah\" accept drop' " "firewall-cmd.at:1963" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="ah" accept drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1963" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1964: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name=\"radius\" port port=\"4011\" reject' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name=\"radius\" port port=\"4011\" reject' " "firewall-cmd.at:1964" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name="radius" port port="4011" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1964" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1965: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service bad_attribute=\"dns\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service bad_attribute=\"dns\"' " "firewall-cmd.at:1965" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service bad_attribute="dns"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1965" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1966: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"igmp\" log level=\"eror\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"igmp\" log level=\"eror\"' " "firewall-cmd.at:1966" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="igmp" log level="eror"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 125 $at_status "$at_srcdir/firewall-cmd.at:1966" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='family=\"ipv6\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='family=\"ipv6\" accept' " "firewall-cmd.at:1967" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='family="ipv6" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " "firewall-cmd.at:1967" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 207 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " "firewall-cmd.at:1967" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 123 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1972: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"esp\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"esp\"' " "firewall-cmd.at:1972" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="esp"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1972" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1973: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" masquerade drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" masquerade drop' " "firewall-cmd.at:1973" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" masquerade drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1973" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1974: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" icmp-block name=\"redirect\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" icmp-block name=\"redirect\" accept' " "firewall-cmd.at:1974" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" icmp-block name="redirect" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1974" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1975: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" protocol=\"tcp\" family=\"ipv4\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" protocol=\"tcp\" family=\"ipv4\" accept' " "firewall-cmd.at:1975" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule forward-port port="2222" to-port="22" protocol="tcp" family="ipv4" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1975" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1976: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name=\"ssh\" log prefix=\"RRClag4hrBx9XZXk+46c6QavQehyRGdy3tjs7gzc+xfSzsd2smjoQ2NCPami6zVyjHtPGziBuqSWT0KII7QbHkwjNMr9pzbcbPue9PMTb5zXlMPphDjeuDdC3QTCH9rGQHooa9LiDWr+DqNPkBs+vb8r50eb+yEQIyhQaiDrQ0sc\" drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name=\"ssh\" log prefix=\"RRClag4hrBx9XZXk+46c6QavQehyRGdy3tjs7gzc+xfSzsd2smjoQ2NCPami6zVyjHtPGziBuqSWT0KII7QbHkwjNMr9pzbcbPue9PMTb5zXlMPphDjeuDdC3QTCH9rGQHooa9LiDWr+DqNPkBs+vb8r50eb+yEQIyhQaiDrQ0sc\" drop' " "firewall-cmd.at:1976" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule service name="ssh" log prefix="RRClag4hrBx9XZXk+46c6QavQehyRGdy3tjs7gzc+xfSzsd2smjoQ2NCPami6zVyjHtPGziBuqSWT0KII7QbHkwjNMr9pzbcbPue9PMTb5zXlMPphDjeuDdC3QTCH9rGQHooa9LiDWr+DqNPkBs+vb8r50eb+yEQIyhQaiDrQ0sc" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 141 $at_status "$at_srcdir/firewall-cmd.at:1976" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1977: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"sctp\" nflog group=-1 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value=\"sctp\" nflog group=-1 drop' " "firewall-cmd.at:1977" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule protocol value="sctp" nflog group=-1 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 142 $at_status "$at_srcdir/firewall-cmd.at:1977" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1978: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" service name=\"https\" nflog queue-size=-1 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv4\" service name=\"https\" nflog queue-size=-1 drop' " "firewall-cmd.at:1978" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv4" service name="https" nflog queue-size=-1 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 143 $at_status "$at_srcdir/firewall-cmd.at:1978" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1979: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" service name=\"https\" nflog queue-size=65536 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=\"ipv6\" service name=\"https\" nflog queue-size=65536 drop' " "firewall-cmd.at:1979" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family="ipv6" service name="https" nflog queue-size=65536 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 143 $at_status "$at_srcdir/firewall-cmd.at:1979" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_27 #AT_START_28 at_fn_group_banner 28 'firewall-cmd.at:1989' \ "config validation" " " 1 at_xfail=no ( $as_echo "28. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1989" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1989" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1993: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:1993" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1993" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' -j LOG _ATEOF cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2012: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2012" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2012" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2017: cp ./firewalld.conf ./firewalld.conf.orig" at_fn_check_prepare_trace "firewall-cmd.at:2017" ( $at_check_trace; cp ./firewalld.conf ./firewalld.conf.orig ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2017" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2018: echo \"SomeBogusField=yes\" >> ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:2018" ( $at_check_trace; echo "SomeBogusField=yes" >> ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2018" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2019: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2019" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "ERROR: Invalid option: 'SomeBogusField=yes' ERROR: Invalid option: 'SomeBogusField=yes' " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2019" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2024: cp ./firewalld.conf.orig ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:2024" ( $at_check_trace; cp ./firewalld.conf.orig ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2024" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2033: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2033" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:2033" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2041: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2041" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2041" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2042: rm ./direct.xml" at_fn_check_prepare_trace "firewall-cmd.at:2042" ( $at_check_trace; rm ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2042" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2051: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2051" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2051" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2059: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2059" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2059" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2067: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2067" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2067" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2068: rm ./lockdown-whitelist.xml" at_fn_check_prepare_trace "firewall-cmd.at:2068" ( $at_check_trace; rm ./lockdown-whitelist.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2068" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2071: mkdir -p ./ipsets" at_fn_check_prepare_trace "firewall-cmd.at:2071" ( $at_check_trace; mkdir -p ./ipsets ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2071" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' 12:34:56:78:90 _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2078: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2078" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90', ignoring. WARNING: INVALID_ENTRY: invalid mac address '12:34:56:78:90' in '12:34:56:78:90', ignoring. " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2078" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' 12:34:56:78:90:ab _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2090: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2090" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2090" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2097: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2097" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 119 $at_status "$at_srcdir/firewall-cmd.at:2097" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2098: rm ./ipsets/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2098" ( $at_check_trace; rm ./ipsets/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2098" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2101: mkdir -p ./helpers" at_fn_check_prepare_trace "firewall-cmd.at:2101" ( $at_check_trace; mkdir -p ./helpers ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2101" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2107: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2107" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2107" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2114: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2114" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:2114" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2116: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2116" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2125: rm ./helpers/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2125" ( $at_check_trace; rm ./helpers/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2125" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2128: mkdir -p ./icmptypes" at_fn_check_prepare_trace "firewall-cmd.at:2128" ( $at_check_trace; mkdir -p ./icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2128" $at_failed && at_fn_log_failure $at_traceon; } cat >./icmptypes/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2135: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2135" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2135" $at_failed && at_fn_log_failure $at_traceon; } cat >./icmptypes/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2143: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2143" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2144: rm ./icmptypes/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2144" ( $at_check_trace; rm ./icmptypes/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2144" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2147: mkdir -p ./services" at_fn_check_prepare_trace "firewall-cmd.at:2147" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2147" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2154: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2154" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2154" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2162: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2162" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2162" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2170: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2170" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2170" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2178: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2178" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2178" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2186: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2186" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2186" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2194: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2194" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:2194" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2203: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2203" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:2203" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2211: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2211" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2211" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2212: rm ./services/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2212" ( $at_check_trace; rm ./services/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2212" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2215: mkdir -p ./zones" at_fn_check_prepare_trace "firewall-cmd.at:2215" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2215" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2219: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2219" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/firewall-cmd.at:2219" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2227: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2227" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:2227" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2235: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2235" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2235" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2243: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2243" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2243" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2251: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2251" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2251" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2259: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2259" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2259" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2267: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2267" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2267" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2275: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2275" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2275" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2283: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2283" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2283" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2291: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2291" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2291" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2299: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2299" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2299" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2307: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2307" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: Invalid source: No address no ipset. WARNING: Invalid source: No address no ipset. " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2307" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2322: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2322" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2322" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2335: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2335" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: INVALID_LIMIT: none: rule family=\"ipv4\" source address=\"10.0.0.1/24\" accept limit value=\"none\" WARNING: INVALID_LIMIT: none: rule family=\"ipv4\" source address=\"10.0.0.1/24\" accept limit value=\"none\" " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2335" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2350: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2350" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: Invalid rule: Invalid log prefix WARNING: Invalid rule: Invalid log prefix " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2350" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2365: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2365" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: Invalid rule: Invalid log level WARNING: Invalid rule: Invalid log level " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2365" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2380: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2380" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: Invalid rule: Invalid nflog group value WARNING: Invalid rule: Invalid nflog group value " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2380" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2395: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2395" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: Invalid rule: Invalid nflog queue-size WARNING: Invalid rule: Invalid nflog queue-size " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2395" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2410: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2410" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2410" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2412: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "firewall-cmd.at:2412" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: INVALID_ADDR: 10.0.0.1/24: rule family=\"ipv6\" source address=\"10.0.0.1/24\" accept WARNING: INVALID_ADDR: 10.0.0.1/24: rule family=\"ipv6\" source address=\"10.0.0.1/24\" accept " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2412" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2428: rm ./zones/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2428" ( $at_check_trace; rm ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2428" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_28 #AT_START_29 at_fn_group_banner 29 'rfc3964_ipv4.at:1' \ "RFC3964_IPv4" " " 2 at_xfail=no ( $as_echo "29. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rfc3964_ipv4.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:4: sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:4" ( $at_check_trace; sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:5: sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:5" ( $at_check_trace; sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:74: sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:74" ( $at_check_trace; sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:74" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_29 #AT_START_30 at_fn_group_banner 30 'service_include.at:1' \ "service include" " " 2 at_xfail=no ( $as_echo "30. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/service_include.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/service_include.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "service_include.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/service_include.at:4: mkdir -p ./services" at_fn_check_prepare_trace "service_include.at:4" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:5: cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE " at_fn_check_prepare_notrace 'an embedded newline' "service_include.at:5" ( $at_check_trace; cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:17: cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE " at_fn_check_prepare_notrace 'an embedded newline' "service_include.at:17" ( $at_check_trace; cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:17" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:61: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service " "service_include.at:61" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:61" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:62: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh " "service_include.at:62" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:62" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:63: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh " "service_include.at:63" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:64: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:64" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:64" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:65: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh " "service_include.at:65" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:65" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:66: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh " "service_include.at:66" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:66" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:67: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:67" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:67" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:68: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes " "service_include.at:68" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "mdns recursive-service ssdp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:68" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:71: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:71" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:71" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:93: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service" "service_include.at:93" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:93" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:94: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh" "service_include.at:94" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:94" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:95: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" "service_include.at:95" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:96: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:96" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:96" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:97: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh" "service_include.at:97" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:97" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:98: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" "service_include.at:98" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:99: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:99" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:99" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:100: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes" "service_include.at:100" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "mdns recursive-service ssdp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:100" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:103: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; }" at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:103" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:103" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:115: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --zone=drop --add-interface=foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=drop --add-interface=foobar0 " "service_include.at:115" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=drop --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:115" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:116: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --zone=drop --add-service=my-service-with-include " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=drop --add-service=my-service-with-include " "service_include.at:116" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --zone=drop --add-service=my-service-with-include ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:116" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:117: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=does-not-exist " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=does-not-exist " "service_include.at:117" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:117" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:123: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=does-not-exist " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=does-not-exist " "service_include.at:123" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:123" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_30 #AT_START_31 at_fn_group_banner 31 'helpers_custom.at:1' \ "customer helpers" " " 2 at_xfail=no ( $as_echo "31. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/helpers_custom.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/helpers_custom.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "helpers_custom.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:4: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --new-helper=\"ftptest\" --module=\"nf_conntrack_ftp\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-helper=\"ftptest\" --module=\"nf_conntrack_ftp\" " "helpers_custom.at:4" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-helper="ftptest" --module="nf_conntrack_ftp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:4" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:5: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --helper=ftptest --add-port=\"2121/tcp\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --helper=ftptest --add-port=\"2121/tcp\" " "helpers_custom.at:5" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --helper=ftptest --add-port="2121/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:7: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --new-service=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-service=\"ftptest\" " "helpers_custom.at:7" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --new-service="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:7" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:8: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-module=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-module=\"ftptest\" " "helpers_custom.at:8" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:8" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:9: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --query-module=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --query-module=\"ftptest\" " "helpers_custom.at:9" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --query-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:9" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:10: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-port=\"2121/tcp\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-port=\"2121/tcp\" " "helpers_custom.at:10" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-port="2121/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:10" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:11: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:11" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:11" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:62: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --remove-module=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --remove-module=\"ftptest\" " "helpers_custom.at:62" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --remove-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:62" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:63: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --query-module=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --query-module=\"ftptest\" " "helpers_custom.at:63" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --query-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/helpers_custom.at:63" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:64: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-helper=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-helper=\"ftptest\" " "helpers_custom.at:64" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-helper="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:64" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:65: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:65" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:65" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:116: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-module=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-module=\"ftptest\" " "helpers_custom.at:116" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:116" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:117: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --remove-helper=\"ftptest\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --remove-helper=\"ftptest\" " "helpers_custom.at:117" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --remove-helper="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:117" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:118: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-helper=\"ftp\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-helper=\"ftp\" " "helpers_custom.at:118" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-helper="ftp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:118" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/helpers_custom.at:119: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-port=\"21/tcp\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-port=\"21/tcp\" " "helpers_custom.at:119" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=ftptest --add-port="21/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:119" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_31 #AT_START_32 at_fn_group_banner 32 'policy.at:5' \ "policy - xml" " " 2 at_xfail=no ( $as_echo "32. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:5: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:5" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:5: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:5" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:8: mkdir -p ./policies" at_fn_check_prepare_trace "policy.at:8" ( $at_check_trace; mkdir -p ./policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:8" $at_failed && at_fn_log_failure $at_traceon; } cat >./policies/foobar.xml <<'_ATEOF' foobar foobar policy _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:70: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "policy.at:70" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:70" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_32 #AT_START_33 at_fn_group_banner 33 'policy.at:79' \ "policy - create" " " 2 at_xfail=no ( $as_echo "33. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:79: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:79" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:79: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:79" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:83: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy worldToHost " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy worldToHost " "policy.at:83" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy worldToHost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:83" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:84: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy hostToWorld " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy hostToWorld " "policy.at:84" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy hostToWorld ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:84" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:85: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy zoneToZone " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy zoneToZone " "policy.at:85" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy zoneToZone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:85" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:86: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-policies " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-policies " "policy.at:86" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 hostToWorld worldToHost zoneToZone " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:86" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_33 #AT_START_34 at_fn_group_banner 34 'policy.at:96' \ "policy - name" " " 2 at_xfail=no ( $as_echo "34. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:96: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:96" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:96: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:96" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:100: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy 123456789012345678 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy 123456789012345678 " "policy.at:100" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy 123456789012345678 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:100" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:101: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy 1234567890123456789 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy 1234567890123456789 " "policy.at:101" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy 1234567890123456789 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 116 $at_status "$at_srcdir/policy.at:101" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:104: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy public " "policy.at:104" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/policy.at:104" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:105: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-zone allow-host-ipv6 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-zone allow-host-ipv6 " "policy.at:105" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-zone allow-host-ipv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/policy.at:105" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_34 #AT_START_35 at_fn_group_banner 35 'policy.at:109' \ "policy - list" " " 2 at_xfail=no ( $as_echo "35. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:109: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:109" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:109: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:109" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:131: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --info-policy allow-host-ipv6 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:131" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --info-policy allow-host-ipv6 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:131" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:170: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-all-policies | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:170" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-all-policies | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:170" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:209: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:209" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:209" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_35 #AT_START_36 at_fn_group_banner 36 'policy.at:231' \ "policy - options" " " 2 at_xfail=no ( $as_echo "36. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:231: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:231" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:231: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:231" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:236: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --zone public " "policy.at:236" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:236" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:240: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --add-interface foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --add-interface foobar0 " "policy.at:240" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:240" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:242: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --remove-interface foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --remove-interface foobar0 " "policy.at:242" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:242" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:244: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --query-interface foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --query-interface foobar0 " "policy.at:244" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --query-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:244" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:246: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --list-interfaces " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --list-interfaces " "policy.at:246" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:246" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:250: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --add-source 10.10.10.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --add-source 10.10.10.0/24 " "policy.at:250" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:250" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:252: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --remove-source 10.10.10.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --remove-source 10.10.10.0/24 " "policy.at:252" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:252" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:254: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --query-source 10.10.10.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --query-source 10.10.10.0/24 " "policy.at:254" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --query-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:254" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:256: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --list-sources " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --list-sources " "policy.at:256" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:256" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:260: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --add-forward " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --add-forward " "policy.at:260" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:260" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:262: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --remove-forward " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --remove-forward " "policy.at:262" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --remove-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:262" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:264: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --query-forward " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --query-forward " "policy.at:264" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:264" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:271: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-egress-zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-egress-zone public " "policy.at:271" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:271" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:272: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-egress-zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-egress-zone public " "policy.at:272" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:272" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:273: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-egress-zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-egress-zone public " "policy.at:273" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:273" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:274: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-egress-zones " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-egress-zones " "policy.at:274" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-egress-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:274" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:279: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-ingress-zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-ingress-zone public " "policy.at:279" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:279" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:280: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-ingress-zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-ingress-zone public " "policy.at:280" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:280" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:281: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-ingress-zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-ingress-zone public " "policy.at:281" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:281" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:282: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --list-ingress-zones " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-ingress-zones " "policy.at:282" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --list-ingress-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:282" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:285: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-priority " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-priority " "policy.at:285" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-priority ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:285" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:286: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --set-priority 5 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-priority 5 " "policy.at:286" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --set-priority 5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:286" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_36 #AT_START_37 at_fn_group_banner 37 'policy.at:290' \ "policy - priority" " " 2 at_xfail=no ( $as_echo "37. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:290: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:290" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:290: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:290" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:294: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy worldToHost " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy worldToHost " "policy.at:294" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy worldToHost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:294" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:295: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --add-ingress-zone ANY " "policy.at:295" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:295" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:296: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --add-egress-zone HOST " "policy.at:296" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:296" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:297: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority -1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority -1 " "policy.at:297" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority -1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:297" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:298: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --get-priority " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --get-priority " "policy.at:298" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --get-priority ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-1 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:298" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:330: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority 1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority 1 " "policy.at:330" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority 1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:330" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:360: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy first " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy first " "policy.at:360" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy first ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:360" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:361: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy first --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy first --add-ingress-zone ANY " "policy.at:361" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy first --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:361" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:362: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy first --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy first --add-egress-zone HOST " "policy.at:362" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy first --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:362" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:363: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy second " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy second " "policy.at:363" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy second ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:363" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:364: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy second --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy second --add-ingress-zone ANY " "policy.at:364" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy second --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:364" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:365: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy second --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy second --add-egress-zone HOST " "policy.at:365" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy second --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:365" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:366: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy third " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy third " "policy.at:366" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy third ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:366" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:367: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy third --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy third --add-ingress-zone ANY " "policy.at:367" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy third --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:367" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:368: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy third --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy third --add-egress-zone HOST " "policy.at:368" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy third --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:368" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:369: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy fourth " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy fourth " "policy.at:369" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy fourth ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:369" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:370: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy fourth --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy fourth --add-ingress-zone ANY " "policy.at:370" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy fourth --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:370" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:371: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy fourth --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy fourth --add-egress-zone HOST " "policy.at:371" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy fourth --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:371" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:372: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy fifth " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy fifth " "policy.at:372" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy fifth ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:372" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:373: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy fifth --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy fifth --add-ingress-zone ANY " "policy.at:373" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy fifth --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:373" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:374: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy fifth --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy fifth --add-egress-zone HOST " "policy.at:374" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy fifth --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:374" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:376: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy fourth --set-priority -100 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy fourth --set-priority -100 " "policy.at:376" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy fourth --set-priority -100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:376" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:377: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy second --set-priority -5000 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy second --set-priority -5000 " "policy.at:377" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy second --set-priority -5000 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:377" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:378: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy first --set-priority -10000 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy first --set-priority -10000 " "policy.at:378" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy first --set-priority -10000 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:378" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:379: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy third --set-priority -1000 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy third --set-priority -1000 " "policy.at:379" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy third --set-priority -1000 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:379" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:380: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy fifth --set-priority -10 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy fifth --set-priority -10 " "policy.at:380" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy fifth --set-priority -10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:380" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:412: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority 0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority 0 " "policy.at:412" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority 0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/policy.at:412" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:413: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority -32769 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority -32769 " "policy.at:413" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority -32769 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/policy.at:413" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:414: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority -32768 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority -32768 " "policy.at:414" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority -32768 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:414" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:415: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority 32768 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority 32768 " "policy.at:415" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority 32768 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/policy.at:415" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:416: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority 32767 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority 32767 " "policy.at:416" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy worldToHost --set-priority 32767 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:416" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_37 #AT_START_38 at_fn_group_banner 38 'policy.at:420' \ "policy - zones" " " 2 at_xfail=no ( $as_echo "38. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:420: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:420" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:420: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:420" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:423: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-interface=foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-interface=foobar0 " "policy.at:423" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:423" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:424: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=internal --add-interface=foobar1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=internal --add-interface=foobar1 " "policy.at:424" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=internal --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:424" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:426: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " "policy.at:426" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:426" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:427: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-priority -1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-priority -1 " "policy.at:427" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-priority -1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:427" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:431: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"HOST\" " "policy.at:431" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:431" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:432: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone=\"HOST\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone=\"HOST\" " "policy.at:432" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:432" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:433: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"ANY\" " "policy.at:433" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:433" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:434: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"public\" " "policy.at:434" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:434" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:435: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"HOST\" " "policy.at:435" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:435" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:436: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"ANY\" " "policy.at:436" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:436" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:437: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone=\"ANY\" " "policy.at:437" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:437" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:438: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"HOST\" " "policy.at:438" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:438" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:439: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"public\" " "policy.at:439" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:439" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:440: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"ANY\" " "policy.at:440" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:440" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:441: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"public\" " "policy.at:441" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:441" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:442: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone=\"public\" " "policy.at:442" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:442" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:443: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"internal\" " "policy.at:443" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:443" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:444: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone=\"internal\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone=\"internal\" " "policy.at:444" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:444" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:445: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"ANY\" " "policy.at:445" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:445" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:446: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"HOST\" " "policy.at:446" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:446" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:447: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone=\"ANY\" " "policy.at:447" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/policy.at:447" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:448: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone=\"HOST\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone=\"HOST\" " "policy.at:448" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/policy.at:448" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:449: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"public\" " "policy.at:449" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:449" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:450: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"internal\" " "policy.at:450" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:450" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:473: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"HOST\" " "policy.at:473" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:473" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:474: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"ANY\" " "policy.at:474" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:474" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:475: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"public\" " "policy.at:475" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:475" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:476: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone=\"HOST\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone=\"HOST\" " "policy.at:476" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:476" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:477: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"ANY\" " "policy.at:477" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:477" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:478: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"HOST\" " "policy.at:478" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:478" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:479: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"public\" " "policy.at:479" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:479" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:480: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone=\"ANY\" " "policy.at:480" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:480" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:481: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"public\" " "policy.at:481" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:481" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:482: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"internal\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"internal\" " "policy.at:482" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:482" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:483: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"ANY\" " "policy.at:483" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:483" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:484: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"HOST\" " "policy.at:484" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:484" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:485: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone=\"public\" " "policy.at:485" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:485" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:486: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone=\"internal\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone=\"internal\" " "policy.at:486" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:486" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:503: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"ANY\" " "policy.at:503" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:503" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:504: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"ANY\" " "policy.at:504" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:504" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:505: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-egress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-egress-zone=\"ANY\" " "policy.at:505" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:505" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:506: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-egress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-egress-zone=\"ANY\" " "policy.at:506" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:506" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:507: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"ANY\" " "policy.at:507" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:507" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:508: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone=\"ANY\" " "policy.at:508" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:508" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:517: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"public\" " "policy.at:517" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:517" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:518: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"public\" " "policy.at:518" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:518" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:519: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-egress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-egress-zone=\"public\" " "policy.at:519" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:519" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:520: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-egress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-egress-zone=\"public\" " "policy.at:520" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:520" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:521: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"public\" " "policy.at:521" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:521" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:522: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone=\"public\" " "policy.at:522" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:522" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:531: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"HOST\" " "policy.at:531" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:531" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:532: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"HOST\" " "policy.at:532" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:532" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:533: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"HOST\" " "policy.at:533" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:533" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:539: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"does_not_exist\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"does_not_exist\" " "policy.at:539" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="does_not_exist" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:539" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:540: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"does_not_exist\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"does_not_exist\" " "policy.at:540" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="does_not_exist" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:540" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:547: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone=\"public\" " "policy.at:547" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:547" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:564: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"internal\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone=\"internal\" " "policy.at:564" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:564" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:587: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone=\"public\" " "policy.at:587" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:587" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_38 #AT_START_39 at_fn_group_banner 39 'policy.at:607' \ "policy - dispatch" " " 2 at_xfail=no ( $as_echo "39. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:607: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:607" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:607: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:607" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:610: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-interface=foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-interface=foobar0 " "policy.at:610" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:610" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:611: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=internal --add-interface=foobar1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=internal --add-interface=foobar1 " "policy.at:611" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=internal --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:611" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:613: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " "policy.at:613" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:613" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:614: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-priority -1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-priority -1 " "policy.at:614" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-priority -1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:614" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_39 #AT_START_40 at_fn_group_banner 40 'policy.at:2239' \ "policy - interfaces/sources" " " 2 at_xfail=no ( $as_echo "40. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:2239: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2239" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:2239: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:2239" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2242: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " "policy.at:2242" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2242" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2243: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-ingress-zone internal " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-ingress-zone internal " "policy.at:2243" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2243" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2244: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone internal --add-interface foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone internal --add-interface foobar0 " "policy.at:2244" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone internal --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2244" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2245: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-egress-zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-egress-zone public " "policy.at:2245" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2245" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_40 #AT_START_41 at_fn_group_banner 41 'policy.at:2406' \ "policy - target" " " 2 at_xfail=no ( $as_echo "41. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:2406: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2406" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:2406: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:2406" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2409: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " "policy.at:2409" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2409" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2411: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=CONTINUE " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=CONTINUE " "policy.at:2411" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=CONTINUE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2411" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2412: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=ACCEPT " "policy.at:2412" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2412" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2413: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=DROP " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=DROP " "policy.at:2413" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2413" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2414: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=REJECT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=REJECT " "policy.at:2414" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=REJECT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2414" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2415: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=DENY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=DENY " "policy.at:2415" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=DENY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/policy.at:2415" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2416: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=default " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=default " "policy.at:2416" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/policy.at:2416" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2419: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=ACCEPT " "policy.at:2419" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2419" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2420: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-ingress-zone internal " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-ingress-zone internal " "policy.at:2420" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2420" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2421: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone internal --add-interface foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone internal --add-interface foobar0 " "policy.at:2421" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone internal --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2421" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2422: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-egress-zone HOST " "policy.at:2422" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2422" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_41 #AT_START_42 at_fn_group_banner 42 'policy.at:2455' \ "policy - from file" " " 2 at_xfail=no ( $as_echo "42. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:2455: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2455" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:2455: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:2455" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2458: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --add-protocol ipv6-icmp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --add-protocol ipv6-icmp " "policy.at:2458" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy allow-host-ipv6 --add-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2458" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2459: ls \"./policies/allow-host-ipv6.xml\"" at_fn_check_prepare_trace "policy.at:2459" ( $at_check_trace; ls "./policies/allow-host-ipv6.xml" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2459" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2460: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy-from-file \"./policies/allow-host-ipv6.xml\" --name my-allow-host-ipv6 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy-from-file \"./policies/allow-host-ipv6.xml\" --name my-allow-host-ipv6 " "policy.at:2460" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy-from-file "./policies/allow-host-ipv6.xml" --name my-allow-host-ipv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2460" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2461: ls \"./policies/my-allow-host-ipv6.xml\"" at_fn_check_prepare_trace "policy.at:2461" ( $at_check_trace; ls "./policies/my-allow-host-ipv6.xml" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2461" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/policy.at:2462: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --get-policies " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-policies " "policy.at:2462" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --get-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 my-allow-host-ipv6 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2462" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_42 #AT_START_43 at_fn_group_banner 43 'services.at:1' \ "services" " " 2 at_xfail=no ( $as_echo "43. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/services.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/services.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "services.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/services.at:4: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " "services.at:4" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:4" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/services.at:5: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " "services.at:5" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/services.at:6: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " "services.at:6" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:6" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/services.at:10: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-service ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-service ssh " "services.at:10" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:10" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/services.at:11: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " "services.at:11" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:11" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/services.at:12: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-service ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-service ssh " "services.at:12" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:12" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/services.at:13: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " "services.at:13" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:13" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/services.at:32: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-service-from-policy ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-service-from-policy ssh " "services.at:32" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-service-from-policy ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:32" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/services.at:37: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " "services.at:37" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:37" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/services.at:38: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-service ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-service ssh " "services.at:38" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:38" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/services.at:39: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " "services.at:39" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:39" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/services.at:90: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-service does-not-exist " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-service does-not-exist " "services.at:90" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-service does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/services.at:90" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/services.at:94: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-interface raboof0 --add-service ssh " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-interface raboof0 --add-service ssh " "services.at:94" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-interface raboof0 --add-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/services.at:94" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_43 #AT_START_44 at_fn_group_banner 44 'ports.at:1' \ "ports" " " 2 at_xfail=no ( $as_echo "44. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/ports.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/ports.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "ports.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:4: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " "ports.at:4" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:4" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:5: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " "ports.at:5" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:6: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " "ports.at:6" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:6" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:9: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 1234/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 1234/tcp " "ports.at:9" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:9" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:10: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 1234/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 1234/udp " "ports.at:10" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:10" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:11: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 4321/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 4321/udp " "ports.at:11" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:11" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:12: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule port port=4444 protocol=udp accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule port port=4444 protocol=udp accept' " "ports.at:12" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:12" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:13: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 1234/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 1234/tcp " "ports.at:13" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:13" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:14: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 1234/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 1234/udp " "ports.at:14" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:14" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:15: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 4321/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 4321/udp " "ports.at:15" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:15" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:16: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule port port=4444 protocol=udp accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule port port=4444 protocol=udp accept' " "ports.at:16" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:16" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:44: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-port 1234/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-port 1234/tcp " "ports.at:44" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:44" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:45: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 1234/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 1234/tcp " "ports.at:45" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/ports.at:45" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:46: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 1234/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 1234/udp " "ports.at:46" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:46" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:47: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-port 1234/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-port 1234/udp " "ports.at:47" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:47" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:48: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-port 4321/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-port 4321/udp " "ports.at:48" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:48" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:49: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule port port=4444 protocol=udp accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule port port=4444 protocol=udp accept' " "ports.at:49" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:49" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:93: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 1234 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 1234 " "ports.at:93" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:93" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:95: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 123443/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 123443/tcp " "ports.at:95" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 123443/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:95" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:97: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 1234/bogus " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 1234/bogus " "ports.at:97" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-port 1234/bogus ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:97" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:100: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule port port=4444 accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule port port=4444 accept' " "ports.at:100" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule port port=4444 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:100" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:102: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule port port=99999 protocol=tcp accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule port port=99999 protocol=tcp accept' " "ports.at:102" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule port port=99999 protocol=tcp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:102" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/ports.at:104: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule port port=4444 protocol=bogus accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule port port=4444 protocol=bogus accept' " "ports.at:104" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule port port=4444 protocol=bogus accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:104" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_44 #AT_START_45 at_fn_group_banner 45 'source_ports.at:1' \ "source ports" " " 2 at_xfail=no ( $as_echo "45. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/source_ports.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/source_ports.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "source_ports.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:4: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " "source_ports.at:4" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:4" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:5: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " "source_ports.at:5" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:6: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " "source_ports.at:6" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:6" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:9: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 1234/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 1234/tcp " "source_ports.at:9" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:9" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:10: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 1234/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 1234/udp " "source_ports.at:10" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:10" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:11: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 4321/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 4321/udp " "source_ports.at:11" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:11" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:12: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=udp accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=udp accept' " "source_ports.at:12" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:12" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:13: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 1234/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 1234/tcp " "source_ports.at:13" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:13" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:14: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 1234/udp " "source_ports.at:14" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:14" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:15: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 4321/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 4321/udp " "source_ports.at:15" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:15" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:16: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=udp accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=udp accept' " "source_ports.at:16" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:16" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:44: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-source-port 1234/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-source-port 1234/tcp " "source_ports.at:44" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:44" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:45: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 1234/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 1234/tcp " "source_ports.at:45" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/source_ports.at:45" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:46: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 1234/udp " "source_ports.at:46" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:46" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:47: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-source-port 1234/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-source-port 1234/udp " "source_ports.at:47" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:47" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:48: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-source-port 4321/udp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-source-port 4321/udp " "source_ports.at:48" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-source-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:48" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:49: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=udp accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=udp accept' " "source_ports.at:49" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:49" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:93: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 1234 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 1234 " "source_ports.at:93" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:93" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:95: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 123443/tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 123443/tcp " "source_ports.at:95" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 123443/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:95" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:97: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 1234/bogus " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 1234/bogus " "source_ports.at:97" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-source-port 1234/bogus ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:97" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:100: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule source-port port=4444 accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule source-port port=4444 accept' " "source_ports.at:100" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule source-port port=4444 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:100" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:102: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule source-port port=99999 protocol=tcp accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule source-port port=99999 protocol=tcp accept' " "source_ports.at:102" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule source-port port=99999 protocol=tcp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:102" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/source_ports.at:104: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=bogus accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=bogus accept' " "source_ports.at:104" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=bogus accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:104" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_45 #AT_START_46 at_fn_group_banner 46 'forward_ports.at:1' \ "forward ports" " " 2 at_xfail=no ( $as_echo "46. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/forward_ports.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/forward_ports.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "forward_ports.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:4: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " "forward_ports.at:4" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:4" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:5: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " "forward_ports.at:5" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:6: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone ANY " "forward_ports.at:6" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:6" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:9: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " "forward_ports.at:9" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:9" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:10: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " "forward_ports.at:10" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:10" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:13: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " "forward_ports.at:13" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:13" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:14: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " "forward_ports.at:14" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:14" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:15: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " "forward_ports.at:15" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:15" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:18: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " "forward_ports.at:18" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:18" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:41: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " "forward_ports.at:41" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:41" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:42: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " "forward_ports.at:42" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:42" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:43: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " "forward_ports.at:43" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:43" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:46: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " "forward_ports.at:46" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:46" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:88: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port 1234 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port 1234 " "forward_ports.at:88" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:88" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:90: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=11:proto=tcp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=11:proto=tcp " "forward_ports.at:90" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=11:proto=tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:90" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:92: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=11:proto=tcpp:toport=1111 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=11:proto=tcpp:toport=1111 " "forward_ports.at:92" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=11:proto=tcpp:toport=1111 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:92" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:94: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=11:proto=tcp:toport=1111:toaddr=10.10.10.10.10 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=11:proto=tcp:toport=1111:toaddr=10.10.10.10.10 " "forward_ports.at:94" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=11:proto=tcp:toport=1111:toaddr=10.10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/forward_ports.at:94" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:97: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444' " "forward_ports.at:97" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:97" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:99: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp' " "forward_ports.at:99" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/forward_ports.at:99" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:101: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcpp to-port=1111' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcpp to-port=1111' " "forward_ports.at:101" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcpp to-port=1111' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:101" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:103: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp to-port=1111 to-addr=10.10.10.10.10' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp to-port=1111 to-addr=10.10.10.10.10' " "forward_ports.at:103" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp to-port=1111 to-addr=10.10.10.10.10' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/forward_ports.at:103" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:106: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone ANY " "forward_ports.at:106" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:106" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:110: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " "forward_ports.at:110" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:110" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:111: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " "forward_ports.at:111" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:111" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:112: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " "forward_ports.at:112" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:112" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:113: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " "forward_ports.at:113" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:113" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:114: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' " "forward_ports.at:114" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:114" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:134: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222 " "forward_ports.at:134" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:134" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:135: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' " "forward_ports.at:135" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:135" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:136: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone HOST " "forward_ports.at:136" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:136" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:142: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone ANY " "forward_ports.at:142" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:142" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:143: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " "forward_ports.at:143" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:143" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:144: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " "forward_ports.at:144" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:144" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:149: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " "forward_ports.at:149" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:149" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:150: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone ANY " "forward_ports.at:150" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:150" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:155: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone internal --add-interface foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone internal --add-interface foobar0 " "forward_ports.at:155" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone internal --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:155" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:156: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone internal " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone internal " "forward_ports.at:156" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:156" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:157: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " "forward_ports.at:157" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:157" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:158: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " "forward_ports.at:158" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/forward_ports.at:158" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:159: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " "forward_ports.at:159" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:159" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:160: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " "forward_ports.at:160" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/forward_ports.at:160" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:168: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone internal --remove-interface foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone internal --remove-interface foobar0 " "forward_ports.at:168" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone internal --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:168" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:173: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone internal --add-source 10.10.10.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone internal --add-source 10.10.10.0/24 " "forward_ports.at:173" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone internal --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:173" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:174: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " "forward_ports.at:174" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:174" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:175: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " "forward_ports.at:175" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:175" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:176: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " "forward_ports.at:176" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:176" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:177: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " "forward_ports.at:177" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:177" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_46 #AT_START_47 at_fn_group_banner 47 'forward_ports.at:199' \ "forward ports (OUTPUT)" " " 2 at_xfail=no ( $as_echo "47. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/forward_ports.at:199: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:199" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/forward_ports.at:199: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "forward_ports.at:199" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:202: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " "forward_ports.at:202" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:202" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:203: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-zone localhost " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-zone localhost " "forward_ports.at:203" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-zone localhost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:203" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:209: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-ingress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-ingress-zone HOST " "forward_ports.at:209" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:209" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:210: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-egress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-egress-zone ANY " "forward_ports.at:210" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:210" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:211: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " "forward_ports.at:211" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:211" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:212: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " "forward_ports.at:212" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:212" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:213: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " "forward_ports.at:213" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:213" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:214: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " "forward_ports.at:214" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:214" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:234: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-ingress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-ingress-zone HOST " "forward_ports.at:234" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:234" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:235: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-egress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-egress-zone ANY " "forward_ports.at:235" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:235" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:242: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone localhost --add-source 127.0.0.0/8 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone localhost --add-source 127.0.0.0/8 " "forward_ports.at:242" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone localhost --add-source 127.0.0.0/8 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:242" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:243: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-ingress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-ingress-zone HOST " "forward_ports.at:243" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:243" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:244: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-egress-zone localhost " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-egress-zone localhost " "forward_ports.at:244" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-egress-zone localhost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:244" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:245: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " "forward_ports.at:245" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:245" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:246: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " "forward_ports.at:246" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:246" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:247: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " "forward_ports.at:247" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:247" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:248: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " "forward_ports.at:248" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:248" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:269: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone localhost --remove-source 127.0.0.0/8 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone localhost --remove-source 127.0.0.0/8 " "forward_ports.at:269" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone localhost --remove-source 127.0.0.0/8 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:269" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:270: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-ingress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-ingress-zone HOST " "forward_ports.at:270" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:270" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/forward_ports.at:271: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-egress-zone localhost " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-egress-zone localhost " "forward_ports.at:271" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-egress-zone localhost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:271" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_47 #AT_START_48 at_fn_group_banner 48 'masquerade.at:1' \ "masquerade" " " 2 at_xfail=no ( $as_echo "48. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/masquerade.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/masquerade.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "masquerade.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:4: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-interface foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-interface foobar0 " "masquerade.at:4" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:4" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:6: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " "masquerade.at:6" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:6" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:7: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " "masquerade.at:7" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:7" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:8: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone public " "masquerade.at:8" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:8" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:11: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-masquerade " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-masquerade " "masquerade.at:11" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:11" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:12: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " "masquerade.at:12" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:12" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:13: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-masquerade " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-masquerade " "masquerade.at:13" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:13" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:14: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " "masquerade.at:14" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:14" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:32: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-masquerade " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-masquerade " "masquerade.at:32" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:32" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:33: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " "masquerade.at:33" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:33" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:34: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-masquerade " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-masquerade " "masquerade.at:34" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:34" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:35: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " "masquerade.at:35" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:35" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:71: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar_host " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar_host " "masquerade.at:71" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar_host ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:71" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:72: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --add-ingress-zone internal " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --add-ingress-zone internal " "masquerade.at:72" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --add-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:72" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:73: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --add-egress-zone HOST " "masquerade.at:73" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:73" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:75: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --add-masquerade " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --add-masquerade " "masquerade.at:75" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:75" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:76: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " "masquerade.at:76" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:76" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:79: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --remove-ingress-zone internal " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --remove-ingress-zone internal " "masquerade.at:79" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --remove-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:79" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:80: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --remove-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --remove-egress-zone HOST " "masquerade.at:80" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_host --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:80" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:84: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar_int_to_pub " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar_int_to_pub " "masquerade.at:84" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar_int_to_pub ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:84" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:85: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=internal --add-interface foobar1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=internal --add-interface foobar1 " "masquerade.at:85" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=internal --add-interface foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:85" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:86: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-ingress-zone internal " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-ingress-zone internal " "masquerade.at:86" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:86" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:87: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-egress-zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-egress-zone public " "masquerade.at:87" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:87" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:89: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-masquerade " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-masquerade " "masquerade.at:89" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:89" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:90: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " "masquerade.at:90" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:90" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:93: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=internal --remove-interface foobar1 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=internal --remove-interface foobar1 " "masquerade.at:93" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=internal --remove-interface foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:93" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:97: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=internal --add-source 10.10.10.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=internal --add-source 10.10.10.0/24 " "masquerade.at:97" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=internal --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:97" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:99: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-masquerade " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-masquerade " "masquerade.at:99" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:99" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:100: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " "masquerade.at:100" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:100" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/masquerade.at:101: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=internal --remove-source 10.10.10.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=internal --remove-source 10.10.10.0/24 " "masquerade.at:101" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=internal --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:101" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_48 #AT_START_49 at_fn_group_banner 49 'protocols.at:1' \ "protocols" " " 2 at_xfail=no ( $as_echo "49. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/protocols.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/protocols.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "protocols.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:4: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " "protocols.at:4" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:4" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:5: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " "protocols.at:5" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:6: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " "protocols.at:6" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:6" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:9: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-protocol ipv6-icmp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-protocol ipv6-icmp " "protocols.at:9" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:9" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:10: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-protocol dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-protocol dccp " "protocols.at:10" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:10" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:11: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-protocol gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-protocol gre " "protocols.at:11" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:11" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:12: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule protocol value=\"sctp\" accept' " "protocols.at:12" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:12" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:13: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol ipv6-icmp " "protocols.at:13" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:13" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:14: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol dccp " "protocols.at:14" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:14" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:15: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol gre " "protocols.at:15" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:15" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:16: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " "protocols.at:16" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:16" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:44: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-protocol ipv6-icmp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-protocol ipv6-icmp " "protocols.at:44" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:44" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:45: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol ipv6-icmp " "protocols.at:45" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/protocols.at:45" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:46: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol dccp " "protocols.at:46" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:46" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:47: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-protocol dccp " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-protocol dccp " "protocols.at:47" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:47" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:48: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-protocol gre " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-protocol gre " "protocols.at:48" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:48" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:49: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule protocol value=\"sctp\" accept' " "protocols.at:49" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:49" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:93: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-protocol dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-protocol dummy " "protocols.at:93" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-protocol dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/protocols.at:93" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/protocols.at:95: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule protocol value=\"dummy\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule protocol value=\"dummy\" accept' " "protocols.at:95" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule protocol value="dummy" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/protocols.at:95" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_49 #AT_START_50 at_fn_group_banner 50 'rich_rules.at:1' \ "rich rules" " " 2 at_xfail=no ( $as_echo "50. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rich_rules.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rich_rules.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rich_rules.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:7: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " "rich_rules.at:7" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:7" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:8: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " "rich_rules.at:8" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:8" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:9: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " "rich_rules.at:9" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:9" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:42: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.10 accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.10 accept' " "rich_rules.at:42" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.10 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:42" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:43: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 log accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 log accept' " "rich_rules.at:43" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 log accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:43" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:44: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 audit accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 audit accept' " "rich_rules.at:44" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:44" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:45: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.12 reject' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.12 reject' " "rich_rules.at:45" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.12 reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:45" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:46: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.13 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.13 drop' " "rich_rules.at:46" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.13 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:46" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:47: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.10.10.14 accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.10.10.14 accept' " "rich_rules.at:47" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.10.10.14 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:47" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:48: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=1 source address=10.10.10.15 accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=1 source address=10.10.10.15 accept' " "rich_rules.at:48" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=1 source address=10.10.10.15 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:48" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:110: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.20.20.20 accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.20.20.20 accept' " "rich_rules.at:110" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.20.20.20 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:110" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:111: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=-2 destination address=10.20.20.21 accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=-2 destination address=10.20.20.21 accept' " "rich_rules.at:111" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=-2 destination address=10.20.20.21 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:111" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:112: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=-3 source address=10.20.20.22 destination address=10.20.20.23 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=-3 source address=10.20.20.22 destination address=10.20.20.23 drop' " "rich_rules.at:112" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv4 priority=-3 source address=10.20.20.22 destination address=10.20.20.23 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:112" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:113: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv6 priority=-4 source address=1234::4321 destination address=1234::4444 drop' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv6 priority=-4 source address=1234::4321 destination address=1234::4444 drop' " "rich_rules.at:113" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule family=ipv6 priority=-4 source address=1234::4321 destination address=1234::4444 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:113" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:138: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-1 icmp-type name=\"neighbour-advertisement\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-1 icmp-type name=\"neighbour-advertisement\" accept' " "rich_rules.at:138" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-1 icmp-type name="neighbour-advertisement" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:138" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:139: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-2 icmp-type name=\"echo-request\" accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-2 icmp-type name=\"echo-request\" accept' " "rich_rules.at:139" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-2 icmp-type name="echo-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:139" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:168: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone HOST " "rich_rules.at:168" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:168" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:173: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " "rich_rules.at:173" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:173" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:174: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' " "rich_rules.at:174" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:174" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:175: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' " "rich_rules.at:175" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:175" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:193: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone HOST " "rich_rules.at:193" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:193" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:198: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone ANY " "rich_rules.at:198" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:198" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:216: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone ANY " "rich_rules.at:216" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:216" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:221: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source 10.10.10.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source 10.10.10.0/24 " "rich_rules.at:221" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:221" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:222: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone public " "rich_rules.at:222" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:222" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:240: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone public " "rich_rules.at:240" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:240" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:241: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-source 10.10.10.0/24 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-source 10.10.10.0/24 " "rich_rules.at:241" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:241" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:244: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-rich-rule='rule priority=-1 mark set=1234' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-rich-rule='rule priority=-1 mark set=1234' " "rich_rules.at:244" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-rich-rule='rule priority=-1 mark set=1234' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:244" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:246: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' " "rich_rules.at:246" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:246" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:252: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-interface foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-interface foobar0 " "rich_rules.at:252" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:252" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:253: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone public " "rich_rules.at:253" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:253" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:254: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' " "rich_rules.at:254" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/rich_rules.at:254" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:255: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface foobar0 " "rich_rules.at:255" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=public --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:255" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:256: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone public " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone public " "rich_rules.at:256" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:256" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:263: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " "rich_rules.at:263" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:263" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:267: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=32000 log prefix=\"LOG: \" level=\"warning\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=32000 log prefix=\"LOG: \" level=\"warning\"' " "rich_rules.at:267" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=32000 log prefix="LOG: " level="warning"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:267" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:268: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=32001 audit accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=32001 audit accept' " "rich_rules.at:268" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=32001 audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:268" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:291: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-rich-rule='rule priority=32000 log prefix=\"LOG: \" level=\"warning\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-rich-rule='rule priority=32000 log prefix=\"LOG: \" level=\"warning\"' " "rich_rules.at:291" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-rich-rule='rule priority=32000 log prefix="LOG: " level="warning"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:291" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:292: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-rich-rule='rule priority=32001 audit accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-rich-rule='rule priority=32001 audit accept' " "rich_rules.at:292" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --remove-rich-rule='rule priority=32001 audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:292" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:297: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=32000 nflog prefix=\"NFLOG: \" queue-size=10' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=32000 nflog prefix=\"NFLOG: \" queue-size=10' " "rich_rules.at:297" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=32000 nflog prefix="NFLOG: " queue-size=10' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:297" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_rules.at:298: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=32001 audit accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=32001 audit accept' " "rich_rules.at:298" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --add-rich-rule='rule priority=32001 audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:298" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_50 #AT_START_51 at_fn_group_banner 51 'icmp_blocks.at:1' \ "ICMP blocks" " " 2 at_xfail=no ( $as_echo "51. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "icmp_blocks.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:4: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar " "icmp_blocks.at:4" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:4" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:5: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY " "icmp_blocks.at:5" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:6: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST " "icmp_blocks.at:6" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:6" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:9: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-icmp-block echo-request " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-icmp-block echo-request " "icmp_blocks.at:9" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:9" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:10: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-icmp-block echo-reply " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-icmp-block echo-reply " "icmp_blocks.at:10" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:10" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:11: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-icmp-block redirect " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-icmp-block redirect " "icmp_blocks.at:11" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:11" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:12: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " "icmp_blocks.at:12" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:12" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:15: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block echo-request " "icmp_blocks.at:15" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:15" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:16: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block echo-reply " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block echo-reply " "icmp_blocks.at:16" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:16" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:17: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block redirect " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block redirect " "icmp_blocks.at:17" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:17" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:18: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " "icmp_blocks.at:18" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:18" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:62: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-icmp-block echo-request " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-icmp-block echo-request " "icmp_blocks.at:62" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:62" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:63: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block echo-request " "icmp_blocks.at:63" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:63" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:64: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block echo-reply " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block echo-reply " "icmp_blocks.at:64" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy foobar --query-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:64" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:65: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-icmp-block echo-reply " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-icmp-block echo-reply " "icmp_blocks.at:65" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:65" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:66: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-icmp-block redirect " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-icmp-block redirect " "icmp_blocks.at:66" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:66" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:67: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " "icmp_blocks.at:67" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:67" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:67: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " "icmp_blocks.at:67" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:67" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:141: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-icmp-block dummy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-icmp-block dummy " "icmp_blocks.at:141" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-icmp-block dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/icmp_blocks.at:141" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:143: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"dummy\"' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"dummy\"' " "icmp_blocks.at:143" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/icmp_blocks.at:143" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_51 #AT_START_52 at_fn_group_banner 52 'rich_tcp_mss_clamp.at:5' \ "tcp-mss-clamp" " " 2 at_xfail=no ( $as_echo "52. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:5" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rich_tcp_mss_clamp.at:5" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:8: mkdir -p ./zones" at_fn_check_prepare_trace "rich_tcp_mss_clamp.at:8" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:8" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/tcp.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:20: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "rich_tcp_mss_clamp.at:20" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:20" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/tcp.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:32: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "rich_tcp_mss_clamp.at:32" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:32" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/tcp.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:44: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "rich_tcp_mss_clamp.at:44" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "WARNING: INVALID_RULE: thisdoesnotexist: rule tcp-mss-clamp value=\"thisdoesnotexist\" WARNING: INVALID_RULE: thisdoesnotexist: rule tcp-mss-clamp value=\"thisdoesnotexist\" " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:44" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/tcp.xml <<'_ATEOF' _ATEOF FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:62: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --check-config" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config" "rich_tcp_mss_clamp.at:62" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:65: rm ./zones/tcp.xml" at_fn_check_prepare_trace "rich_tcp_mss_clamp.at:65" ( $at_check_trace; rm ./zones/tcp.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:65" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:66: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp value=thisdoesnotexist' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp value=thisdoesnotexist' " "rich_tcp_mss_clamp.at:66" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp value=thisdoesnotexist' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:66" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:67: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp' " "rich_tcp_mss_clamp.at:67" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:67" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:68: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule tcp-mss-clamp' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule tcp-mss-clamp' " "rich_tcp_mss_clamp.at:68" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --remove-rich-rule='rule tcp-mss-clamp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:68" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:69: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp value=0' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp value=0' " "rich_tcp_mss_clamp.at:69" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp value=0' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:69" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:70: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp value=536' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp value=536' " "rich_tcp_mss_clamp.at:70" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp value=536' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:70" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:71: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp value=pmtu' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp value=pmtu' " "rich_tcp_mss_clamp.at:71" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule tcp-mss-clamp value=pmtu' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:71" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_52 #AT_START_53 at_fn_group_banner 53 'rich_destination_ipset.at:1' \ "rich destination ipset" " " 2 at_xfail=no ( $as_echo "53. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rich_destination_ipset.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:4: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-policy=mypolicy " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=mypolicy " "rich_destination_ipset.at:4" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-policy=mypolicy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:4" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:5: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=mypolicy --add-ingress-zone ANY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=mypolicy --add-ingress-zone ANY " "rich_destination_ipset.at:5" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=mypolicy --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:6: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy=mypolicy --add-egress-zone HOST " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=mypolicy --add-egress-zone HOST " "rich_destination_ipset.at:6" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy=mypolicy --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:6" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:8: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip " "rich_destination_ipset.at:8" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset=foobar --type=hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:8" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:12: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' " "rich_destination_ipset.at:12" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:12" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:29: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy mypolicy --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy mypolicy --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' " "rich_destination_ipset.at:29" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy mypolicy --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:29" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:43: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' " "rich_destination_ipset.at:43" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_destination_ipset.at:43" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:45: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' " "rich_destination_ipset.at:45" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/rich_destination_ipset.at:45" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:47: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy mypolicy --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy mypolicy --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' " "rich_destination_ipset.at:47" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy mypolicy --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_destination_ipset.at:47" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:49: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --policy mypolicy --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy mypolicy --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' " "rich_destination_ipset.at:49" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --policy mypolicy --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/rich_destination_ipset.at:49" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_53 #AT_START_54 at_fn_group_banner 54 'zone.at:1' \ "zone - target" " " 2 at_xfail=no ( $as_echo "54. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/zone.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/zone.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "zone.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/zone.at:4: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-zone=foobar " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-zone=foobar " "zone.at:4" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-zone=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:4" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/zone.at:6: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=default " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=default " "zone.at:6" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:6" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/zone.at:7: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=ACCEPT " "zone.at:7" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:7" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/zone.at:8: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=DROP " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=DROP " "zone.at:8" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:8" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/zone.at:9: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=%%REJECT%% " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=%%REJECT%% " "zone.at:9" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=%%REJECT%% ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:9" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/zone.at:10: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=CONTINUE " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=CONTINUE " "zone.at:10" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=CONTINUE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/zone.at:10" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/zone.at:11: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=DENY " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=DENY " "zone.at:11" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=DENY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/zone.at:11" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/zone.at:13: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=ACCEPT " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=ACCEPT " "zone.at:13" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:13" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/zone.at:14: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --add-interface foobar0 " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --add-interface foobar0 " "zone.at:14" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:14" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/zone.at:89: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=default " at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=default " "zone.at:89" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=foobar --set-target=default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:89" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_54 #AT_START_55 at_fn_group_banner 55 'rpfilter.at:1' \ "rpfilter" " " 2 at_xfail=no ( $as_echo "55. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rpfilter.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rpfilter.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rpfilter.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_55 #AT_START_56 at_fn_group_banner 56 'firewall-offline-cmd.at:19' \ "lokkit migration" " " 2 at_xfail=no ( $as_echo "56. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:19: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-offline-cmd.at:19" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:19" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:19: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-offline-cmd.at:19" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:19" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:23: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --addmodule=abc --addmodule=efg --removemodule=xyz --trust=eth+ --trust=em0 --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config --service=dns --service=ftp --remove-service=dhcpv6-client --block-icmp=router-advertisement --block-icmp=router-solicitation --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 --forward-port=if=ippp+:port=333:proto=udp:toport=444" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --addmodule=abc --addmodule=efg --removemodule=xyz --trust=eth+ --trust=em0 --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config --service=dns --service=ftp --remove-service=dhcpv6-client --block-icmp=router-advertisement --block-icmp=router-solicitation --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 --forward-port=if=ippp+:port=333:proto=udp:toport=444" "firewall-offline-cmd.at:23" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --addmodule=abc --addmodule=efg --removemodule=xyz --trust=eth+ --trust=em0 --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config --service=dns --service=ftp --remove-service=dhcpv6-client --block-icmp=router-advertisement --block-icmp=router-solicitation --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 --forward-port=if=ippp+:port=333:proto=udp:toport=444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:23" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:31: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=eth+" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=eth+" "firewall-offline-cmd.at:31" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=eth+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:31" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:32: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=em0" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=em0" "firewall-offline-cmd.at:32" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=em0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:32" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:33: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service dns" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dns" "firewall-offline-cmd.at:33" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:33" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:34: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service ftp" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service ftp" "firewall-offline-cmd.at:34" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:34" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:35: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service dhcpv6-client" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dhcpv6-client" "firewall-offline-cmd.at:35" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dhcpv6-client ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-offline-cmd.at:35" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:36: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-advertisement" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-advertisement" "firewall-offline-cmd.at:36" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-advertisement ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:36" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:37: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-solicitation" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-solicitation" "firewall-offline-cmd.at:37" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:37" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:38: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4" "firewall-offline-cmd.at:38" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:38" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:39: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=333:proto=udp:toport=444" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=333:proto=udp:toport=444" "firewall-offline-cmd.at:39" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=333:proto=udp:toport=444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:42: cat << EOF > ./system-config-firewall --addmodule=abc --addmodule=efg --removemodule=xyz --trust=eth+ --trust=em0 --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config --service=dns --service=ftp --remove-service=dhcpv6-client --block-icmp=router-advertisement --block-icmp=router-solicitation --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 --forward-port=if=ippp+:port=333:proto=udp:toport=444 EOF " at_fn_check_prepare_notrace 'an embedded newline' "firewall-offline-cmd.at:42" ( $at_check_trace; cat << EOF > ./system-config-firewall --addmodule=abc --addmodule=efg --removemodule=xyz --trust=eth+ --trust=em0 --masq=tun+ --masq=tap+ --port=7:tcp --port=666:udp --custom-rules=ipv4:mangle:/etc/sysconfig/ebtables-config --service=dns --service=ftp --remove-service=dhcpv6-client --block-icmp=router-advertisement --block-icmp=router-solicitation --forward-port=if=ippp+:port=13:proto=tcp:toport=15:toaddr=1.2.3.4 --forward-port=if=ippp+:port=333:proto=udp:toport=444 EOF ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:42" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:62: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --migrate-system-config-firewall=./system-config-firewall" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --migrate-system-config-firewall=./system-config-firewall" "firewall-offline-cmd.at:62" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --migrate-system-config-firewall=./system-config-firewall ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:62" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:63: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=eth+" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=eth+" "firewall-offline-cmd.at:63" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=eth+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:63" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:64: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=em0" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=em0" "firewall-offline-cmd.at:64" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --zone=trusted --query-interface=em0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:64" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:65: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service dns" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dns" "firewall-offline-cmd.at:65" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:65" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:66: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service ftp" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service ftp" "firewall-offline-cmd.at:66" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:66" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:67: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-service dhcpv6-client" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dhcpv6-client" "firewall-offline-cmd.at:67" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-service dhcpv6-client ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-offline-cmd.at:67" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:68: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-advertisement" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-advertisement" "firewall-offline-cmd.at:68" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-advertisement ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:68" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:69: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-solicitation" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-solicitation" "firewall-offline-cmd.at:69" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-icmp-block router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:69" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:70: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4" "firewall-offline-cmd.at:70" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=13:proto=tcp:toport=15:toaddr=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:70" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/firewall-offline-cmd.at:71: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=333:proto=udp:toport=444" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=333:proto=udp:toport=444" "firewall-offline-cmd.at:71" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --query-forward-port port=333:proto=udp:toport=444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-offline-cmd.at:71" $at_failed && at_fn_log_failure $at_traceon; } set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_56 #AT_START_57 at_fn_group_banner 57 'firewalld.conf.at:1' \ "firewalld.conf" " " 3 at_xfail=no ( $as_echo "57. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewalld.conf.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewalld.conf.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewalld.conf.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewalld.conf.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewalld.conf.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewalld.conf.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewalld.conf.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewalld.conf.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewalld.conf.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewalld.conf.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewalld.conf.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewalld.conf.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewalld.conf.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewalld.conf.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewalld.conf.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewalld.conf.at:1" KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : EXPECTED_IPV6_RPFILTER_VALUE=yes else : EXPECTED_IPV6_RPFILTER_VALUE=no fi cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewalld.conf.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:10" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : EXPECTED_INDIVIDUAL_CALLS_VALUE=no else : EXPECTED_INDIVIDUAL_CALLS_VALUE=yes fi { set +x $as_echo "$at_srcdir/firewalld.conf.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.GetAll string:\"org.fedoraproject.FirewallD1.config\" | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | awk 'BEGIN{line_mark=-99; line=0} {line++; if (line == line_mark + 1) {buffer = $0}; if (line == line_mark + 2) {print buffer \" : \" $0} } /^dict entry/{line_mark=line}' | sort " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.GetAll string:"org.fedoraproject.FirewallD1.config" | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | awk 'BEGIN{line_mark=-99; line=0} {line++; if (line == line_mark + 1) {buffer = $0}; if (line == line_mark + 2) {print buffer " : " $0} } /^dict entry/{line_mark=line}' | sort ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "string \"AllowZoneDrifting\" : variant string \"no\" string \"AutomaticHelpers\" : variant string \"no\" string \"CleanupModulesOnExit\" : variant string \"no\" string \"CleanupOnExit\" : variant string \"yes\" string \"DefaultZone\" : variant string \"public\" string \"FirewallBackend\" : variant string \"nftables\" string \"FlushAllOnReload\" : variant string \"yes\" string \"IPv6_rpfilter\" : variant string \"${EXPECTED_IPV6_RPFILTER_VALUE}\" string \"IndividualCalls\" : variant string \"${EXPECTED_INDIVIDUAL_CALLS_VALUE}\" string \"Lockdown\" : variant string \"no\" string \"LogDenied\" : variant string \"off\" string \"MinimalMark\" : variant int32 100 string \"RFC3964_IPv4\" : variant string \"yes\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"MinimalMark\" int32:1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"MinimalMark" int32:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"MinimalMark\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"MinimalMark" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant int32 100 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"AutomaticHelpers\" string:\"yes\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"AutomaticHelpers" string:"yes" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"AutomaticHelpers\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"AutomaticHelpers" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"no\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"Lockdown\" string:\"yes\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"Lockdown" string:"yes" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"Lockdown\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"Lockdown" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"yes\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"LogDenied\" string:\"all\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"LogDenied" string:"all" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"LogDenied\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"LogDenied" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"all\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter\" string:\"yes\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter" string:"yes" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IPv6_rpfilter\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IPv6_rpfilter" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"yes\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"IndividualCalls\" string:\"yes\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"IndividualCalls" string:"yes" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"IndividualCalls\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"IndividualCalls" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"yes\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"FirewallBackend\" string:\"iptables\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"FirewallBackend" string:"iptables" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"FirewallBackend\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"FirewallBackend" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"iptables\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"FlushAllOnReload\" string:\"no\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"FlushAllOnReload" string:"no" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"FlushAllOnReload\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"FlushAllOnReload" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"no\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"CleanupModulesOnExit\" string:\"yes\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"CleanupModulesOnExit" string:"yes" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"CleanupModulesOnExit\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"CleanupModulesOnExit" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"yes\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"CleanupOnExit\" string:\"no\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"CleanupOnExit" string:"no" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"CleanupOnExit\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"CleanupOnExit" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"no\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:51: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"RFC3964_IPv4\" string:\"no\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:51" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"RFC3964_IPv4" string:"no" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:51" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:51: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"RFC3964_IPv4\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:51" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"RFC3964_IPv4" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"no\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:51" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:\"org.fedoraproject.FirewallD1.config\" string:\"AllowZoneDrifting\" string:\"yes\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewalld.conf.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.config" string:"AllowZoneDrifting" string:"yes" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewalld.conf.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:\"org.fedoraproject.FirewallD1.config\" string:\"AllowZoneDrifting\" | tail -n +2 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewalld.conf.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1/config org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.config" string:"AllowZoneDrifting" | tail -n +2 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "variant string \"no\" " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewalld.conf.at:52" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewalld.conf.at:56" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewalld.conf.at:56" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_57 #AT_START_58 at_fn_group_banner 58 'service.at:1' \ "dbus api - services" " " 3 at_xfail=no ( $as_echo "58. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/service.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/service.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "service.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/service.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "service.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/service.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "service.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/service.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/service.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "service.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/service.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "service.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "service.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/service.at:1" $as_echo "service.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:4" $as_echo "service.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:4" { set +x $as_echo "$at_srcdir/service.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addService\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//method[@name="addService"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:4" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:11" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:11" { set +x $as_echo "$at_srcdir/service.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addService \"foobar\" '(\"1.0\", \"foobar\", \"foobar service is for foobar\", [(\"1234\", \"udp\"), (\"22\", \"tcp\"), (\"1234\", \"udp\")], [\"ftp\"], {\"ipv4\": \"1.2.3.4\"}, [\"icmp\", \"igmp\"], [(\"4321\", \"tcp\"), (\"4321\", \"udp\")] )' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addService "foobar" '("1.0", "foobar", "foobar service is for foobar", [("1234", "udp"), ("22", "tcp"), ("1234", "udp")], ["ftp"], {"ipv4": "1.2.3.4"}, ["icmp", "igmp"], [("4321", "tcp"), ("4321", "udp")] )' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:11" $at_failed && at_fn_log_failure $at_traceon; } SERVICE_OBJ=$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout) export SERVICE_OBJ $as_echo "service.at:26" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:26" $as_echo "service.at:26" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:26" { set +x $as_echo "$at_srcdir/service.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getSettings\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getSettings"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:26" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:31" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:31" { set +x $as_echo "$at_srcdir/service.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(('1.0', 'foobar', 'foobar service is for foobar', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], {'ipv4': '1.2.3.4'}, ['icmp', 'igmp'], [('4321', 'tcp'), ('4321', 'udp')]),) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:31" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:35" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:35" $as_echo "service.at:35" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:35" { set +x $as_echo "$at_srcdir/service.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"update\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="update"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:35" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:40" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:40" { set +x $as_echo "$at_srcdir/service.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update '(\"1.1\", \"foobar new\", \"foobar new service is for foobar\", [(\"12345\", \"udp\"), (\"2222\", \"tcp\")], [\"ftp\"], {}, [\"icmp\"], [(\"4321\", \"tcp\")] )' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update '("1.1", "foobar new", "foobar new service is for foobar", [("12345", "udp"), ("2222", "tcp")], ["ftp"], {}, ["icmp"], [("4321", "tcp")] )' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:40" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:52" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:52" { set +x $as_echo "$at_srcdir/service.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(('1.1', 'foobar new', 'foobar new service is for foobar', [('12345', 'udp'), ('2222', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp')]),) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:52" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:56" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:56" $as_echo "service.at:56" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:56" { set +x $as_echo "$at_srcdir/service.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"loadDefaults\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="loadDefaults"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:56" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:60" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:60" { set +x $as_echo "$at_srcdir/service.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getServiceByName \"ssh\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getServiceByName "ssh"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:60" $at_failed && at_fn_log_failure $at_traceon; } SERVICE_OBJ_TEMP=$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout) export SERVICE_OBJ_TEMP $as_echo "service.at:63" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:63" { set +x $as_echo "$at_srcdir/service.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ_TEMP} --method org.fedoraproject.FirewallD1.config.service.setVersion \"1.1\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ_TEMP} --method org.fedoraproject.FirewallD1.config.service.setVersion "1.1"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:63" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:64" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:64" { set +x $as_echo "$at_srcdir/service.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ_TEMP} --method org.fedoraproject.FirewallD1.config.service.loadDefaults ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ_TEMP} --method org.fedoraproject.FirewallD1.config.service.loadDefaults ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:64" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:65" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:65" { set +x $as_echo "$at_srcdir/service.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getServiceByName \"ssh\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getServiceByName "ssh"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:65" $at_failed && at_fn_log_failure $at_traceon; } SERVICE_OBJ_TEMP=$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout) export SERVICE_OBJ_TEMP $as_echo "service.at:68" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:68" { set +x $as_echo "$at_srcdir/service.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ_TEMP} --method org.fedoraproject.FirewallD1.config.service.getVersion ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ_TEMP} --method org.fedoraproject.FirewallD1.config.service.getVersion ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:68" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:72" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:72" $as_echo "service.at:72" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:72" { set +x $as_echo "$at_srcdir/service.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"remove\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="remove"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:72" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:76" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:76" $as_echo "service.at:76" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:76" { set +x $as_echo "$at_srcdir/service.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"rename\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="rename"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:76" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:82" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:82" $as_echo "service.at:82" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:82" { set +x $as_echo "$at_srcdir/service.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getVersion\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getVersion"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:82" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:87" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:87" $as_echo "service.at:87" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:87" { set +x $as_echo "$at_srcdir/service.at:87: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setVersion\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:87" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setVersion"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:87" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:93" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:93" $as_echo "service.at:93" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:93" { set +x $as_echo "$at_srcdir/service.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getShort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getShort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:93" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:98" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:98" $as_echo "service.at:98" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:98" { set +x $as_echo "$at_srcdir/service.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setShort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setShort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:98" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:104" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:104" $as_echo "service.at:104" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:104" { set +x $as_echo "$at_srcdir/service.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getDescription\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getDescription"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:104" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:109" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:109" $as_echo "service.at:109" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:109" { set +x $as_echo "$at_srcdir/service.at:109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setDescription\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setDescription"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:109" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:115" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:115" $as_echo "service.at:115" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:115" { set +x $as_echo "$at_srcdir/service.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getPorts\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getPorts"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:115" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:120" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:120" $as_echo "service.at:120" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:120" { set +x $as_echo "$at_srcdir/service.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setPorts\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setPorts"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:120" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:125" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:125" $as_echo "service.at:125" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:125" { set +x $as_echo "$at_srcdir/service.at:125: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addPort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:125" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="addPort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:125" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:131" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:131" $as_echo "service.at:131" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:131" { set +x $as_echo "$at_srcdir/service.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removePort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:131" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="removePort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:131" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:137" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:137" $as_echo "service.at:137" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:137" { set +x $as_echo "$at_srcdir/service.at:137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"queryPort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="queryPort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:137" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:145" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:145" $as_echo "service.at:145" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:145" { set +x $as_echo "$at_srcdir/service.at:145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getSourcePorts\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getSourcePorts"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:145" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:150" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:150" $as_echo "service.at:150" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:150" { set +x $as_echo "$at_srcdir/service.at:150: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setSourcePorts\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:150" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setSourcePorts"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:150" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:155" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:155" $as_echo "service.at:155" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:155" { set +x $as_echo "$at_srcdir/service.at:155: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addSourcePort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:155" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="addSourcePort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:155" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:161" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:161" $as_echo "service.at:161" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:161" { set +x $as_echo "$at_srcdir/service.at:161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeSourcePort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="removeSourcePort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:161" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:167" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:167" $as_echo "service.at:167" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:167" { set +x $as_echo "$at_srcdir/service.at:167: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"querySourcePort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:167" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="querySourcePort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:167" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:175" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:175" $as_echo "service.at:175" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:175" { set +x $as_echo "$at_srcdir/service.at:175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getProtocols\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getProtocols"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:175" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:180" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:180" $as_echo "service.at:180" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:180" { set +x $as_echo "$at_srcdir/service.at:180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setProtocols\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setProtocols"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:180" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:185" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:185" $as_echo "service.at:185" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:185" { set +x $as_echo "$at_srcdir/service.at:185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addProtocol\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="addProtocol"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:185" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:190" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:190" $as_echo "service.at:190" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:190" { set +x $as_echo "$at_srcdir/service.at:190: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeProtocol\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:190" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="removeProtocol"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:190" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:195" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:195" $as_echo "service.at:195" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:195" { set +x $as_echo "$at_srcdir/service.at:195: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"queryProtocol\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:195" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="queryProtocol"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:195" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:202" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:202" $as_echo "service.at:202" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:202" { set +x $as_echo "$at_srcdir/service.at:202: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getModules\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:202" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getModules"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:202" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:207" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:207" $as_echo "service.at:207" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:207" { set +x $as_echo "$at_srcdir/service.at:207: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setModules\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:207" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setModules"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:207" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:212" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:212" $as_echo "service.at:212" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:212" { set +x $as_echo "$at_srcdir/service.at:212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addModule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="addModule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:212" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:217" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:217" $as_echo "service.at:217" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:217" { set +x $as_echo "$at_srcdir/service.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeModule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="removeModule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:217" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:222" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:222" $as_echo "service.at:222" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:222" { set +x $as_echo "$at_srcdir/service.at:222: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"queryModule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:222" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="queryModule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:222" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:229" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:229" $as_echo "service.at:229" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:229" { set +x $as_echo "$at_srcdir/service.at:229: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getDestinations\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:229" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getDestinations"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:229" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:234" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:234" $as_echo "service.at:234" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:234" { set +x $as_echo "$at_srcdir/service.at:234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setDestinations\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setDestinations"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:234" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:239" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:239" $as_echo "service.at:239" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:239" { set +x $as_echo "$at_srcdir/service.at:239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setDestination\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setDestination"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:239" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:245" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:245" $as_echo "service.at:245" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:245" { set +x $as_echo "$at_srcdir/service.at:245: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getDestination\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:245" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getDestination"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:245" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:251" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:251" $as_echo "service.at:251" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:251" { set +x $as_echo "$at_srcdir/service.at:251: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeDestination\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:251" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="removeDestination"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:251" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:256" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:256" $as_echo "service.at:256" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:256" { set +x $as_echo "$at_srcdir/service.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"queryDestination\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="queryDestination"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:256" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:264" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:264" $as_echo "service.at:264" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:264" { set +x $as_echo "$at_srcdir/service.at:264: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getIncludes\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:264" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getIncludes"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:264" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:269" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:269" { set +x $as_echo "$at_srcdir/service.at:269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(@as [],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:269" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:272" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:272" $as_echo "service.at:272" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:272" { set +x $as_echo "$at_srcdir/service.at:272: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"setIncludes\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:272" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="setIncludes"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:272" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:277" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:277" { set +x $as_echo "$at_srcdir/service.at:277: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.setIncludes '[\"https\", \"ssh\"]'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:277" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.setIncludes '["https", "ssh"]'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:277" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:278" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:278" { set +x $as_echo "$at_srcdir/service.at:278: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:278" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['https', 'ssh'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:278" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:281" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:281" $as_echo "service.at:281" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:281" { set +x $as_echo "$at_srcdir/service.at:281: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addInclude\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:281" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="addInclude"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:281" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:286" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:286" { set +x $as_echo "$at_srcdir/service.at:286: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.addInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:286" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.addInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:286" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:287" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:287" { set +x $as_echo "$at_srcdir/service.at:287: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:287" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:287" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:290" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:290" $as_echo "service.at:290" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:290" { set +x $as_echo "$at_srcdir/service.at:290: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeInclude\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:290" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="removeInclude"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:290" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:295" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:295" { set +x $as_echo "$at_srcdir/service.at:295: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.removeInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:295" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.removeInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:295" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:296" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:296" $as_echo "service.at:296" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:296" { set +x $as_echo "$at_srcdir/service.at:296: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"queryInclude\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:296" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="queryInclude"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:296" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:302" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:302" { set +x $as_echo "$at_srcdir/service.at:302: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:302" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:302" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:306: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:306" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:306" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:306: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:306" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:306" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:307" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:307" $as_echo "service.at:307" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:307" { set +x $as_echo "$at_srcdir/service.at:307: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getServiceSettings\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:307" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="getServiceSettings"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:307" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:313" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:313" { set +x $as_echo "$at_srcdir/service.at:313: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings \"foobar\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:313" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings "foobar"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(('1.1', 'foobar new', 'foobar new service is for foobar', [('12345', 'udp'), ('2222', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp')]),) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:313" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:324" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:324" { set +x $as_echo "$at_srcdir/service.at:324: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addService \"foobar-old\" '(\"1.0\", \"foobar-old\", \"foobar-old service is for foobar-old\", [(\"1234\", \"udp\"), (\"22\", \"tcp\"), (\"1234\", \"udp\")], [\"ftp\"], {}, [], [(\"4321\", \"tcp\"), (\"4321\", \"udp\")] )' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:324" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addService "foobar-old" '("1.0", "foobar-old", "foobar-old service is for foobar-old", [("1234", "udp"), ("22", "tcp"), ("1234", "udp")], ["ftp"], {}, [], [("4321", "tcp"), ("4321", "udp")] )' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:324" $at_failed && at_fn_log_failure $at_traceon; } SERVICE_OBJ=$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout) export SERVICE_OBJ $as_echo "service.at:338" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:338" { set +x $as_echo "$at_srcdir/service.at:338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{\"version\": <\"1.1\">, \"includes\": <[\"https\"]>, \"protocols\": <[\"icmp\"]> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{"version": <"1.1">, "includes": <["https"]>, "protocols": <["icmp"]> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:338" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:345" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:345" { set +x $as_echo "$at_srcdir/service.at:345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(('1.1', 'foobar-old', 'foobar-old service is for foobar-old', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp'), ('4321', 'udp')]),) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:345" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:348" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:348" { set +x $as_echo "$at_srcdir/service.at:348: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:348" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar-old service is for foobar-old'> 'includes': <['https']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp']> 'short': <'foobar-old'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.1'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:348" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:359" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:360" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:360" { set +x $as_echo "$at_srcdir/service.at:360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings \"foobar-old\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings "foobar-old"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(('1.1', 'foobar-old', 'foobar-old service is for foobar-old', [('1234', 'udp'), ('22', 'tcp')], ['ftp'], @a{ss} {}, ['icmp'], [('4321', 'tcp'), ('4321', 'udp')]),) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:360" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:363" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:363" { set +x $as_echo "$at_srcdir/service.at:363: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings2 \"foobar-old\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:363" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings2 "foobar-old"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar-old service is for foobar-old'> 'includes': <['https']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp']> 'short': <'foobar-old'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.1'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:363" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:375" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:375" $as_echo "service.at:375" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:375" { set +x $as_echo "$at_srcdir/service.at:375: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addService2\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:375" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//method[@name="addService2"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:375" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:382" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:382" { set +x $as_echo "$at_srcdir/service.at:382: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addService2 \"foobar-dict\" '{\"version\": <\"1.0\">, \"short\": <\"foobar-dict\">, \"description\": <\"foobar-dict service is for foobar-dict\">, \"ports\": <[(\"1234\", \"udp\"), (\"22\", \"tcp\"), (\"1234\", \"udp\")]>, \"modules\": <[\"ftp\"]>, \"destination\": <{\"ipv6\": \"1234::4321\"}>, \"protocols\": <[\"icmp\", \"igmp\"]>, \"source_ports\": <[(\"4321\", \"tcp\"), (\"4321\", \"udp\")]>, \"includes\": <[\"https\", \"samba\"]>, \"helpers\": <[\"ftp\"]> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:382" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addService2 "foobar-dict" '{"version": <"1.0">, "short": <"foobar-dict">, "description": <"foobar-dict service is for foobar-dict">, "ports": <[("1234", "udp"), ("22", "tcp"), ("1234", "udp")]>, "modules": <["ftp"]>, "destination": <{"ipv6": "1234::4321"}>, "protocols": <["icmp", "igmp"]>, "source_ports": <[("4321", "tcp"), ("4321", "udp")]>, "includes": <["https", "samba"]>, "helpers": <["ftp"]> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:382" $at_failed && at_fn_log_failure $at_traceon; } SERVICE_OBJ=$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout) export SERVICE_OBJ $as_echo "service.at:399" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:399" $as_echo "service.at:399" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:399" { set +x $as_echo "$at_srcdir/service.at:399: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getSettings2\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:399" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="getSettings2"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:399" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:404" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:404" { set +x $as_echo "$at_srcdir/service.at:404: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:404" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'includes': <['https', 'samba']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.0'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:404" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:418" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:418" $as_echo "service.at:418" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:418" { set +x $as_echo "$at_srcdir/service.at:418: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ}; echo \$? >&3; } | xmllint --xpath '//method[@name=\"update2\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:418" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ}; echo $? >&3; } | xmllint --xpath '//method[@name="update2"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:418" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:423" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:423" { set +x $as_echo "$at_srcdir/service.at:423: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{\"version\": <\"1.1\">, \"includes\": <[\"https\", \"samba\", \"http\"]> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:423" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{"version": <"1.1">, "includes": <["https", "samba", "http"]> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:423" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:428" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:428" { set +x $as_echo "$at_srcdir/service.at:428: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:428" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'includes': <['https', 'samba', 'http']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.1'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:428" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:442" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:442" { set +x $as_echo "$at_srcdir/service.at:442: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{\"version\": <\"1.2\">, \"includes\": <@as []> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:442" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{"version": <"1.2">, "includes": <@as []> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service.at:442" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:447" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:447" { set +x $as_echo "$at_srcdir/service.at:447: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:447" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getSettings2 ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.2'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:447" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:459: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:459" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:459" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service.at:459: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service.at:459" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:459" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:460" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:460" $as_echo "service.at:460" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:460" { set +x $as_echo "$at_srcdir/service.at:460: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getServiceSettings2\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:460" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="getServiceSettings2"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:460" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:466" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:466" { set +x $as_echo "$at_srcdir/service.at:466: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings2 \"foobar-dict\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:466" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getServiceSettings2 "foobar-dict"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar-dict service is for foobar-dict'> 'destination': <{'ipv6': '1234::4321'}> 'helpers': <['ftp']> 'modules': <['ftp']> 'ports': <[('1234', 'udp'), ('22', 'tcp')]> 'protocols': <['icmp', 'igmp']> 'short': <'foobar-dict'> 'source_ports': <[('4321', 'tcp'), ('4321', 'udp')]> 'version': <'1.2'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service.at:466" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service.at:479" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service.at:479" { set +x $as_echo "$at_srcdir/service.at:479: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{\"version\": <\"1.3\">, \"thisdoesnotexist\": <\"\"> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service.at:479" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.update2 '{"version": <"1.3">, "thisdoesnotexist": <""> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service.at:479" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_OPTION: option/d'" != x"ignore"; then $as_echo "service.at:485" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_OPTION: option/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/service.at:485" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_58 #AT_START_59 at_fn_group_banner 59 'zone_permanent_signatures.at:1' \ "dbus api - zone permanent signatures" " " 3 at_xfail=no ( $as_echo "59. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_signatures.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "zone_permanent_signatures.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "zone_permanent_signatures.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_signatures.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "zone_permanent_signatures.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/zone_permanent_signatures.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_signatures.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "zone_permanent_signatures.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_signatures.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_signatures.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "zone_permanent_signatures.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/zone_permanent_signatures.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "zone_permanent_signatures.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/zone_permanent_signatures.at:1" $as_echo "zone_permanent_signatures.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:8" $as_echo "zone_permanent_signatures.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:8" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config\"]//method[@name=\"listZones\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="listZones"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:8" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:13" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:13" $as_echo "zone_permanent_signatures.at:13" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:13" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config\"]//method[@name=\"getZoneNames\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="getZoneNames"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:13" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:18" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:18" $as_echo "zone_permanent_signatures.at:18" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:18" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config\"]//method[@name=\"getZoneByName\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="getZoneByName"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:18" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:24" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:24" $as_echo "zone_permanent_signatures.at:24" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:24" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config\"]//method[@name=\"addZone\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="addZone"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:24" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:33" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:33" $as_echo "zone_permanent_signatures.at:33" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:33" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config\"]//method[@name=\"getZoneOfInterface\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="getZoneOfInterface"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:33" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:39" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:39" $as_echo "zone_permanent_signatures.at:39" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:39" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config\"]//method[@name=\"getZoneOfSource\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="getZoneOfSource"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:39" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:52" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:52" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneByName \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneByName "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:52" $at_failed && at_fn_log_failure $at_traceon; } DBUS_PUBLIC_ZONE_OBJ=$(sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" ./stdout) export DBUS_PUBLIC_ZONE_OBJ $as_echo "zone_permanent_signatures.at:56" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:56" $as_echo "zone_permanent_signatures.at:56" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:56" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getSettings\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getSettings"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:56" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:62" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:62" $as_echo "zone_permanent_signatures.at:62" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:62" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"update\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="update"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:62" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:67" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:67" $as_echo "zone_permanent_signatures.at:67" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:67" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//signal[@name=\"Updated\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//signal[@name="Updated"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:67" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:73" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:73" $as_echo "zone_permanent_signatures.at:73" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:73" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"loadDefaults\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="loadDefaults"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:73" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:78" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:78" $as_echo "zone_permanent_signatures.at:78" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:78" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:78: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"remove\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:78" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="remove"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:78" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:82" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:82" $as_echo "zone_permanent_signatures.at:82" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:82" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//signal[@name=\"Removed\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//signal[@name="Removed"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:82" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:88" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:88" $as_echo "zone_permanent_signatures.at:88" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:88" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"rename\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="rename"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:88" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:93" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:93" $as_echo "zone_permanent_signatures.at:93" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:93" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//signal[@name=\"Renamed\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//signal[@name="Renamed"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:93" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:101" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:101" $as_echo "zone_permanent_signatures.at:101" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:101" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getVersion\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getVersion"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:101" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:106" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:106" $as_echo "zone_permanent_signatures.at:106" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:106" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setVersion\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setVersion"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:106" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:114" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:114" $as_echo "zone_permanent_signatures.at:114" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:114" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getShort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getShort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:114" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:119" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:119" $as_echo "zone_permanent_signatures.at:119" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:119" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setShort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setShort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:119" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:127" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:127" $as_echo "zone_permanent_signatures.at:127" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:127" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:127: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getDescription\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:127" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getDescription"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:127" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:132" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:132" $as_echo "zone_permanent_signatures.at:132" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:132" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:132: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setDescription\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:132" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setDescription"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:132" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:140" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:140" $as_echo "zone_permanent_signatures.at:140" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:140" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getTarget\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getTarget"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:140" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:145" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:145" $as_echo "zone_permanent_signatures.at:145" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:145" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setTarget\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setTarget"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:145" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:153" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:153" $as_echo "zone_permanent_signatures.at:153" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:153" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:153: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getInterfaces\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:153" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getInterfaces"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:153" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:158" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:158" $as_echo "zone_permanent_signatures.at:158" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:158" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:158: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setInterfaces\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:158" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setInterfaces"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:158" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:163" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:163" $as_echo "zone_permanent_signatures.at:163" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:163" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"addInterface\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addInterface"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:163" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:168" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:168" $as_echo "zone_permanent_signatures.at:168" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:168" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:168: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"removeInterface\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:168" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeInterface"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:168" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:173" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:173" $as_echo "zone_permanent_signatures.at:173" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:173" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:173: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"queryInterface\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:173" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryInterface"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:173" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:182" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:182" $as_echo "zone_permanent_signatures.at:182" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:182" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:182: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getSources\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:182" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getSources"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:182" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:187" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:187" $as_echo "zone_permanent_signatures.at:187" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:187" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:187: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setSources\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:187" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setSources"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:187" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:192" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:192" $as_echo "zone_permanent_signatures.at:192" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:192" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:192: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"addSource\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:192" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addSource"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:192" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:197" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:197" $as_echo "zone_permanent_signatures.at:197" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:197" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:197: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"removeSource\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:197" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeSource"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:197" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:202" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:202" $as_echo "zone_permanent_signatures.at:202" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:202" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:202: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"querySource\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:202" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="querySource"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:202" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:211" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:211" $as_echo "zone_permanent_signatures.at:211" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:211" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:211: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getServices\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:211" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getServices"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:211" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:216" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:216" $as_echo "zone_permanent_signatures.at:216" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:216" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setServices\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setServices"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:216" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:221" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:221" $as_echo "zone_permanent_signatures.at:221" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:221" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:221: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"addService\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:221" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addService"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:221" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:226" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:226" $as_echo "zone_permanent_signatures.at:226" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:226" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:226: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"removeService\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:226" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeService"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:226" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:231" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:231" $as_echo "zone_permanent_signatures.at:231" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:231" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:231: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"queryService\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:231" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryService"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:231" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:240" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:240" $as_echo "zone_permanent_signatures.at:240" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:240" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:240: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getPorts\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:240" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getPorts"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:240" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:245" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:245" $as_echo "zone_permanent_signatures.at:245" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:245" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:245: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setPorts\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:245" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setPorts"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:245" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:250" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:250" $as_echo "zone_permanent_signatures.at:250" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:250" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:250: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"addPort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:250" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addPort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:250" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:256" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:256" $as_echo "zone_permanent_signatures.at:256" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:256" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"removePort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removePort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:256" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:262" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:262" $as_echo "zone_permanent_signatures.at:262" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:262" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:262: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"queryPort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:262" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryPort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:262" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:272" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:272" $as_echo "zone_permanent_signatures.at:272" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:272" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:272: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getSourcePorts\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:272" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getSourcePorts"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:272" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:277" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:277" $as_echo "zone_permanent_signatures.at:277" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:277" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:277: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setSourcePorts\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:277" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setSourcePorts"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:277" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:282" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:282" $as_echo "zone_permanent_signatures.at:282" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:282" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:282: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"addSourcePort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:282" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addSourcePort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:282" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:288" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:288" $as_echo "zone_permanent_signatures.at:288" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:288" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:288: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"removeSourcePort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:288" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeSourcePort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:288" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:294" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:294" $as_echo "zone_permanent_signatures.at:294" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:294" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:294: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"querySourcePort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:294" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="querySourcePort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:294" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:304" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:304" $as_echo "zone_permanent_signatures.at:304" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:304" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:304: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getProtocols\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:304" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getProtocols"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:304" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:309" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:309" $as_echo "zone_permanent_signatures.at:309" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:309" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:309: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setProtocols\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:309" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setProtocols"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:309" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:314" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:314" $as_echo "zone_permanent_signatures.at:314" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:314" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:314: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"addProtocol\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:314" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addProtocol"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:314" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:319" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:319" $as_echo "zone_permanent_signatures.at:319" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:319" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:319: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"removeProtocol\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:319" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeProtocol"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:319" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:324" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:324" $as_echo "zone_permanent_signatures.at:324" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:324" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:324: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"queryProtocol\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:324" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryProtocol"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:324" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:333" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:333" $as_echo "zone_permanent_signatures.at:333" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:333" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:333: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getForwardPorts\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:333" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getForwardPorts"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:333" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:338" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:338" $as_echo "zone_permanent_signatures.at:338" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:338" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setForwardPorts\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setForwardPorts"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:338" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:343" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:343" $as_echo "zone_permanent_signatures.at:343" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:343" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"addForwardPort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addForwardPort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:343" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:351" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:351" $as_echo "zone_permanent_signatures.at:351" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:351" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:351: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"removeForwardPort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:351" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeForwardPort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:351" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:359" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:359" $as_echo "zone_permanent_signatures.at:359" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:359" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"queryForwardPort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryForwardPort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:359" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:371" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:371" $as_echo "zone_permanent_signatures.at:371" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:371" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getMasquerade\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getMasquerade"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:371" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:376" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:376" $as_echo "zone_permanent_signatures.at:376" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:376" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:376: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setMasquerade\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:376" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setMasquerade"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:376" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:381" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:381" $as_echo "zone_permanent_signatures.at:381" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:381" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:381: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"addMasquerade\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:381" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addMasquerade"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:381" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:385" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:385" $as_echo "zone_permanent_signatures.at:385" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:385" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:385: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"removeMasquerade\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:385" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeMasquerade"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:385" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:389" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:389" $as_echo "zone_permanent_signatures.at:389" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:389" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:389: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"queryMasquerade\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:389" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryMasquerade"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:389" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:397" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:397" $as_echo "zone_permanent_signatures.at:397" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:397" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:397: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getIcmpBlocks\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:397" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getIcmpBlocks"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:397" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:402" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:402" $as_echo "zone_permanent_signatures.at:402" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:402" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:402: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setIcmpBlocks\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:402" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setIcmpBlocks"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:402" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:407" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:407" $as_echo "zone_permanent_signatures.at:407" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:407" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:407: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"addIcmpBlock\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:407" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addIcmpBlock"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:407" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:412" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:412" $as_echo "zone_permanent_signatures.at:412" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:412" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:412: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"removeIcmpBlock\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:412" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeIcmpBlock"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:412" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:417" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:417" $as_echo "zone_permanent_signatures.at:417" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:417" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:417: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"queryIcmpBlock\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:417" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryIcmpBlock"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:417" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:426" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:426" $as_echo "zone_permanent_signatures.at:426" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:426" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:426: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getIcmpBlockInversion\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:426" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getIcmpBlockInversion"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:426" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:431" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:431" $as_echo "zone_permanent_signatures.at:431" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:431" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:431: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setIcmpBlockInversion\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:431" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setIcmpBlockInversion"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:431" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:436" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:436" $as_echo "zone_permanent_signatures.at:436" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:436" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:436: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"addIcmpBlockInversion\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:436" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addIcmpBlockInversion"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:436" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:440" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:440" $as_echo "zone_permanent_signatures.at:440" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:440" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:440: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"removeIcmpBlockInversion\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:440" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeIcmpBlockInversion"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:440" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:444" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:444" $as_echo "zone_permanent_signatures.at:444" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:444" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:444: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"queryIcmpBlockInversion\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:444" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryIcmpBlockInversion"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:444" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:452" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:452" $as_echo "zone_permanent_signatures.at:452" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:452" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:452: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getRichRules\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:452" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getRichRules"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:452" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:457" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:457" $as_echo "zone_permanent_signatures.at:457" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:457" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:457: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"setRichRules\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:457" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="setRichRules"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:457" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:462" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:462" $as_echo "zone_permanent_signatures.at:462" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:462" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:462: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"addRichRule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:462" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="addRichRule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:462" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:467" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:467" $as_echo "zone_permanent_signatures.at:467" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:467" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:467: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"removeRichRule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:467" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="removeRichRule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:467" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:472" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:472" $as_echo "zone_permanent_signatures.at:472" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:472" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:472: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"queryRichRule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:472" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="queryRichRule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:472" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:483" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:483" $as_echo "zone_permanent_signatures.at:483" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:483" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:483: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config\"]//method[@name=\"addZone2\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:483" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="addZone2"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:483" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:491" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:491" $as_echo "zone_permanent_signatures.at:491" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:491" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:491: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"getSettings2\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:491" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="getSettings2"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:491" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_signatures.at:497" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:497" $as_echo "zone_permanent_signatures.at:497" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_signatures.at:497" { set +x $as_echo "$at_srcdir/zone_permanent_signatures.at:497: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.zone\"]//method[@name=\"update2\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_signatures.at:497" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.zone"]//method[@name="update2"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_signatures.at:497" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "zone_permanent_signatures.at:503" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/zone_permanent_signatures.at:503" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_59 #AT_START_60 at_fn_group_banner 60 'zone_runtime_signatures.at:1' \ "dbus api - zone runtime signatures" " " 3 at_xfail=no ( $as_echo "60. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_signatures.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "zone_runtime_signatures.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "zone_runtime_signatures.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_signatures.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "zone_runtime_signatures.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/zone_runtime_signatures.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_signatures.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "zone_runtime_signatures.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_signatures.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_signatures.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "zone_runtime_signatures.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/zone_runtime_signatures.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "zone_runtime_signatures.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/zone_runtime_signatures.at:1" $as_echo "zone_runtime_signatures.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:8" $as_echo "zone_runtime_signatures.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:8" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1\"]//method[@name=\"getZoneSettings\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1"]//method[@name="getZoneSettings"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:8" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:16" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:16" $as_echo "zone_runtime_signatures.at:16" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:16" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1\"]//method[@name=\"getDefaultZone\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1"]//method[@name="getDefaultZone"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:16" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:21" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:21" $as_echo "zone_runtime_signatures.at:21" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:21" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1\"]//method[@name=\"setDefaultZone\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1"]//method[@name="setDefaultZone"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:21" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:28" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:28" $as_echo "zone_runtime_signatures.at:28" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:28" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getZones\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getZones"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:28" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:33" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:33" $as_echo "zone_runtime_signatures.at:33" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:33" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getActiveZones\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getActiveZones"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:33" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:40" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:40" $as_echo "zone_runtime_signatures.at:40" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:40" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getZoneOfInterface\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getZoneOfInterface"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:40" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:46" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:46" $as_echo "zone_runtime_signatures.at:46" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:46" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getZoneOfSource\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getZoneOfSource"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:46" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:57" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:57" $as_echo "zone_runtime_signatures.at:57" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:57" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:57: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"isImmutable\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:57" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="isImmutable"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:57" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:65" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:65" $as_echo "zone_runtime_signatures.at:65" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:65" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"addInterface\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addInterface"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:65" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:72" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:72" $as_echo "zone_runtime_signatures.at:72" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:72" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"InterfaceAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="InterfaceAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:72" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:78" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:78" $as_echo "zone_runtime_signatures.at:78" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:78" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:78: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"changeZone\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:78" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="changeZone"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:78" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:85" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:85" $as_echo "zone_runtime_signatures.at:85" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:85" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"ZoneChanged\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ZoneChanged"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:85" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:91" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:91" $as_echo "zone_runtime_signatures.at:91" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:91" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"changeZoneOfInterface\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="changeZoneOfInterface"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:91" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:98" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:98" $as_echo "zone_runtime_signatures.at:98" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:98" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"removeInterface\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeInterface"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:98" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:105" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:105" $as_echo "zone_runtime_signatures.at:105" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:105" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"InterfaceRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="InterfaceRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:105" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:111" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:111" $as_echo "zone_runtime_signatures.at:111" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:111" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:111: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"queryInterface\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:111" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryInterface"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:111" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:118" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:118" $as_echo "zone_runtime_signatures.at:118" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:118" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getInterfaces\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getInterfaces"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:118" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:126" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:126" $as_echo "zone_runtime_signatures.at:126" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:126" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"addSource\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addSource"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:126" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:133" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:133" $as_echo "zone_runtime_signatures.at:133" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:133" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:133: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"SourceAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:133" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="SourceAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:133" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:139" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:139" $as_echo "zone_runtime_signatures.at:139" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:139" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"changeZoneOfSource\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="changeZoneOfSource"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:139" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:146" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:146" $as_echo "zone_runtime_signatures.at:146" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:146" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:146: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"removeSource\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:146" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeSource"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:146" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:153" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:153" $as_echo "zone_runtime_signatures.at:153" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:153" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:153: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"SourceRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:153" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="SourceRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:153" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:159" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:159" $as_echo "zone_runtime_signatures.at:159" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:159" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:159: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"querySource\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:159" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="querySource"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:159" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:166" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:166" $as_echo "zone_runtime_signatures.at:166" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:166" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getSources\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getSources"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:166" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:174" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:174" $as_echo "zone_runtime_signatures.at:174" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:174" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"addService\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addService"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:174" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:182" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:182" $as_echo "zone_runtime_signatures.at:182" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:182" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:182: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"ServiceAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:182" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ServiceAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:182" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:189" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:189" $as_echo "zone_runtime_signatures.at:189" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:189" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:189: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"removeService\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:189" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeService"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:189" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:196" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:196" $as_echo "zone_runtime_signatures.at:196" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:196" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:196: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"ServiceRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:196" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ServiceRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:196" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:202" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:202" $as_echo "zone_runtime_signatures.at:202" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:202" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:202: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"queryService\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:202" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryService"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:202" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:209" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:209" $as_echo "zone_runtime_signatures.at:209" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:209" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:209: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getServices\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:209" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getServices"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:209" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:217" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:217" $as_echo "zone_runtime_signatures.at:217" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:217" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"addProtocol\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addProtocol"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:217" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:225" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:225" $as_echo "zone_runtime_signatures.at:225" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:225" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:225: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"ProtocolAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:225" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ProtocolAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:225" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:232" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:232" $as_echo "zone_runtime_signatures.at:232" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:232" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:232: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"removeProtocol\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:232" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeProtocol"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:232" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:239" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:239" $as_echo "zone_runtime_signatures.at:239" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:239" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"ProtocolRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ProtocolRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:239" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:245" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:245" $as_echo "zone_runtime_signatures.at:245" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:245" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:245: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"queryProtocol\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:245" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryProtocol"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:245" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:252" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:252" $as_echo "zone_runtime_signatures.at:252" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:252" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:252: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getProtocols\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:252" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getProtocols"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:252" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:260" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:260" $as_echo "zone_runtime_signatures.at:260" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:260" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:260: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"addPort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:260" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addPort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:260" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:269" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:269" $as_echo "zone_runtime_signatures.at:269" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:269" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"PortAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="PortAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:269" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:277" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:277" $as_echo "zone_runtime_signatures.at:277" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:277" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:277: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"removePort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:277" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removePort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:277" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:285" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:285" $as_echo "zone_runtime_signatures.at:285" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:285" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:285: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"PortRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:285" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="PortRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:285" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:292" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:292" $as_echo "zone_runtime_signatures.at:292" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:292" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:292: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"queryPort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:292" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryPort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:292" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:300" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:300" $as_echo "zone_runtime_signatures.at:300" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:300" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:300: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getPorts\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:300" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getPorts"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:300" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:310" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:310" $as_echo "zone_runtime_signatures.at:310" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:310" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:310: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"addSourcePort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:310" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addSourcePort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:310" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:319" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:319" $as_echo "zone_runtime_signatures.at:319" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:319" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:319: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"SourcePortAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:319" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="SourcePortAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:319" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:327" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:327" $as_echo "zone_runtime_signatures.at:327" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:327" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"removeSourcePort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeSourcePort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:327" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:335" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:335" $as_echo "zone_runtime_signatures.at:335" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:335" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:335: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"SourcePortRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:335" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="SourcePortRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:335" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:342" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:342" $as_echo "zone_runtime_signatures.at:342" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:342" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"querySourcePort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="querySourcePort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:342" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:350" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:350" $as_echo "zone_runtime_signatures.at:350" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:350" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:350: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getSourcePorts\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:350" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getSourcePorts"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:350" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:360" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:360" $as_echo "zone_runtime_signatures.at:360" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:360" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"addForwardPort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addForwardPort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:360" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:371" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:371" $as_echo "zone_runtime_signatures.at:371" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:371" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"ForwardPortAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ForwardPortAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:371" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:381" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:381" $as_echo "zone_runtime_signatures.at:381" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:381" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:381: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"removeForwardPort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:381" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeForwardPort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:381" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:391" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:391" $as_echo "zone_runtime_signatures.at:391" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:391" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:391: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"ForwardPortRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:391" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="ForwardPortRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:391" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:400" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:400" $as_echo "zone_runtime_signatures.at:400" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:400" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:400: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"queryForwardPort\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:400" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryForwardPort"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:400" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:410" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:410" $as_echo "zone_runtime_signatures.at:410" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:410" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:410: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getForwardPorts\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:410" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getForwardPorts"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:410" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:420" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:420" $as_echo "zone_runtime_signatures.at:420" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:420" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:420: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"addMasquerade\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:420" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addMasquerade"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:420" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:427" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:427" $as_echo "zone_runtime_signatures.at:427" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:427" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:427: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"MasqueradeAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:427" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="MasqueradeAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:427" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:433" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:433" $as_echo "zone_runtime_signatures.at:433" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:433" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:433: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"removeMasquerade\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:433" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeMasquerade"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:433" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:439" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:439" $as_echo "zone_runtime_signatures.at:439" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:439" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:439: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"MasqueradeRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:439" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="MasqueradeRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:439" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:444" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:444" $as_echo "zone_runtime_signatures.at:444" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:444" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:444: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"queryMasquerade\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:444" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryMasquerade"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:444" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:452" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:452" $as_echo "zone_runtime_signatures.at:452" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:452" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:452: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"addIcmpBlock\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:452" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addIcmpBlock"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:452" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:460" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:460" $as_echo "zone_runtime_signatures.at:460" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:460" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:460: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"IcmpBlockAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:460" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="IcmpBlockAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:460" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:467" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:467" $as_echo "zone_runtime_signatures.at:467" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:467" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:467: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"removeIcmpBlock\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:467" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeIcmpBlock"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:467" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:474" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:474" $as_echo "zone_runtime_signatures.at:474" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:474" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:474: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"IcmpBlockRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:474" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="IcmpBlockRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:474" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:480" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:480" $as_echo "zone_runtime_signatures.at:480" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:480" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:480: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"queryIcmpBlock\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:480" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryIcmpBlock"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:480" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:487" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:487" $as_echo "zone_runtime_signatures.at:487" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:487" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:487: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getIcmpBlocks\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:487" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getIcmpBlocks"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:487" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:495" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:495" $as_echo "zone_runtime_signatures.at:495" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:495" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:495: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"addIcmpBlockInversion\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:495" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addIcmpBlockInversion"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:495" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:501" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:501" $as_echo "zone_runtime_signatures.at:501" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:501" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:501: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"IcmpBlockInversionAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:501" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="IcmpBlockInversionAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:501" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:506" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:506" $as_echo "zone_runtime_signatures.at:506" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:506" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:506: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"removeIcmpBlockInversion\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:506" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeIcmpBlockInversion"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:506" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:512" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:512" $as_echo "zone_runtime_signatures.at:512" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:512" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:512: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"IcmpBlockInversionRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:512" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="IcmpBlockInversionRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:512" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:517" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:517" $as_echo "zone_runtime_signatures.at:517" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:517" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:517: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"queryIcmpBlockInversion\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:517" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryIcmpBlockInversion"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:517" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:525" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:525" $as_echo "zone_runtime_signatures.at:525" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:525" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:525: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"addRichRule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:525" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="addRichRule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:525" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:533" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:533" $as_echo "zone_runtime_signatures.at:533" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:533" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:533: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"RichRuleAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:533" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="RichRuleAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:533" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:540" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:540" $as_echo "zone_runtime_signatures.at:540" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:540" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:540: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"removeRichRule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:540" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="removeRichRule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:540" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:547" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:547" $as_echo "zone_runtime_signatures.at:547" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:547" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:547: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//signal[@name=\"RichRuleRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:547" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//signal[@name="RichRuleRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:547" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:553" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:553" $as_echo "zone_runtime_signatures.at:553" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:553" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:553: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"queryRichRule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:553" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="queryRichRule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:553" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:560" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:560" $as_echo "zone_runtime_signatures.at:560" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:560" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:560: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getRichRules\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:560" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getRichRules"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:560" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:571" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:571" $as_echo "zone_runtime_signatures.at:571" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:571" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:571: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"getZoneSettings2\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:571" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="getZoneSettings2"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:571" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_signatures.at:578" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:578" $as_echo "zone_runtime_signatures.at:578" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_signatures.at:578" { set +x $as_echo "$at_srcdir/zone_runtime_signatures.at:578: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.zone\"]//method[@name=\"setZoneSettings2\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_signatures.at:578" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.zone"]//method[@name="setZoneSettings2"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_signatures.at:578" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "zone_runtime_signatures.at:585" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/zone_runtime_signatures.at:585" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_60 #AT_START_61 at_fn_group_banner 61 'zone_permanent_functional.at:1' \ "dbus api - zone permanent functional" " " 3 at_xfail=no ( $as_echo "61. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_functional.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "zone_permanent_functional.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "zone_permanent_functional.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_functional.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "zone_permanent_functional.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/zone_permanent_functional.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_functional.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "zone_permanent_functional.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_functional.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_functional.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "zone_permanent_functional.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/zone_permanent_functional.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "zone_permanent_functional.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/zone_permanent_functional.at:1" $as_echo "zone_permanent_functional.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:8" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addZone \"foobar\" '(\"1.0\", \"foobar\", \"foobar zone\", false, \"ACCEPT\", [\"ssh\", \"mdns\"], [(\"1234\", \"tcp\"), (\"1234\", \"udp\")], [\"echo-request\"], true, [(\"1234\", \"tcp\", \"4321\", \"\"), (\"1234\", \"udp\", \"4321\", \"10.10.10.10\")], [\"dummy0\", \"dummy1\"], [\"10.10.10.0/24\"], [\"rule family=ipv4 source address=10.20.20.20 drop\"], [\"icmp\"], [(\"1234\", \"tcp\"), (\"1234\", \"udp\")], false )' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addZone "foobar" '("1.0", "foobar", "foobar zone", false, "ACCEPT", ["ssh", "mdns"], [("1234", "tcp"), ("1234", "udp")], ["echo-request"], true, [("1234", "tcp", "4321", ""), ("1234", "udp", "4321", "10.10.10.10")], ["dummy0", "dummy1"], ["10.10.10.0/24"], ["rule family=ipv4 source address=10.20.20.20 drop"], ["icmp"], [("1234", "tcp"), ("1234", "udp")], false )' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:8" $at_failed && at_fn_log_failure $at_traceon; } DBUS_FOOBAR_ZONE_OBJ=$(sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" ./stdout) export DBUS_FOOBAR_ZONE_OBJ if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zones |grep "nm-shared" >/dev/null ; then NM_SHARED="'nm-shared', " export NM_SHARED fi $as_echo "zone_permanent_functional.at:37" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:37" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:37: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneNames ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:37" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneNames ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['block', 'dmz', 'drop', 'external', 'foobar', 'home', 'internal', ${NM_SHARED}'public', 'trusted', 'work'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:37" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:40" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:40" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.listZones ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.listZones ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:40" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sed -e \"s/['][,]/'\\n/g\" ./stdout | sed -e \"s/.*config\\/zone\\/\\([^']\\+\\)['].*/\\1/\" | while read LINE; do { echo \"\${LINE}\" | grep \"^[0-9]\\+\$\" ; } || exit 1; done " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_functional.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sed -e "s/['][,]/'\n/g" ./stdout | sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" | while read LINE; do { echo "${LINE}" | grep "^[0-9]\+$" ; } || exit 1; done ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:41" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:44" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:44" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneByName \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneByName "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sed -e \"s/.*config\\/zone\\/\\([^']\\+\\)['].*/\\1/\" ./stdout | grep \"^[0-9]\\+\$\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_functional.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" ./stdout | grep "^[0-9]\+$" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone public --add-interface dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_functional.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone public --add-interface dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:48" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:49" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:49" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneOfInterface \"dummy2\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneOfInterface "dummy2"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone public --remove-interface dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_functional.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone public --remove-interface dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone public --add-source 10.20.20.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_functional.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone public --add-source 10.20.20.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:55" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:56" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:56" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneOfSource \"10.20.20.0/24\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneOfSource "10.20.20.0/24"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:56" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:59: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone public --remove-source 10.20.20.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_permanent_functional.at:59" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone public --remove-source 10.20.20.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:59" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:65" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:65" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_FOOBAR_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSettings ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_FOOBAR_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSettings ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(('1.0', 'foobar', 'foobar zone', false, 'ACCEPT', ['ssh', 'mdns'], [('1234', 'tcp'), ('1234', 'udp')], ['echo-request'], true, [('1234', 'tcp', '4321', ''), ('1234', 'udp', '4321', '10.10.10.10')], ['dummy0', 'dummy1'], ['10.10.10.0/24'], ['rule family=\"ipv4\" source address=\"10.20.20.20\" drop'], ['icmp'], [('1234', 'tcp'), ('1234', 'udp')], false),) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:65" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:86" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:86" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:86: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_FOOBAR_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.update '(\"1.1\", \"foobar v2\", \"foobar zone updated\", false, \"ACCEPT\", [\"ssh\", \"mdns\", \"samba\"], [(\"1234\", \"tcp\"), (\"4444\", \"udp\")], [\"echo-request\", \"echo-reply\"], false, [(\"1234\", \"tcp\", \"4321\", \"\")], [\"dummy0\", \"dummy1\", \"dummy2\"], [\"10.10.10.0/24\", \"10.20.0.0/16\"], [\"rule family=ipv4 source address=10.20.20.20 reject\"], [\"icmp\", \"ipv6-icmp\"], [(\"1234\", \"tcp\"), (\"6666\", \"udp\")], true )' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:86" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_FOOBAR_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.update '("1.1", "foobar v2", "foobar zone updated", false, "ACCEPT", ["ssh", "mdns", "samba"], [("1234", "tcp"), ("4444", "udp")], ["echo-request", "echo-reply"], false, [("1234", "tcp", "4321", "")], ["dummy0", "dummy1", "dummy2"], ["10.10.10.0/24", "10.20.0.0/16"], ["rule family=ipv4 source address=10.20.20.20 reject"], ["icmp", "ipv6-icmp"], [("1234", "tcp"), ("6666", "udp")], true )' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:86" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:105" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:105" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_FOOBAR_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSettings ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_FOOBAR_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSettings ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(('1.1', 'foobar v2', 'foobar zone updated', false, 'ACCEPT', ['ssh', 'mdns', 'samba'], [('1234', 'tcp'), ('4444', 'udp')], ['echo-request', 'echo-reply'], false, [('1234', 'tcp', '4321', '')], ['dummy0', 'dummy1', 'dummy2'], ['10.10.10.0/24', '10.20.0.0/16'], ['rule family=\"ipv4\" source address=\"10.20.20.20\" reject'], ['icmp', 'ipv6-icmp'], [('1234', 'tcp'), ('6666', 'udp')], true),) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:105" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:125" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:125" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:125: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_FOOBAR_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.rename \"foobar-renamed\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:125" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_FOOBAR_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.rename "foobar-renamed"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:125" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:126" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:126" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneByName \"foobar-renamed\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneByName "foobar-renamed"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:126" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:129" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:129" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_FOOBAR_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.remove ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_FOOBAR_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.remove ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:129" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:130" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:130" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:130: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneByName \"foobar-renamed\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:130" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneByName "foobar-renamed"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/zone_permanent_functional.at:130" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:133" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:133" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:133: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneByName \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:133" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getZoneByName "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:133" $at_failed && at_fn_log_failure $at_traceon; } DBUS_PUBLIC_ZONE_OBJ=$(sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" ./stdout) export DBUS_PUBLIC_ZONE_OBJ $as_echo "zone_permanent_functional.at:138" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:138" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.loadDefaults ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.loadDefaults ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:138" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:141" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:141" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:141: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getVersion ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:141" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getVersion ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:141" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:144" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:144" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:144: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setVersion \"1.1\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:144" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setVersion "1.1"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:144" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:145" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:145" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getVersion ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getVersion ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('1.1',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:145" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:150" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:150" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:150: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getShort ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:150" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getShort ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('Public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:150" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:153" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:153" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:153: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setShort \"Public updated\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:153" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setShort "Public updated"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:153" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:154" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:154" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getShort ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:154" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getShort ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('Public updated',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:154" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:159" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:159" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:159: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getDescription ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:159" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getDescription ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:159" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:162" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:162" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setDescription \"A shorter description.\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setDescription "A shorter description."; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:162" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:163" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:163" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getDescription ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getDescription ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('A shorter description.',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:163" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:168" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:168" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:168: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getTarget ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:168" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getTarget ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('default',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:168" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:171" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:171" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:171: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setTarget \"ACCEPT\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:171" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setTarget "ACCEPT"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:171" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:172" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:172" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:172: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getTarget ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:172" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getTarget ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('ACCEPT',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:172" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:177" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:177" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addInterface \"dummy0\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addInterface "dummy0"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:177" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:178" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:178" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryInterface \"dummy0\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryInterface "dummy0"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:178" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:181" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:181" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryInterface \"dummy1\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryInterface "dummy1"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:181" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:184" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:184" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:184: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setInterfaces '[\"dummy0\", \"dummy1\"]'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:184" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setInterfaces '["dummy0", "dummy1"]'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:184" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:185" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:185" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getInterfaces ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getInterfaces ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['dummy0', 'dummy1'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:185" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:188" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:188" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:188: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeInterface \"dummy0\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:188" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeInterface "dummy0"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:188" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:189" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:189" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:189: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getInterfaces ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:189" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getInterfaces ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['dummy1'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:189" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:194" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:194" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:194: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addSource \"10.10.10.0/24\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:194" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addSource "10.10.10.0/24"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:194" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:195" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:195" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:195: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.querySource \"10.10.10.0/24\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:195" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.querySource "10.10.10.0/24"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:195" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:198" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:198" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:198: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.querySource \"10.20.20.0/24\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:198" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.querySource "10.20.20.0/24"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:198" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:201" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:201" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:201: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setSources '[\"10.10.10.0/24\", \"10.20.20.0/24\"]'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:201" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setSources '["10.10.10.0/24", "10.20.20.0/24"]'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:201" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:202" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:202" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:202: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSources ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:202" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSources ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['10.10.10.0/24', '10.20.20.0/24'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:202" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:205" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:205" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:205: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeSource \"10.10.10.0/24\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:205" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeSource "10.10.10.0/24"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:205" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:206" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:206" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:206: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSources ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:206" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSources ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['10.20.20.0/24'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:206" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:211" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:211" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:211: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addService \"samba\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:211" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addService "samba"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:211" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:212" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:212" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryService \"samba\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryService "samba"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:212" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:215" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:215" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryService \"https\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryService "https"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:215" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:218" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:218" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setServices '[\"samba\", \"https\"]'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setServices '["samba", "https"]'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:218" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:219" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:219" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:219: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getServices ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:219" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getServices ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['samba', 'https'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:219" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:222" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:222" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:222: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeService \"samba\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:222" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeService "samba"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:222" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:223" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:223" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:223: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getServices ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:223" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getServices ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['https'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:223" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:228" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:228" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:228: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addPort \"1234\" \"tcp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:228" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addPort "1234" "tcp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:228" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:229" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:229" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:229: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryPort \"1234\" \"tcp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:229" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryPort "1234" "tcp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:229" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:232" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:232" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:232: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryPort \"4321\" \"udp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:232" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryPort "4321" "udp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:232" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:235" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:235" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setPorts '[(\"1234\", \"tcp\"), (\"4321\", \"udp\")]'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setPorts '[("1234", "tcp"), ("4321", "udp")]'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:235" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:236" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:236" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:236: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getPorts ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:236" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getPorts ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "([('1234', 'tcp'), ('4321', 'udp')],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:236" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:239" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:239" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removePort \"1234\" \"tcp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removePort "1234" "tcp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:239" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:240" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:240" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:240: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getPorts ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:240" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getPorts ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "([('4321', 'udp')],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:240" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:245" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:245" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:245: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addSourcePort \"1234\" \"tcp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:245" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addSourcePort "1234" "tcp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:245" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:246" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:246" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:246: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.querySourcePort \"1234\" \"tcp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:246" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.querySourcePort "1234" "tcp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:246" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:249" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:249" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:249: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.querySourcePort \"4321\" \"udp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:249" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.querySourcePort "4321" "udp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:249" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:252" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:252" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:252: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setSourcePorts '[(\"1234\", \"tcp\"), (\"4321\", \"udp\")]'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:252" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setSourcePorts '[("1234", "tcp"), ("4321", "udp")]'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:252" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:253" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:253" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSourcePorts ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSourcePorts ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "([('1234', 'tcp'), ('4321', 'udp')],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:253" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:256" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:256" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeSourcePort \"1234\" \"tcp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeSourcePort "1234" "tcp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:256" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:257" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:257" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:257: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSourcePorts ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:257" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSourcePorts ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "([('4321', 'udp')],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:257" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:262" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:262" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:262: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addForwardPort \"1234\" \"tcp\" \"1111\" \"\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:262" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addForwardPort "1234" "tcp" "1111" ""; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:262" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:263" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:263" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:263: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryForwardPort \"1234\" \"tcp\" \"1111\" \"\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:263" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryForwardPort "1234" "tcp" "1111" ""; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:263" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:266" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:266" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:266: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryForwardPort \"4321\" \"udp\" \"4444\" \"10.10.10.10\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:266" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryForwardPort "4321" "udp" "4444" "10.10.10.10"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:266" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:269" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:269" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setForwardPorts '[(\"1234\", \"tcp\", \"1111\", \"\"), (\"4321\", \"udp\", \"4444\", \"10.10.10.10\")]'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setForwardPorts '[("1234", "tcp", "1111", ""), ("4321", "udp", "4444", "10.10.10.10")]'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:269" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:270" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:270" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:270: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getForwardPorts ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:270" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getForwardPorts ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "([('1234', 'tcp', '1111', ''), ('4321', 'udp', '4444', '10.10.10.10')],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:270" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:273" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:273" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:273: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeForwardPort \"1234\" \"tcp\" \"1111\" \"\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:273" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeForwardPort "1234" "tcp" "1111" ""; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:273" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:274" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:274" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:274: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getForwardPorts ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:274" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getForwardPorts ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "([('4321', 'udp', '4444', '10.10.10.10')],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:274" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:279" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:279" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:279: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addProtocol \"icmp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:279" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addProtocol "icmp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:279" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:280" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:280" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:280: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryProtocol \"icmp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:280" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryProtocol "icmp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:280" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:283" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:283" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:283: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryProtocol \"igmp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:283" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryProtocol "igmp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:283" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:286" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:286" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:286: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setProtocols '[\"icmp\", \"igmp\"]'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:286" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setProtocols '["icmp", "igmp"]'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:286" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:287" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:287" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:287: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getProtocols ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:287" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getProtocols ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['icmp', 'igmp'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:287" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:290" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:290" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:290: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeProtocol \"icmp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:290" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeProtocol "icmp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:290" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:291" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:291" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:291: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getProtocols ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:291" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getProtocols ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['igmp'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:291" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:296" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:296" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:296: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryMasquerade ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:296" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryMasquerade ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:296" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:299" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:299" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addMasquerade ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addMasquerade ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:299" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:300" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:300" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:300: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryMasquerade ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:300" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryMasquerade ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:300" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:303" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:303" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:303: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setMasquerade true; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:303" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setMasquerade true; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:303" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:304" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:304" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:304: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getMasquerade ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:304" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getMasquerade ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:304" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:307" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:307" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:307: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeMasquerade ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:307" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeMasquerade ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:307" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:308" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:308" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:308: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getMasquerade ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:308" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getMasquerade ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:308" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:313" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:313" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:313: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addIcmpBlock \"echo-reply\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:313" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addIcmpBlock "echo-reply"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:313" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:314" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:314" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:314: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryIcmpBlock \"echo-reply\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:314" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryIcmpBlock "echo-reply"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:314" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:317" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:317" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:317: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryIcmpBlock \"echo-request\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:317" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryIcmpBlock "echo-request"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:317" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:320" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:320" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:320: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setIcmpBlocks '[\"echo-reply\", \"echo-request\"]'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:320" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setIcmpBlocks '["echo-reply", "echo-request"]'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:320" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:321" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:321" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:321: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getIcmpBlocks ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:321" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getIcmpBlocks ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['echo-reply', 'echo-request'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:321" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:324" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:324" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:324: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeIcmpBlock \"echo-reply\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:324" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeIcmpBlock "echo-reply"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:324" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:325" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:325" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:325: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getIcmpBlocks ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:325" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getIcmpBlocks ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['echo-request'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:325" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:330" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:330" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:330: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryIcmpBlockInversion ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:330" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryIcmpBlockInversion ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:330" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:333" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:333" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:333: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addIcmpBlockInversion ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:333" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addIcmpBlockInversion ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:333" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:334" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:334" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:334: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryIcmpBlockInversion ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:334" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryIcmpBlockInversion ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:334" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:337" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:337" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setIcmpBlockInversion true; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setIcmpBlockInversion true; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:337" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:338" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:338" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getIcmpBlockInversion ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getIcmpBlockInversion ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:338" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:341" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:341" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeIcmpBlockInversion ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeIcmpBlockInversion ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:341" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:342" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:342" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getIcmpBlockInversion ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getIcmpBlockInversion ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:342" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:347" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:347" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:347: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addRichRule \"rule family=ipv4 source address=10.10.10.0/24 accept\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:347" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.addRichRule "rule family=ipv4 source address=10.10.10.0/24 accept"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:347" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:348" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:348" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:348: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryRichRule \"rule family=ipv4 source address=10.10.10.0/24 accept\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:348" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryRichRule "rule family=ipv4 source address=10.10.10.0/24 accept"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:348" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:351" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:351" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:351: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryRichRule \"rule family=ipv4 source address=10.20.20.0/24 drop\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:351" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.queryRichRule "rule family=ipv4 source address=10.20.20.0/24 drop"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:351" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:354" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:354" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setRichRules '[\"rule family=ipv4 source address=10.10.10.0/24 accept\", \"rule family=ipv4 source address=10.20.20.0/24 drop\"]'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.setRichRules '["rule family=ipv4 source address=10.10.10.0/24 accept", "rule family=ipv4 source address=10.20.20.0/24 drop"]'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:354" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:355" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:355" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getRichRules ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getRichRules ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['rule family=\"ipv4\" source address=\"10.10.10.0/24\" accept', 'rule family=\"ipv4\" source address=\"10.20.20.0/24\" drop'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:355" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:358" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:358" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeRichRule \"rule family=ipv4 source address=10.10.10.0/24 accept\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.removeRichRule "rule family=ipv4 source address=10.10.10.0/24 accept"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:358" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:359" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:359" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getRichRules ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_PUBLIC_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getRichRules ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['rule family=\"ipv4\" source address=\"10.20.20.0/24\" drop'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:359" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:367" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:367" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:367: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addZone2 \"foobar2\" '{\"version\": <\"1.0\">, \"short\": <\"foobar\">, \"description\": <\"foobar zone\">, \"target\": <\"ACCEPT\">, \"services\": <[\"ssh\", \"mdns\"]>, \"ports\": <[(\"1234\", \"tcp\"), (\"1234\", \"udp\")]>, \"icmp_blocks\": <[\"echo-request\"]>, \"masquerade\": , \"forward\": , \"forward_ports\": <[(\"1234\", \"tcp\", \"4321\", \"\"), (\"1234\", \"udp\", \"4321\", \"10.10.10.10\")]>, \"interfaces\": <[\"dummy2\", \"dummy3\"]>, \"sources\": <[\"10.10.10.0/24\"]>, \"rules_str\": <[\"rule family=ipv4 source address=10.20.20.20 drop\"]>, \"protocols\": <[\"icmp\"]>, \"source_ports\": <[(\"1234\", \"tcp\"), (\"1234\", \"udp\")]>, \"icmp_block_inversion\": }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:367" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addZone2 "foobar2" '{"version": <"1.0">, "short": <"foobar">, "description": <"foobar zone">, "target": <"ACCEPT">, "services": <["ssh", "mdns"]>, "ports": <[("1234", "tcp"), ("1234", "udp")]>, "icmp_blocks": <["echo-request"]>, "masquerade": , "forward": , "forward_ports": <[("1234", "tcp", "4321", ""), ("1234", "udp", "4321", "10.10.10.10")]>, "interfaces": <["dummy2", "dummy3"]>, "sources": <["10.10.10.0/24"]>, "rules_str": <["rule family=ipv4 source address=10.20.20.20 drop"]>, "protocols": <["icmp"]>, "source_ports": <[("1234", "tcp"), ("1234", "udp")]>, "icmp_block_inversion": }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:367" $at_failed && at_fn_log_failure $at_traceon; } DBUS_FOOBAR2_ZONE_OBJ=$(sed -e "s/.*config\/zone\/\([^']\+\)['].*/\1/" ./stdout) export DBUS_FOOBAR2_ZONE_OBJ $as_echo "zone_permanent_functional.at:390" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:390" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:390: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSettings2 ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:390" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSettings2 ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar zone'> 'forward': 'forward_ports': <[('1234', 'tcp', '4321', ''), ('1234', 'udp', '4321', '10.10.10.10')]> 'icmp_block_inversion': 'icmp_blocks': <['echo-request']> 'interfaces': <['dummy2', 'dummy3']> 'masquerade': 'ports': <[('1234', 'tcp'), ('1234', 'udp')]> 'protocols': <['icmp']> 'rules_str': <['rule family=\"ipv4\" source address=\"10.20.20.20\" drop']> 'services': <['ssh', 'mdns']> 'short': <'foobar'> 'source_ports': <[('1234', 'tcp'), ('1234', 'udp')]> 'sources': <['10.10.10.0/24']> 'target': <'ACCEPT'> 'version': <'1.0'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:390" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:411" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:411" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:411: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.update2 '{\"version\": <\"1.1\">, \"short\": <\"foobar update2\">, \"description\": <\"foobar zone update2\">, \"target\": <\"DROP\">, \"services\": <[\"mdns\"]>, \"ports\": <[(\"1234\", \"udp\")]>, \"icmp_blocks\": <[\"echo-request\", \"echo-reply\"]>, \"masquerade\": , \"forward_ports\": <[(\"1234\", \"udp\", \"4321\", \"10.10.10.10\")]>, \"interfaces\": <[\"dummy3\"]>, \"sources\": <[\"10.10.10.0/24\", \"10.30.30.0/24\"]>, \"rules_str\": <[\"rule family=ipv4 source address=10.20.20.20 accept\"]>, \"protocols\": <[\"ipv6-icmp\"]>, \"source_ports\": <[(\"1234\", \"udp\")]>, \"icmp_block_inversion\": }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:411" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.update2 '{"version": <"1.1">, "short": <"foobar update2">, "description": <"foobar zone update2">, "target": <"DROP">, "services": <["mdns"]>, "ports": <[("1234", "udp")]>, "icmp_blocks": <["echo-request", "echo-reply"]>, "masquerade": , "forward_ports": <[("1234", "udp", "4321", "10.10.10.10")]>, "interfaces": <["dummy3"]>, "sources": <["10.10.10.0/24", "10.30.30.0/24"]>, "rules_str": <["rule family=ipv4 source address=10.20.20.20 accept"]>, "protocols": <["ipv6-icmp"]>, "source_ports": <[("1234", "udp")]>, "icmp_block_inversion": }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:411" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:429" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:429" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:429: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSettings2 ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:429" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSettings2 ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar zone update2'> 'forward': 'forward_ports': <[('1234', 'udp', '4321', '10.10.10.10')]> 'icmp_block_inversion': 'icmp_blocks': <['echo-request', 'echo-reply']> 'interfaces': <['dummy3']> 'masquerade': 'ports': <[('1234', 'udp')]> 'protocols': <['ipv6-icmp']> 'rules_str': <['rule family=\"ipv4\" source address=\"10.20.20.20\" accept']> 'services': <['mdns']> 'short': <'foobar update2'> 'source_ports': <[('1234', 'udp')]> 'sources': <['10.10.10.0/24', '10.30.30.0/24']> 'target': <'DROP'> 'version': <'1.1'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:429" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:449" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:449" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:449: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.update2 '{\"version\": <\"1.2\">, \"target\": <\"ACCEPT\"> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:449" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.update2 '{"version": <"1.2">, "target": <"ACCEPT"> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:449" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:455" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:455" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:455: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.update2 '{\"version\": <\"1.3\">, \"icmp_blocks\": <@as []>, \"icmp_block_inversion\": }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:455" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.update2 '{"version": <"1.3">, "icmp_blocks": <@as []>, "icmp_block_inversion": }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:455" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:462" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:462" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:462: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.update2 '{\"version\": <\"1.4\">, \"forward_ports\": <@a(ssss) []> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:462" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.update2 '{"version": <"1.4">, "forward_ports": <@a(ssss) []> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:462" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_permanent_functional.at:468" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_permanent_functional.at:468" { set +x $as_echo "$at_srcdir/zone_permanent_functional.at:468: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/\${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSettings2 ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_permanent_functional.at:468" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/zone/${DBUS_FOOBAR2_ZONE_OBJ} --method org.fedoraproject.FirewallD1.config.zone.getSettings2 ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar zone update2'> 'forward': 'icmp_block_inversion': 'interfaces': <['dummy3']> 'masquerade': 'ports': <[('1234', 'udp')]> 'protocols': <['ipv6-icmp']> 'rules_str': <['rule family=\"ipv4\" source address=\"10.20.20.20\" accept']> 'services': <['mdns']> 'short': <'foobar update2'> 'source_ports': <[('1234', 'udp')]> 'sources': <['10.10.10.0/24', '10.30.30.0/24']> 'target': <'ACCEPT'> 'version': <'1.4'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_permanent_functional.at:468" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_ZONE: foobar-renamed/d'" != x"ignore"; then $as_echo "zone_permanent_functional.at:485" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ZONE: foobar-renamed/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/zone_permanent_functional.at:485" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_61 #AT_START_62 at_fn_group_banner 62 'zone_runtime_functional.at:1' \ "dbus api - zone runtime functional" " " 3 at_xfail=no ( $as_echo "62. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_functional.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "zone_runtime_functional.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "zone_runtime_functional.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_functional.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "zone_runtime_functional.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/zone_runtime_functional.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_functional.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "zone_runtime_functional.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_functional.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_functional.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "zone_runtime_functional.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/zone_runtime_functional.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "zone_runtime_functional.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/zone_runtime_functional.at:1" $as_echo "zone_runtime_functional.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:8" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getZoneSettings \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getZoneSettings "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(('', 'Public', 'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.', false, 'default', ['ssh', 'dhcpv6-client'], @a(ss) [], @as [], false, @a(ssss) [], @as [], @as [], @as [], @as [], @a(ss) [], false),) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:8" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:28" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:28" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getDefaultZone ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getDefaultZone ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:28" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:31" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:31" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.setDefaultZone 'drop'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.setDefaultZone 'drop'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "() " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:31" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:34" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:34" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getDefaultZone ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.getDefaultZone ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('drop',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:34" $at_failed && at_fn_log_failure $at_traceon; } if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zones |grep "nm-shared" >/dev/null ; then NM_SHARED="'nm-shared', " export NM_SHARED fi $as_echo "zone_runtime_functional.at:43" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:43" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getZones ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getZones ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['block', 'dmz', 'drop', 'external', 'home', 'internal', ${NM_SHARED}'public', 'trusted', 'work'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone public --add-interface dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_functional.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone public --add-interface dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone public --add-source 10.1.1.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_functional.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone public --add-source 10.1.1.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:47" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:48" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:48" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getActiveZones ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getActiveZones ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'public': {'interfaces': ['dummy0'], 'sources': ['10.1.1.1']} " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:51: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone public --remove-interface dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_functional.at:51" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone public --remove-interface dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:51" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone public --remove-source 10.1.1.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_functional.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone public --remove-source 10.1.1.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone public --add-interface dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_functional.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone public --add-interface dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:55" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:56" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:56" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getZoneOfInterface \"dummy1\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getZoneOfInterface "dummy1"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:56" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:59: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone public --remove-interface dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_functional.at:59" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone public --remove-interface dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone drop --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_functional.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone drop --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:60" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:61" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:61" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:61: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getZoneOfSource \"10.10.10.0/24\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:61" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getZoneOfSource "10.10.10.0/24"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('drop',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:61" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone drop --remove-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone_runtime_functional.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone drop --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:64" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:71" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:71" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.isImmutable \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.isImmutable "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:71" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:76" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:76" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addInterface \"public\" \"dummy0\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addInterface "public" "dummy0"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:76" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:79" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:79" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.changeZone \"drop\" \"dummy0\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.changeZone "drop" "dummy0"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('drop',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:79" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:82" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:82" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryInterface \"public\" \"dummy0\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryInterface "public" "dummy0"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:82" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:85" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:85" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryInterface \"drop\" \"dummy0\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryInterface "drop" "dummy0"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:85" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:88" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:88" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.changeZoneOfInterface \"public\" \"dummy0\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.changeZoneOfInterface "public" "dummy0"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:88" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:91" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:91" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryInterface \"public\" \"dummy0\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryInterface "public" "dummy0"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:91" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:94" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:94" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryInterface \"drop\" \"dummy0\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryInterface "drop" "dummy0"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:94" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:97" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:97" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addInterface \"public\" \"dummy1\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addInterface "public" "dummy1"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:97" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:100" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:100" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getInterfaces \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getInterfaces "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['dummy0', 'dummy1'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:100" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:103" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:103" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeInterface \"public\" \"dummy0\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeInterface "public" "dummy0"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:103" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:106" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:106" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getInterfaces \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getInterfaces "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['dummy1'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:106" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:111" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:111" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:111: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addSource \"public\" \"10.10.10.0/24\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:111" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addSource "public" "10.10.10.0/24"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:111" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:114" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:114" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.changeZoneOfSource \"drop\" \"10.10.10.0/24\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.changeZoneOfSource "drop" "10.10.10.0/24"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('drop',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:114" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:117" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:117" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.querySource \"public\" \"10.10.10.0/24\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.querySource "public" "10.10.10.0/24"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:117" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:120" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:120" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.querySource \"drop\" \"10.10.10.0/24\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.querySource "drop" "10.10.10.0/24"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:120" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:123" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:123" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:123: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.changeZoneOfSource \"public\" \"10.10.10.0/24\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:123" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.changeZoneOfSource "public" "10.10.10.0/24"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:123" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:126" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:126" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addSource \"public\" \"10.20.0.0/16\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addSource "public" "10.20.0.0/16"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:126" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:129" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:129" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getSources \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getSources "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['10.10.10.0/24', '10.20.0.0/16'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:129" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:132" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:132" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:132: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeSource \"public\" \"10.10.10.0/24\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:132" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeSource "public" "10.10.10.0/24"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:132" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:135" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:135" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getSources \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getSources "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['10.20.0.0/16'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:135" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:140" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:140" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addService \"public\" \"samba\" 0; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addService "public" "samba" 0; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:140" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:143" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:143" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryService \"public\" \"samba\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryService "public" "samba"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:143" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:146" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:146" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:146: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getServices \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:146" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getServices "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['ssh', 'dhcpv6-client', 'samba'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:146" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:149" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:149" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:149: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeService \"public\" \"samba\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:149" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeService "public" "samba"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:149" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:152" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:152" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:152: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryService \"public\" \"samba\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:152" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryService "public" "samba"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:152" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:157" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:157" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:157: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addProtocol \"public\" \"icmp\" 0; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:157" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addProtocol "public" "icmp" 0; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:157" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:160" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:160" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:160: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryProtocol \"public\" \"icmp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:160" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryProtocol "public" "icmp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:160" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:163" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:163" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getProtocols \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getProtocols "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['icmp'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:163" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:166" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:166" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeProtocol \"public\" \"icmp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeProtocol "public" "icmp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:166" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:169" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:169" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:169: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryProtocol \"public\" \"icmp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:169" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryProtocol "public" "icmp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:169" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:174" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:174" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addPort \"public\" \"1234\" \"tcp\" 0; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addPort "public" "1234" "tcp" 0; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:174" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:177" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:177" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryPort \"public\" \"1234\" \"tcp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryPort "public" "1234" "tcp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:177" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:180" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:180" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addPort \"public\" \"4321\" \"udp\" 0; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addPort "public" "4321" "udp" 0; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:180" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:183" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:183" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:183: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getPorts \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:183" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getPorts "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "([['1234', 'tcp'], ['4321', 'udp']],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:183" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:186" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:186" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:186: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removePort \"public\" \"1234\" \"tcp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:186" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removePort "public" "1234" "tcp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:186" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:189" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:189" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:189: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryPort \"public\" \"1234\" \"tcp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:189" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryPort "public" "1234" "tcp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:189" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:194" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:194" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:194: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addSourcePort \"public\" \"1234\" \"tcp\" 0; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:194" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addSourcePort "public" "1234" "tcp" 0; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:194" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:197" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:197" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:197: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.querySourcePort \"public\" \"1234\" \"tcp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:197" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.querySourcePort "public" "1234" "tcp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:197" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:200" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:200" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:200: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addSourcePort \"public\" \"4321\" \"udp\" 0; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:200" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addSourcePort "public" "4321" "udp" 0; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:200" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:203" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:203" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:203: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getSourcePorts \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:203" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getSourcePorts "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "([['1234', 'tcp'], ['4321', 'udp']],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:203" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:206" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:206" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:206: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeSourcePort \"public\" \"1234\" \"tcp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:206" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeSourcePort "public" "1234" "tcp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:206" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:209" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:209" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:209: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.querySourcePort \"public\" \"1234\" \"tcp\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:209" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.querySourcePort "public" "1234" "tcp"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:209" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:214" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:214" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:214: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addForwardPort \"public\" \"1234\" \"tcp\" \"1111\" \"\" 0; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:214" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addForwardPort "public" "1234" "tcp" "1111" "" 0; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:214" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:217" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:217" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryForwardPort \"public\" \"1234\" \"tcp\" \"1111\" \"\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryForwardPort "public" "1234" "tcp" "1111" ""; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:217" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:220" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:220" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:220: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addForwardPort \"public\" \"4321\" \"udp\" \"4444\" \"10.10.10.10\" 0; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:220" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addForwardPort "public" "4321" "udp" "4444" "10.10.10.10" 0; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:220" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:223" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:223" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:223: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getForwardPorts \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:223" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getForwardPorts "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "([['1234', 'tcp', '1111', ''], ['4321', 'udp', '4444', '10.10.10.10']],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:223" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:226" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:226" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:226: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeForwardPort \"public\" \"1234\" \"tcp\" \"1111\" \"\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:226" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeForwardPort "public" "1234" "tcp" "1111" ""; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:226" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:229" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:229" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:229: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryForwardPort \"public\" \"1234\" \"tcp\" \"1111\" \"\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:229" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryForwardPort "public" "1234" "tcp" "1111" ""; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:229" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:234" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:234" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addMasquerade \"public\" 0; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addMasquerade "public" 0; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:234" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:237" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:237" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:237: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryMasquerade \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:237" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryMasquerade "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:237" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:240" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:240" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:240: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeMasquerade \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:240" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeMasquerade "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:240" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:243" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:243" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryMasquerade \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryMasquerade "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:243" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:248" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:248" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:248: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addIcmpBlock \"public\" \"echo-reply\" 0; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:248" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addIcmpBlock "public" "echo-reply" 0; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:248" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:251" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:251" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:251: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryIcmpBlock \"public\" \"echo-reply\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:251" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryIcmpBlock "public" "echo-reply"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:251" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:254" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:254" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addIcmpBlock \"public\" \"echo-request\" 0; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addIcmpBlock "public" "echo-request" 0; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:254" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:257" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:257" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:257: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getIcmpBlocks \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:257" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getIcmpBlocks "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['echo-reply', 'echo-request'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:257" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:260" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:260" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:260: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeIcmpBlock \"public\" \"echo-reply\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:260" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeIcmpBlock "public" "echo-reply"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:260" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:263" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:263" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:263: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryIcmpBlock \"public\" \"echo-reply\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:263" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryIcmpBlock "public" "echo-reply"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:263" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:268" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:268" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:268: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addIcmpBlockInversion \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:268" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addIcmpBlockInversion "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:268" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:271" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:271" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:271: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryIcmpBlockInversion \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:271" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryIcmpBlockInversion "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:271" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:274" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:274" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:274: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeIcmpBlockInversion \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:274" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeIcmpBlockInversion "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:274" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:277" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:277" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:277: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryIcmpBlockInversion \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:277" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryIcmpBlockInversion "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:277" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:282" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:282" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:282: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addRichRule \"public\" \"rule family=ipv4 source address=10.10.10.10 accept\" 0; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:282" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addRichRule "public" "rule family=ipv4 source address=10.10.10.10 accept" 0; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:282" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:285" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:285" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:285: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryRichRule \"public\" \"rule family=ipv4 source address=10.10.10.10 accept\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:285" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryRichRule "public" "rule family=ipv4 source address=10.10.10.10 accept"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:285" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:288" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:288" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:288: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getRichRules \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:288" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getRichRules "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['rule family=\"ipv4\" source address=\"10.10.10.10\" accept'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:288" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:291" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:291" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:291: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addRichRule \"public\" \"rule family=ipv4 source address=20.20.20.20 accept\" 0; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:291" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.addRichRule "public" "rule family=ipv4 source address=20.20.20.20 accept" 0; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:291" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:294" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:294" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:294: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryRichRule \"public\" \"rule family=ipv4 source address=20.20.20.20 accept\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:294" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryRichRule "public" "rule family=ipv4 source address=20.20.20.20 accept"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:294" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:297" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:297" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:297: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeRichRule \"public\" \"rule family=ipv4 source address=10.10.10.10 accept\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:297" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.removeRichRule "public" "rule family=ipv4 source address=10.10.10.10 accept"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "('public',) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:297" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:300" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:300" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:300: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryRichRule \"public\" \"rule family=ipv4 source address=10.10.10.10 accept\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:300" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.queryRichRule "public" "rule family=ipv4 source address=10.10.10.10 accept"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:300" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:308" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:308" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:308: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getZoneSettings2 \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:308" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getZoneSettings2 "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.'> 'forward': 'forward_ports': <[('4321', 'udp', '4444', '10.10.10.10')]> 'icmp_block_inversion': 'icmp_blocks': <['echo-request']> 'interfaces': <['dummy1']> 'masquerade': 'ports': <[('4321', 'udp')]> 'rules_str': <['rule family=\"ipv4\" source address=\"20.20.20.20\" accept']> 'services': <['ssh', 'dhcpv6-client']> 'short': <'Public'> 'source_ports': <[('4321', 'udp')]> 'sources': <['10.20.0.0/16']> 'target': <'default'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:308" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:327" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:327" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.setZoneSettings2 \"public\" '{\"services\": <[\"mdns\"]>, \"ports\": <[(\"1234\", \"udp\")]>, \"icmp_blocks\": <[\"echo-request\", \"echo-reply\"]>, \"masquerade\": , \"forward\": , \"forward_ports\": <[(\"1234\", \"udp\", \"4321\", \"10.10.10.10\")]>, \"interfaces\": <[\"dummy3\"]>, \"sources\": <[\"10.10.10.0/24\"]>, \"rules_str\": <[\"rule family=ipv4 source address=10.20.20.20 accept\"]>, \"protocols\": <[\"ipv6-icmp\"]>, \"source_ports\": <[(\"1234\", \"udp\")]>, \"icmp_block_inversion\": }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.setZoneSettings2 "public" '{"services": <["mdns"]>, "ports": <[("1234", "udp")]>, "icmp_blocks": <["echo-request", "echo-reply"]>, "masquerade": , "forward": , "forward_ports": <[("1234", "udp", "4321", "10.10.10.10")]>, "interfaces": <["dummy3"]>, "sources": <["10.10.10.0/24"]>, "rules_str": <["rule family=ipv4 source address=10.20.20.20 accept"]>, "protocols": <["ipv6-icmp"]>, "source_ports": <[("1234", "udp")]>, "icmp_block_inversion": }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:327" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:343" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:343" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getZoneSettings2 \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getZoneSettings2 "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.'> 'forward': 'forward_ports': <[('1234', 'udp', '4321', '10.10.10.10')]> 'icmp_block_inversion': 'icmp_blocks': <['echo-reply', 'echo-request']> 'interfaces': <['dummy3']> 'masquerade': 'ports': <[('1234', 'udp')]> 'protocols': <['ipv6-icmp']> 'rules_str': <['rule family=\"ipv4\" source address=\"10.20.20.20\" accept']> 'services': <['mdns']> 'short': <'Public'> 'source_ports': <[('1234', 'udp')]> 'sources': <['10.10.10.0/24']> 'target': <'default'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:343" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:361" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:361" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.setZoneSettings2 \"public\" '{\"services\": <[\"mdns\"]>, \"ports\": <[(\"1234\", \"udp\")]>, \"icmp_blocks\": <[\"echo-request\", \"echo-reply\"]>, \"masquerade\": , \"forward_ports\": <[(\"1234\", \"udp\", \"4321\", \"10.10.10.10\")]>, \"interfaces\": <[\"dummy3\"]>, \"sources\": <[\"10.10.10.0/24\"]>, \"rules_str\": <[\"rule family=ipv4 source address=10.20.20.20 accept\"]>, \"protocols\": <[\"ipv6-icmp\"]>, \"source_ports\": <[(\"1234\", \"udp\")]>, \"icmp_block_inversion\": }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.setZoneSettings2 "public" '{"services": <["mdns"]>, "ports": <[("1234", "udp")]>, "icmp_blocks": <["echo-request", "echo-reply"]>, "masquerade": , "forward_ports": <[("1234", "udp", "4321", "10.10.10.10")]>, "interfaces": <["dummy3"]>, "sources": <["10.10.10.0/24"]>, "rules_str": <["rule family=ipv4 source address=10.20.20.20 accept"]>, "protocols": <["ipv6-icmp"]>, "source_ports": <[("1234", "udp")]>, "icmp_block_inversion": }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:361" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:378" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:378" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:378: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.setZoneSettings2 \"public\" '{\"services\": <[\"mdns\", \"ssh\"]>, \"icmp_blocks\": <[\"echo-reply\"]> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:378" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.setZoneSettings2 "public" '{"services": <["mdns", "ssh"]>, "icmp_blocks": <["echo-reply"]> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:378" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:385" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:385" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:385: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.setZoneSettings2 \"public\" '{\"rules_str\": <@as []>, \"icmp_block_inversion\": }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:385" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.setZoneSettings2 "public" '{"rules_str": <@as []>, "icmp_block_inversion": }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:385" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:392" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:392" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:392: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.setZoneSettings2 \"public\" '{\"forward_ports\": <@a(ssss) []> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:392" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.setZoneSettings2 "public" '{"forward_ports": <@a(ssss) []> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:392" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:398" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:398" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:398: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.setZoneSettings2 \"public\" '{\"services\": <@as []> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:398" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.setZoneSettings2 "public" '{"services": <@as []> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:398" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone_runtime_functional.at:404" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone_runtime_functional.at:404" { set +x $as_echo "$at_srcdir/zone_runtime_functional.at:404: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getZoneSettings2 \"public\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone_runtime_functional.at:404" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.zone.getZoneSettings2 "public"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.'> 'forward': 'icmp_block_inversion': 'icmp_blocks': <['echo-reply']> 'interfaces': <['dummy3']> 'masquerade': 'ports': <[('1234', 'udp')]> 'protocols': <['ipv6-icmp']> 'short': <'Public'> 'source_ports': <[('1234', 'udp')]> 'sources': <['10.10.10.0/24']> 'target': <'default'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone_runtime_functional.at:404" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "zone_runtime_functional.at:419" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/zone_runtime_functional.at:419" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_62 #AT_START_63 at_fn_group_banner 63 'policy_permanent_signatures.at:1' \ "dbus api - policy permanent signatures" " " 3 at_xfail=no ( $as_echo "63. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_permanent_signatures.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy_permanent_signatures.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy_permanent_signatures.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_permanent_signatures.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy_permanent_signatures.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy_permanent_signatures.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_permanent_signatures.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy_permanent_signatures.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_permanent_signatures.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_permanent_signatures.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy_permanent_signatures.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy_permanent_signatures.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy_permanent_signatures.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy_permanent_signatures.at:1" $as_echo "policy_permanent_signatures.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:8" $as_echo "policy_permanent_signatures.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:8" { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config\"]//method[@name=\"listPolicies\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_signatures.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="listPolicies"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:8" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_signatures.at:13" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:13" $as_echo "policy_permanent_signatures.at:13" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:13" { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config\"]//method[@name=\"getPolicyNames\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_signatures.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="getPolicyNames"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:13" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_signatures.at:18" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:18" $as_echo "policy_permanent_signatures.at:18" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:18" { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config\"]//method[@name=\"getPolicyByName\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_signatures.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="getPolicyByName"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:18" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_signatures.at:24" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:24" $as_echo "policy_permanent_signatures.at:24" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:24" { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config\"]//method[@name=\"addPolicy\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_signatures.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config"]//method[@name="addPolicy"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:24" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_signatures.at:36" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:36" { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getPolicyByName \"allow-host-ipv6\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_signatures.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getPolicyByName "allow-host-ipv6"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:36" $at_failed && at_fn_log_failure $at_traceon; } DBUS_POLICY_OBJ=$(sed -e "s/.*config\/policy\/\([^']\+\)['].*/\1/" ./stdout) export DBUS_POLICY_OBJ $as_echo "policy_permanent_signatures.at:40" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:40" $as_echo "policy_permanent_signatures.at:40" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:40" { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_POLICY_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.policy\"]//method[@name=\"getSettings\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_signatures.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_POLICY_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//method[@name="getSettings"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:40" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_signatures.at:46" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:46" $as_echo "policy_permanent_signatures.at:46" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:46" { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_POLICY_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.policy\"]//method[@name=\"update\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_signatures.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_POLICY_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//method[@name="update"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:46" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_signatures.at:51" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:51" $as_echo "policy_permanent_signatures.at:51" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:51" { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:51: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_POLICY_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.policy\"]//signal[@name=\"Updated\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_signatures.at:51" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_POLICY_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//signal[@name="Updated"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:51" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_signatures.at:57" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:57" $as_echo "policy_permanent_signatures.at:57" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:57" { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:57: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_POLICY_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.policy\"]//method[@name=\"remove\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_signatures.at:57" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_POLICY_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//method[@name="remove"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:57" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_signatures.at:61" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:61" $as_echo "policy_permanent_signatures.at:61" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:61" { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:61: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_POLICY_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.policy\"]//signal[@name=\"Removed\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_signatures.at:61" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_POLICY_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//signal[@name="Removed"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:61" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_signatures.at:67" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:67" $as_echo "policy_permanent_signatures.at:67" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:67" { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_POLICY_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.policy\"]//method[@name=\"rename\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_signatures.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_POLICY_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//method[@name="rename"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:67" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_signatures.at:72" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:72" $as_echo "policy_permanent_signatures.at:72" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:72" { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_POLICY_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.policy\"]//signal[@name=\"Renamed\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_signatures.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_POLICY_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//signal[@name="Renamed"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:72" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_signatures.at:78" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:78" $as_echo "policy_permanent_signatures.at:78" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_signatures.at:78" { set +x $as_echo "$at_srcdir/policy_permanent_signatures.at:78: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_POLICY_OBJ}; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.policy\"]//method[@name=\"loadDefaults\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_signatures.at:78" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_POLICY_OBJ}; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.policy"]//method[@name="loadDefaults"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_signatures.at:78" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy_permanent_signatures.at:83" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy_permanent_signatures.at:83" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_63 #AT_START_64 at_fn_group_banner 64 'policy_runtime_signatures.at:1' \ "dbus api - policy runtime signatures" " " 3 at_xfail=no ( $as_echo "64. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy_runtime_signatures.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_runtime_signatures.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy_runtime_signatures.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy_runtime_signatures.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy_runtime_signatures.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy_runtime_signatures.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy_runtime_signatures.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_runtime_signatures.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy_runtime_signatures.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy_runtime_signatures.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy_runtime_signatures.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_runtime_signatures.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy_runtime_signatures.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy_runtime_signatures.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy_runtime_signatures.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_runtime_signatures.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy_runtime_signatures.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_runtime_signatures.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_signatures.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy_runtime_signatures.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy_runtime_signatures.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy_runtime_signatures.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy_runtime_signatures.at:1" $as_echo "policy_runtime_signatures.at:6" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_signatures.at:6" $as_echo "policy_runtime_signatures.at:6" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_signatures.at:6" { set +x $as_echo "$at_srcdir/policy_runtime_signatures.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.policy\"]//method[@name=\"getPolicySettings\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_signatures.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.policy"]//method[@name="getPolicySettings"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_signatures.at:6" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_runtime_signatures.at:12" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_signatures.at:12" $as_echo "policy_runtime_signatures.at:12" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_signatures.at:12" { set +x $as_echo "$at_srcdir/policy_runtime_signatures.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.policy\"]//method[@name=\"setPolicySettings\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_signatures.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.policy"]//method[@name="setPolicySettings"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_signatures.at:12" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_runtime_signatures.at:18" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_signatures.at:18" $as_echo "policy_runtime_signatures.at:18" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_signatures.at:18" { set +x $as_echo "$at_srcdir/policy_runtime_signatures.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.policy\"]//signal[@name=\"PolicyUpdated\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_signatures.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.policy"]//signal[@name="PolicyUpdated"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_signatures.at:18" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_runtime_signatures.at:26" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_signatures.at:26" $as_echo "policy_runtime_signatures.at:26" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_signatures.at:26" { set +x $as_echo "$at_srcdir/policy_runtime_signatures.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.policy\"]//method[@name=\"getPolicies\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_signatures.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.policy"]//method[@name="getPolicies"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_signatures.at:26" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_runtime_signatures.at:31" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_signatures.at:31" $as_echo "policy_runtime_signatures.at:31" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_signatures.at:31" { set +x $as_echo "$at_srcdir/policy_runtime_signatures.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.policy\"]//method[@name=\"getActivePolicies\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_signatures.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.policy"]//method[@name="getActivePolicies"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_signatures.at:31" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy_runtime_signatures.at:37" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy_runtime_signatures.at:37" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_64 #AT_START_65 at_fn_group_banner 65 'policy_permanent_functional.at:1' \ "dbus api - policy permanent functional" " " 3 at_xfail=no ( $as_echo "65. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_permanent_functional.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy_permanent_functional.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy_permanent_functional.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_permanent_functional.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy_permanent_functional.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy_permanent_functional.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_permanent_functional.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy_permanent_functional.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_permanent_functional.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_permanent_functional.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy_permanent_functional.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy_permanent_functional.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy_permanent_functional.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy_permanent_functional.at:1" $as_echo "policy_permanent_functional.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:8" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.listPolicies ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.listPolicies ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sed -e \"s/['][,]/'\\n/g\" ./stdout | sed -e \"s/.*config\\/policy\\/\\([^']\\+\\)['].*/\\1/\" | while read LINE; do { echo \"\${LINE}\" | grep \"^[0-9]\\+\$\" ; } || exit 1; done " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_permanent_functional.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sed -e "s/['][,]/'\n/g" ./stdout | sed -e "s/.*config\/policy\/\([^']\+\)['].*/\1/" | while read LINE; do { echo "${LINE}" | grep "^[0-9]\+$" ; } || exit 1; done ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:9" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:13" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:13" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getPolicyNames ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getPolicyNames ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['allow-host-ipv6'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:13" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:17" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:17" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getPolicyByName \"allow-host-ipv6\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getPolicyByName "allow-host-ipv6"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sed -e \"s/.*config\\/policy\\/\\([^']\\+\\)['].*/\\1/\" ./stdout | grep \"^[0-9]\\+\$\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_permanent_functional.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sed -e "s/.*config\/policy\/\([^']\+\)['].*/\1/" ./stdout | grep "^[0-9]\+$" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:18" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:20" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:20" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addPolicy \"foobar\" '{\"version\": <\"1.0\">, \"short\": <\"foobar\">, \"description\": <\"foobar policy\">, \"target\": <\"CONTINUE\">, \"services\": <[\"ssh\", \"mdns\"]>, \"ports\": <[(\"1234\", \"tcp\"), (\"1234\", \"udp\")]>, \"icmp_blocks\": <[\"echo-request\"]>, \"masquerade\": , \"forward_ports\": <[(\"1234\", \"tcp\", \"4321\", \"\"), (\"1234\", \"udp\", \"4321\", \"\")]>, \"rich_rules\": <[\"rule family=ipv4 source address=10.20.20.20 drop\"]>, \"protocols\": <[\"icmp\"]>, \"source_ports\": <[(\"1234\", \"tcp\"), (\"1234\", \"udp\")]>, \"ingress_zones\": <[\"public\"]>, \"egress_zones\": <[\"HOST\"]>, \"priority\": <-100> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.addPolicy "foobar" '{"version": <"1.0">, "short": <"foobar">, "description": <"foobar policy">, "target": <"CONTINUE">, "services": <["ssh", "mdns"]>, "ports": <[("1234", "tcp"), ("1234", "udp")]>, "icmp_blocks": <["echo-request"]>, "masquerade": , "forward_ports": <[("1234", "tcp", "4321", ""), ("1234", "udp", "4321", "")]>, "rich_rules": <["rule family=ipv4 source address=10.20.20.20 drop"]>, "protocols": <["icmp"]>, "source_ports": <[("1234", "tcp"), ("1234", "udp")]>, "ingress_zones": <["public"]>, "egress_zones": <["HOST"]>, "priority": <-100> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:20" $at_failed && at_fn_log_failure $at_traceon; } DBUS_FOOBAR_POLICY_OBJ=$(sed -e "s/.*config\/policy\/\([^']\+\)['].*/\1/" ./stdout) export DBUS_FOOBAR_POLICY_OBJ $as_echo "policy_permanent_functional.at:46" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:46" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.getSettings ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.getSettings ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar policy'> 'egress_zones': <['HOST']> 'forward_ports': <[('1234', 'tcp', '4321', ''), ('1234', 'udp', '4321', '')]> 'icmp_blocks': <['echo-request']> 'ingress_zones': <['public']> 'masquerade': 'ports': <[('1234', 'tcp'), ('1234', 'udp')]> 'priority': <-100> 'protocols': <['icmp']> 'rich_rules': <['rule family=\"ipv4\" source address=\"10.20.20.20\" drop']> 'services': <['ssh', 'mdns']> 'short': <'foobar'> 'source_ports': <[('1234', 'tcp'), ('1234', 'udp')]> 'target': <'CONTINUE'> 'version': <'1.0'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:46" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:66" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:66" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.update '{\"version\": <\"1.1\">, \"short\": <\"foobar update\">, \"description\": <\"foobar policy update\">, \"target\": <\"DROP\">, \"services\": <[\"mdns\"]>, \"ports\": <[(\"1234\", \"udp\")]>, \"icmp_blocks\": <[\"echo-request\", \"echo-reply\"]>, \"masquerade\": , \"forward_ports\": <[(\"1234\", \"udp\", \"4321\", \"10.10.10.10\")]>, \"rich_rules\": <[\"rule family=ipv4 source address=10.20.20.20 accept\"]>, \"protocols\": <[\"ipv6-icmp\"]>, \"source_ports\": <[(\"1234\", \"udp\")]>, \"ingress_zones\": <[\"public\", \"external\"]>, \"egress_zones\": <[\"internal\"]>, \"priority\": <200> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.update '{"version": <"1.1">, "short": <"foobar update">, "description": <"foobar policy update">, "target": <"DROP">, "services": <["mdns"]>, "ports": <[("1234", "udp")]>, "icmp_blocks": <["echo-request", "echo-reply"]>, "masquerade": , "forward_ports": <[("1234", "udp", "4321", "10.10.10.10")]>, "rich_rules": <["rule family=ipv4 source address=10.20.20.20 accept"]>, "protocols": <["ipv6-icmp"]>, "source_ports": <[("1234", "udp")]>, "ingress_zones": <["public", "external"]>, "egress_zones": <["internal"]>, "priority": <200> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:66" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:84" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:84" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:84: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.getSettings ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:84" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.getSettings ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar policy update'> 'egress_zones': <['internal']> 'forward_ports': <[('1234', 'udp', '4321', '10.10.10.10')]> 'icmp_blocks': <['echo-request', 'echo-reply']> 'ingress_zones': <['public', 'external']> 'masquerade': 'ports': <[('1234', 'udp')]> 'priority': <200> 'protocols': <['ipv6-icmp']> 'rich_rules': <['rule family=\"ipv4\" source address=\"10.20.20.20\" accept']> 'services': <['mdns']> 'short': <'foobar update'> 'source_ports': <[('1234', 'udp')]> 'target': <'DROP'> 'version': <'1.1'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:84" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:103" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:103" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.update '{\"version\": <\"1.2\">, \"target\": <\"DROP\"> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.update '{"version": <"1.2">, "target": <"DROP"> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:103" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:109" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:109" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.update '{\"version\": <\"1.3\">, \"icmp_blocks\": <@as []> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.update '{"version": <"1.3">, "icmp_blocks": <@as []> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:109" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:115" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:115" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.update '{\"version\": <\"1.4\">, \"forward_ports\": <@a(ssss) []> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.update '{"version": <"1.4">, "forward_ports": <@a(ssss) []> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:115" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:121" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:121" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.getSettings ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.getSettings ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'foobar policy update'> 'egress_zones': <['internal']> 'ingress_zones': <['public', 'external']> 'masquerade': 'ports': <[('1234', 'udp')]> 'priority': <200> 'protocols': <['ipv6-icmp']> 'rich_rules': <['rule family=\"ipv4\" source address=\"10.20.20.20\" accept']> 'services': <['mdns']> 'short': <'foobar update'> 'source_ports': <[('1234', 'udp')]> 'target': <'DROP'> 'version': <'1.4'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:121" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:137" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:137" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.rename \"foobar-renamed\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.rename "foobar-renamed"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:137" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:138" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:138" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getPolicyByName \"foobar-renamed\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getPolicyByName "foobar-renamed"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:138" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:140" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:140" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.remove ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_FOOBAR_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.remove ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:140" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:141" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:141" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:141: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getPolicyByName \"foobar-renamed\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:141" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getPolicyByName "foobar-renamed"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/policy_permanent_functional.at:141" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:144" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:144" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:144: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getPolicyByName \"allow-host-ipv6\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:144" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getPolicyByName "allow-host-ipv6"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:144" $at_failed && at_fn_log_failure $at_traceon; } DBUS_BUILTIN_POLICY_OBJ=$(sed -e "s/.*config\/policy\/\([^']\+\)['].*/\1/" ./stdout) export DBUS_BUILTIN_POLICY_OBJ $as_echo "policy_permanent_functional.at:147" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:147" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_BUILTIN_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.update '{\"version\": <\"1.2\">, \"target\": <\"DROP\"> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:147" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_BUILTIN_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.update '{"version": <"1.2">, "target": <"DROP"> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:147" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:152" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:152" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:152: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_BUILTIN_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.getSettings ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:152" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_BUILTIN_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.getSettings ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'Allows basic IPv6 functionality for the host running firewalld.'> 'egress_zones': <['HOST']> 'ingress_zones': <['ANY']> 'masquerade': 'priority': <-15000> 'rich_rules': <['rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept', 'rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept', 'rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept', 'rule family=\"ipv6\" icmp-type name=\"redirect\" accept']> 'short': <'Allow host IPv6'> 'target': <'DROP'> 'version': <'1.2'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:152" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:164" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:164" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_BUILTIN_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.loadDefaults ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_BUILTIN_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.loadDefaults ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:164" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_permanent_functional.at:165" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_permanent_functional.at:165" { set +x $as_echo "$at_srcdir/policy_permanent_functional.at:165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/\${DBUS_BUILTIN_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.getSettings ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_permanent_functional.at:165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/policy/${DBUS_BUILTIN_POLICY_OBJ} --method org.fedoraproject.FirewallD1.config.policy.getSettings ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'Allows basic IPv6 functionality for the host running firewalld.'> 'egress_zones': <['HOST']> 'ingress_zones': <['ANY']> 'masquerade': 'priority': <-15000> 'rich_rules': <['rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept', 'rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept', 'rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept', 'rule family=\"ipv6\" icmp-type name=\"redirect\" accept']> 'short': <'Allow host IPv6'> 'target': <'CONTINUE'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_permanent_functional.at:165" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_POLICY: foobar-renamed/d'" != x"ignore"; then $as_echo "policy_permanent_functional.at:176" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_POLICY: foobar-renamed/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy_permanent_functional.at:176" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_65 #AT_START_66 at_fn_group_banner 66 'policy_runtime_functional.at:1' \ "dbus api - policy runtime functional" " " 3 at_xfail=no ( $as_echo "66. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_runtime_functional.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy_runtime_functional.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy_runtime_functional.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_runtime_functional.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy_runtime_functional.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy_runtime_functional.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_runtime_functional.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy_runtime_functional.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_runtime_functional.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_runtime_functional.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy_runtime_functional.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy_runtime_functional.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy_runtime_functional.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy_runtime_functional.at:1" $as_echo "policy_runtime_functional.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_functional.at:8" { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.getPolicySettings \"allow-host-ipv6\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_functional.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.getPolicySettings "allow-host-ipv6"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'Allows basic IPv6 functionality for the host running firewalld.'> 'egress_zones': <['HOST']> 'ingress_zones': <['ANY']> 'masquerade': 'priority': <-15000> 'rich_rules': <['rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept', 'rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept', 'rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept', 'rule family=\"ipv6\" icmp-type name=\"redirect\" accept']> 'short': <'Allow host IPv6'> 'target': <'CONTINUE'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:8" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_runtime_functional.at:21" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_functional.at:21" { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.setPolicySettings \"allow-host-ipv6\" '{\"services\": <[\"mdns\"]>, \"ports\": <[(\"1234\", \"udp\")]>, \"icmp_blocks\": <[\"echo-request\"]>, \"masquerade\": , \"forward_ports\": <[(\"1234\", \"udp\", \"4321\", \"\")]>, \"rich_rules\": <[\"rule family=ipv4 source address=10.20.20.20 accept\"]>, \"protocols\": <[\"ipv6-icmp\"]>, \"source_ports\": <[(\"1234\", \"udp\")]>, \"ingress_zones\": <[\"ANY\"]>, \"egress_zones\": <[\"HOST\"]> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_functional.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.setPolicySettings "allow-host-ipv6" '{"services": <["mdns"]>, "ports": <[("1234", "udp")]>, "icmp_blocks": <["echo-request"]>, "masquerade": , "forward_ports": <[("1234", "udp", "4321", "")]>, "rich_rules": <["rule family=ipv4 source address=10.20.20.20 accept"]>, "protocols": <["ipv6-icmp"]>, "source_ports": <[("1234", "udp")]>, "ingress_zones": <["ANY"]>, "egress_zones": <["HOST"]> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:21" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_runtime_functional.at:35" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_functional.at:35" { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.getPolicySettings \"allow-host-ipv6\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_functional.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.getPolicySettings "allow-host-ipv6"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'Allows basic IPv6 functionality for the host running firewalld.'> 'egress_zones': <['HOST']> 'forward_ports': <[('1234', 'udp', '4321', '')]> 'icmp_blocks': <['echo-request']> 'ingress_zones': <['ANY']> 'masquerade': 'ports': <[('1234', 'udp')]> 'priority': <-15000> 'protocols': <['ipv6-icmp']> 'rich_rules': <['rule family=\"ipv4\" source address=\"10.20.20.20\" accept']> 'services': <['mdns']> 'short': <'Allow host IPv6'> 'source_ports': <[('1234', 'udp')]> 'target': <'CONTINUE'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:35" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_runtime_functional.at:52" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_functional.at:52" { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.setPolicySettings \"allow-host-ipv6\" '{\"services\": <[\"mdns\"]>, \"ports\": <[(\"1234\", \"udp\")]>, \"icmp_blocks\": <[\"echo-request\"]>, \"masquerade\": , \"forward_ports\": <[(\"1234\", \"udp\", \"4321\", \"\")]>, \"rich_rules\": <[\"rule family=ipv4 source address=10.20.20.20 accept\"]>, \"protocols\": <[\"ipv6-icmp\"]>, \"source_ports\": <[(\"1234\", \"udp\")]>, \"ingress_zones\": <[\"ANY\"]>, \"egress_zones\": <[\"HOST\"]> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_functional.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.setPolicySettings "allow-host-ipv6" '{"services": <["mdns"]>, "ports": <[("1234", "udp")]>, "icmp_blocks": <["echo-request"]>, "masquerade": , "forward_ports": <[("1234", "udp", "4321", "")]>, "rich_rules": <["rule family=ipv4 source address=10.20.20.20 accept"]>, "protocols": <["ipv6-icmp"]>, "source_ports": <[("1234", "udp")]>, "ingress_zones": <["ANY"]>, "egress_zones": <["HOST"]> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:52" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_runtime_functional.at:68" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_functional.at:68" { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.setPolicySettings \"allow-host-ipv6\" '{\"services\": <[\"mdns\", \"ssh\"]>, \"icmp_blocks\": <[\"echo-reply\"]> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_functional.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.setPolicySettings "allow-host-ipv6" '{"services": <["mdns", "ssh"]>, "icmp_blocks": <["echo-reply"]> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:68" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_runtime_functional.at:75" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_functional.at:75" { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.setPolicySettings \"allow-host-ipv6\" '{\"rich_rules\": <@as []> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_functional.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.setPolicySettings "allow-host-ipv6" '{"rich_rules": <@as []> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:75" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_runtime_functional.at:81" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_functional.at:81" { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:81: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.setPolicySettings \"allow-host-ipv6\" '{\"forward_ports\": <@a(ssss) []> }' ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_functional.at:81" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.setPolicySettings "allow-host-ipv6" '{"forward_ports": <@a(ssss) []> }' ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:81" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_runtime_functional.at:87" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_functional.at:87" { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:87: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.getPolicySettings \"allow-host-ipv6\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_functional.at:87" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.getPolicySettings "allow-host-ipv6"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'description': <'Allows basic IPv6 functionality for the host running firewalld.'> 'egress_zones': <['HOST']> 'icmp_blocks': <['echo-reply']> 'ingress_zones': <['ANY']> 'masquerade': 'ports': <[('1234', 'udp')]> 'priority': <-15000> 'protocols': <['ipv6-icmp']> 'services': <['mdns', 'ssh']> 'short': <'Allow host IPv6'> 'source_ports': <[('1234', 'udp')]> 'target': <'CONTINUE'> " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:87" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_runtime_functional.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:102" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy_runtime_functional.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:102" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_runtime_functional.at:108" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_functional.at:108" { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:108: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.getPolicies ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_functional.at:108" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.getPolicies ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['allow-host-ipv6'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:108" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy_runtime_functional.at:112" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy_runtime_functional.at:112" { set +x $as_echo "$at_srcdir/policy_runtime_functional.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.getActivePolicies ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy_runtime_functional.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1 --method org.fedoraproject.FirewallD1.policy.getActivePolicies ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "'allow-host-ipv6': {'ingress_zones': ['ANY'], 'egress_zones': ['HOST']} " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy_runtime_functional.at:112" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy_runtime_functional.at:116" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy_runtime_functional.at:116" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_66 #AT_START_67 at_fn_group_banner 67 'direct.at:1' \ "dbus api - direct signatures" " " 3 at_xfail=no ( $as_echo "67. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/direct.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "direct.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/direct.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "direct.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/direct.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "direct.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/direct.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "direct.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "direct.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/direct.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/direct.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "direct.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/direct.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "direct.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/direct.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "direct.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/direct.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "direct.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "direct.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/direct.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "direct.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/direct.at:1" $as_echo "direct.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:8" $as_echo "direct.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:8" { set +x $as_echo "$at_srcdir/direct.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addChain\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="addChain"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:8" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:17" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:17" $as_echo "direct.at:17" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:17" { set +x $as_echo "$at_srcdir/direct.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addPassthrough\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="addPassthrough"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:17" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:25" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:25" $as_echo "direct.at:25" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:25" { set +x $as_echo "$at_srcdir/direct.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"addRule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="addRule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:25" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:36" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:36" $as_echo "direct.at:36" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:36" { set +x $as_echo "$at_srcdir/direct.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getAllChains\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="getAllChains"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:36" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:43" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:43" $as_echo "direct.at:43" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:43" { set +x $as_echo "$at_srcdir/direct.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getAllPassthroughs\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="getAllPassthroughs"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:43" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:50" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:50" $as_echo "direct.at:50" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:50" { set +x $as_echo "$at_srcdir/direct.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getAllRules\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="getAllRules"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:50" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:57" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:57" $as_echo "direct.at:57" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:57" { set +x $as_echo "$at_srcdir/direct.at:57: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getChains\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:57" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="getChains"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:57" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:66" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:66" $as_echo "direct.at:66" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:66" { set +x $as_echo "$at_srcdir/direct.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getPassthroughs\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="getPassthroughs"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:66" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:74" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:74" $as_echo "direct.at:74" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:74" { set +x $as_echo "$at_srcdir/direct.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"getRules\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="getRules"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:74" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:84" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:84" $as_echo "direct.at:84" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:84" { set +x $as_echo "$at_srcdir/direct.at:84: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"passthrough\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:84" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="passthrough"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:84" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:93" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:93" $as_echo "direct.at:93" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:93" { set +x $as_echo "$at_srcdir/direct.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"queryChain\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="queryChain"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:93" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:103" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:103" $as_echo "direct.at:103" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:103" { set +x $as_echo "$at_srcdir/direct.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"queryPassthrough\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="queryPassthrough"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:103" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:112" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:112" $as_echo "direct.at:112" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:112" { set +x $as_echo "$at_srcdir/direct.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"queryRule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="queryRule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:112" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:124" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:124" $as_echo "direct.at:124" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:124" { set +x $as_echo "$at_srcdir/direct.at:124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeAllPassthroughs\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="removeAllPassthroughs"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:124" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:130" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:130" $as_echo "direct.at:130" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:130" { set +x $as_echo "$at_srcdir/direct.at:130: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeChain\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:130" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="removeChain"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:130" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:139" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:139" $as_echo "direct.at:139" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:139" { set +x $as_echo "$at_srcdir/direct.at:139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removePassthrough\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="removePassthrough"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:139" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:147" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:147" $as_echo "direct.at:147" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:147" { set +x $as_echo "$at_srcdir/direct.at:147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeRule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:147" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="removeRule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:147" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:158" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:158" $as_echo "direct.at:158" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:158" { set +x $as_echo "$at_srcdir/direct.at:158: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//method[@name=\"removeRules\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:158" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//method[@name="removeRules"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:158" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:167" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:167" $as_echo "direct.at:167" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:167" { set +x $as_echo "$at_srcdir/direct.at:167: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//signal[@name=\"ChainAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:167" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//signal[@name="ChainAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:167" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:176" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:176" $as_echo "direct.at:176" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:176" { set +x $as_echo "$at_srcdir/direct.at:176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//signal[@name=\"ChainRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//signal[@name="ChainRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:176" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:185" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:185" $as_echo "direct.at:185" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:185" { set +x $as_echo "$at_srcdir/direct.at:185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//signal[@name=\"PassthroughAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//signal[@name="PassthroughAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:185" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:193" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:193" $as_echo "direct.at:193" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:193" { set +x $as_echo "$at_srcdir/direct.at:193: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//signal[@name=\"PassthroughRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:193" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//signal[@name="PassthroughRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:193" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:201" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:201" $as_echo "direct.at:201" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:201" { set +x $as_echo "$at_srcdir/direct.at:201: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//signal[@name=\"RuleAdded\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:201" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//signal[@name="RuleAdded"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:201" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:212" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:212" $as_echo "direct.at:212" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:212" { set +x $as_echo "$at_srcdir/direct.at:212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo \$? >&3; } | xmllint --xpath '//signal[@name=\"RuleRemoved\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1; echo $? >&3; } | xmllint --xpath '//signal[@name="RuleRemoved"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:212" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:227" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:227" $as_echo "direct.at:227" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:227" { set +x $as_echo "$at_srcdir/direct.at:227: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"getSettings\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:227" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getSettings"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:227" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:234" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:234" $as_echo "direct.at:234" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:234" { set +x $as_echo "$at_srcdir/direct.at:234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"update\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="update"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:234" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:241" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:241" $as_echo "direct.at:241" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:241" { set +x $as_echo "$at_srcdir/direct.at:241: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"addChain\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:241" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="addChain"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:241" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:250" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:250" $as_echo "direct.at:250" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:250" { set +x $as_echo "$at_srcdir/direct.at:250: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"addPassthrough\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:250" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="addPassthrough"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:250" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:258" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:258" $as_echo "direct.at:258" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:258" { set +x $as_echo "$at_srcdir/direct.at:258: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"addRule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:258" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="addRule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:258" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:269" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:269" $as_echo "direct.at:269" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:269" { set +x $as_echo "$at_srcdir/direct.at:269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"getAllChains\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getAllChains"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:269" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:276" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:276" $as_echo "direct.at:276" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:276" { set +x $as_echo "$at_srcdir/direct.at:276: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"getAllPassthroughs\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:276" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getAllPassthroughs"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:276" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:283" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:283" $as_echo "direct.at:283" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:283" { set +x $as_echo "$at_srcdir/direct.at:283: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"getAllRules\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:283" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getAllRules"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:283" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:290" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:290" $as_echo "direct.at:290" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:290" { set +x $as_echo "$at_srcdir/direct.at:290: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"getChains\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:290" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getChains"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:290" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:299" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:299" $as_echo "direct.at:299" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:299" { set +x $as_echo "$at_srcdir/direct.at:299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"getPassthroughs\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getPassthroughs"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:299" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:307" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:307" $as_echo "direct.at:307" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:307" { set +x $as_echo "$at_srcdir/direct.at:307: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"getRules\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:307" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="getRules"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:307" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:317" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:317" $as_echo "direct.at:317" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:317" { set +x $as_echo "$at_srcdir/direct.at:317: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"queryChain\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:317" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="queryChain"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:317" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:327" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:327" $as_echo "direct.at:327" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:327" { set +x $as_echo "$at_srcdir/direct.at:327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"queryPassthrough\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="queryPassthrough"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:327" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:336" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:336" $as_echo "direct.at:336" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:336" { set +x $as_echo "$at_srcdir/direct.at:336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"queryRule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="queryRule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:336" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:348" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:348" $as_echo "direct.at:348" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:348" { set +x $as_echo "$at_srcdir/direct.at:348: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"removeChain\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:348" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="removeChain"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:348" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:357" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:357" $as_echo "direct.at:357" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:357" { set +x $as_echo "$at_srcdir/direct.at:357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"removePassthrough\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="removePassthrough"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:357" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:365" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:365" $as_echo "direct.at:365" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:365" { set +x $as_echo "$at_srcdir/direct.at:365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"removeRule\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="removeRule"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:365" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:376" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:376" $as_echo "direct.at:376" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:376" { set +x $as_echo "$at_srcdir/direct.at:376: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//method[@name=\"removeRules\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:376" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//method[@name="removeRules"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:376" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "direct.at:385" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:385" $as_echo "direct.at:385" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which xmllint >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/direct.at:385" { set +x $as_echo "$at_srcdir/direct.at:385: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo \$? >&3; } | xmllint --xpath '//interface[@name=\"org.fedoraproject.FirewallD1.config.direct\"]//signal[@name=\"Updated\"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "direct.at:385" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config; echo $? >&3; } | xmllint --xpath '//interface[@name="org.fedoraproject.FirewallD1.config.direct"]//signal[@name="Updated"]' - | xmllint --format - | xmllint --c14n - | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/direct.at:385" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "direct.at:391" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/direct.at:391" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_67 #AT_START_68 at_fn_group_banner 68 'firewall-cmd.at:5' \ "basic options" " " 4 at_xfail=no ( $as_echo "68. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:5" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:5" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:5" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:5" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:5" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:5" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:5" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:5" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:5" { set +x $as_echo "$at_srcdir/firewall-cmd.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -h " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -h ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --help " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --help ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -V " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -V ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --complete-reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --complete-reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --panic-on " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --panic-on ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "yes " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --panic-off " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --panic-off ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "no " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:24" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:26" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_68 #AT_START_69 at_fn_group_banner 69 'firewall-cmd.at:28' \ "get/list options" " " 4 at_xfail=no ( $as_echo "69. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:28" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:28" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:28" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:28" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:28" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:28" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:28" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:28" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:28" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:28" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:28" { set +x $as_echo "$at_srcdir/firewall-cmd.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-icmptypes " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:34" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-icmptypes " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-all-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-all-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:40" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:41" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:42" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:42" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_69 #AT_START_70 at_fn_group_banner 70 'firewall-cmd.at:44' \ "default zone" " " 4 at_xfail=no ( $as_echo "70. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:44" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:44" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:44" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:44" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:44" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:44" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:44" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:44" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:44" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:44" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:44" { set +x $as_echo "$at_srcdir/firewall-cmd.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=\"home\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone="home" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "home " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:53" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:54" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:54" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_70 #AT_START_71 at_fn_group_banner 71 'firewall-cmd.at:56' \ "user zone" " " 4 at_xfail=no ( $as_echo "71. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:56" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:56" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:56" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:56" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:56" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:56" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:56" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:56" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:56" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:56" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:56" { set +x $as_echo "$at_srcdir/firewall-cmd.at:59: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --new-zone=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:59" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --new-zone=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-zone=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-zone=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:60" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:61: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zones | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:61" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zones | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:61" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep default " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=BAD " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=BAD ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/firewall-cmd.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=%%REJECT%% " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=%%REJECT%% ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:66" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --add-service=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --add-service=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghi " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghij " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghij ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 116 $at_status "$at_srcdir/firewall-cmd.at:72" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_TARGET: /d' -e '/ERROR: INVALID_NAME: /d'" != x"ignore"; then $as_echo "firewall-cmd.at:73" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_TARGET: /d' -e '/ERROR: INVALID_NAME: /d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:73" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_71 #AT_START_72 at_fn_group_banner 72 'firewall-cmd.at:76' \ "zone interfaces" " " 4 at_xfail=no ( $as_echo "72. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:76" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:76" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:76" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:76" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:76" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:76" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:76" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:76" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:76" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:76" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:76" { set +x $as_echo "$at_srcdir/firewall-cmd.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --add-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --add-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:79" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:80: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:80" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:80" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:83: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:83" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:83" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --change-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --change-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:85" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:86: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:86" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:86" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=block --add-interface=dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=block --add-interface=dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:88" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=block --remove-interface=dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=block --remove-interface=dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --change-zone=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --change-zone=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:91" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:92: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:92" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dmz " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:92" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --list-interfaces " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dummy " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:96" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:99: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --change-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:99" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --change-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:99" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:105" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:106" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:107" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:108: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:108" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:108" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --set-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --set-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:109" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:110: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-zone-of-interface " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:110" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-zone-of-interface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:110" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=perm_dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=perm_dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:113" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --list-interfaces " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "perm_dummy " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:121" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:124" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:125: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:125" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:125" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:127: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:127" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:127" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:128: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:128" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:128" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:129" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:130: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:130" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:130" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:132: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:132" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:132" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:133: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:133" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:133" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:134: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --remove-interface=perm_dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:134" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --remove-interface=perm_dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:134" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:137" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=bar --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=bar --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:138" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:139" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "trusted " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:140" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-interface foo --zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-interface foo --zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-interface bar --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-interface bar --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:145" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:146: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:146" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:146" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:147" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:147" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:148: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=bar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:148" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=bar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:148" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:153: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=trusted --add-interface=+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:153" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=trusted --add-interface=+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:153" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=foobar+++ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:154" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=foobar+++ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:154" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:155: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:155" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:155" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:156: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:156" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { iifname \"foobar*\" goto filter_IN_public iifname \"foobar++*\" goto filter_IN_public goto filter_IN_trusted goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:156" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=trusted --remove-interface=+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=trusted --remove-interface=+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:167: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=foobar+++ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:167" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=foobar+++ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:167" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:168: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:168" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:168" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:169: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:169" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:169" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:170: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:170" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:170" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:171: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:171" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:171" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:171: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:171" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:171" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: ZONE_CONFLICT: perm_dummy/d'" != x"ignore"; then $as_echo "firewall-cmd.at:172" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: ZONE_CONFLICT: perm_dummy/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:172" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_72 #AT_START_73 at_fn_group_banner 73 'firewall-cmd.at:174' \ "zone sources" " " 4 at_xfail=no ( $as_echo "73. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:174" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:174" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:174" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:174" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:174" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:174" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:174" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:174" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:174" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:174" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:174" { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.1/255.255.255.0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.1/255.255.255.0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 192.168.1.1/255.255.255.0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.1/255.255.255.0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.1/255.255.255.0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } if test x" -e '/ERROR: ZONE_CONFLICT/d'" != x"ignore"; then $as_echo "firewall-cmd.at:225" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: ZONE_CONFLICT/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:225" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_73 #AT_START_74 at_fn_group_banner 74 'firewall-cmd.at:227' \ "services" " " 4 at_xfail=no ( $as_echo "74. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:227" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:227" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:227" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:227" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:227" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:227" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:227" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:227" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:227" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:227" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:227" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:227" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:227" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:227" { set +x $as_echo "$at_srcdir/firewall-cmd.at:230: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=dns --timeout 60 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:230" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=dns --timeout 60 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:230" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:231: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:231" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:231" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:232: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:232" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:232" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:233: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:233" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:233" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=smtpssssssss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=smtpssssssss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:234" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=dns --timeout " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=dns --timeout ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:235" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:236: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=dns --add-interface=dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:236" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=dns --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:236" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:238: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --timeout 60 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:238" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --timeout 60 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:238" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:239" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:240: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:240" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dns ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:240" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:242: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-service dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:242" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:242" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --remove-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --remove-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:243" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:248: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:248" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:248" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:249: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=smtpssssssss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:249" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=smtpssssssss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:249" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:250: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --add-interface=dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:250" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:250" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:252: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=http --add-service=nfs --timeout=1h " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:252" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=http --add-service=nfs --timeout=1h ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:252" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:253" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service=nfs --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service=nfs --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:254" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:255: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-service=nfs --remove-service=http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:255" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-service=nfs --remove-service=http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:255" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:256" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:257: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:257" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:257" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-service=http --add-service=nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-service=http --add-service=nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:259" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:260: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:260" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:260" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:261: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service=nfs --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:261" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service=nfs --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:261" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:262: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-service=nfs --remove-service=http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:262" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-service=nfs --remove-service=http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:262" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:267: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:267" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:267" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:268: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:268" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:268" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_SERVICE:/d'" != x"ignore"; then $as_echo "firewall-cmd.at:269" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_SERVICE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:269" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_74 #AT_START_75 at_fn_group_banner 75 'firewall-cmd.at:271' \ "user services" " " 4 at_xfail=no ( $as_echo "75. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:271" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:271" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:271" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:271" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:271" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:271" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:271" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:271" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:271" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:271" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:271" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:271" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:271" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:271" { set +x $as_echo "$at_srcdir/firewall-cmd.at:274: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-service=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:274" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-service=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/firewall-cmd.at:274" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:276: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-service=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:276" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:276" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:277: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:277" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:277" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:279: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:279" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:279" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:280: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:280" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:280" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:281: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:281" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:281" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:282: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:282" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:282" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:283: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:283" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:283" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:284: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:284" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:284" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:285: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:285" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:285" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:286: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:286" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:286" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:287: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:287" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:287" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:288: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:288" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:288" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:289: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:289" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:289" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:290: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:290" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:290" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:291: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:291" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:291" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:292: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:292" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:292" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:293: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:293" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:293" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:294: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:294" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:294" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:295: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:295" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:295" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:296: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:296" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:296" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:298: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:298" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:298" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:299" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:300: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:300" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:300" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:301: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:301" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:301" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:302: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:302" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:302" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:303: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:303" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:303" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:304: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:304" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:304" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:306: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:306" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:306" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:307: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:307" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:307" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:308: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:308" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:308" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:309: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:309" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:309" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:310: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:310" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:310" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:311: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:311" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:311" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:313: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:313" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:313" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:314: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:314" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:314" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:315: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:315" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:315" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:316: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:316" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:316" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:317: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --get-service-helpers " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:317" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --get-service-helpers ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:317" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:320: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:320" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:320" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:321: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:321" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:321" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:323: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:323" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/firewall-cmd.at:323" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:324: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:324" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:324" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:325: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:325" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:325" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:327" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:327" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:327" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:327" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:334: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-service=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:334" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:334" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:335: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:335" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:335" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-service=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:337" $at_failed && at_fn_log_failure $at_traceon; } cat >./foobar-to-be-renamed <<'_ATEOF' { set +x $as_echo "$at_srcdir/firewall-cmd.at:339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-service-from-file=\"./foobar-to-be-renamed\" --name=\"foobar-from-file\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-service-from-file="./foobar-to-be-renamed" --name="foobar-from-file" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar-from-file " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar-from-file ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:339" $at_failed && at_fn_log_failure $at_traceon; } _ATEOF if test x"-e '/ERROR: NAME_CONFLICT: new_service():/d' -e '/ERROR: INVALID_ADDR:/d'" != x"ignore"; then $as_echo "firewall-cmd.at:350" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: NAME_CONFLICT: new_service():/d' -e '/ERROR: INVALID_ADDR:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:350" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_75 #AT_START_76 at_fn_group_banner 76 'firewall-cmd.at:353' \ "ports" " " 4 at_xfail=no ( $as_echo "76. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:353" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:353" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:353" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:353" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:353" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:353" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:353" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:353" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:353" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:353" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:353" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:353" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:353" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:353" { set +x $as_echo "$at_srcdir/firewall-cmd.at:356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone home --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone home --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 254 $at_status "$at_srcdir/firewall-cmd.at:359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo --add-port bar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo --add-port bar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 254 $at_status "$at_srcdir/firewall-cmd.at:360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=666/tcp --zone=public --timeout=30m " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=666/tcp --zone=public --timeout=30m ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:362: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:362" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:362" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:363: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:363" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:363" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:364: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:364" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:364" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:366: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:366" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:366" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:368: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:368" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:368" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:369: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=5000/sctp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:369" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=5000/sctp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:369" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:370: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:370" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:370" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:372: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:372" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:372" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:373: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=222/dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:373" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=222/dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:373" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:374: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:374" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:374" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:375: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:375" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:375" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:377: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:377" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:377" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:378: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:378" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:378" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:379: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:379" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:379" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:380: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port=666/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:380" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port=666/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:380" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:381: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:381" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:381" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:382: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:382" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:382" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:383: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:383" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:383" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:384: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:384" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:384" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:386: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:386" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:386" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:387: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:387" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:387" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:388: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:388" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:388" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:389: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:389" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:389" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:390: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:390" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:390" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:391: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:391" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:391" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:392: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:392" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:392" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:393: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:393" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:393" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:395: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=80/tcp --add-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:395" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=80/tcp --add-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:395" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:396: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:396" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:396" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:397: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:397" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:397" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:398: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 80/tcp --remove-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:398" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 80/tcp --remove-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:398" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:399: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:399" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:399" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:400: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:400" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:400" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:402: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=80/tcp --add-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:402" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=80/tcp --add-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:402" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:403: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:403" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:403" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:404: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:404" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:404" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:405: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 80/tcp --remove-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:405" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 80/tcp --remove-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:405" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:406: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:406" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:406" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:407: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:407" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:407" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:408" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:408" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_76 #AT_START_77 at_fn_group_banner 77 'firewall-cmd.at:410' \ "source ports" " " 4 at_xfail=no ( $as_echo "77. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:410" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:410" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:410" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:410" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:410" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:410" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:410" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:410" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:410" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:410" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:410" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:410" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:410" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:410" { set +x $as_echo "$at_srcdir/firewall-cmd.at:413: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone home --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:413" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone home --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:413" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:414: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:414" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:414" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:415: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:415" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:415" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:416: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=666/tcp --zone=public --timeout=30m " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:416" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=666/tcp --zone=public --timeout=30m ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:416" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:417: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-source-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:417" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-source-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:417" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:418: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:418" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:418" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:419: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:419" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:419" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:420: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-source-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:420" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-source-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:420" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:421: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:421" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:421" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:423: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:423" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:423" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:424: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:424" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:424" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:425: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:425" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:425" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:426: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-source-port=666/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:426" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-source-port=666/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:426" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:427: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:427" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:427" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:428: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:428" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:428" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:429: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-source-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:429" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-source-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:429" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:430: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:430" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:430" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:432: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=80/tcp --add-source-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:432" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=80/tcp --add-source-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:432" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:433: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:433" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:433" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:434: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:434" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:434" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:435: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-source-port 80/tcp --remove-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:435" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-source-port 80/tcp --remove-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:435" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:436: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:436" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:436" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:437: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:437" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:437" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:439: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=80/tcp --add-source-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:439" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=80/tcp --add-source-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:439" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:440: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:440" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:440" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:441: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:441" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:441" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:442: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-source-port 80/tcp --remove-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:442" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-source-port 80/tcp --remove-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:442" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:443: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:443" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:443" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:444: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:444" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:444" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:445" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:445" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_77 #AT_START_78 at_fn_group_banner 78 'firewall-cmd.at:447' \ "protocols" " " 4 at_xfail=no ( $as_echo "78. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:447" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:447" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:447" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:447" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:447" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:447" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:447" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:447" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:447" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:447" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:447" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:447" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:447" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:447" { set +x $as_echo "$at_srcdir/firewall-cmd.at:450: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-protocol=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:450" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-protocol=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:450" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:451: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-protocol=dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:451" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-protocol=dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:451" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:452: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:452" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:452" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:453: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:453" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:453" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:454: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:454" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:454" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:455: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-protocol=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:455" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-protocol=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:455" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:456: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-protocol=dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:456" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-protocol=dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:456" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:457: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:457" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:457" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:458: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:458" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:458" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:459: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:459" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:459" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:461: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:461" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:461" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:462: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=ddp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:462" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=ddp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:462" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:463: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:463" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:463" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:464: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-protocol ddp --remove-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:464" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-protocol ddp --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:464" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:465: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:465" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:465" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:466: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:466" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:466" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:467: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:467" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:467" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:468: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:468" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:468" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:469: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:469" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:469" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:470: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-protocol ddp --remove-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:470" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-protocol ddp --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:470" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:471: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:471" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:471" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:472: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:472" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:472" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_PROTOCOL: dummy/d'" != x"ignore"; then $as_echo "firewall-cmd.at:473" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_PROTOCOL: dummy/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:473" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_78 #AT_START_79 at_fn_group_banner 79 'firewall-cmd.at:475' \ "masquerade" " " 4 at_xfail=no ( $as_echo "79. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:475" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:475" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:475" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:475" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:475" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:475" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:475" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:475" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:475" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:475" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:475" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:475" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:475" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:475" { set +x $as_echo "$at_srcdir/firewall-cmd.at:478: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-masquerade --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:478" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-masquerade --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:478" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:480: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POST_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:480" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POST_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POST_public_allow { meta nfproto ipv4 oifname != \"lo\" masquerade } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:480" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:492: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:492" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:492" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:493: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:493" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:493" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:494: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:494" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:494" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:496: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-masquerade --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:496" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-masquerade --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:496" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:497: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:497" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:497" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:498: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:498" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:498" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:499: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:499" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:499" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:500" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:500" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_79 #AT_START_80 at_fn_group_banner 80 'firewall-cmd.at:502' \ "forward" " " 4 at_xfail=no ( $as_echo "80. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:502" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:502" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:502" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:502" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:502" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:502" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:502" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:502" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:502" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:502" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:502" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:502" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:502" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:502" { set +x $as_echo "$at_srcdir/firewall-cmd.at:505: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --add-interface=dummy --add-interface=dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:505" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --add-interface=dummy --add-interface=dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:505" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:506: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --add-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:506" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:506" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:507: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:507" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_home_allow { oifname \"dummy\" accept oifname \"dummy2\" accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:507" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:529: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --remove-interface=dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:529" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --remove-interface=dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:529" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:530: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:530" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_home_allow { oifname \"dummy\" accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:530" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:543: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --add-interface=dummy3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:543" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --add-interface=dummy3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:543" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:544: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:544" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_home_allow { oifname \"dummy\" accept oifname \"dummy3\" accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:544" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:560: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --query-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:560" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:560" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:561: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --remove-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:561" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --remove-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:561" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_home_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:562" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:572: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --query-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:572" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:572" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:573: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --remove-interface=dummy --remove-interface=dummy3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:573" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --remove-interface=dummy --remove-interface=dummy3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:573" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:575: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=home --add-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:575" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=home --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:575" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:576: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=home --add-interface=dummy --add-interface=dummy3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:576" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=home --add-interface=dummy --add-interface=dummy3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:576" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:577: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=home --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:577" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=home --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:577" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:578: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:578" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:578" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:578: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:578" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:578" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:579: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=home --query-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:579" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=home --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:579" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:580: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:580" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_home_allow { oifname \"dummy\" accept oifname \"dummy3\" accept ip daddr 10.10.10.0/24 accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:580" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:598: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=home --remove-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:598" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=home --remove-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:598" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:599: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=home --query-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:599" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=home --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:599" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:600: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=home --remove-interface=dummy --remove-interface=dummy3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:600" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=home --remove-interface=dummy --remove-interface=dummy3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:600" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:601: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=home --remove-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:601" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=home --remove-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:601" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:602: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:602" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:602" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:602: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:602" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:602" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:605: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone |grep public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:605" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone |grep public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:605" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:606: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-interface dummy4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:606" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-interface dummy4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:606" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:607: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:607" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:607" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:608: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:608" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_public_allow { oifname \"dummy4\" accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:608" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:623: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:623" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:623" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=1234::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:624" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=1234::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:627: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:627" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:627" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:628: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:628" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_internal_allow { ip daddr 10.10.10.0/24 accept ip6 daddr 1234::/64 accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:628" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:642: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-source=1234::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:642" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-source=1234::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:642" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:645: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:645" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_internal_allow { ip daddr 10.10.10.0/24 accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:645" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:657: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=10.20.20.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:657" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=10.20.20.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:657" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:658: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=4321::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:658" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=4321::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:658" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:661: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:661" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_internal_allow { ip daddr 10.10.10.0/24 accept ip daddr 10.20.20.0/24 accept ip6 daddr 4321::/64 accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:661" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:677: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:677" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:677" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:678: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:678" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_internal_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:678" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:688" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:688" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_80 #AT_START_81 at_fn_group_banner 81 'firewall-cmd.at:690' \ "forward ports" " " 4 at_xfail=no ( $as_echo "81. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:690" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:690" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:690" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:690" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:690" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:690" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:690" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:690" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:690" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:690" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:690" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:690" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:690" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:690" { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:693" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:694: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=11:proto=tcp:toport=22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:694" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=11:proto=tcp:toport=22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:694" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:696: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:696" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PRE_public_allow { meta nfproto ipv4 tcp dport 11 redirect to :22 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:696" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:708: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:708" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:708" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:709: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4444 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:709" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:709" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:710: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:710" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:710" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:712: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:712" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PRE_public_allow { meta nfproto ipv4 tcp dport 33 dnat ip to 4.4.4.4 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:712" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:724: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:724" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:724" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:725: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:725" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:725" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:726: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:726" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:726" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:727: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:727" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:727" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:728: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:728" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:728" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:729: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:729" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:729" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:730: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:730" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:730" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:731: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:731" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:731" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:732: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:732" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:732" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:733: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:733" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:733" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:733: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:733" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PRE_public_allow { meta nfproto ipv6 sctp dport 66 dnat ip6 to [fd00:dead:beef:ff0::]:66 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:733" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:733: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:733" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:733" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:733: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:733" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:733" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:733: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:733" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:733" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:752: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:752" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:752" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:753: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:753" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:753" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:754: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:754" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:754" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:755: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:755" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:755" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:756: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:756" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:756" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:757: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:757" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:757" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:758: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-forward-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:758" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-forward-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:758" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:760: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:760" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/firewall-cmd.at:760" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:761: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=11:proto=tcp:toport=22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:761" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=11:proto=tcp:toport=22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:761" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:762: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:762" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:762" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:763: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4444 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:763" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:763" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:764: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:764" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:764" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:765: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:765" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:765" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:766: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:766" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:766" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:767: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:767" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:767" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:768: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:768" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:768" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:769: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:769" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:769" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:770: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:770" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:770" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:771: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:771" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:771" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:772: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:772" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:772" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:773: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:773" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:773" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:774: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:774" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:774" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:774: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:774" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:774" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:774: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:774" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:774" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:774: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:774" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:774" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:780: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:780" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:780" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:781: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:781" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:781" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:782: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:782" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:782" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:783: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:783" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:783" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:784: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:784" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:784" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:785: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:785" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:785" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:786: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-forward-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:786" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-forward-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:786" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then $as_echo "firewall-cmd.at:787" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:787" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_81 #AT_START_82 at_fn_group_banner 82 'firewall-cmd.at:789' \ "ICMP block" " " 4 at_xfail=no ( $as_echo "82. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:789" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:789" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:789" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:789" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:789" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:789" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:789" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:789" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:789" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:789" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:789" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:789" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:789" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:789" { set +x $as_echo "$at_srcdir/firewall-cmd.at:792: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-icmp-blocks " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:792" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-icmp-blocks ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:792" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:794: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=dummyblock " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:794" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=dummyblock ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/firewall-cmd.at:794" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:795: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:795" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:795" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:796: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:796" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:796" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:797: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:797" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:797" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:798: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:798" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:798" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:799: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=dummyblock " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:799" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=dummyblock ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/firewall-cmd.at:799" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:800: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:800" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:800" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:801: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:801" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:801" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:802: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:802" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:802" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:803: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:803" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:803" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:805: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:805" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:805" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:806: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:806" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:806" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:807: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:807" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:807" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:808: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:808" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:808" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:809: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-icmp-block-inversion --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:809" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-icmp-block-inversion --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:809" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:810: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:810" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:810" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:811: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:811" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:811" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:812: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:812" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:812" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:814: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=block " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:814" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=block ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:814" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:815: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=block " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:815" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=block ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:815" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:816: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=drop " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:816" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=drop ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:816" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:817: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=drop " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:817" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=drop ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:817" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:818: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:818" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:818" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:819: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:819" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:819" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:821: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:821" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:821" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:822: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:822" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:822" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:823: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:823" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:823" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:824: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:824" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:824" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:825: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:825" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:825" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:826: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:826" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:826" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:827: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:827" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:827" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:828: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:828" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:828" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:829: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:829" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:829" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:830: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:830" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:830" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:831" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:832: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:832" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:832" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_ICMPTYPE:/d'" != x"ignore"; then $as_echo "firewall-cmd.at:833" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ICMPTYPE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:833" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_82 #AT_START_83 at_fn_group_banner 83 'firewall-cmd.at:835' \ "user ICMP types" " " 4 at_xfail=no ( $as_echo "83. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:835" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:835" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:835" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:835" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:835" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:835" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:835" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:835" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:835" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:835" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:835" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:835" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:835" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:835" { set +x $as_echo "$at_srcdir/firewall-cmd.at:838: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-icmptype=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:838" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-icmptype=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/firewall-cmd.at:838" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:840: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-icmptype=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:840" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-icmptype=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:840" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:841: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-icmptypes | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:841" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-icmptypes | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:841" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:843: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv5 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:843" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:843" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:844: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:844" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:844" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:845: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:845" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:845" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:846: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:846" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:846" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:847: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:847" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:847" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:848: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:848" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:848" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:849: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:849" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:849" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:851: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-icmp-block=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:851" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-icmp-block=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:851" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:852: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:852" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:852" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:854: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-icmptype=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:854" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-icmptype=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:854" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:855: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:855" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:855" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/NAME_CONFLICT: new_icmptype():/d'" != x"ignore"; then $as_echo "firewall-cmd.at:856" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/NAME_CONFLICT: new_icmptype():/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:856" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_83 #AT_START_84 at_fn_group_banner 84 'firewall-cmd.at:858' \ "ipset" " " 4 at_xfail=no ( $as_echo "84. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:858" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:858" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:858" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:858" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:858" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:858" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:858" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:858" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:858" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:858" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:858" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:858" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:858" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:858" { set +x $as_echo "$at_srcdir/firewall-cmd.at:861: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:861" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:861" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:861: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \\; } " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:861" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:861" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:861" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft flush set inet firewalld_check_ipset foobar >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:861" $as_echo "firewall-cmd.at:861" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout { type ipv4_addr \; timeout 600s \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:861" $as_echo "firewall-cmd.at:861" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_size { type ipv4_addr \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:861" $as_echo "firewall-cmd.at:861" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout_size { type ipv4_addr \; timeout 600s \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:861" $as_echo "firewall-cmd.at:861" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_interval_concat { type ipv4_addr . inet_service \; flags interval \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:861" $as_echo "firewall-cmd.at:861" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -j '{"nftables": [{"add": {"element": {"family": "inet", "table": "firewalld_check_ipset", "name": "foobar_interval_concat", "elem": [{"concat": [{"prefix": {"addr": "10.10.10.0", "len": 24}}, {"range": ["1234", "2000"]}]}]}}}]}' >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:861" { set +x $as_echo "$at_srcdir/firewall-cmd.at:861: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:861" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:861" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:864: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:864" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:864" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:865: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:865" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:865" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:866: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:866" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:866" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:868: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:868" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:868" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:869: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries | grep \"1.2.3.4\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:869" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries | grep "1.2.3.4" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:869" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:870: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.400 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:870" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.400 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/firewall-cmd.at:870" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:871: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --remove-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:871" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --remove-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:871" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:872: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:872" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:872" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:875: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:875" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:875" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:876: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=ipset:foobar | grep public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:876" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=ipset:foobar | grep public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:876" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:877: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources | grep \"ipset:foobar\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:877" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources | grep "ipset:foobar" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:877" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:878: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:878" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:878" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:879: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:879" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:879" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:880: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:880" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:880" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:882: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:882" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:882" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:883: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:883" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:883" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:886: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:886" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:886" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:887: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:887" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:887" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:888: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,2000-2100 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:888" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,2000-2100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:888" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:889: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:889" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:889" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:889: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:889" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:889" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:890: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:890" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr . inet_proto . inet_service flags interval elements = { 10.10.10.10 . tcp . 1234, 10.10.10.10 . tcp . 2000-2100 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:890" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:900: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:900" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:900" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:901: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:901" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:901" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:902: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:902" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:902" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:902: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:902" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:902" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:905: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:905" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:905" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:906: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:906" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:907: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:907" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:907" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:908: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:908" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:908" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:908: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:908" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:908" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:909: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:909" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:909" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:910: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:910" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:910" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:911: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:911" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr . inet_proto . inet_service flags interval elements = { 10.10.10.10 . sctp . 1234, 10.10.10.10 . udp . 1000-1002, 20.20.20.20 . tcp . 8080 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:911" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:922: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:922" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { ip saddr . meta l4proto . th sport @foobar goto filter_IN_internal goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:922" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:930: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:930" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip,port Members: 10.10.10.10,sctp:1234 10.10.10.10,udp:1000 10.10.10.10,udp:1001 10.10.10.10,udp:1002 20.20.20.20,tcp:8080 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:930" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:940: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,sctp:8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:940" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,sctp:8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:940" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:941: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:941" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:941" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:942: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:942" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:942" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:942: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:942" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:942" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:945: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,mark " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:945" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,mark ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:945" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:946: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,0x100 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:946" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,0x100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:946" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:947: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:947" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:947" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:947: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:947" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:947" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:948: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,0x200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:948" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,0x200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:948" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:949: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:949" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:949" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:950: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:950" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr . mark flags interval elements = { 10.10.10.10 . 0x00000100, 20.20.20.20 . 0x00000200 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:950" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:960: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:960" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { ip saddr . mark @foobar goto filter_IN_internal goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:960" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:968: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:968" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip,mark Members: 10.10.10.10,0x00000100 20.20.20.20,0x00000200 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:968" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:975: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:975" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:975" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:976: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:976" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:976" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:976: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:976" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:976" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:979: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,port " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:979" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:979" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:980: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:980" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:980" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:981: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:981" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:981" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:981: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:981" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:981" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:982: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:982" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:982" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:983: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:983" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:983" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:984: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:984" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:984" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:984: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:984" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:984" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:987: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port,net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:987" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port,net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:987" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:988: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:988" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:988" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:989: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:989" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:989" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:989: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:989" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:989" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:990: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080,1.6.0.0/16 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:990" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080,1.6.0.0/16 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:990" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:991: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:991" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr . inet_proto . inet_service . ipv4_addr flags interval elements = { 10.10.10.10 . sctp . 1234 . 10.10.10.0/24, 1.2.3.4 . tcp . 8080 . 1.6.0.0/16 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:991" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1001: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1001" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip,port,net Members: 1.2.3.4,tcp:8080,1.6.0.0/16 10.10.10.10,sctp:1234,10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1001" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1008: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1008" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1008" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1009" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1009" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1012: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,iface " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1012" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,iface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1012" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1013: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1013" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1013" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1014: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1014" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1014" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1014: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1014" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1014" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1015: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.0/24,raboof0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1015" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.0/24,raboof0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1015" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1016: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1016" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1016" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1017: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1017" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr . ifname flags interval elements = { 10.10.10.0/24 . \"foobar0\", 20.20.20.0/24 . \"raboof0\" } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1017" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1027: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1027" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { ip saddr . oifname @foobar goto filter_IN_internal goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1027" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1035: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1035" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net,iface Members: 10.10.10.0/24,foobar0 20.20.20.0/24,raboof0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1035" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1042: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1042" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1042" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1043: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1043" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1043" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1043: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1043" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1043" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:mac " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:mac ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=12:34:56:78:90:ab " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=12:34:56:78:90:ab ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=12:34:56:78:90:ac " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=12:34:56:78:90:ac ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_ENTRY: invalid address/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1053" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ENTRY: invalid address/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1053" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_84 #AT_START_85 at_fn_group_banner 85 'firewall-cmd.at:1055' \ "user helpers" " " 4 at_xfail=no ( $as_echo "85. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1055" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1055" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1055" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1055" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1055" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1055" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1055" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1055" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1055" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1055" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1055" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1055" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1055" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1055" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1058: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1058" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 132 $at_status "$at_srcdir/firewall-cmd.at:1058" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1059: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=nf_conntrack_foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1059" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=nf_conntrack_foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1059" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1060: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1060" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1060" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1061: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1061" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1061" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1062: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv5 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1062" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1062" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1063: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1063" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1063" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1064: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1064" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1064" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1065: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family= " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1065" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family= ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1065" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1067: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1067" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1067" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1069: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1069" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1069" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1072: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --add-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1072" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --add-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1072" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1073: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports | grep 44 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1073" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports | grep 44 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1073" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1074: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1074" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1074" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1075: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --remove-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1075" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --remove-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1075" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1076: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1076" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1076" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1077: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1077" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1077" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1079: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-helper=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1079" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-helper=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1079" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1080: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1080" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1080" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_MODULE:/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1081" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_MODULE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1081" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_85 #AT_START_86 at_fn_group_banner 86 'firewall-cmd.at:1083' \ "direct" " " 4 at_xfail=no ( $as_echo "86. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1083" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1083" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1083" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1083" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1083" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1083" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1083" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1083" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1083" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1083" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1083" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1083" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1083" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1083" $as_echo "firewall-cmd.at:1085" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1085" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1087: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1087" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1087" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1088: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-chains ipv4 filter | grep mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1088" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-chains ipv4 filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1088" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1089: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-chains | grep \"ipv4 filter mychain\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1089" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-chains | grep "ipv4 filter mychain" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1089" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1090: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1090" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1090" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain ipv5 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1091" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain ipv5 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1092: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain ipv4 badtable mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1092" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain ipv4 badtable mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 108 $at_status "$at_srcdir/firewall-cmd.at:1092" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1094: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1094" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1094" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1095: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1095" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1095" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1096: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 filter mychain 3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1096" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 filter mychain 3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1096" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1097: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1097" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1097" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1098: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1098" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1098" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1099: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1099" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1099" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv5 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv5 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 badtable mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 badtable mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 108 $at_status "$at_srcdir/firewall-cmd.at:1101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1105" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1106" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"3 -s 192.168.1.1 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "3 -s 192.168.1.1 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1107" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1108: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"4 -s 192.168.1.2 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1108" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "4 -s 192.168.1.2 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1108" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"5 -s 192.168.1.3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "5 -s 192.168.1.3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1109" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1110: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"6 -s 192.168.1.4 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1110" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "6 -s 192.168.1.4 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1110" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1111: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rules ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1111" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rules ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1111" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1113" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv5 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv5 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 badtable mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 badtable mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 108 $at_status "$at_srcdir/firewall-cmd.at:1118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1121" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1124" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1125: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1125" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1125" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1126" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1127: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1127" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1127" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1128: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --zone=home --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1128" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --zone=home --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1128" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --permanent --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --permanent --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1129" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1132: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-chain ipv4 filter žluÅ¥ouÄký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1132" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-chain ipv4 filter žluÅ¥ouÄký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1132" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1133: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-chains ipv4 filter |grep \"žluÅ¥ouÄký\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1133" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-chains ipv4 filter |grep "žluÅ¥ouÄký" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1133" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1134: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-chains | grep \"ipv4 filter žluÅ¥ouÄký\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1134" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-chains | grep "ipv4 filter žluÅ¥ouÄký" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1134" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluÅ¥ouÄký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluÅ¥ouÄký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1136: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1136" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1136" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-rules ipv4 filter žluÅ¥ouÄký | grep ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-rules ipv4 filter žluÅ¥ouÄký | grep ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1137" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep \"ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep "ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1138" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1139" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1140" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1141: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1141" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1141" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1142: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-chain ipv4 filter žluÅ¥ouÄký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1142" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-chain ipv4 filter žluÅ¥ouÄký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1142" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluÅ¥ouÄký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluÅ¥ouÄký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1146: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1146" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1146" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter FORWARD_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1147" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter FORWARD_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1147" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1148: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 security INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1148" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 security INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1148" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1149: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 raw PREROUTING_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1149" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 raw PREROUTING_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1149" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1150: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 mangle PREROUTING_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1150" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 mangle PREROUTING_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1150" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1151: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 nat PREROUTING_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1151" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 nat PREROUTING_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1151" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1152: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1152" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1152" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1153: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1153" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1153" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1153: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1153" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1153" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_TABLE:/d' -e '/WARNING: NOT_ENABLED: chain/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1154" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_TABLE:/d' -e '/WARNING: NOT_ENABLED: chain/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1154" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_86 #AT_START_87 at_fn_group_banner 87 'firewall-cmd.at:1157' \ "direct nat" " " 4 at_xfail=no ( $as_echo "87. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1157" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1157" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1157" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1157" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1157" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1157" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1157" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1157" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1157" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1157" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1157" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1157" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1157" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1157" $as_echo "firewall-cmd.at:1160" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1160" KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 18 || test ${KERNEL_MAJOR} -gt 4; then : else $as_echo "firewall-cmd.at:1161" >"$at_check_line_file" at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1161" fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1167: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1167" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1167" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1168: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1168" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1168" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1169: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1169" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1169" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1170: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1170" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1170" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1171: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1171" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1171" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1172: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1172" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1172" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1173: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules |grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1173" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules |grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1173" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:1180" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1180" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_87 #AT_START_88 at_fn_group_banner 88 'firewall-cmd.at:1182' \ "direct passthrough" " " 4 at_xfail=no ( $as_echo "88. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1182" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1182" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1182" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1182" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1182" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1182" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1182" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1182" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1182" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1182" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1182" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1182" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1182" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1182" $as_echo "firewall-cmd.at:1184" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1184" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1186: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --append POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1186" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --append POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1186" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --delete POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1187" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --delete POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1189: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1189" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1189" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1190: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1190" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1190" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1192: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1192" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1192" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1193: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1193" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1193" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1194: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1194" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1194" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1195" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1197: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1197" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1197" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1197: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-passthroughs ipv6 | grep \"fd00:dead:beef:ff0::/64\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1197" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-passthroughs ipv6 | grep "fd00:dead:beef:ff0::/64" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1197" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1197: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-passthroughs | grep \"fd00:dead:beef:ff0::/64\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1197" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-passthroughs | grep "fd00:dead:beef:ff0::/64" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1197" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1197: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -nvL | grep \"fd00:dead:beef:ff0::/64\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1197" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -nvL | grep "fd00:dead:beef:ff0::/64" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1197" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1197: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1197" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1197" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1205: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv5 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1205" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv5 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1205" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1206: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1206" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1206" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1208: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough --get-chains ipv4 filter " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1208" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough --get-chains ipv4 filter ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1208" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1210: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1210" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1210" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1211: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv5 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1211" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv5 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1211" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1212" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1213: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-passthroughs ipv4 | grep \"\\-nvL\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1213" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-passthroughs ipv4 | grep "\-nvL" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1213" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1214: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-passthroughs | grep \"ipv4 \\-nvL\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1214" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-passthroughs | grep "ipv4 \-nvL" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1214" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1217" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/WARNING: NOT_ENABLED: passthrough/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1218" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/WARNING: NOT_ENABLED: passthrough/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1218" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_88 #AT_START_89 at_fn_group_banner 89 'firewall-cmd.at:1220' \ "direct ebtables" " " 4 at_xfail=no ( $as_echo "89. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1220" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1220" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1220" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1220" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1220" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1220" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1220" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1220" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1220" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1220" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1220" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1220" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1220" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1220" $as_echo "firewall-cmd.at:1222" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1222" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1224: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain eb filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1224" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1224" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1225: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-chains eb filter | grep mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1225" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-chains eb filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1225" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1226: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1226" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1226" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1227: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1227" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1227" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1228: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L mychain; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1228" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L mychain; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 -j DROP -p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1228" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1233: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1233" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1233" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L mychain; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L mychain; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1234" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1239" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1240: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT_direct 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1240" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT_direct 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1240" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1241: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1241" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 -j DROP -p IPv6 -j DROP " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1241" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rules eb filter INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rules eb filter INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1253" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rules eb filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rules eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1254" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-chain eb filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-chain eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1256" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1257: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-chains eb filter | grep mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1257" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-chains eb filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1257" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1258: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1258" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1258" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1259" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1259" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1260: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L mychain; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1260" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L mychain; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1260" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:1264" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1264" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_89 #AT_START_90 at_fn_group_banner 90 'firewall-cmd.at:1266' \ "lockdown" " " 4 at_xfail=no ( $as_echo "90. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1266" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1266" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1266" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1266" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1266" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1266" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1266" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1266" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1266" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1266" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1266" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1266" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1266" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1266" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1269" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1270: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1270" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1270" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1271: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-commands | grep \"/usr/bin/command\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1271" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-commands | grep "/usr/bin/command" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1271" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1272: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1272" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1272" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1273: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1273" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1273" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1274: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1274" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1274" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1275: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1275" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1275" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1276: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-commands | grep \"/usr/bin/command\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1276" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-commands | grep "/usr/bin/command" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1276" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1277: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1277" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1277" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1278: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1278" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1278" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1280: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1280" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1280" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1281: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1281" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1281" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1282: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-contexts | grep \"system_u:system_r:MadDaemon_t:s0\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1282" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1282" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1283: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1283" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1283" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1284: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1284" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1284" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1285: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1285" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1285" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1286: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1286" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1286" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1287: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-contexts | grep \"system_u:system_r:MadDaemon_t:s0\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1287" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1287" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1288: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1288" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1288" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1289: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1289" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1289" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1291: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1291" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1291" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1292: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1292" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1292" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1293: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-uids | grep \"6666\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1293" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-uids | grep "6666" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1293" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1294: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1294" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1294" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1295: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1295" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1295" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1296: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666x " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1296" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666x ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1296" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1297: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1297" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1297" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1298: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1298" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1298" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-uids | grep \"6666\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-uids | grep "6666" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1299" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1300: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1300" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1300" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1301: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1301" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1301" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1302: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666x " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1302" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666x ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1302" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1304: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1304" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1304" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1305: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1305" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1305" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1306: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-users | grep \"theboss\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1306" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-users | grep "theboss" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1306" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1307: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1307" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1307" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1308: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1308" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1308" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1309: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1309" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1309" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1310: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1310" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1310" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1311: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-users | grep \"theboss\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1311" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-users | grep "theboss" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1311" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1312: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1312" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1312" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1313: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1313" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1313" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1315" >"$at_check_line_file" (test `whoami` != 'root') \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1315" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1316: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user root " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1316" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user root ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1316" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1317: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --lockdown-on " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1317" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --lockdown-on ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1317" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1318: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1318" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1318" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1319: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --lockdown-off " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1319" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --lockdown-off ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1319" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1320: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1320" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1320" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:1321" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1321" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_90 #AT_START_91 at_fn_group_banner 91 'firewall-cmd.at:1333' \ "rich rules good" " " 4 at_xfail=no ( $as_echo "91. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1333" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1333" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1333" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1333" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1333" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1333" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1333" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1333" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1333" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1333" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1333" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1333" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1333" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1333" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1366" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1366" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_91 #AT_START_92 at_fn_group_banner 92 'firewall-cmd.at:1367' \ "rich rules audit" " " 4 at_xfail=no ( $as_echo "92. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1367" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1367" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1367" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1367" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1367" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1367" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1367" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1367" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1367" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1367" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1367" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1367" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1367" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1367" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1370: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_log_audit " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1370" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_log_audit ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1370" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1370: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add chain inet firewalld_check_log_audit foobar { type filter hook input priority 0 \\; } " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1370" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add chain inet firewalld_check_log_audit foobar { type filter hook input priority 0 \; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1370" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1370" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add rule inet firewalld_check_log_audit foobar log level audit >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1370" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1370: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_log_audit " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1370" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_log_audit ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1370" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:1372" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1372" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_92 #AT_START_93 at_fn_group_banner 93 'firewall-cmd.at:1375' \ "rich rules priority" " " 4 at_xfail=no ( $as_echo "93. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1375" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1375" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1375" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1375" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1375" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1375" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1375" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1375" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1375" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1375" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1375" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1375" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1375" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1375" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1378: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_log_audit " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1378" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_log_audit ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1378" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1378: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add chain inet firewalld_check_log_audit foobar { type filter hook input priority 0 \\; } " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1378" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add chain inet firewalld_check_log_audit foobar { type filter hook input priority 0 \; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1378" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1378" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add rule inet firewalld_check_log_audit foobar log level audit >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1378" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1378: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_log_audit " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1378" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_log_audit ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1378" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1381: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1381" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public { jump filter_INPUT_POLICIES_pre jump filter_IN_public_pre jump filter_IN_public_log jump filter_IN_public_deny jump filter_IN_public_allow jump filter_IN_public_post jump filter_INPUT_POLICIES_post meta l4proto { icmp, ipv6-icmp } accept reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1381" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1396: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1396" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_public { jump filter_FORWARD_POLICIES_pre jump filter_FWD_public_pre jump filter_FWD_public_log jump filter_FWD_public_deny jump filter_FWD_public_allow jump filter_FWD_public_post jump filter_FORWARD_POLICIES_post reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1396" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1458: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule port port=\"1111\" protocol=\"tcp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1458" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule port port="1111" protocol="tcp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1458" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1459: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port=\"1122\" protocol=\"tcp\" audit accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1459" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port="1122" protocol="tcp" audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1459" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1460: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule port port=\"2222\" protocol=\"tcp\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1460" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule port port="2222" protocol="tcp" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1460" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1461: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule port port=\"3333\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1461" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule port port="3333" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1461" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1462: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port=\"4444\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1462" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port="4444" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1462" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1463: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1463" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_log { tcp dport 1111 ct state new,untracked log tcp dport 1122 ct state new,untracked log level audit } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1463" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1471: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1471" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_deny { tcp dport 2222 ct state new,untracked drop } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1471" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1478: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1478" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 1122 ct state new,untracked accept tcp dport 3333 ct state new,untracked accept tcp dport 4444 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1478" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1516: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1516" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1516" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1516: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1516" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1516" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1519: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32768 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1519" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32768 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1519" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1520: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32767 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1520" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32767 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1520" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1521: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32769 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1521" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32769 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/firewall-cmd.at:1521" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1522: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32768 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1522" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32768 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/firewall-cmd.at:1522" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1523: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1523" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1523" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1523: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1523" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1523" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1527: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1527" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1527" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1528: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1528" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1528" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1529: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1529" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_post { drop } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1529" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1542: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1542" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1542" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1543: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1543" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1543" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1544: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1544" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1544" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1545: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1545" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1545" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1546: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1546" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1546" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1547: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1547" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1547" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1550: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1550" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1550" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1551: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1551" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1551" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1552: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule log prefix=\"foobar: \"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1552" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule log prefix="foobar: "' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1552" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1553: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1553" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1553" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1553: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1553" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1553" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1556: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"10.10.0.0/16\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1556" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.10.0.0/16" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1556" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1557: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-10 source address=\"10.1.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1557" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-10 source address="10.1.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1557" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1558: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-1 source address=\"10.1.0.0/16\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1558" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-1 source address="10.1.0.0/16" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1558" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1560: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=0 forward-port port=\"222\" protocol=\"tcp\" to-port=\"22\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1560" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=0 forward-port port="222" protocol="tcp" to-port="22"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1560" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1561: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=0 forward-port port=\"2222\" protocol=\"tcp\" to-port=\"22\" to-addr=\"10.1.1.1\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1561" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=0 forward-port port="2222" protocol="tcp" to-port="22" to-addr="10.1.1.1"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1561" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-10 forward-port port=\"8888\" protocol=\"tcp\" to-port=\"80\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8888" protocol="tcp" to-port="80"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1562" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1563: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-10 forward-port port=\"8080\" protocol=\"tcp\" to-port=\"80\" to-addr=\"10.1.1.1\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1563" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8080" protocol="tcp" to-port="80" to-addr="10.1.1.1"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1563" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1564: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" priority=0 forward-port port=\"9090\" protocol=\"tcp\" to-port=\"90\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1564" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" priority=0 forward-port port="9090" protocol="tcp" to-port="90"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1564" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1564: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" priority=-123 forward-port port=\"999\" protocol=\"tcp\" to-port=\"99\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1564" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" priority=-123 forward-port port="999" protocol="tcp" to-port="99"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1564" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1564: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" priority=-123 forward-port port=\"9999\" protocol=\"tcp\" to-port=\"9999\" to-addr=\"1234::4321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1564" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" priority=-123 forward-port port="9999" protocol="tcp" to-port="9999" to-addr="1234::4321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1564" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1569: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1569" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname \"lo\" accept jump filter_INPUT_ZONES ct state invalid drop reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1569" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1581: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1581" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_pre { ip saddr 10.1.0.0/16 drop } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1581" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1588: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1588" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1588" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1596: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1596" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_public_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1596" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1602: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1602" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_public_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1602" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1608: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1608" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PRE_public_pre { meta nfproto ipv6 tcp dport 999 redirect to :99 meta nfproto ipv6 tcp dport 9999 dnat ip6 to [1234::4321]:9999 meta nfproto ipv4 tcp dport 8888 redirect to :80 meta nfproto ipv4 tcp dport 8080 dnat ip to 10.1.1.1:80 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1608" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1618: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1618" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PRE_public_allow { meta nfproto ipv4 tcp dport 222 redirect to :22 meta nfproto ipv4 tcp dport 2222 dnat ip to 10.1.1.1:22 meta nfproto ipv6 tcp dport 9090 redirect to :90 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1618" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1627: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POST_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1627" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POST_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POST_public_pre { ip saddr 10.1.1.0/24 oifname != \"lo\" masquerade } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1627" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1634: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POST_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1634" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POST_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POST_public_allow { ip saddr 10.10.0.0/16 oifname != \"lo\" masquerade } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1634" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1641: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1641" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PRE_public_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1641" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1647: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1647" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PRE_public_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1647" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1702: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1702" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1702" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1702: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1702" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1702" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1705: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-block name=\"destination-unreachable\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1705" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-block name="destination-unreachable"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1705" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1706: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-block name=\"destination-unreachable\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1706" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-block name="destination-unreachable"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1706" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1708: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-type name=\"echo-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1708" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-type name="echo-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1708" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1709: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-type name=\"echo-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1709" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-type name="echo-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1709" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1710: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1710" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_pre { icmp destination-unreachable reject with icmpx admin-prohibited icmpv6 destination-unreachable reject with icmpx admin-prohibited icmp echo-request accept icmpv6 echo-request accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1710" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1720: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1720" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_deny { icmp destination-unreachable reject with icmpx admin-prohibited icmpv6 destination-unreachable reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1720" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1728: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1728" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept icmp echo-request accept icmpv6 echo-request accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1728" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1738: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1738" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_public_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1738" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1744: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1744" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_public_deny { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1744" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1750: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1750" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_public_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1750" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1791: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1791" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1791" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1791: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1791" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1791" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1794: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=70 service name=\"smtps\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1794" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=70 service name="smtps" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1794" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1795: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-111 service name=\"ntp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1795" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-111 service name="ntp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1795" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1796: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 port port=\"1111\" protocol=\"tcp\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1796" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 port port="1111" protocol="tcp" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1796" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1797: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-100 port port=\"1111\" protocol=\"tcp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1797" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-100 port port="1111" protocol="tcp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1797" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1798: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=\"-77\" service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1798" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority="-77" service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1798" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1799: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=-111 service name=\"ntp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1799" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=-111 service name="ntp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1799" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1800: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-32768 source address=\"10.0.0.0/8\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1800" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-32768 source address="10.0.0.0/8" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1800" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1801: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-2 source address=\"10.0.0.0/8\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1801" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-2 source address="10.0.0.0/8" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1801" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1802: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-1 source address=\"10.0.0.0/8\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1802" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-1 source address="10.0.0.0/8" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1802" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1803: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-5 source address=\"10.10.10.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1803" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-5 source address="10.10.10.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1803" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1804: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-3 source address=\"10.100.100.0/24\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1804" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1804" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1805: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1805" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1805" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1806: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=125 service name=\"imap\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1806" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=125 service name="imap" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1806" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1807: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=126 log prefix=\"DROPPED: \"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1807" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=126 log prefix="DROPPED: "' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1807" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1808: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=10 service name=\"ssh\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1808" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=10 service name="ssh" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1808" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1809: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=1 service name=\"http\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1809" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=1 service name="http" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1809" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=100 service name=\"https\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1810" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=100 service name="https" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1811: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=5 service name=\"https\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1811" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=5 service name="https" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1811" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1812: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=66 service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1812" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=66 service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1812" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1813: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=66 service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1813" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=66 service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1813" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1814: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=70 service name=\"smtps\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1814" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=70 service name="smtps" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1814" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1815: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=5 service name=\"https\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1815" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=5 service name="https" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1815" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1816: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=\"-77\" service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1816" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority="-77" service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1816" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1817: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" priority=-3 source address=\"10.100.100.0/24\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1817" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1817" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1818: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1818" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_pre { ip saddr 10.0.0.0/8 log tcp dport 1111 ct state new,untracked log tcp dport 1111 ct state new,untracked drop ip saddr 10.10.10.0/24 accept ip saddr 10.0.0.0/8 log ip saddr 10.0.0.0/8 drop } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1818" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1830: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1830" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1830" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1838: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1838" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_deny { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1838" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1844: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1844" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_log { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1844" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1850: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1850" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_post { tcp dport 80 ct state new,untracked accept tcp dport 22 ct state new,untracked accept tcp dport 443 ct state new,untracked accept tcp dport 143 ct state new,untracked accept log prefix \"DROPPED: \" drop } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1850" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1905: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1905" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1905" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1906: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1906" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1906: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1906" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1910: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 service name=\"http\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1910" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 service name="http" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1910" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1911: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1911" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority=\"-32768\" family=\"ipv4\" source address=\"10.0.0.0/8\" log rule priority=\"-100\" port port=\"1111\" protocol=\"tcp\" log rule priority=\"-10\" port port=\"1111\" protocol=\"tcp\" drop rule priority=\"-5\" family=\"ipv4\" source address=\"10.10.10.0/24\" accept rule priority=\"-2\" family=\"ipv4\" source address=\"10.0.0.0/8\" log rule priority=\"-1\" family=\"ipv4\" source address=\"10.0.0.0/8\" drop rule service name=\"http\" accept rule priority=\"1\" service name=\"http\" accept rule priority=\"10\" service name=\"ssh\" accept rule priority=\"100\" service name=\"https\" accept rule priority=\"125\" service name=\"imap\" accept rule priority=\"126\" log prefix=\"DROPPED: \" rule priority=\"127\" drop " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1911" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/INVALID_RULE: no element, no source, no destination/d' -e '/INVALID_RULE: no element, no action/d' -e '/ERROR: INVALID_PRIORITY: /d' -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1941" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/INVALID_RULE: no element, no source, no destination/d' -e '/INVALID_RULE: no element, no action/d' -e '/ERROR: INVALID_PRIORITY: /d' -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1941" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_93 #AT_START_94 at_fn_group_banner 94 'firewall-cmd.at:1946' \ "rich rules bad" " " 4 at_xfail=no ( $as_echo "94. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1946" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1946" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1946" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1946" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1946" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1946" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1946" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1946" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1946" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1946" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1946" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1946" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1946" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1946" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1953: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1953" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1953" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1953: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1953" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1953" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1954: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1954" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1954" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1954: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1954" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1954" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1955: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1955" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1955" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1955: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1955" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1955" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1956: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"ah\" reject type=\"icmp-host-prohibited\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1956" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="ah" reject type="icmp-host-prohibited"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1956" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1956: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"ah\" reject type=\"icmp-host-prohibited\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1956" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="ah" reject type="icmp-host-prohibited"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1956" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1957: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" protocol value=\"ah\" reject type=\"dummy\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1957" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" protocol value="ah" reject type="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1957" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1957: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" protocol value=\"ah\" reject type=\"dummy\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1957" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" protocol value="ah" reject type="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1957" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1958: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1958" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1958" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1958: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1958" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1958" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1959: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule bad_element' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1959" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule bad_element' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1959" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1959: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule bad_element' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1959" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule bad_element' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1959" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1960: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv5\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1960" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv5"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1960" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1960: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv5\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1960" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv5"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1960" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1961: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1961" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1961" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1961: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1961" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1961" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1962: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol=\"ah\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1962" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol="ah" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1962" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1962: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol=\"ah\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1962" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol="ah" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1962" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1963: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"ah\" accept drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1963" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="ah" accept drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1963" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1963: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"ah\" accept drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1963" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="ah" accept drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1963" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1964: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service name=\"radius\" port port=\"4011\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1964" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service name="radius" port port="4011" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1964" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1964: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name=\"radius\" port port=\"4011\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1964" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name="radius" port port="4011" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1964" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1965: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service bad_attribute=\"dns\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1965" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service bad_attribute="dns"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1965" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1965: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service bad_attribute=\"dns\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1965" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service bad_attribute="dns"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1965" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1966: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"igmp\" log level=\"eror\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1966" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="igmp" log level="eror"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 125 $at_status "$at_srcdir/firewall-cmd.at:1966" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1966: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"igmp\" log level=\"eror\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1966" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="igmp" log level="eror"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 125 $at_status "$at_srcdir/firewall-cmd.at:1966" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='family=\"ipv6\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='family="ipv6" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='family=\"ipv6\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='family="ipv6" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 207 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 207 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 123 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 123 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1972: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"esp\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1972" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="esp"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1972" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1972: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"esp\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1972" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="esp"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1972" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1973: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" masquerade drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1973" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" masquerade drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1973" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1973: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" masquerade drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1973" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" masquerade drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1973" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1974: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" icmp-block name=\"redirect\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1974" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" icmp-block name="redirect" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1974" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1974: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" icmp-block name=\"redirect\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1974" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" icmp-block name="redirect" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1974" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1975: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" protocol=\"tcp\" family=\"ipv4\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1975" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="2222" to-port="22" protocol="tcp" family="ipv4" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1975" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1975: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" protocol=\"tcp\" family=\"ipv4\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1975" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="2222" to-port="22" protocol="tcp" family="ipv4" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1975" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1976: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service name=\"ssh\" log prefix=\"RRClag4hrBx9XZXk+46c6QavQehyRGdy3tjs7gzc+xfSzsd2smjoQ2NCPami6zVyjHtPGziBuqSWT0KII7QbHkwjNMr9pzbcbPue9PMTb5zXlMPphDjeuDdC3QTCH9rGQHooa9LiDWr+DqNPkBs+vb8r50eb+yEQIyhQaiDrQ0sc\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1976" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service name="ssh" log prefix="RRClag4hrBx9XZXk+46c6QavQehyRGdy3tjs7gzc+xfSzsd2smjoQ2NCPami6zVyjHtPGziBuqSWT0KII7QbHkwjNMr9pzbcbPue9PMTb5zXlMPphDjeuDdC3QTCH9rGQHooa9LiDWr+DqNPkBs+vb8r50eb+yEQIyhQaiDrQ0sc" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 141 $at_status "$at_srcdir/firewall-cmd.at:1976" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1976: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name=\"ssh\" log prefix=\"RRClag4hrBx9XZXk+46c6QavQehyRGdy3tjs7gzc+xfSzsd2smjoQ2NCPami6zVyjHtPGziBuqSWT0KII7QbHkwjNMr9pzbcbPue9PMTb5zXlMPphDjeuDdC3QTCH9rGQHooa9LiDWr+DqNPkBs+vb8r50eb+yEQIyhQaiDrQ0sc\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1976" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name="ssh" log prefix="RRClag4hrBx9XZXk+46c6QavQehyRGdy3tjs7gzc+xfSzsd2smjoQ2NCPami6zVyjHtPGziBuqSWT0KII7QbHkwjNMr9pzbcbPue9PMTb5zXlMPphDjeuDdC3QTCH9rGQHooa9LiDWr+DqNPkBs+vb8r50eb+yEQIyhQaiDrQ0sc" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 141 $at_status "$at_srcdir/firewall-cmd.at:1976" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1977: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"sctp\" nflog group=-1 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1977" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="sctp" nflog group=-1 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 142 $at_status "$at_srcdir/firewall-cmd.at:1977" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1977: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"sctp\" nflog group=-1 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1977" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="sctp" nflog group=-1 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 142 $at_status "$at_srcdir/firewall-cmd.at:1977" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1978: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" service name=\"https\" nflog queue-size=-1 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1978" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" service name="https" nflog queue-size=-1 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 143 $at_status "$at_srcdir/firewall-cmd.at:1978" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1978: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" service name=\"https\" nflog queue-size=-1 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1978" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" service name="https" nflog queue-size=-1 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 143 $at_status "$at_srcdir/firewall-cmd.at:1978" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1979: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" service name=\"https\" nflog queue-size=65536 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1979" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" service name="https" nflog queue-size=65536 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 143 $at_status "$at_srcdir/firewall-cmd.at:1979" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1979: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" service name=\"https\" nflog queue-size=65536 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1979" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" service name="https" nflog queue-size=65536 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 143 $at_status "$at_srcdir/firewall-cmd.at:1979" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_RULE:/d' -e '/ERROR: INVALID_LOG_LEVEL: eror/d' -e '/ERROR: MISSING_FAMILY/d' -e '/ERROR: INVALID_LIMIT: 1\/2m/d' -e '/ERROR: INVALID_LOG_PREFIX:/d' -e '/ERROR: INVALID_NFLOG_GROUP:/d' -e '/ERROR: INVALID_NFLOG_QUEUE:/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1981" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_RULE:/d' -e '/ERROR: INVALID_LOG_LEVEL: eror/d' -e '/ERROR: MISSING_FAMILY/d' -e '/ERROR: INVALID_LIMIT: 1\/2m/d' -e '/ERROR: INVALID_LOG_PREFIX:/d' -e '/ERROR: INVALID_NFLOG_GROUP:/d' -e '/ERROR: INVALID_NFLOG_QUEUE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1981" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_94 #AT_START_95 at_fn_group_banner 95 'firewall-cmd.at:1989' \ "config validation" " " 4 at_xfail=no ( $as_echo "95. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1989" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1989" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1989" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1989" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1989" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1989" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1989" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1989" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1989" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1989" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1989" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1989" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1989" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1989" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1993: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1993" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1993" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' -j LOG _ATEOF cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2011: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2011" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2011" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2011: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2011" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2011" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2012: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2012" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2012" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2017: cp ./firewalld.conf ./firewalld.conf.orig" at_fn_check_prepare_trace "firewall-cmd.at:2017" ( $at_check_trace; cp ./firewalld.conf ./firewalld.conf.orig ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2017" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2018: echo \"SomeBogusField=yes\" >> ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:2018" ( $at_check_trace; echo "SomeBogusField=yes" >> ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2018" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2019: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2019" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2019" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2024: cp ./firewalld.conf.orig ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:2024" ( $at_check_trace; cp ./firewalld.conf.orig ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2024" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2033: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2033" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:2033" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2041: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2041" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2041" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2042: rm ./direct.xml" at_fn_check_prepare_trace "firewall-cmd.at:2042" ( $at_check_trace; rm ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2042" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2051: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2051" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2051" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2059: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2059" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2059" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2067: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2067" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2067" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2068: rm ./lockdown-whitelist.xml" at_fn_check_prepare_trace "firewall-cmd.at:2068" ( $at_check_trace; rm ./lockdown-whitelist.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2068" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2071: mkdir -p ./ipsets" at_fn_check_prepare_trace "firewall-cmd.at:2071" ( $at_check_trace; mkdir -p ./ipsets ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2071" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' 12:34:56:78:90 _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2078: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2078" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2078" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' 12:34:56:78:90:ab _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2090: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2090" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2090" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2097: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2097" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 119 $at_status "$at_srcdir/firewall-cmd.at:2097" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2098: rm ./ipsets/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2098" ( $at_check_trace; rm ./ipsets/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2098" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2101: mkdir -p ./helpers" at_fn_check_prepare_trace "firewall-cmd.at:2101" ( $at_check_trace; mkdir -p ./helpers ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2101" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2107" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:2114" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2125: rm ./helpers/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2125" ( $at_check_trace; rm ./helpers/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2125" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2128: mkdir -p ./icmptypes" at_fn_check_prepare_trace "firewall-cmd.at:2128" ( $at_check_trace; mkdir -p ./icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2128" $at_failed && at_fn_log_failure $at_traceon; } cat >./icmptypes/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2135" $at_failed && at_fn_log_failure $at_traceon; } cat >./icmptypes/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2144: rm ./icmptypes/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2144" ( $at_check_trace; rm ./icmptypes/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2144" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2147: mkdir -p ./services" at_fn_check_prepare_trace "firewall-cmd.at:2147" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2147" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2154" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2154" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2162" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2170: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2170" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2170" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2178" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2186: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2186" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2186" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2194: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2194" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:2194" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2203: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2203" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:2203" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2211: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2211" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2211" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2212: rm ./services/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2212" ( $at_check_trace; rm ./services/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2212" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2215: mkdir -p ./zones" at_fn_check_prepare_trace "firewall-cmd.at:2215" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2215" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2219: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2219" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/firewall-cmd.at:2219" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2227: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2227" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:2227" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2235" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2243" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2251: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2251" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2251" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2259" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2267: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2267" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2267" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2275: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2275" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2275" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2283: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2283" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2283" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2291: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2291" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2291" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2299" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2307: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2307" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2307" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2322: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2322" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2322" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2335: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2335" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2335" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2350: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2350" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2350" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2365" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2380: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2380" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2380" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2395: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2395" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2395" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2410: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2410" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2410" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2412: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2412" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2412" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2428: rm ./zones/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2428" ( $at_check_trace; rm ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2428" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR:/d' -e '/WARNING:/d'" != x"ignore"; then $as_echo "firewall-cmd.at:2430" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR:/d' -e '/WARNING:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:2430" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_95 #AT_START_96 at_fn_group_banner 96 'rhbz1514043.at:1' \ "--set-log-denied does not zero config" " " 5 at_xfail=no ( $as_echo "96. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1514043.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1514043.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1514043.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1514043.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1514043.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1514043.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:1" { set +x $as_echo "$at_srcdir/rhbz1514043.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-log-denied=all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-log-denied=all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-service=samba " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-service=samba ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "services: dhcpv6-client samba ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1514043.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname \"lo\" accept jump filter_INPUT_ZONES ct state invalid log prefix \"STATE_INVALID_DROP: \" ct state invalid drop log prefix \"FINAL_REJECT: \" reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1514043.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname \"lo\" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix \"RFC3964_IPv4_REJECT: \" reject with icmpv6 addr-unreachable jump filter_FORWARD_ZONES ct state invalid log prefix \"STATE_INVALID_DROP: \" ct state invalid drop log prefix \"FINAL_REJECT: \" reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:26" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1514043.at:84" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:84" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_96 #AT_START_97 at_fn_group_banner 97 'rhbz1498923.at:1' \ "invalid direct rule causes reload error" " " 5 at_xfail=no ( $as_echo "97. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1498923.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1498923.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1498923.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1498923.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:1" $as_echo "rhbz1498923.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1498923.at:3" { set +x $as_echo "$at_srcdir/rhbz1498923.at:6: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:6" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "no zone " | \ $at_diff - "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 2 $at_status "$at_srcdir/rhbz1498923.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:18: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:18" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 8080 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 8080 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 1 --a-bogus-flag " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 1 --a-bogus-flag ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --direct --add-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --direct --add-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1498923.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 251 $at_status "$at_srcdir/rhbz1498923.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "failed " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 251 $at_status "$at_srcdir/rhbz1498923.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rule ipv4 filter INPUT 1 --a-bogus-flag " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rule ipv4 filter INPUT 1 --a-bogus-flag ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:40" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:40" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:46" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/.*a-bogus-flag.*/d'" != x"ignore"; then $as_echo "rhbz1498923.at:47" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/.*a-bogus-flag.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:47" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_97 #AT_START_98 at_fn_group_banner 98 'pr181.at:1' \ "combined zones name length check" " " 5 at_xfail=no ( $as_echo "98. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/pr181.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/pr181.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "pr181.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/pr181.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "pr181.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/pr181.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "pr181.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr181.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/pr181.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/pr181.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "pr181.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/pr181.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "pr181.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr181.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "pr181.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/pr181.at:1" { set +x $as_echo "$at_srcdir/pr181.at:4: mkdir -p ./zones/foobar" at_fn_check_prepare_trace "pr181.at:4" ( $at_check_trace; mkdir -p ./zones/foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:6: echo '' > ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:6" ( $at_check_trace; echo '' > ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:7: echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:7" ( $at_check_trace; echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:8: echo 'foobar' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:8" ( $at_check_trace; echo 'foobar' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:9: echo 'foobar desc' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:9" ( $at_check_trace; echo 'foobar desc' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:10: echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:10" ( $at_check_trace; echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:11: echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:11" ( $at_check_trace; echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:13: echo '' > ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:13" ( $at_check_trace; echo '' > ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:14: echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:14" ( $at_check_trace; echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:15: echo 'foobar' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:15" ( $at_check_trace; echo 'foobar' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:16: echo 'foobar desc' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:16" ( $at_check_trace; echo 'foobar desc' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:17: echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:17" ( $at_check_trace; echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:18: echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:18" ( $at_check_trace; echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=foobar --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=foobar --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "services: http ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:21" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "pr181.at:24" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/pr181.at:24" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_98 #AT_START_99 at_fn_group_banner 99 'gh287.at:1' \ "ICMP block inversion" " " 5 at_xfail=no ( $as_echo "99. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh287.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh287.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh287.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh287.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh287.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh287.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh287.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh287.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh287.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh287.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh287.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh287.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh287.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh287.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh287.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh287.at:1" { set +x $as_echo "$at_srcdir/gh287.at:4: mkdir -p ./zones" at_fn_check_prepare_trace "gh287.at:4" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:5: echo '' > ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:5" ( $at_check_trace; echo '' > ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:6: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:6" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:7: echo 'foobar' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:7" ( $at_check_trace; echo 'foobar' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:8: echo 'foobar desc' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:8" ( $at_check_trace; echo 'foobar desc' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:9: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:9" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:10: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:10" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:11: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:11" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:12: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:12" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:14" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh287.at:15" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh287.at:15" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_99 #AT_START_100 at_fn_group_banner 100 'individual_calls.at:1' \ "individual calls" " " 5 at_xfail=no ( $as_echo "100. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/individual_calls.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/individual_calls.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "individual_calls.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/individual_calls.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "individual_calls.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/individual_calls.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "individual_calls.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/individual_calls.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/individual_calls.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/individual_calls.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "individual_calls.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/individual_calls.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/individual_calls.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "individual_calls.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/individual_calls.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "individual_calls.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/individual_calls.at:1" { set +x $as_echo "$at_srcdir/individual_calls.at:4: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "individual_calls.at:4" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/individual_calls.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/individual_calls.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:5" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "individual_calls.at:7" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/individual_calls.at:7" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_100 #AT_START_101 at_fn_group_banner 101 'rhbz1534571.at:3' \ "rule deduplication" " " 5 at_xfail=no ( $as_echo "101. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:3" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1534571.at:3" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1534571.at:3" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:3" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1534571.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:3" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1534571.at:3" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1534571.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:3" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1534571.at:3" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:3" { set +x $as_echo "$at_srcdir/rhbz1534571.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service nfs --add-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service nfs --add-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-service nfs --add-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-service nfs --add-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:15" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1534571.at:17" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_101 #AT_START_102 at_fn_group_banner 102 'gh290.at:1' \ "invalid syntax in xml files" " " 5 at_xfail=no ( $as_echo "102. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh290.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh290.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh290.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh290.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh290.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh290.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh290.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh290.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh290.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh290.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh290.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh290.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh290.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:1" $as_echo "gh290.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh290.at:3" { set +x $as_echo "$at_srcdir/gh290.at:6: mkdir -p ./zones" at_fn_check_prepare_trace "gh290.at:6" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:7: echo '' > ./direct.xml" at_fn_check_prepare_trace "gh290.at:7" ( $at_check_trace; echo '' > ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:8: echo '' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:8" ( $at_check_trace; echo '' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:9: echo '' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:9" ( $at_check_trace; echo '' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:10: echo '--destination 127.0.0.1 --jump RETURN' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:10" ( $at_check_trace; echo '--destination 127.0.0.1 --jump RETURN' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:12: echo '' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:12" ( $at_check_trace; echo '' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:12" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh290.at:14" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:14" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh290.at:14" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:14" { set +x $as_echo "$at_srcdir/gh290.at:15: grep \"ERROR:.*mismatched tag\" ./firewalld.log" at_fn_check_prepare_trace "gh290.at:15" ( $at_check_trace; grep "ERROR:.*mismatched tag" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:15" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR:.*mismatched tag.*/d'" != x"ignore"; then $as_echo "gh290.at:16" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR:.*mismatched tag.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:16" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_102 #AT_START_103 at_fn_group_banner 103 'gh290.at:19' \ "invalid syntax in xml files" " " 5 at_xfail=no ( $as_echo "103. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh290.at:19: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:19" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh290.at:19: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh290.at:19" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh290.at:19: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh290.at:19" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh290.at:19: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:19" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh290.at:19" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:19" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh290.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh290.at:19: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh290.at:19" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh290.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh290.at:19" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:19" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh290.at:19" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:19" { set +x $as_echo "$at_srcdir/gh290.at:23: mkdir -p ./zones" at_fn_check_prepare_trace "gh290.at:23" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:24: echo '' > ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:24" ( $at_check_trace; echo '' > ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:25: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:25" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:26: echo 'foobar' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:26" ( $at_check_trace; echo 'foobar' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:28: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:28" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:29: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:29" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:30: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:30" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:30" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh290.at:32" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:32" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh290.at:32" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:32" { set +x $as_echo "$at_srcdir/gh290.at:33: grep \"ERROR:.*Missing attribute protocol for port\" ./firewalld.log" at_fn_check_prepare_trace "gh290.at:33" ( $at_check_trace; grep "ERROR:.*Missing attribute protocol for port" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:33" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR:.*Missing attribute protocol for port.*/d'" != x"ignore"; then $as_echo "gh290.at:34" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR:.*Missing attribute protocol for port.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:34" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_103 #AT_START_104 at_fn_group_banner 104 'icmp_block_in_forward_chain.at:1' \ "ICMP block not present FORWARD chain" " " 5 at_xfail=no ( $as_echo "104. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "icmp_block_in_forward_chain.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "icmp_block_in_forward_chain.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "icmp_block_in_forward_chain.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "icmp_block_in_forward_chain.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "icmp_block_in_forward_chain.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "icmp_block_in_forward_chain.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:1" { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-icmp-block=host-prohibited " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-icmp-block=host-prohibited ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_block_in_forward_chain.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_deny { icmp destination-unreachable icmp code host-prohibited reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_block_in_forward_chain.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_deny | sed -e 's/icmp code 10/icmp code host-prohibited/'; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_public_deny { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:13" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "icmp_block_in_forward_chain.at:26" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_104 #AT_START_105 at_fn_group_banner 105 'pr323.at:1' \ "GRE proto helper" " " 5 at_xfail=no ( $as_echo "105. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/pr323.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/pr323.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "pr323.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/pr323.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "pr323.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/pr323.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "pr323.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr323.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/pr323.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/pr323.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "pr323.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/pr323.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "pr323.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr323.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "pr323.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/pr323.at:1" $as_echo "pr323.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} modinfo nf_conntrack_proto_gre ) \ && at_fn_check_skip 77 "$at_srcdir/pr323.at:4" { set +x $as_echo "$at_srcdir/pr323.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:10: lsmod | grep nf_conntrack_proto_gre" at_fn_check_prepare_notrace 'a shell pipeline' "pr323.at:10" ( $at_check_trace; lsmod | grep nf_conntrack_proto_gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:10" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "pr323.at:12" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/pr323.at:12" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_105 #AT_START_106 at_fn_group_banner 106 'rhbz1506742.at:1' \ "ipset with timeout" " " 5 at_xfail=no ( $as_echo "106. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1506742.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1506742.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1506742.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1506742.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1506742.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1506742.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:1" { set +x $as_echo "$at_srcdir/rhbz1506742.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \\; } " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:4" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1506742.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft flush set inet firewalld_check_ipset foobar >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:4" $as_echo "rhbz1506742.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout { type ipv4_addr \; timeout 600s \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:4" $as_echo "rhbz1506742.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_size { type ipv4_addr \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:4" $as_echo "rhbz1506742.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout_size { type ipv4_addr \; timeout 600s \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:4" $as_echo "rhbz1506742.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_interval_concat { type ipv4_addr . inet_service \; flags interval \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:4" $as_echo "rhbz1506742.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -j '{"nftables": [{"add": {"element": {"family": "inet", "table": "firewalld_check_ipset", "name": "foobar_interval_concat", "elem": [{"concat": [{"prefix": {"addr": "10.10.10.0", "len": 24}}, {"range": ["1234", "2000"]}]}]}}}]}' >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:4" { set +x $as_echo "$at_srcdir/rhbz1506742.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --option=maxelem=1000000 --option=family=inet --option=hashsize=4096 --option=timeout=600 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --option=maxelem=1000000 --option=family=inet --option=hashsize=4096 --option=timeout=600 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:11" $at_failed && at_fn_log_failure $at_traceon; } cat >foobar_entries.txt <<'_ATEOF' 1.2.3.4 10.0.1.1 _ATEOF { set +x $as_echo "$at_srcdir/rhbz1506742.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entries-from-file=foobar_entries.txt " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entries-from-file=foobar_entries.txt ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entries-from-file=foobar_entries.txt " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entries-from-file=foobar_entries.txt ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entries-from-file=foobar_entries.txt " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entries-from-file=foobar_entries.txt ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:20" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/Error: IPSET_WITH_TIMEOUT/d' -e '/ERROR: IPSET_WITH_TIMEOUT/d' -e '/WARNING: NOT_ENABLED/d'" != x"ignore"; then $as_echo "rhbz1506742.at:21" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/Error: IPSET_WITH_TIMEOUT/d' -e '/ERROR: IPSET_WITH_TIMEOUT/d' -e '/WARNING: NOT_ENABLED/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:21" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_106 #AT_START_107 at_fn_group_banner 107 'rhbz1594657.at:1' \ "no log untracked passthrough queries" " " 5 at_xfail=no ( $as_echo "107. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1594657.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1594657.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1594657.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1594657.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1594657.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1594657.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:1" $as_echo "rhbz1594657.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1594657.at:3" { set +x $as_echo "$at_srcdir/rhbz1594657.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L dummy_chain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L dummy_chain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L dummy_chain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L dummy_chain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:10" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1594657.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L dummy_chain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L dummy_chain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:12" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"" != x"ignore"; then $as_echo "rhbz1594657.at:17" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_107 #AT_START_108 at_fn_group_banner 108 'rhbz1571957.at:1' \ "set-log-denied w/ ICMP block inversion" " " 5 at_xfail=no ( $as_echo "108. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1571957.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1571957.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1571957.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1571957.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1571957.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1571957.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:1" { set +x $as_echo "$at_srcdir/rhbz1571957.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-log-denied=all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-log-denied=all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:7: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1571957.at:7" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-log-denied=broadcast " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-log-denied=broadcast ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:10" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1571957.at:12" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:12" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_108 #AT_START_109 at_fn_group_banner 109 'rhbz1404076.at:1' \ "query single port added with range" " " 5 at_xfail=no ( $as_echo "109. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1404076.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1404076.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1404076.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1404076.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1404076.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1404076.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:1" { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=8070-8080/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=8070-8080/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9050-10050/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9050-10050/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9000/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9000/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8085-8087/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8085-8087/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8080-8089/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8080-8089/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8081-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8081-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=webcache/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=webcache/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8091/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8091/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8085/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8085/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=10000-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=10000-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9999/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9999/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=10011/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=10011/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9095-10000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9095-10000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9090-9094/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9090-9094/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=9099-10001/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=9099-10001/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=10005-10020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=10005-10020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=10021-10022/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=10021-10022/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9080-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9080-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9079-10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9079-10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=9093-10025/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=9093-10025/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: grep \"WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:70" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=9090-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=9090-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9000/tcp 9010-9020/tcp 9079-10041/tcp 10050-10060/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=9079/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=9079/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=9080-9085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=9080-9085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=10035-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=10035-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=10005-10009/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=10005-10009/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=10100-10110/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=10100-10110/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: grep \"WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:70" ( $at_check_trace; grep "WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10001-10004/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10001-10004/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10016-10019/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10016-10019/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10003-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10003-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10004-10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10004-10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10009-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10009-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9086-10004/tcp 10010-10034/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=8070-8080/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=8070-8080/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9050-10050/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9050-10050/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9000/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9000/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8085-8087/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8085-8087/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8089/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8089/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8081-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8081-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=webcache/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=webcache/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8091/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8091/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=10000-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=10000-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9999/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9999/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=10011/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=10011/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9095-10000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9095-10000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9090-9094/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9090-9094/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=9099-10001/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=9099-10001/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=10005-10020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=10005-10020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=10021-10022/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=10021-10022/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9080-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9080-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9079-10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9079-10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=9093-10025/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=9093-10025/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: grep \"WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:71" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=9090-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=9090-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9000/tcp 9010-9020/tcp 9079-10041/tcp 10050-10060/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=9079/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=9079/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=9080-9085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=9080-9085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=10035-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=10035-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=10005-10009/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=10005-10009/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=10100-10110/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=10100-10110/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: grep \"WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:71" ( $at_check_trace; grep "WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10001-10004/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10001-10004/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10016-10019/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10016-10019/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10003-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10003-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10004-10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10004-10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10009-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10009-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9086-10004/tcp 10010-10034/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=8070-8080/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=8070-8080/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9050-10050/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9050-10050/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9000/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9000/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8085-8087/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8085-8087/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8080-8089/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8080-8089/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8081-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8081-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=webcache/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=webcache/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8091/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8091/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8085/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8085/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=10000-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=10000-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9999/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9999/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=10011/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=10011/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9095-10000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9095-10000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9090-9094/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9090-9094/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=9099-10001/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=9099-10001/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=10005-10020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=10005-10020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=10021-10022/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=10021-10022/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9080-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9080-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9079-10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9079-10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=9093-10025/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=9093-10025/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: grep \"WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:72" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=9090-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=9090-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9000/tcp 9010-9020/tcp 9079-10041/tcp 10050-10060/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=9079/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=9079/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=9080-9085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=9080-9085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=10035-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=10035-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=10005-10009/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=10005-10009/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=10100-10110/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=10100-10110/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: grep \"WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:72" ( $at_check_trace; grep "WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10001-10004/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10001-10004/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10016-10019/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10016-10019/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10003-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10003-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10004-10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10004-10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10009-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10009-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9086-10004/tcp 10010-10034/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=8070-8080/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=8070-8080/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9050-10050/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9050-10050/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9000/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9000/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8085-8087/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8085-8087/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8080-8089/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8080-8089/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8081-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8081-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=webcache/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=webcache/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8091/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8091/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8085/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8085/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10000-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10000-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9999/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9999/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10011/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10011/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9095-10000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9095-10000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9090-9094/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9090-9094/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=9099-10001/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=9099-10001/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10005-10020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10005-10020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10021-10022/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10021-10022/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9080-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9080-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9079-10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9079-10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=9093-10025/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=9093-10025/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: grep \"WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:73" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=9090-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=9090-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9000/tcp 9010-9020/tcp 9079-10041/tcp 10050-10060/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9079/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9079/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9080-9085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9080-9085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10035-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10035-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10005-10009/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10005-10009/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10100-10110/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10100-10110/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: grep \"WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:73" ( $at_check_trace; grep "WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10001-10004/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10001-10004/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10016-10019/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10016-10019/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10003-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10003-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10004-10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10004-10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10009-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10009-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9086-10004/tcp 10010-10034/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/WARNING: ALREADY_ENABLED:/d' -e '/WARNING: NOT_ENABLED:/d'" != x"ignore"; then $as_echo "rhbz1404076.at:76" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/WARNING: ALREADY_ENABLED:/d' -e '/WARNING: NOT_ENABLED:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:76" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_109 #AT_START_110 at_fn_group_banner 110 'gh366.at:1' \ "service destination multiple IP versions" " " 5 at_xfail=no ( $as_echo "110. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh366.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh366.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh366.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh366.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh366.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh366.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh366.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh366.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh366.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh366.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh366.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh366.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh366.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh366.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh366.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh366.at:1" { set +x $as_echo "$at_srcdir/gh366.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-service=mdns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-service=mdns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh366.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --remove-service=mdns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --remove-service=mdns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule=\"rule service name=\"mdns\" accept\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule="rule service name="mdns" accept" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh366.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule='rule family=\"ipv4\" destination address=\"10.10.10.0/24\" service name=\"mdns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule='rule family="ipv4" destination address="10.10.10.0/24" service name="mdns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 122 $at_status "$at_srcdir/gh366.at:33" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_RULE: Destination conflict with service/d'" != x"ignore"; then $as_echo "gh366.at:36" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_RULE: Destination conflict with service/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh366.at:36" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_110 #AT_START_111 at_fn_group_banner 111 'rhbz1601610.at:1' \ "ipset duplicate entries" " " 5 at_xfail=no ( $as_echo "111. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1601610.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1601610.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1601610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1601610.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1601610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1601610.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:1" { set +x $as_echo "$at_srcdir/rhbz1601610.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \\; } " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:4" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1601610.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft flush set inet firewalld_check_ipset foobar >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:4" $as_echo "rhbz1601610.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout { type ipv4_addr \; timeout 600s \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:4" $as_echo "rhbz1601610.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_size { type ipv4_addr \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:4" $as_echo "rhbz1601610.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout_size { type ipv4_addr \; timeout 600s \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:4" $as_echo "rhbz1601610.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_interval_concat { type ipv4_addr . inet_service \; flags interval \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:4" $as_echo "rhbz1601610.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -j '{"nftables": [{"add": {"element": {"family": "inet", "table": "firewalld_check_ipset", "name": "foobar_interval_concat", "elem": [{"concat": [{"prefix": {"addr": "10.10.10.0", "len": 24}}, {"range": ["1234", "2000"]}]}]}}}]}' >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:4" { set +x $as_echo "$at_srcdir/rhbz1601610.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --new-ipset=foobar --permanent --type=hash:net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --new-ipset=foobar --permanent --type=hash:net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.1.2.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.1.2.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=10.1.2.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=10.1.2.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "Warning: ALREADY_ENABLED: '10.1.0.0/22' already is in 'foobar' " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=10.2.0.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=10.2.0.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "10.1.0.0/22 10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.1.0.0/22, 10.2.0.0/22 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:19" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/rhbz1601610.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.1.0.0/22 10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:28" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1601610.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:37: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:37" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/rhbz1601610.at:37" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.1.2.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.1.2.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/rhbz1601610.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.2.0.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.2.0.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:40" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.2.0.0/22 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:43" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/rhbz1601610.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:52" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1601610.at:59: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --add-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:59" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --add-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "10.1.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:60" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --remove-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --remove-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.3.0.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.3.0.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:69: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:69" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:69" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.2.0.0/22, 10.3.0.0/22 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:71" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/rhbz1601610.at:80: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:80" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.2.0.0/22 10.3.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:80" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1601610.at:89: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1601610.at:89" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 10.2.0.0/22, 10.3.0.0/22 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:91" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/rhbz1601610.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.2.0.0/22 10.3.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:100" $at_failed && at_fn_log_failure $at_traceon; } fi if test x"-e '/ERROR: COMMAND_FAILED:.*already added.*/d' -e '/ERROR: COMMAND_FAILED:.*element.*exists/d' -e '/Kernel support protocol versions/d' -e '/WARNING: ALREADY_ENABLED:/d'" != x"ignore"; then $as_echo "rhbz1601610.at:108" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: COMMAND_FAILED:.*already added.*/d' -e '/ERROR: COMMAND_FAILED:.*element.*exists/d' -e '/Kernel support protocol versions/d' -e '/WARNING: ALREADY_ENABLED:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:108" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_111 #AT_START_112 at_fn_group_banner 112 'gh303.at:1' \ "unicode in XML" " " 5 at_xfail=no ( $as_echo "112. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh303.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh303.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh303.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh303.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh303.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh303.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh303.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh303.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh303.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh303.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh303.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh303.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh303.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh303.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh303.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh303.at:1" { set +x $as_echo "$at_srcdir/gh303.at:4: mkdir -p ./services" at_fn_check_prepare_trace "gh303.at:4" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:5: cat < ./services/unicode-service-test.xml unicode-service-test A string with unicode characters; Рώ € ⇶ ▜ ◯ ★ ☠ ☯ ☺ ♻ HERE " at_fn_check_prepare_notrace 'an embedded newline' "gh303.at:5" ( $at_check_trace; cat < ./services/unicode-service-test.xml unicode-service-test A string with unicode characters; Рώ € ⇶ ▜ ◯ ★ ☠ ☯ ☺ ♻ HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:5" $at_failed && at_fn_log_failure $at_traceon; } LC_ALL="C" export LC_ALL pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh303.at:17" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh303.at:17" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh303.at:17" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh303.at:17" { set +x $as_echo "$at_srcdir/gh303.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-service=unicode-service-test " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-service=unicode-service-test ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:20" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh303.at:22" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh303.at:22" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_112 #AT_START_113 at_fn_group_banner 113 'gh335.at:1' \ "forward-port toaddr enables IP forwarding" " " 5 at_xfail=no ( $as_echo "113. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh335.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh335.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh335.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh335.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh335.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh335.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh335.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh335.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh335.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh335.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh335.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh335.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh335.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh335.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh335.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh335.at:1" { set +x $as_echo "$at_srcdir/gh335.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:4" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:5" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr=\"1234:5678::4321\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:26" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:27" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\" to-addr=\"10.10.10.10\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="10.10.10.10"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\" to-addr=\"1234:5678::4321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:49" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:50" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:56" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:59: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:59" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:60" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:62" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then $as_echo "gh335.at:68" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh335.at:68" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_113 #AT_START_114 at_fn_group_banner 114 'gh482.at:1' \ "remove forward-port after reload" " " 5 at_xfail=no ( $as_echo "114. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh482.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh482.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh482.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh482.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh482.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh482.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh482.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh482.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh482.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh482.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh482.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh482.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh482.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh482.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh482.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh482.at:1" { set +x $as_echo "$at_srcdir/gh482.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-forward-port=port=1234:proto=tcp:toport=4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-forward-port=port=1234:proto=tcp:toport=4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-forward-port=port=1234:proto=tcp:toport=4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-forward-port=port=1234:proto=tcp:toport=4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-forward-port=port=1234:proto=tcp:toport=4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-forward-port=port=1234:proto=tcp:toport=4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:15" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh482.at:17" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh482.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_114 #AT_START_115 at_fn_group_banner 115 'gh478.at:1' \ "rich rule marks every packet" " " 5 at_xfail=no ( $as_echo "115. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh478.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh478.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh478.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh478.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh478.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh478.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh478.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh478.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh478.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh478.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh478.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh478.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh478.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh478.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh478.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh478.at:1" { set +x $as_echo "$at_srcdir/gh478.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule protocol value=icmp mark set=11' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule protocol value=icmp mark set=11' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh478.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PRE_public_allow { tcp dport 1234 mark set 0x0000000a meta l4proto icmp mark set 0x0000000b tcp sport 4321 mark set 0x0000000c } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:8" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh478.at:28" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh478.at:28" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_115 #AT_START_116 at_fn_group_banner 116 'gh453.at:1' \ "nftables helper objects" " " 5 at_xfail=no ( $as_echo "116. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh453.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh453.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh453.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh453.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh453.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh453.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh453.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh453.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh453.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh453.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh453.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh453.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh453.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh453.at:1" { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_ct_helper " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_ct_helper ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh453.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add ct helper inet firewalld helper-ftp-tcp { type \"ftp\" protocol tcp \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh453.at:1" { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_ct_helper " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_ct_helper ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-automatic-helpers=no " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-automatic-helpers=no ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft list ruleset | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } |grep -A3 \"ct helper helper-ftp-tcp\" " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list ruleset | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } |grep -A3 "ct helper helper-ftp-tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ct helper helper-ftp-tcp { type \"ftp\" protocol tcp l3proto inet } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 21 ct helper set \"helper-ftp-tcp\" tcp dport 21 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft list ruleset | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } |grep -A3 \"ct helper helper-sip-tcp\" " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list ruleset | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } |grep -A3 "ct helper helper-sip-tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ct helper helper-sip-tcp { type \"sip\" protocol tcp l3proto inet } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft list ruleset | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } |grep -A3 \"ct helper helper-sip-udp\" " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list ruleset | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } |grep -A3 "ct helper helper-sip-udp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ct helper helper-sip-udp { type \"sip\" protocol udp l3proto inet } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh453.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh453.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 21 ct helper set \"helper-ftp-tcp\" tcp dport 21 ct state new,untracked accept tcp dport 5060 ct helper set \"helper-sip-tcp\" udp dport 5060 ct helper set \"helper-sip-udp\" tcp dport 5060 ct state new,untracked accept udp dport 5060 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh453.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh453.at:1" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh453.at:1" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_116 #AT_START_117 at_fn_group_banner 117 'gh258.at:1' \ "zone dispatch layout" " " 5 at_xfail=no ( $as_echo "117. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh258.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh258.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh258.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh258.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh258.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh258.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh258.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh258.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh258.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh258.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh258.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh258.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh258.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh258.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh258.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh258.at:1" { set +x $as_echo "$at_srcdir/gh258.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-source=\"1.2.3.0/24\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-source="1.2.3.0/24" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=\"dead:beef::/54\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source="dead:beef::/54" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname \"lo\" accept jump filter_INPUT_ZONES ct state invalid drop reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { ip6 saddr dead:beef::/54 goto filter_IN_public ip saddr 1.2.3.0/24 goto filter_IN_trusted iifname \"dummy0\" goto filter_IN_trusted iifname \"dummy1\" goto filter_IN_public goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:37: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:37" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname \"lo\" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable jump filter_FORWARD_ZONES ct state invalid drop reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:37" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_ZONES { ip6 saddr dead:beef::/54 goto filter_FWD_public ip saddr 1.2.3.0/24 goto filter_FWD_trusted iifname \"dummy0\" goto filter_FWD_trusted iifname \"dummy1\" goto filter_FWD_public goto filter_FWD_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:50" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : { set +x $as_echo "$at_srcdir/gh258.at:61: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:61" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_PREROUTING { icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept meta nfproto ipv6 fib saddr . mark . iif oif missing drop } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:61" $at_failed && at_fn_log_failure $at_traceon; } else : { set +x $as_echo "$at_srcdir/gh258.at:61: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:61" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_PREROUTING { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:61" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh258.at:78: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:78" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING { jump mangle_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:78" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_ZONES { ip6 saddr dead:beef::/54 goto mangle_PRE_public ip saddr 1.2.3.0/24 goto mangle_PRE_trusted iifname \"dummy0\" goto mangle_PRE_trusted iifname \"dummy1\" goto mangle_PRE_public goto mangle_PRE_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:85" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING { jump nat_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:96" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_ZONES { ip6 saddr dead:beef::/54 goto nat_PRE_public ip saddr 1.2.3.0/24 goto nat_PRE_trusted iifname \"dummy0\" goto nat_PRE_trusted iifname \"dummy1\" goto nat_PRE_public goto nat_PRE_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING { jump nat_POSTROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_ZONES { ip6 daddr dead:beef::/54 goto nat_POST_public ip daddr 1.2.3.0/24 goto nat_POST_trusted oifname \"dummy0\" goto nat_POST_trusted oifname \"dummy1\" goto nat_POST_public goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:121" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh258.at:275" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh258.at:275" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_117 #AT_START_118 at_fn_group_banner 118 'rhbz1715977.at:1' \ "rich rule src/dst with service destination" " " 5 at_xfail=no ( $as_echo "118. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1715977.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1715977.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1715977.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1715977.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1715977.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1715977.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:1" { set +x $as_echo "$at_srcdir/rhbz1715977.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.122.235/32\" service name=\"ssh\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="ssh" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_internal_allow { tcp dport 22 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept udp dport 137 ct helper set \"helper-netbios-ns-udp\" udp dport 137 ct state new,untracked accept udp dport 138 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.111.222/32\" source address=\"10.10.10.0/24\" service name=\"ssh\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.111.222/32" source address="10.10.10.0/24" service name="ssh" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:37: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:37" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_internal_allow { tcp dport 22 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept udp dport 137 ct helper set \"helper-netbios-ns-udp\" udp dport 137 ct state new,untracked accept udp dport 138 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept ip daddr 192.168.111.222 ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:37" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 service name=\"ssdp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 service name="ssdp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:69: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:69" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_internal_allow { tcp dport 22 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept udp dport 137 ct helper set \"helper-netbios-ns-udp\" udp dport 137 ct state new,untracked accept udp dport 138 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr 192.168.122.235 tcp dport 22 ct state new,untracked accept ip daddr 192.168.111.222 ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept ip daddr 239.255.255.250 udp dport 1900 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:69" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.122.235/32\" service name=\"mdns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rhbz1715977.at:102" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.122.235/32\" service name=\"mdns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rhbz1715977.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 251 $at_status "$at_srcdir/rhbz1715977.at:104" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_RULE: Destination conflict with service/d'" != x"ignore"; then $as_echo "rhbz1715977.at:106" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_RULE: Destination conflict with service/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:106" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_118 #AT_START_119 at_fn_group_banner 119 'rhbz1723610.at:1' \ "direct remove-rules per family" " " 5 at_xfail=no ( $as_echo "119. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1723610.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1723610.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1723610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1723610.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1723610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1723610.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:1" $as_echo "rhbz1723610.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1723610.at:3" { set +x $as_echo "$at_srcdir/rhbz1723610.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv6 filter INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv6 filter INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv4 filter INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv4 filter INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --remove-rules ipv4 filter OUTPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --remove-rules ipv4 filter OUTPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:30" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1723610.at:32" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:32" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_119 #AT_START_120 at_fn_group_banner 120 'rhbz1734765.at:1' \ "zone sources ordered by name" " " 5 at_xfail=no ( $as_echo "120. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1734765.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1734765.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1734765.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1734765.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1734765.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1734765.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:1" { set +x $as_echo "$at_srcdir/rhbz1734765.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_00 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_00 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_05 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_05 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_02 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_02 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_03 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_03 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_01 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_01 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_04 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_04 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_010 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_010 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_011 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_011 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_012 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_012 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv4' --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv4' --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv6' --type hash:ip --family=inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv6' --type hash:ip --family=inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv4 --add-entry '192.0.2.12' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv4 --add-entry '192.0.2.12' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv6 --add-entry '::2' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv6 --add-entry '::2' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_011 --add-source ipset:ipsetv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_011 --add-source ipset:ipsetv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source=\"10.1.1.0/24\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source="10.1.1.0/24" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source=\"10.1.0.0/16\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source="10.1.0.0/16" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source=\"10.2.0.0/16\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source="10.2.0.0/16" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source=\"10.1.1.1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source="10.1.1.1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source=\"10.2.2.0/24\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source="10.2.2.0/24" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source=\"10.0.0.0/8\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source="10.0.0.0/8" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source=\"1234:5678::1:1:0/112\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source="1234:5678::1:1:0/112" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source=\"1234:5678::1:0:0/96\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source="1234:5678::1:0:0/96" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source=\"1234:5678::2:0:0/96\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source="1234:5678::2:0:0/96" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source=\"1234:5678::2:2:0/112\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source="1234:5678::2:2:0/112" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source=\"1234:5678::0:0:0/80\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source="1234:5678::0:0:0/80" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source=\"1234:5678::1:1:1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source="1234:5678::1:1:1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=trusted --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=trusted --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld ipsetv4; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld ipsetv4; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set ipsetv4 { type ipv4_addr flags interval elements = { 192.0.2.12 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld ipsetv6; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld ipsetv6; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set ipsetv6 { type ipv6_addr flags interval elements = { ::2 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source=\"10.10.10.10\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source="10.10.10.10" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-source=\"20.20.20.20\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-source="20.20.20.20" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source=\"1234:5678::10:10:10\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source="1234:5678::10:10:10" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-source=\"1234:5678::20:20:20\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-source="1234:5678::20:20:20" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_012 --add-source ipset:ipsetv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_012 --add-source ipset:ipsetv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:69: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-interface=foobar2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:69" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-interface=foobar2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:69" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_ZONES { ip saddr 10.1.1.1 goto filter_IN_foobar_00 ip6 saddr 1234:5678::1:1:1 goto filter_IN_foobar_00 ip saddr 10.1.1.0/24 goto filter_IN_foobar_01 ip6 saddr 1234:5678::1:1:0/112 goto filter_IN_foobar_01 ip saddr 10.10.10.10 goto filter_IN_foobar_010 ip6 saddr 1234:5678::10:10:10 goto filter_IN_foobar_010 ip saddr @ipsetv4 goto filter_IN_foobar_011 ip6 saddr @ipsetv6 goto filter_IN_foobar_012 ip saddr 10.1.0.0/16 goto filter_IN_foobar_02 ip6 saddr 1234:5678::1:0:0/96 goto filter_IN_foobar_02 ip saddr 10.2.2.0/24 goto filter_IN_foobar_03 ip6 saddr 1234:5678::2:2:0/112 goto filter_IN_foobar_03 ip saddr 10.2.0.0/16 goto filter_IN_foobar_04 ip6 saddr 1234:5678::2:0:0/96 goto filter_IN_foobar_04 ip saddr 10.0.0.0/8 goto filter_IN_foobar_05 ip6 saddr 1234:5678::/80 goto filter_IN_foobar_05 ip saddr 20.20.20.20 goto filter_IN_public ip6 saddr 1234:5678::20:20:20 goto filter_IN_public iifname \"foobar2\" goto filter_IN_foobar_010 iifname \"foobar1\" goto filter_IN_trusted iifname \"foobar0\" goto filter_IN_internal goto filter_IN_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:99: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:99" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_ZONES { ip daddr 10.1.1.1 goto nat_POST_foobar_00 ip6 daddr 1234:5678::1:1:1 goto nat_POST_foobar_00 ip daddr 10.1.1.0/24 goto nat_POST_foobar_01 ip6 daddr 1234:5678::1:1:0/112 goto nat_POST_foobar_01 ip daddr 10.10.10.10 goto nat_POST_foobar_010 ip6 daddr 1234:5678::10:10:10 goto nat_POST_foobar_010 ip daddr @ipsetv4 goto nat_POST_foobar_011 ip6 daddr @ipsetv6 goto nat_POST_foobar_012 ip daddr 10.1.0.0/16 goto nat_POST_foobar_02 ip6 daddr 1234:5678::1:0:0/96 goto nat_POST_foobar_02 ip daddr 10.2.2.0/24 goto nat_POST_foobar_03 ip6 daddr 1234:5678::2:2:0/112 goto nat_POST_foobar_03 ip daddr 10.2.0.0/16 goto nat_POST_foobar_04 ip6 daddr 1234:5678::2:0:0/96 goto nat_POST_foobar_04 ip daddr 10.0.0.0/8 goto nat_POST_foobar_05 ip6 daddr 1234:5678::/80 goto nat_POST_foobar_05 ip daddr 20.20.20.20 goto nat_POST_public ip6 daddr 1234:5678::20:20:20 goto nat_POST_public oifname \"foobar2\" goto nat_POST_foobar_010 oifname \"foobar1\" goto nat_POST_trusted oifname \"foobar0\" goto nat_POST_internal goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:99" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1734765.at:189" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:189" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_120 #AT_START_121 at_fn_group_banner 121 'gh509.at:1' \ "missing firewalld.conf file" " " 5 at_xfail=no ( $as_echo "121. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh509.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh509.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh509.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh509.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh509.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh509.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh509.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh509.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh509.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh509.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh509.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh509.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh509.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh509.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh509.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh509.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh509.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh509.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh509.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh509.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh509.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh509.at:1" KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : $as_echo "gh509.at:1" >"$at_check_line_file" at_fn_check_skip 77 "$at_srcdir/gh509.at:1" fi { set +x $as_echo "$at_srcdir/gh509.at:1: if ! rm ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh509.at:1" ( $at_check_trace; if ! rm ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh509.at:1" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh509.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh509.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh509.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh509.at:1" if test x"-e '/ERROR: Failed to load/d' -e '/WARNING:.*No such file or directory:.*/d' -e '/WARNING: Using fallback firewalld configuration settings/d'" != x"ignore"; then $as_echo "gh509.at:1" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: Failed to load/d' -e '/WARNING:.*No such file or directory:.*/d' -e '/WARNING: Using fallback firewalld configuration settings/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh509.at:1" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_121 #AT_START_122 at_fn_group_banner 122 'gh567.at:1' \ "rich rule source w/ mark action" " " 5 at_xfail=no ( $as_echo "122. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh567.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh567.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh567.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh567.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh567.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh567.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh567.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh567.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh567.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh567.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh567.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh567.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh567.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh567.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh567.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh567.at:1" { set +x $as_echo "$at_srcdir/gh567.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:3" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \\; } " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:3" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh567.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft flush set inet firewalld_check_ipset foobar >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh567.at:3" $as_echo "gh567.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout { type ipv4_addr \; timeout 600s \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh567.at:3" $as_echo "gh567.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_size { type ipv4_addr \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh567.at:3" $as_echo "gh567.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout_size { type ipv4_addr \; timeout 600s \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh567.at:3" $as_echo "gh567.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_interval_concat { type ipv4_addr . inet_service \; flags interval \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh567.at:3" $as_echo "gh567.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -j '{"nftables": [{"add": {"element": {"family": "inet", "table": "firewalld_check_ipset", "name": "foobar_interval_concat", "elem": [{"concat": [{"prefix": {"addr": "10.10.10.0", "len": 24}}, {"range": ["1234", "2000"]}]}]}}}]}' >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh567.at:3" { set +x $as_echo "$at_srcdir/gh567.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:3" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=Teste --type=hash:net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=Teste --type=hash:net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule \"rule family=ipv4 source ipset=Teste mark set=2\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule "rule family=ipv4 source ipset=Teste mark set=2" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:7" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh567.at:9" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh567.at:9" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_122 #AT_START_123 at_fn_group_banner 123 'rhbz1779835.at:1' \ "ipv6 address with brackets" " " 5 at_xfail=no ( $as_echo "123. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1779835.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1779835.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1779835.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1779835.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1779835.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1779835.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:1" { set +x $as_echo "$at_srcdir/rhbz1779835.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:3" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \\; } " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:3" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1779835.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft flush set inet firewalld_check_ipset foobar >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1779835.at:3" $as_echo "rhbz1779835.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout { type ipv4_addr \; timeout 600s \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1779835.at:3" $as_echo "rhbz1779835.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_size { type ipv4_addr \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1779835.at:3" $as_echo "rhbz1779835.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout_size { type ipv4_addr \; timeout 600s \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1779835.at:3" $as_echo "rhbz1779835.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_interval_concat { type ipv4_addr . inet_service \; flags interval \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1779835.at:3" $as_echo "rhbz1779835.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -j '{"nftables": [{"add": {"element": {"family": "inet", "table": "firewalld_check_ipset", "name": "foobar_interval_concat", "elem": [{"concat": [{"prefix": {"addr": "10.10.10.0", "len": 24}}, {"range": ["1234", "2000"]}]}]}}}]}' >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1779835.at:3" { set +x $as_echo "$at_srcdir/rhbz1779835.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:3" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --family=inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --family=inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry='[1234::4321]' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry='[1234::4321]' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar2 --type=hash:net --family=inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar2 --type=hash:net --family=inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar2 --add-entry='[1234::]/64' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar2 --add-entry='[1234::]/64' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:12" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1779835.at:14" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:14" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_123 #AT_START_124 at_fn_group_banner 124 'rhbz1779835.at:16' \ "ipv6 address with brackets" " " 5 at_xfail=no ( $as_echo "124. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:16" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1779835.at:16" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1779835.at:16" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:16" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1779835.at:16" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:16" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1779835.at:16" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1779835.at:16" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:16" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1779835.at:16" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:16" { set +x $as_echo "$at_srcdir/rhbz1779835.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-source='[::1234]' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-source='[::1234]' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-source='[1234::]/64' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-source='[1234::]/64' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-forward-port=port=1234:proto=tcp:toport=4321:toaddr=[::1234] " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-forward-port=port=1234:proto=tcp:toport=4321:toaddr=[::1234] ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] forward-port port=\"1234\" protocol=tcp to-port=\"4321\" to-addr=\"[::1234]\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] forward-port port="1234" protocol=tcp to-port="4321" to-addr="[::1234]"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 forward-port port=\"1234\" protocol=tcp to-port=\"4321\" to-addr=\"[::1234]\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 forward-port port="1234" protocol=tcp to-port="4321" to-addr="[::1234]"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[::4321] accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[::4321] accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[1234::]/64 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[1234::]/64 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:34" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1779835.at:36" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:36" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_124 #AT_START_125 at_fn_group_banner 125 'gh330.at:1' \ "ipset cleanup on reload/stop" " " 5 at_xfail=no ( $as_echo "125. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh330.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh330.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh330.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh330.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh330.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh330.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh330.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh330.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh330.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:1" { set +x $as_echo "$at_srcdir/gh330.at:4: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:4" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:8" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:10" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:25" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh330.at:27" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh330.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:30: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:30" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:34" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:36" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4, 10.10.10.10 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:52" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:54" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:61: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:61" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4, 10.10.10.10 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:61" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 4.3.2.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 4.3.2.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:72" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 4.3.2.1 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:74" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4, 4.3.2.1, 10.10.10.10 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:95: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:95" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 6.6.6.6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 6.6.6.6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:96" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:97" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 4.3.2.1 6.6.6.6 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:98" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4, 4.3.2.1, 6.6.6.6, 10.10.10.10 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:107" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:120: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:120" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:121" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:122: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:122" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:122" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh330.at:123" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:123" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh330.at:123" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:123" { set +x $as_echo "$at_srcdir/gh330.at:124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:124" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:127: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:127" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:127" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:133: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:133" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:133" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh330.at:142" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:142" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh330.at:142" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:142" if test x"" != x"ignore"; then $as_echo "gh330.at:144" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:144" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_125 #AT_START_126 at_fn_group_banner 126 'gh599.at:1' \ "writing to log after copytruncate" " " 5 at_xfail=no ( $as_echo "126. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh599.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh599.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh599.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh599.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh599.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh599.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh599.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh599.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh599.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh599.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh599.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh599.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh599.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh599.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh599.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh599.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh599.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh599.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh599.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh599.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh599.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh599.at:1" $as_echo "gh599.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which truncate >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh599.at:4" $as_echo "gh599.at:5" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which wc >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh599.at:5" $as_echo "gh599.at:6" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which expr >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh599.at:6" { set +x $as_echo "$at_srcdir/gh599.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} truncate -s 0 ./firewalld.log " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh599.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} truncate -s 0 ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh599.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=this_does_not_exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh599.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=this_does_not_exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/gh599.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh599.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} expr \$(cat ./firewalld.log | wc -c) \">\" 0 " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh599.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} expr $(cat ./firewalld.log | wc -c) ">" 0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:15" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_SERVICE: this_does_not_exist/d'" != x"ignore"; then $as_echo "gh599.at:17" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_SERVICE: this_does_not_exist/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh599.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_126 #AT_START_127 at_fn_group_banner 127 'rhbz1843398.at:1' \ "rich rule source mac" " " 5 at_xfail=no ( $as_echo "127. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1843398.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1843398.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1843398.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1843398.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1843398.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1843398.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1843398.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1843398.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1843398.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1843398.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1843398.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1843398.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1843398.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1843398.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1843398.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1843398.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1843398.at:1" { set +x $as_echo "$at_srcdir/rhbz1843398.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule source mac=\"11:22:33:44:55:66\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule source mac="11:22:33:44:55:66" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1843398.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule source mac=\"11:22:33:44:55:66\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule source mac="11:22:33:44:55:66" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1843398.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1843398.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:6" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1843398.at:8" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1843398.at:8" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_127 #AT_START_128 at_fn_group_banner 128 'rhbz1839781.at:1' \ "service RH-Satellite-6" " " 5 at_xfail=no ( $as_echo "128. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1839781.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1839781.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1839781.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1839781.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1839781.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1839781.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1839781.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1839781.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1839781.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1839781.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1839781.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1839781.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1839781.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1839781.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1839781.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1839781.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1839781.at:1" { set +x $as_echo "$at_srcdir/rhbz1839781.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone trusted --add-interface dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone trusted --add-interface dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1839781.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone trusted --add-service RH-Satellite-6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone trusted --add-service RH-Satellite-6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1839781.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_trusted_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1839781.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_trusted_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_trusted_allow { tcp dport 53 ct state new,untracked accept udp dport 53 ct state new,untracked accept tcp dport 80 ct state new,untracked accept tcp dport 443 ct state new,untracked accept udp dport 67 ct state new,untracked accept udp dport 69 ct helper set \"helper-tftp-udp\" udp dport 69 ct state new,untracked accept udp dport 68 ct state new,untracked accept tcp dport 8140 ct state new,untracked accept tcp dport 5000 ct state new,untracked accept tcp dport 5646-5647 ct state new,untracked accept tcp dport 5671 ct state new,untracked accept tcp dport 8000 ct state new,untracked accept tcp dport 8080 ct state new,untracked accept tcp dport 9090 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1839781.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone trusted --remove-service RH-Satellite-6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone trusted --remove-service RH-Satellite-6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1839781.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone trusted --add-service RH-Satellite-6-capsule " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone trusted --add-service RH-Satellite-6-capsule ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1839781.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_trusted_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1839781.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_trusted_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_trusted_allow { tcp dport 53 ct state new,untracked accept udp dport 53 ct state new,untracked accept tcp dport 80 ct state new,untracked accept tcp dport 443 ct state new,untracked accept udp dport 67 ct state new,untracked accept udp dport 69 ct helper set \"helper-tftp-udp\" udp dport 69 ct state new,untracked accept udp dport 68 ct state new,untracked accept tcp dport 8140 ct state new,untracked accept tcp dport 5000 ct state new,untracked accept tcp dport 5646-5647 ct state new,untracked accept tcp dport 5671 ct state new,untracked accept tcp dport 8000 ct state new,untracked accept tcp dport 8080 ct state new,untracked accept tcp dport 9090 ct state new,untracked accept tcp dport 8443 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:65" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1839781.at:123" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1839781.at:123" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_128 #AT_START_129 at_fn_group_banner 129 'rhbz1689429.at:1' \ "rich rule invalid priority" " " 5 at_xfail=no ( $as_echo "129. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1689429.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1689429.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1689429.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1689429.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1689429.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1689429.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1689429.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1689429.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1689429.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1689429.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1689429.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1689429.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1689429.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1689429.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1689429.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1689429.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1689429.at:1" { set +x $as_echo "$at_srcdir/rhbz1689429.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=foo accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=foo accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "Error: INVALID_PRIORITY: invalid 'priority' attribute value 'foo'. " | \ $at_diff - "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 139 $at_status "$at_srcdir/rhbz1689429.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1689429.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule priority=foo accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule priority=foo accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "Error: INVALID_PRIORITY: invalid 'priority' attribute value 'foo'. " | \ $at_diff - "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 139 $at_status "$at_srcdir/rhbz1689429.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1689429.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1689429.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:10" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "rhbz1689429.at:12" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1689429.at:12" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_129 #AT_START_130 at_fn_group_banner 130 'rhbz1483921.at:1' \ "direct and zone mutually exclusive" " " 5 at_xfail=no ( $as_echo "130. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1483921.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1483921.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1483921.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1483921.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1483921.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1483921.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1483921.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1483921.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1483921.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1483921.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1483921.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1483921.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1483921.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1483921.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1483921.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1483921.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1483921.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1483921.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1483921.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1483921.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1483921.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1483921.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1483921.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1483921.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1483921.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1483921.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1483921.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1483921.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1483921.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1483921.at:1" $as_echo "rhbz1483921.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1483921.at:3" { set +x $as_echo "$at_srcdir/rhbz1483921.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1483921.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/rhbz1483921.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1483921.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1483921.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/rhbz1483921.at:7" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1483921.at:9" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1483921.at:9" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_130 #AT_START_131 at_fn_group_banner 131 'rhbz1541077.at:1' \ "hash:mac and family mutually exclusive" " " 5 at_xfail=no ( $as_echo "131. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1541077.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1541077.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1541077.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1541077.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1541077.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1541077.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1541077.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1541077.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1541077.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1541077.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1541077.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1541077.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1541077.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1541077.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1541077.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1541077.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1541077.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1541077.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1541077.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1541077.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1541077.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1541077.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1541077.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1541077.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1541077.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1541077.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1541077.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1541077.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1541077.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1541077.at:1" { set +x $as_echo "$at_srcdir/rhbz1541077.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset hashmacv6 --type hash:mac --family inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1541077.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset hashmacv6 --type hash:mac --family inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/rhbz1541077.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1541077.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --new-ipset hashmacv6 --type hash:mac --family inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1541077.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --new-ipset hashmacv6 --type hash:mac --family inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/rhbz1541077.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rhbz1541077.at:7: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset hashmacv6 --type hash:mac --family inet6" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset hashmacv6 --type hash:mac --family inet6" "rhbz1541077.at:7" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset hashmacv6 --type hash:mac --family inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/rhbz1541077.at:7" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1541077.at:9" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1541077.at:9" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_131 #AT_START_132 at_fn_group_banner 132 'rhbz1855140.at:1' \ "rich rule icmptypes with one family" " " 5 at_xfail=no ( $as_echo "132. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1855140.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1855140.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1855140.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1855140.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1855140.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1855140.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1855140.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1855140.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1855140.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1855140.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1855140.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1855140.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1855140.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1855140.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1855140.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1855140.at:1" { set +x $as_echo "$at_srcdir/rhbz1855140.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule icmp-type name=\"echo-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule icmp-type name="echo-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule icmp-type name=\"neighbour-advertisement\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule icmp-type name="neighbour-advertisement" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule icmp-type name=\"timestamp-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule icmp-type name="timestamp-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule 'rule icmp-type name=bad-header mark set=0x86/0x86' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule 'rule icmp-type name=bad-header mark set=0x86/0x86' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1855140.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PRE_public_allow { icmpv6 parameter-problem icmpv6 code no-route mark set mark & 0x00000086 ^ 0x00000086 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1855140.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept icmp echo-request accept icmpv6 echo-request accept icmpv6 nd-neighbor-advert accept icmp timestamp-request accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule 'rule icmp-type name=bogus mark set=0x86/0x86' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule 'rule icmp-type name=bogus mark set=0x86/0x86' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/rhbz1855140.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule 'rule icmp-type name=bogus mark set=0x86/0x86' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule 'rule icmp-type name=bogus mark set=0x86/0x86' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/rhbz1855140.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule 'rule family=ipv6 icmp-type name=timestamp-request drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule 'rule family=ipv6 icmp-type name=timestamp-request drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/rhbz1855140.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule 'rule family=ipv6 icmp-type name=timestamp-request drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule 'rule family=ipv6 icmp-type name=timestamp-request drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/rhbz1855140.at:49" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_ICMPTYPE:/d'" != x"ignore"; then $as_echo "rhbz1855140.at:53" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ICMPTYPE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1855140.at:53" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_132 #AT_START_133 at_fn_group_banner 133 'rhbz1871298.at:1' \ "rich rule parsing bottleneck" " " 5 at_xfail=no ( $as_echo "133. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1871298.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1871298.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1871298.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1871298.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1871298.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1871298.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1871298.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1871298.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1871298.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1871298.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1871298.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1871298.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1871298.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1871298.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1871298.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1871298.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1871298.at:1" $as_echo "rhbz1871298.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which timeout >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1871298.at:4" { set +x $as_echo "$at_srcdir/rhbz1871298.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} mkdir -p ./zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1871298.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} echo '' > ./zones/foobar.xml " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} echo '' > ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1871298.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} echo \"\" >> ./zones/foobar.xml " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} echo "" >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1871298.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} echo \"foobar\" >> ./zones/foobar.xml " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} echo "foobar" >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1871298.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh -c 'for I in \$(seq 10000); do echo \"\" >> ./zones/foobar.xml; done' " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1871298.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c 'for I in $(seq 10000); do echo "" >> ./zones/foobar.xml; done' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1871298.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} echo \"\" >> ./zones/foobar.xml " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} echo "" >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:11" $at_failed && at_fn_log_failure $at_traceon; } if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rhbz1871298.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} timeout 45 firewall-offline-cmd --system-config ./ \$FIREWALL_OFFLINE_CMD_ARGS --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} timeout 45 firewall-offline-cmd --system-config ./ $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:16" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1871298.at:18" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1871298.at:18" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_133 #AT_START_134 at_fn_group_banner 134 'rhbz1596304.at:1' \ "rich rules strip non-printable characters" " " 5 at_xfail=no ( $as_echo "134. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1596304.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1596304.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1596304.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1596304.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1596304.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1596304.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1596304.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1596304.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1596304.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1596304.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1596304.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1596304.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1596304.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1596304.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1596304.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1596304.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1596304.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1596304.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1596304.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1596304.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1596304.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1596304.at:1" { set +x $as_echo "$at_srcdir/rhbz1596304.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-rich-rule 'rule family=\"ipv4\" source address=\"104.243.250.0/22 \" port port=80 protocol=tcp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1596304.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="104.243.250.0/22 " port port=80 protocol=tcp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1596304.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1596304.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1596304.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1596304.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1596304.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1596304.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv4\" source address=\"104.243.250.0/22\" port port=\"80\" protocol=\"tcp\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:7" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1596304.at:24" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1596304.at:24" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_134 #AT_START_135 at_fn_group_banner 135 'gh703.at:1' \ "add source with mac address" " " 5 at_xfail=no ( $as_echo "135. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh703.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh703.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh703.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh703.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh703.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh703.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh703.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh703.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh703.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh703.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh703.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh703.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh703.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh703.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh703.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh703.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh703.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh703.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh703.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh703.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh703.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh703.at:1" { set +x $as_echo "$at_srcdir/gh703.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --add-source=34:7e:5c:3a:4c:32 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh703.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --add-source=34:7e:5c:3a:4c:32 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh703.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh703.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_ZONES { ether daddr 34:7e:5c:3a:4c:32 goto nat_POST_home goto nat_POST_public } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:6" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh703.at:17" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh703.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_135 #AT_START_136 at_fn_group_banner 136 'ipset_netmask_allowed.at:1' \ "ipset netmask allowed type hash:ip" " " 5 at_xfail=no ( $as_echo "136. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "ipset_netmask_allowed.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "ipset_netmask_allowed.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "ipset_netmask_allowed.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/ipset_netmask_allowed.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "ipset_netmask_allowed.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "ipset_netmask_allowed.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/ipset_netmask_allowed.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "ipset_netmask_allowed.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/ipset_netmask_allowed.at:1" { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 4.3.2.1/32 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 4.3.2.1/32 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 4.3.2.1/32 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 4.3.2.1/32 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/ipset_netmask_allowed.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/ipset_netmask_allowed.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4/30 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4/30 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/ipset_netmask_allowed.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4/30 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4/30 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/ipset_netmask_allowed.at:23" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_ENTRY:/d'" != x"ignore"; then $as_echo "ipset_netmask_allowed.at:25" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ENTRY:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/ipset_netmask_allowed.at:25" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_136 #AT_START_137 at_fn_group_banner 137 'rhbz1940928.at:1' \ "direct -s/-d multiple addresses" " " 5 at_xfail=no ( $as_echo "137. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1940928.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1940928.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1940928.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1940928.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1940928.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1940928.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1940928.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1940928.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1940928.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1940928.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1940928.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1940928.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1940928.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1940928.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1940928.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1940928.at:1" $as_echo "rhbz1940928.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1940928.at:3" { set +x $as_echo "$at_srcdir/rhbz1940928.at:7: sed -i 's/^IndividualCalls.*/IndividualCalls=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1940928.at:7" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 2 -p tcp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 2 -p tcp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 2 -p udp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 2 -p udp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 9 -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 9 -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1940928.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT tcp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT tcp -- 0.0.0.0/0 192.168.0.0/24 ACCEPT udp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT udp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT udp -- 0.0.0.0/0 192.168.0.0/24 DROP all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p sctp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p sctp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1940928.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT sctp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT sctp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT sctp -- 0.0.0.0/0 192.168.0.0/24 ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT tcp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT tcp -- 0.0.0.0/0 192.168.0.0/24 ACCEPT udp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT udp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT udp -- 0.0.0.0/0 192.168.0.0/24 DROP all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -p sctp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -p sctp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 2 -p tcp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 2 -p tcp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 2 -p udp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 2 -p udp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 9 -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 9 -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1940928.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:49" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1940928.at:52" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1940928.at:52" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_137 #AT_START_138 at_fn_group_banner 138 'rhbz1936896.at:1' \ "ipset type hash:net,net" " " 5 at_xfail=no ( $as_echo "138. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1936896.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1936896.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1936896.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1936896.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1936896.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1936896.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1936896.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1936896.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1936896.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1936896.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1936896.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1936896.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1936896.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1936896.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1936896.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1936896.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1936896.at:1" { set +x $as_echo "$at_srcdir/rhbz1936896.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:3" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1936896.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \\; } " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar { type ipv4_addr \; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:3" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1936896.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft flush set inet firewalld_check_ipset foobar >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1936896.at:3" $as_echo "rhbz1936896.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout { type ipv4_addr \; timeout 600s \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1936896.at:3" $as_echo "rhbz1936896.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_size { type ipv4_addr \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1936896.at:3" $as_echo "rhbz1936896.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_timeout_size { type ipv4_addr \; timeout 600s \; size 100000 \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1936896.at:3" $as_echo "rhbz1936896.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft add set inet firewalld_check_ipset foobar_interval_concat { type ipv4_addr . inet_service \; flags interval \; } >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1936896.at:3" $as_echo "rhbz1936896.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -j '{"nftables": [{"add": {"element": {"family": "inet", "table": "firewalld_check_ipset", "name": "foobar_interval_concat", "elem": [{"concat": [{"prefix": {"addr": "10.10.10.0", "len": 24}}, {"range": ["1234", "2000"]}]}]}}}]}' >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1936896.at:3" { set +x $as_echo "$at_srcdir/rhbz1936896.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_ipset " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_ipset ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:3" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1936896.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset testset --type hash:net,net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset testset --type hash:net,net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1936896.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=testset --add-entry=192.168.0.0/24,10.0.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=testset --add-entry=192.168.0.0/24,10.0.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1936896.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1936896.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1936896.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-ipset=testset | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1936896.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-ipset=testset | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "testset type: hash:net,net options: entries: 192.168.0.0/24,10.0.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:8" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/rhbz1936896.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list testset; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1936896.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list testset; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: testset Type: hash:net,net Members: 192.168.0.0/24,10.0.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:15" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1936896.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld testset; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1936896.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld testset; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set testset { type ipv4_addr . ipv4_addr flags interval elements = { 192.168.0.0/24 . 10.0.1.0/24 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:22" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1936896.at:32" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1936896.at:32" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_138 #AT_START_139 at_fn_group_banner 139 'gh795.at:1' \ "ipset entry delete w/ timeout=0" " " 5 at_xfail=no ( $as_echo "139. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh795.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh795.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh795.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh795.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh795.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh795.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh795.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh795.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh795.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh795.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh795.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh795.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh795.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh795.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh795.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh795.at:1" { set +x $as_echo "$at_srcdir/gh795.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset foobar --type=hash:ip --option=timeout=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset foobar --type=hash:ip --option=timeout=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --remove-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --remove-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --remove-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --remove-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "Warning: ALREADY_ENABLED: '1.2.3.4' already is in 'foobar' " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --remove-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --remove-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list set inet firewalld foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh795.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list set inet firewalld foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { set foobar { type ipv4_addr flags interval elements = { 1.2.3.4 } } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:26" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh795.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh795.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 timeout 0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:36" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh795.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --remove-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --remove-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:44" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/WARNING: ALREADY_ENABLED:/d'" != x"ignore"; then $as_echo "gh795.at:48" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/WARNING: ALREADY_ENABLED:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh795.at:48" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_139 #AT_START_140 at_fn_group_banner 140 'rhbz1914935.at:1' \ "zone overlapping ports" " " 5 at_xfail=no ( $as_echo "140. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1914935.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1914935.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1914935.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1914935.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1914935.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1914935.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1914935.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1914935.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1914935.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1914935.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1914935.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1914935.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1914935.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1914935.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1914935.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1914935.at:1" { set +x $as_echo "$at_srcdir/rhbz1914935.at:4: mkdir -p ./zones" at_fn_check_prepare_trace "rhbz1914935.at:4" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:4" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rhbz1914935.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:15: grep \"WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1914935.at:15" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:16: grep \"WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1914935.at:16" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone foobar --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone foobar --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1024-65535/tcp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:17" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rhbz1914935.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:30: grep \"WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1914935.at:30" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:31: grep \"WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1914935.at:31" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone foobar --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone foobar --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1024-65535/tcp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:32" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rhbz1914935.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:45: grep \"WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1914935.at:45" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/rhbz1914935.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone foobar --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone foobar --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1024-2500/tcp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:46" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rhbz1914935.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:59: grep \"WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1914935.at:59" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/rhbz1914935.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone foobar --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone foobar --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1024-2500/tcp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:60" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/WARNING: ALREADY_ENABLED:/d'" != x"ignore"; then $as_echo "rhbz1914935.at:64" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/WARNING: ALREADY_ENABLED:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1914935.at:64" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_140 #AT_START_141 at_fn_group_banner 141 'gh696.at:1' \ "icmp-block-inversion no log blocked" " " 5 at_xfail=no ( $as_echo "141. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh696.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh696.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh696.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh696.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh696.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh696.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh696.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh696.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh696.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh696.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh696.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh696.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh696.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh696.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh696.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh696.at:1" { set +x $as_echo "$at_srcdir/gh696.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --remove-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --remove-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh696.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_deny { icmp echo-request reject with icmpx admin-prohibited icmpv6 echo-request reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-log-denied all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-log-denied all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh696.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_deny { icmp echo-request log prefix \"\"filter_zone_public_HOST_ICMP_BLOCK: \"\" icmp echo-request reject with icmpx admin-prohibited icmpv6 echo-request log prefix \"\"filter_zone_public_HOST_ICMP_BLOCK: \"\" icmpv6 echo-request reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:53" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-log-denied off " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-log-denied off ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh696.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept icmp echo-request accept icmpv6 echo-request accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:56" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-log-denied all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-log-denied all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:79" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:81: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh696.at:81" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept icmp echo-request accept icmpv6 echo-request accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:81" $at_failed && at_fn_log_failure $at_traceon; } if test x"-d '/WARNING: NOT_ENABLED: icmp-block-inversion/d'" != x"ignore"; then $as_echo "gh696.at:102" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -d '/WARNING: NOT_ENABLED: icmp-block-inversion/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh696.at:102" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_141 #AT_START_142 at_fn_group_banner 142 'rhbz1917766.at:1' \ "rich rule source with netmask" " " 5 at_xfail=no ( $as_echo "142. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1917766.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1917766.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1917766.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1917766.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1917766.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1917766.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1917766.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1917766.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz1917766.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz1917766.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1917766.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1917766.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1917766.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1917766.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1917766.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1917766.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1917766.at:1" { set +x $as_echo "$at_srcdir/rhbz1917766.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --add-rich-rule='rule family=ipv4 source address=\"192.168.1.0/255.255.255.0\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --add-rich-rule='rule family=ipv4 source address="192.168.1.0/255.255.255.0" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1917766.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule family=ipv4 source address=\"192.168.1.0/255.255.255.0\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule family=ipv4 source address="192.168.1.0/255.255.255.0" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:8" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' foobar foobar _ATEOF { set +x $as_echo "$at_srcdir/rhbz1917766.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1917766.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1917766.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone foobar --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone foobar --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:22" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1917766.at:24" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1917766.at:24" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_142 #AT_START_143 at_fn_group_banner 143 'rhbz2014383.at:1' \ "same source in two zone xml" " " 5 at_xfail=no ( $as_echo "143. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz2014383.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz2014383.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz2014383.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz2014383.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz2014383.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz2014383.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz2014383.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz2014383.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz2014383.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz2014383.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rhbz2014383.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz2014383.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rhbz2014383.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz2014383.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz2014383.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz2014383.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz2014383.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz2014383.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz2014383.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz2014383.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz2014383.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz2014383.at:1" { set +x $as_echo "$at_srcdir/rhbz2014383.at:4: mkdir -p ./zones" at_fn_check_prepare_trace "rhbz2014383.at:4" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:4" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' foobar foobar _ATEOF cat >./zones/foobar2.xml <<'_ATEOF' foobar2 foobar2 _ATEOF { set +x $as_echo "$at_srcdir/rhbz2014383.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz2014383.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/rhbz2014383.at:28" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' foobar foobar _ATEOF cat >./zones/foobar2.xml <<'_ATEOF' foobar2 foobar2 _ATEOF { set +x $as_echo "$at_srcdir/rhbz2014383.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz2014383.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 104 $at_status "$at_srcdir/rhbz2014383.at:54" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "rhbz2014383.at:56" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz2014383.at:56" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_143 #AT_START_144 at_fn_group_banner 144 'gh874.at:1' \ "policy masquerade w/ ingress interface" " " 5 at_xfail=no ( $as_echo "144. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh874.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh874.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh874.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh874.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh874.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh874.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh874.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh874.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh874.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh874.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh874.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh874.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh874.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh874.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh874.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh874.at:1" { set +x $as_echo "$at_srcdir/gh874.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-zone foobar_zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-zone foobar_zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy foobar_policy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy foobar_policy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar_policy --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar_policy --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar_policy --add-ingress-zone foobar_zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar_policy --add-ingress-zone foobar_zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar_policy --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar_policy --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone foobar_zone --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone foobar_zone --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/gh874.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sed -i '2a \\ ' ./zones/foobar_zone.xml " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sed -i '2a \ ' ./zones/foobar_zone.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/gh874.at:23" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "gh874.at:25" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh874.at:25" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_144 #AT_START_145 at_fn_group_banner 145 'gh881.at:1' \ "ipset entry overlap detect perf" " " 5 at_xfail=no ( $as_echo "145. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh881.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh881.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh881.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh881.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "gh881.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh881.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh881.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh881.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/gh881.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/gh881.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh881.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh881.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh881.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh881.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh881.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh881.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh881.at:1" : >./deny_cidr { set +x $as_echo "$at_srcdir/gh881.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh -c ' for I in \$(seq 250); do for J in \$(seq 250); do echo \"10.\${I}.\${J}.0/24\" >> ./deny_cidr done done ' " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh881.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c ' for I in $(seq 250); do for J in $(seq 250); do echo "10.${I}.${J}.0/24" >> ./deny_cidr done done ' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh881.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} echo \"10.254.0.0/16\" >> ./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} echo "10.254.0.0/16" >> ./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh881.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=deny_set --type=hash:net --option=family=inet --option=hashsize=16384 --option=maxelem=20000 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=deny_set --type=hash:net --option=family=inet --option=hashsize=16384 --option=maxelem=20000 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh881.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:19" $at_failed && at_fn_log_failure $at_traceon; } cat >./deny_cidr <<'_ATEOF' 9.0.0.0/8 11.1.0.0/16 _ATEOF { set +x $as_echo "$at_srcdir/gh881.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:27" $at_failed && at_fn_log_failure $at_traceon; } cat >./deny_cidr <<'_ATEOF' 10.1.0.0/16 10.2.0.0/16 10.250.0.0/16 _ATEOF { set +x $as_echo "$at_srcdir/gh881.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/gh881.at:36" $at_failed && at_fn_log_failure $at_traceon; } cat >./deny_cidr <<'_ATEOF' 10.253.0.0/16 10.253.128.0/17 _ATEOF { set +x $as_echo "$at_srcdir/gh881.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/gh881.at:42" $at_failed && at_fn_log_failure $at_traceon; } cat >./deny_cidr <<'_ATEOF' 10.1.1.1/32 _ATEOF { set +x $as_echo "$at_srcdir/gh881.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/gh881.at:47" $at_failed && at_fn_log_failure $at_traceon; } cat >./deny_cidr <<'_ATEOF' 10.0.0.0/8 10.0.0.0/25 _ATEOF { set +x $as_echo "$at_srcdir/gh881.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/gh881.at:53" $at_failed && at_fn_log_failure $at_traceon; } : >./deny_cidr { set +x $as_echo "$at_srcdir/gh881.at:57: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:57" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:57" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh881.at:59" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh881.at:59" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_145 #AT_START_146 at_fn_group_banner 146 'service_includes_for_builtin.at:1' \ "service include for built-in" " " 5 at_xfail=no ( $as_echo "146. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_includes_for_builtin.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "service_includes_for_builtin.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "service_includes_for_builtin.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_includes_for_builtin.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "service_includes_for_builtin.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service_includes_for_builtin.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_includes_for_builtin.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "service_includes_for_builtin.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_includes_for_builtin.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_includes_for_builtin.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "service_includes_for_builtin.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service_includes_for_builtin.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "service_includes_for_builtin.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/service_includes_for_builtin.at:1" $as_echo "service_includes_for_builtin.at:6" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:6" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getServiceByName \"ssh\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getServiceByName "ssh"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:6" $at_failed && at_fn_log_failure $at_traceon; } SERVICE_OBJ=$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout) export SERVICE_OBJ $as_echo "service_includes_for_builtin.at:13" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:13" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(@as [],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:13" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_includes_for_builtin.at:16" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:16" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.setIncludes '[\"https\", \"http\"]'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.setIncludes '["https", "http"]'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:16" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_includes_for_builtin.at:17" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:17" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['https', 'http'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:17" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_includes_for_builtin.at:20" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:20" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.addInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.addInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:20" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_includes_for_builtin.at:21" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:21" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:21" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_includes_for_builtin.at:24" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:24" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.removeInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.removeInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:24" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_includes_for_builtin.at:25" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:25" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:25" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "service_includes_for_builtin.at:29" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/service_includes_for_builtin.at:29" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_146 #AT_START_147 at_fn_group_banner 147 'python.at:3' \ "firewalld_test.py" " " 6 at_xfail=no ( $as_echo "147. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:3: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:3: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:3" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:3: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:3" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:3: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:3" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/python.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/python.at:3: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:3" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/python.at:3: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:3" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:3" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:3" { set +x $as_echo "$at_srcdir/python.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_test.py " at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_test.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:5" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "python.at:6" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/python.at:6" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_147 #AT_START_148 at_fn_group_banner 148 'python.at:8' \ "firewalld_config.py" " " 6 at_xfail=no ( $as_echo "148. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:8: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:8: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:8" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:8: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:8" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:8: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:8" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:8" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/python.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/python.at:8: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:8" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/python.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:8" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:8" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:8" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:8" { set +x $as_echo "$at_srcdir/python.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_config.py " at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_config.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:10" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "python.at:11" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/python.at:11" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_148 #AT_START_149 at_fn_group_banner 149 'python.at:13' \ "firewalld_rich.py" " " 6 at_xfail=no ( $as_echo "149. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:13: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:13: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:13" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:13: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:13" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:13: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:13" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:13" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/python.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/python.at:13: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:13" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/python.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:13" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:13" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:13" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:13" { set +x $as_echo "$at_srcdir/python.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_rich.py " at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_rich.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:15" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "python.at:16" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/python.at:16" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_149 #AT_START_150 at_fn_group_banner 150 'python.at:18' \ "firewalld_direct.py" " " 6 at_xfail=no ( $as_echo "150. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:18: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:18: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:18" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:18: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:18" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:18: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:18" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:18" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/python.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/python.at:18: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:18" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/python.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:18" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:18" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:18" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:18" $as_echo "python.at:20" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/python.at:20" { set +x $as_echo "$at_srcdir/python.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_direct.py " at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_direct.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:21" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "python.at:22" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/python.at:22" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_150 #AT_START_151 at_fn_group_banner 151 'rfc3964_ipv4.at:1' \ "RFC3964_IPv4" " " 7 at_xfail=no ( $as_echo "151. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rfc3964_ipv4.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rfc3964_ipv4.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rfc3964_ipv4.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rfc3964_ipv4.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:1" { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:4: sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:4" ( $at_check_trace; sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:5: sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:5" ( $at_check_trace; sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname \"lo\" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix \"RFC3964_IPv4_REJECT: \" reject with icmpv6 addr-unreachable jump filter_FORWARD_ZONES ct state invalid log prefix \"STATE_INVALID_DROP: \" ct state invalid drop log prefix \"FINAL_REJECT: \" reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT { ct state established,related accept oifname \"lo\" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } log prefix \"RFC3964_IPv4_REJECT: \" reject with icmpv6 addr-unreachable jump filter_OUTPUT_POLICIES_pre jump filter_OUTPUT_POLICIES_post } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:74: sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:74" ( $at_check_trace; sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:74" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:77: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:77" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname \"lo\" accept jump filter_FORWARD_ZONES ct state invalid log prefix \"STATE_INVALID_DROP: \" ct state invalid drop log prefix \"FINAL_REJECT: \" reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:77" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT { ct state established,related accept oifname \"lo\" accept jump filter_OUTPUT_POLICIES_pre jump filter_OUTPUT_POLICIES_post } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:91" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rfc3964_ipv4.at:121" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:121" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_151 #AT_START_152 at_fn_group_banner 152 'service_include.at:1' \ "service include" " " 7 at_xfail=no ( $as_echo "152. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/service_include.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/service_include.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "service_include.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/service_include.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "service_include.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/service_include.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "service_include.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service_include.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/service_include.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/service_include.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "service_include.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/service_include.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "service_include.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service_include.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "service_include.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/service_include.at:1" { set +x $as_echo "$at_srcdir/service_include.at:4: mkdir -p ./services" at_fn_check_prepare_trace "service_include.at:4" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:5: cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE " at_fn_check_prepare_notrace 'an embedded newline' "service_include.at:5" ( $at_check_trace; cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:17: cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE " at_fn_check_prepare_notrace 'an embedded newline' "service_include.at:17" ( $at_check_trace; cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --add-service=my-service-with-include " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --add-service=my-service-with-include ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=drop --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=drop --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --add-service=recursive-service " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --add-service=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --remove-service=recursive-service " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --remove-service=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_drop_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_drop_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_drop_allow { ip daddr 239.255.255.250 udp dport 1900 ct state new,untracked accept ip6 daddr ff02::c udp dport 1900 ct state new,untracked accept ip daddr 224.0.0.251 udp dport 5353 ct state new,untracked accept ip6 daddr ff02::fb udp dport 5353 ct state new,untracked accept tcp dport 12345 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:61: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=recursive-service " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:61" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:61" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:64: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:64" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:66" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:67: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:67" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --get-includes " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --get-includes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "mdns recursive-service ssdp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:81: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:81" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:81" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:93: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service" "service_include.at:93" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:93" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:94: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh" "service_include.at:94" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:94" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:95: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" "service_include.at:95" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:96: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:96" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:96" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:97: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh" "service_include.at:97" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:97" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:98: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" "service_include.at:98" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:99: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:99" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:99" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:100: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes" "service_include.at:100" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "mdns recursive-service ssdp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:100" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:103: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; }" at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:103" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-service=my-service-with-include " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-service=my-service-with-include ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=does-not-exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/service_include.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 251 $at_status "$at_srcdir/service_include.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dhcpv6-client ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:123: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=does-not-exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:123" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:123" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:124" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:124" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_SERVICE: does-not-exist/d'" != x"ignore"; then $as_echo "service_include.at:126" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_SERVICE: does-not-exist/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/service_include.at:126" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_152 #AT_START_153 at_fn_group_banner 153 'helpers_custom.at:1' \ "customer helpers" " " 7 at_xfail=no ( $as_echo "153. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/helpers_custom.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/helpers_custom.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "helpers_custom.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/helpers_custom.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "helpers_custom.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/helpers_custom.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "helpers_custom.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/helpers_custom.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/helpers_custom.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "helpers_custom.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/helpers_custom.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "helpers_custom.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "helpers_custom.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:1" { set +x $as_echo "$at_srcdir/helpers_custom.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-helper=\"ftptest\" --module=\"nf_conntrack_ftp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-helper="ftptest" --module="nf_conntrack_ftp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --helper=ftptest --add-port=\"2121/tcp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --helper=ftptest --add-port="2121/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-service=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-service="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port=\"2121/tcp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port="2121/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftptest " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftptest ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 2121 ct helper set \"helper-ftptest-tcp\" tcp dport 2121 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/helpers_custom.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:87: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftptest " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:87" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftptest ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:87" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 2121 ct helper set \"helper-ftptest-tcp\" tcp dport 2121 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-helper=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-helper="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper=\"ftp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper="ftp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port=\"21/tcp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port="21/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:122: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftptest " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:122" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftptest ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:122" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept tcp dport 21 ct helper set \"helper-ftp-tcp\" tcp dport 2121 ct helper set \"helper-ftptest-tcp\" tcp dport 2121 ct state new,untracked accept tcp dport 21 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:124" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "helpers_custom.at:156" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:156" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_153 #AT_START_154 at_fn_group_banner 154 'policy.at:5' \ "policy - xml" " " 7 at_xfail=no ( $as_echo "154. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:5: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:5" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:5: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:5" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:5: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:5" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:5: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:5" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:5" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy.at:5: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:5" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:5" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:5" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:5" { set +x $as_echo "$at_srcdir/policy.at:8: mkdir -p ./policies" at_fn_check_prepare_trace "policy.at:8" ( $at_check_trace; mkdir -p ./policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:8" $at_failed && at_fn_log_failure $at_traceon; } cat >./policies/foobar.xml <<'_ATEOF' foobar foobar policy _ATEOF { set +x $as_echo "$at_srcdir/policy.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:71" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy.at:73" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:73" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_154 #AT_START_155 at_fn_group_banner 155 'policy.at:79' \ "policy - create" " " 7 at_xfail=no ( $as_echo "155. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:79: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:79" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:79: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:79" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:79: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:79" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:79: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:79" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:79" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:79" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy.at:79: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:79" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:79" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:79" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:79" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:79" { set +x $as_echo "$at_srcdir/policy.at:83: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy worldToHost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:83" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy worldToHost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:83" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:84: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy hostToWorld " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:84" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy hostToWorld ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:84" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy zoneToZone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy zoneToZone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:85" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:86: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:86" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 hostToWorld worldToHost zoneToZone " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:86" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 hostToWorld worldToHost zoneToZone " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:90" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy.at:94" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:94" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_155 #AT_START_156 at_fn_group_banner 156 'policy.at:96' \ "policy - name" " " 7 at_xfail=no ( $as_echo "156. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:96: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:96" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:96: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:96" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:96: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:96" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:96: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:96" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:96" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:96" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy.at:96: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:96" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:96" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:96" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:96" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:96" { set +x $as_echo "$at_srcdir/policy.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy 123456789012345678 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy 123456789012345678 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy 1234567890123456789 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy 1234567890123456789 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 116 $at_status "$at_srcdir/policy.at:101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/policy.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-zone allow-host-ipv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-zone allow-host-ipv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/policy.at:105" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_NAME:/d' -e '/ERROR: NAME_CONFLICT:/d'" != x"ignore"; then $as_echo "policy.at:107" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_NAME:/d' -e '/ERROR: NAME_CONFLICT:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:107" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_156 #AT_START_157 at_fn_group_banner 157 'policy.at:109' \ "policy - list" " " 7 at_xfail=no ( $as_echo "157. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:109: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:109" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:109: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:109" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:109: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:109" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:109: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:109" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:109" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:109" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy.at:109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy.at:109: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:109" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:109" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:109" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:109" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:109" { set +x $as_echo "$at_srcdir/policy.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-policy allow-host-ipv6 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-policy allow-host-ipv6 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-policy allow-host-ipv6 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:131" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-policy allow-host-ipv6 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:131" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:151: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all-policies | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:151" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all-policies | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:151" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:170: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-all-policies | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:170" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-all-policies | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:170" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:190: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:190" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:190" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:209: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:209" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:209" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy.at:229" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:229" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_157 #AT_START_158 at_fn_group_banner 158 'policy.at:231' \ "policy - options" " " 7 at_xfail=no ( $as_echo "158. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:231: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:231" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:231: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:231" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:231: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:231" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:231: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:231" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:231" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:231" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy.at:231: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:231" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy.at:231: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:231" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:231: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:231" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:231: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:231" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:231" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:231" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:231" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:231" { set +x $as_echo "$at_srcdir/policy.at:235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:235" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:236: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:236" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:236" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:239" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:240: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:240" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:240" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:241: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --remove-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:241" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:241" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:242: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --remove-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:242" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:242" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --query-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --query-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:243" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:244: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --query-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:244" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --query-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:244" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:245: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --list-interfaces " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:245" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:245" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:246: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --list-interfaces " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:246" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:246" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:249: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:249" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:249" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:250: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:250" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:250" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:251: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --remove-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:251" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:251" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:252: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --remove-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:252" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:252" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --query-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --query-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:253" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --query-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --query-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:254" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:255: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:255" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:255" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:256" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --add-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:259" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:260: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:260" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:260" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:261: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --remove-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:261" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --remove-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:261" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:262: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --remove-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:262" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --remove-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:262" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:263: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --query-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:263" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:263" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:264: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --query-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:264" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:264" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:267: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:267" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:267" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:268: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:268" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:268" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:269" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:270: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-egress-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:270" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-egress-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:270" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:271: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:271" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:271" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:272: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:272" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:272" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:273: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:273" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:273" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:274: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-egress-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:274" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-egress-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:274" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:275: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-ingress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:275" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:275" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:276: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-ingress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:276" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:276" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:277: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-ingress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:277" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:277" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:278: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-ingress-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:278" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-ingress-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:278" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:279: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-ingress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:279" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:279" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:280: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-ingress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:280" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:280" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:281: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-ingress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:281" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:281" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:282: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-ingress-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:282" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-ingress-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:282" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:283: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-priority " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:283" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-priority ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:283" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:284: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-priority 5 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:284" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-priority 5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:284" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:285: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-priority " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:285" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-priority ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:285" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:286: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --set-priority 5 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:286" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --set-priority 5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:286" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy.at:288" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:288" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_158 #AT_START_159 at_fn_group_banner 159 'policy.at:290' \ "policy - priority" " " 7 at_xfail=no ( $as_echo "159. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:290: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:290" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:290: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:290" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:290: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:290" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:290: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:290" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:290" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:290" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy.at:290: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:290" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy.at:290: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:290" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:290: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:290" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:290: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:290" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:290" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:290" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:290" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:290" { set +x $as_echo "$at_srcdir/policy.at:294: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy worldToHost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:294" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy worldToHost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:294" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:295: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:295" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:295" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:296: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:296" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:296" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:297: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority -1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:297" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority -1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:297" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:298: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --get-priority " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:298" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --get-priority ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-1 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:298" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:301: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:301" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:301" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:301: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:301" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:301" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:302: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:302" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 jump filter_IN_policy_worldToHost } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:302" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:310: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:310" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_post { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:310" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:330: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:330" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:330" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:331: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:331" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:331" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:331: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:331" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:331" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:332: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:332" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:332" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_post { jump filter_IN_policy_worldToHost } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy first " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy first ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy first --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy first --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:362: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy first --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:362" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy first --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:362" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:363: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy second " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:363" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy second ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:363" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:364: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy second --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:364" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy second --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:364" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy second --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy second --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:366: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy third " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:366" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy third ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:366" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:367: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy third --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:367" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy third --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:367" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:368: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy third --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:368" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy third --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:368" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:369: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy fourth " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:369" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy fourth ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:369" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:370: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy fourth --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:370" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy fourth --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:370" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy fourth --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy fourth --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:372: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy fifth " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:372" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy fifth ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:372" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:373: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy fifth --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:373" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy fifth --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:373" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:374: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy fifth --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:374" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy fifth --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:374" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:376: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy fourth --set-priority -100 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:376" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy fourth --set-priority -100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:376" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:377: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy second --set-priority -5000 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:377" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy second --set-priority -5000 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:377" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:378: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy first --set-priority -10000 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:378" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy first --set-priority -10000 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:378" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:379: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy third --set-priority -1000 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:379" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy third --set-priority -1000 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:379" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:380: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy fifth --set-priority -10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:380" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy fifth --set-priority -10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:380" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:381: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:381" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:381" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:381: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:381" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:381" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:382: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:382" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 jump filter_IN_policy_first jump filter_IN_policy_second jump filter_IN_policy_third jump filter_IN_policy_fourth jump filter_IN_policy_fifth } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:382" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:412: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:412" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/policy.at:412" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:413: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority -32769 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:413" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority -32769 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/policy.at:413" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:414: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority -32768 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:414" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority -32768 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:414" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:415: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 32768 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:415" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 32768 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/policy.at:415" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:416: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 32767 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:416" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 32767 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:416" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_PRIORITY/d'" != x"ignore"; then $as_echo "policy.at:418" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_PRIORITY/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:418" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_159 #AT_START_160 at_fn_group_banner 160 'policy.at:420' \ "policy - zones" " " 7 at_xfail=no ( $as_echo "160. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:420: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:420" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:420: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:420" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:420: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:420" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:420: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:420" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:420" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:420" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy.at:420: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:420" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy.at:420: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:420" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:420: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:420" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:420: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:420" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:420" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:420" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:420" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:420" { set +x $as_echo "$at_srcdir/policy.at:423: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:423" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:423" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:424: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=internal --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:424" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=internal --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:424" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:426: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:426" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:426" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:427: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-priority -1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:427" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-priority -1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:427" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:428: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:428" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:428" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:428: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:428" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:428" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:431: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:431" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:431" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:432: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:432" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:432" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:433: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:433" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:433" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:434: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:434" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:434" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:435: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:435" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:435" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:436: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:436" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:436" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:437: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:437" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:437" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:438: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:438" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:438" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:439: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:439" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:439" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:440: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:440" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:440" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:441: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:441" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:441" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:442: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:442" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:442" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:443: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:443" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:443" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:444: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:444" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:444" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:445: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:445" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:445" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:446: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:446" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:446" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:447: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:447" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/policy.at:447" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:448: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:448" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/policy.at:448" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:449: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:449" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:449" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:450: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:450" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:450" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:451: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:451" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:451" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:452: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:452" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:452" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:453: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:453" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:453" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:454: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:454" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:454" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:455: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:455" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:455" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:456: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:456" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:456" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:457: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:457" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:457" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:458: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:458" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:458" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:459: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:459" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:459" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:460: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:460" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:460" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:461: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:461" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:461" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:462: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:462" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:462" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:463: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:463" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:463" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:464: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:464" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:464" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:465: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:465" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:465" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:466: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:466" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:466" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:467: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:467" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/policy.at:467" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:468: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:468" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/policy.at:468" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:469: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:469" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:469" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:470: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:470" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:470" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:473: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:473" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:473" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:474: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:474" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:474" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:475: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:475" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:475" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:476: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:476" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:476" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:477: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:477" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:477" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:478: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:478" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:478" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:479: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:479" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:479" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:480: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:480" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:480" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:481: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:481" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:481" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:482: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:482" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:482" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:483: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:483" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:483" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:484: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:484" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:484" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:485: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:485" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:485" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:486: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:486" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:486" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:487: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:487" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:487" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:488: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:488" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:488" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:489: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:489" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:489" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:490: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:490" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:490" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:491: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:491" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:491" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:492: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:492" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:492" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:493: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:493" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:493" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:494: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:494" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:494" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:495: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:495" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:495" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:496: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:496" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:496" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:497: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:497" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:497" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:498: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:498" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:498" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:499: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:499" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:499" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:500: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:500" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:500" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:503: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:503" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:503" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:504: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:504" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:504" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:505: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:505" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:505" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:506: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:506" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:506" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:507: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:507" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:507" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:508: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:508" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:508" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:509: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:509" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:509" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:510: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:510" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:510" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:511: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:511" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:511" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:512: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:512" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:512" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:513: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:513" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:513" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:514: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:514" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:514" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:517: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:517" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:517" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:518: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:518" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:518" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:519: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:519" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:519" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:520: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:520" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:520" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:521: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:521" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:521" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:522: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:522" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:522" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:523: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:523" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:523" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:524: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:524" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:524" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:525: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:525" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:525" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:526: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:526" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:526" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:527: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:527" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:527" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:528: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:528" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:528" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:531: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:531" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:531" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:532: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:532" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:532" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:533: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:533" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:533" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:534: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:534" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:534" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:535: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:535" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:535" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:536: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:536" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:536" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:539: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"does_not_exist\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:539" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="does_not_exist" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:539" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:540: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"does_not_exist\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:540" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="does_not_exist" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:540" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:541: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"does_not_exist\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:541" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="does_not_exist" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:541" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:542: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"does_not_exist\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:542" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="does_not_exist" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:542" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:547: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:547" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:547" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:548: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:548" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:548" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:548: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:548" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:548" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:549: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:549" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 ingress-zones: ANY egress-zones: HOST " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:549" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:554: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:554" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:554" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:564: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:564" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:564" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:565: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:565" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:565" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:565: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:565" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:565" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:566: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:566" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 ingress-zones: ANY egress-zones: HOST foobar ingress-zones: public egress-zones: internal " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:566" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:574: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:574" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname \"foobar0\" oifname \"foobar1\" jump filter_FWD_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:574" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:587: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:587" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:587" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:588: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:588" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:588" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:588: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:588" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:588" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:589: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:589" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 ingress-zones: ANY egress-zones: HOST " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:589" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:594: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:594" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:594" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_ZONE:/d'" != x"ignore"; then $as_echo "policy.at:605" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ZONE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:605" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_160 #AT_START_161 at_fn_group_banner 161 'policy.at:607' \ "policy - dispatch" " " 7 at_xfail=no ( $as_echo "161. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:607: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:607" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:607: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:607" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:607: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:607" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:607: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:607" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:607" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:607" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy.at:607: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:607" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy.at:607: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:607" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:607: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:607" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:607: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:607" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:607" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:607" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:607" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:607" { set +x $as_echo "$at_srcdir/policy.at:610: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:610" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:610" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:611: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=internal --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:611" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=internal --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:611" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:613: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:613" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:613" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:614: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-priority -1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:614" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-priority -1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:614" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:615: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:615" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:615" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:615: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:615" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:615" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:617: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:617" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 ingress-zones: ANY egress-zones: HOST " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:617" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:636: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:636" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING { jump nat_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:636" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:653: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:653" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT { jump nat_OUTPUT_POLICIES_pre jump nat_OUTPUT_POLICIES_post } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:653" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:672: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:672" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING { jump nat_POSTROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:672" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:688: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:688" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING { jump mangle_PREROUTING_ZONES } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:688" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:709: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:709" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT { ct state established,related accept ct status dnat accept iifname \"lo\" accept jump filter_INPUT_ZONES ct state invalid drop reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:709" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:738: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:738" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD { ct state established,related accept ct status dnat accept iifname \"lo\" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable jump filter_FORWARD_ZONES ct state invalid drop reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:738" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:769: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:769" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT { ct state established,related accept oifname \"lo\" accept ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable jump filter_OUTPUT_POLICIES_pre jump filter_OUTPUT_POLICIES_post } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:769" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:798: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:798" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:798" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:799: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:799" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:799" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:800: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:800" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 ingress-zones: ANY egress-zones: HOST foobar ingress-zones: public egress-zones: HOST " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:800" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:809: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:809" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 iifname \"foobar0\" jump filter_IN_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:809" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:826: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:826" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:826" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:837: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:837" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:837" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:857: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:857" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:857" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:871: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:871" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:871" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:885: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:885" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:885" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:896: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:896" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:896" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:906: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:906" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:907: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:907" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:907" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:911: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:911" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:911" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:912: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:912" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:912" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:914: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:914" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 jump filter_IN_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:914" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:931: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:931" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:931" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:942: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:942" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:942" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:962: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:962" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 jump mangle_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:962" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:979: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:979" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 jump nat_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:979" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:996: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:996" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:996" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1007: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1007" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1007" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1017: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1017" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1017" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1018: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1018" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1018" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1022: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1022" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1022" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1023: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1023" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1023" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1025: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1025" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1025" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1039: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1039" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT_POLICIES_pre { oifname \"foobar0\" jump filter_OUT_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1039" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1053: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1053" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1053" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1071: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1071" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1071" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1085: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1085" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1085" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1099: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1099" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1099" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1110: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1110" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT_POLICIES_pre { oifname \"foobar0\" jump nat_OUT_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1110" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1123: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1123" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1123" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1124" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1128: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1128" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1128" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1129" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1131" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1131" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT_POLICIES_pre { jump filter_OUT_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1145" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1159: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1159" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1159" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1205: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1205" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1205" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT_POLICIES_pre { jump nat_OUT_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1229: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1229" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1229" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1230: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1230" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1230" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1234" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1235" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1237: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1237" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1237" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1251: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1251" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1251" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1262: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1262" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { jump filter_FWD_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1262" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1285: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1285" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 jump mangle_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1285" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1302: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1302" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 jump nat_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1302" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1319: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1319" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { jump nat_POST_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1319" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1333: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1333" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1333" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1348: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1348" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1348" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1349: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1349" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1349" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1351: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1351" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1351" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1376: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1376" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { oifname \"foobar0\" jump filter_FWD_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1376" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1399: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1399" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1399" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1413: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1413" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1413" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1427: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1427" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { oifname \"foobar0\" jump nat_POST_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1427" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1441: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1441" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1441" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1451: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1451" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1451" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1452: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1452" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1452" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1453: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1453" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1453" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1454: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1454" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1454" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1458: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1458" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1458" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1459: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1459" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1459" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1460: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1460" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1460" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1462: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1462" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1462" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1476: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1476" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1476" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1487: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1487" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { ip daddr 10.10.10.0/24 jump filter_FWD_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1487" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1508: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1508" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 ip daddr 10.10.10.0/24 jump mangle_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1508" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1524: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1524" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 ip daddr 10.10.10.0/24 jump nat_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1524" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1540: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1540" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { ip daddr 10.10.10.0/24 jump nat_POST_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1540" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1553: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1553" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1553" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1563: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1563" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1563" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1564: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1564" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1564" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1565: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1565" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1565" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1569: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1569" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1569" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1570: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1570" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1570" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1571: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1571" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1571" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1573: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1573" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1573" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1587: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1587" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1587" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1598: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1598" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname \"foobar1\" jump filter_FWD_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1598" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1621: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1621" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 iifname \"foobar1\" jump mangle_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1621" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1638: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1638" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 iifname \"foobar1\" jump nat_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1638" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1655: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1655" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1655" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1666: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1666" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1666" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1676: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1676" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1676" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1677: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1677" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1677" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1678: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1678" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1678" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1682: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1682" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1682" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1683: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1683" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1683" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1684: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1684" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1684" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1686: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1686" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1686" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1700: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1700" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1700" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1711: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1711" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { ip saddr 10.10.10.0/24 jump filter_FWD_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1711" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1732: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1732" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 ip saddr 10.10.10.0/24 jump mangle_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1732" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1748: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1748" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 ip saddr 10.10.10.0/24 jump nat_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1748" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1764: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1764" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { ip saddr 10.10.10.0/24 jump nat_POST_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1764" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1777: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1777" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1777" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1787: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1787" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1787" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1788: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1788" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1788" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1789: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1789" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1789" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1794: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1794" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1794" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1795: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1795" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1795" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1796: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1796" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1796" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1797: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1797" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1797" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1799: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1799" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1799" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1813: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1813" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1813" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1824: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1824" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname \"foobar1\" oifname \"foobar0\" jump filter_FWD_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1824" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1847: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1847" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1847" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1861: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1861" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1861" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1875: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1875" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1875" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1886: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1886" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1886" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1896: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1896" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1896" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1897: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1897" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1897" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1898: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1898" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1898" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1899: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1899" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1899" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1904: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1904" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1904" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1905: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1905" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1905" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1906: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1906" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1907: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1907" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1907" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1909: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1909" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1909" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1923: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1923" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1923" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1934: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1934" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname \"foobar1\" ip daddr 10.10.10.0/24 jump filter_FWD_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1934" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1955: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1955" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 iifname \"foobar1\" ip daddr 10.10.10.0/24 jump mangle_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1955" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1971: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1971" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 iifname \"foobar1\" ip daddr 10.10.10.0/24 jump nat_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1971" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1987: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1987" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1987" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1998: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1998" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1998" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2008: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2008" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2008" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2009: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2009" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2009" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2010: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2010" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2010" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2011: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2011" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2011" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2016: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2016" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2016" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2017: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2017" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2017" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2018: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2018" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2018" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2019: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2019" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2019" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2021: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2021" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2021" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2035: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2035" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2035" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2046: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2046" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { ip saddr 10.10.10.0/24 oifname \"foobar0\" jump filter_FWD_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2046" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2067: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2067" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2067" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2081: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2081" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2081" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2095: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2095" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { ip saddr 10.10.10.0/24 oifname \"foobar0\" jump nat_POST_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2095" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2108: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2108" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2108" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2121" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2126" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2127: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=10.20.20.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2127" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=10.20.20.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2127" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2128: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2128" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2128" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2129" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2131" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_INPUT_POLICIES_pre { jump filter_IN_policy_allow-host-ipv6 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2131" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2145" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2156: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2156" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { ip saddr 10.10.10.0/24 ip daddr 10.20.20.0/24 jump filter_FWD_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2156" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PREROUTING_POLICIES_pre { jump mangle_PRE_policy_allow-host-ipv6 ip saddr 10.10.10.0/24 ip daddr 10.20.20.0/24 jump mangle_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2193: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2193" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 ip saddr 10.10.10.0/24 ip daddr 10.20.20.0/24 jump nat_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2193" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2209: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2209" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POSTROUTING_POLICIES_pre { ip saddr 10.10.10.0/24 ip daddr 10.20.20.0/24 jump nat_POST_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2209" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2222: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2222" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUTPUT_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2222" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2232: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2232" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2232" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2233: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2233" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2233" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2234" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-source=10.20.20.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-source=10.20.20.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2235" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy.at:2237" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2237" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_161 #AT_START_162 at_fn_group_banner 162 'policy.at:2239' \ "policy - interfaces/sources" " " 7 at_xfail=no ( $as_echo "162. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:2239: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2239" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:2239: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:2239" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:2239: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:2239" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:2239: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2239" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:2239" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:2239" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy.at:2239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy.at:2239: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:2239" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:2239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:2239" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:2239" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:2239" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2239" { set +x $as_echo "$at_srcdir/policy.at:2242: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2242" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2242" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2243" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2244: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone internal --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2244" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone internal --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2244" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2245: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2245" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2245" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2246: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2246" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2246" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2246: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2246" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2246" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2247: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2247" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2247" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2261: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --add-interface foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2261" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --add-interface foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2261" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2262: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2262" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname \"foobar0\" oifname \"foobar1\" jump filter_FWD_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2262" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2279: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --add-interface foobar2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2279" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --add-interface foobar2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2279" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2280: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2280" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname \"foobar0\" oifname { \"foobar1\", \"foobar2\" } jump filter_FWD_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2280" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --remove-interface foobar2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --remove-interface foobar2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2299" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2300: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2300" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { iifname \"foobar0\" oifname \"foobar1\" jump filter_FWD_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2300" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2318: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --remove-interface foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2318" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --remove-interface foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2318" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2319: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2319" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2319" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2333: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2333" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2333" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2334: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2334" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 iifname \"foobar0\" ip daddr 10.10.10.0/24 jump nat_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2334" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2352: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --add-source 1234::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2352" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --add-source 1234::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2352" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2356: grep 'iifname \"foobar0\" ip6 daddr 1234::/64 jump nat_PRE_policy_foobar' ./stdout" at_fn_check_prepare_trace "policy.at:2356" ( $at_check_trace; grep 'iifname "foobar0" ip6 daddr 1234::/64 jump nat_PRE_policy_foobar' ./stdout ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2370: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --remove-source 1234::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2370" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --remove-source 1234::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2370" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2373: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2373" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PREROUTING_POLICIES_pre { jump nat_PRE_policy_allow-host-ipv6 iifname \"foobar0\" ip daddr 10.10.10.0/24 jump nat_PRE_policy_foobar } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2373" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2392: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --remove-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2392" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2392" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2393: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2393" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FORWARD_POLICIES_pre { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2393" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy.at:2404" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2404" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_162 #AT_START_163 at_fn_group_banner 163 'policy.at:2406' \ "policy - target" " " 7 at_xfail=no ( $as_echo "163. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:2406: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2406" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:2406: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:2406" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:2406: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:2406" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:2406: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2406" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:2406" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:2406" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy.at:2406: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2406" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy.at:2406: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:2406" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:2406: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2406" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2406: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2406" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:2406" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:2406" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:2406" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2406" { set +x $as_echo "$at_srcdir/policy.at:2409: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2409" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2409" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2411: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=CONTINUE " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2411" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=CONTINUE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2411" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2412: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2412" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2412" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2413: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2413" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2413" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2414: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=REJECT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2414" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=REJECT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2414" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2415: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=DENY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2415" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=DENY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/policy.at:2415" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2416: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=default " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2416" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/policy.at:2416" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2419: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2419" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2419" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2420: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2420" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2420" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2421: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone internal --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2421" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone internal --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2421" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2422: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2422" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2422" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2423: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2423" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2423" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2423: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2423" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2423" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2424: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2424" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar { jump filter_IN_policy_foobar_pre jump filter_IN_policy_foobar_log jump filter_IN_policy_foobar_deny jump filter_IN_policy_foobar_allow jump filter_IN_policy_foobar_post accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2424" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "policy.at:2453" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2453" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_163 #AT_START_164 at_fn_group_banner 164 'policy.at:2455' \ "policy - from file" " " 7 at_xfail=no ( $as_echo "164. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:2455: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2455" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:2455: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:2455" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:2455: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:2455" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:2455: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2455" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:2455" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:2455" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/policy.at:2455: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2455" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/policy.at:2455: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:2455" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:2455: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2455" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2455: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2455" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:2455" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:2455" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:2455" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2455" { set +x $as_echo "$at_srcdir/policy.at:2458: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2458" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2458" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2459: ls \"./policies/allow-host-ipv6.xml\"" at_fn_check_prepare_trace "policy.at:2459" ( $at_check_trace; ls "./policies/allow-host-ipv6.xml" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2459" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2460: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy-from-file \"./policies/allow-host-ipv6.xml\" --name my-allow-host-ipv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2460" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy-from-file "./policies/allow-host-ipv6.xml" --name my-allow-host-ipv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2460" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2461: ls \"./policies/my-allow-host-ipv6.xml\"" at_fn_check_prepare_trace "policy.at:2461" ( $at_check_trace; ls "./policies/my-allow-host-ipv6.xml" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2461" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2462: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2462" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 my-allow-host-ipv6 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2462" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2465: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2465" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2465" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2465: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2465" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2465" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2466: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2466" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 my-allow-host-ipv6 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2466" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy.at:2470" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2470" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_164 #AT_START_165 at_fn_group_banner 165 'services.at:1' \ "services" " " 7 at_xfail=no ( $as_echo "165. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/services.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/services.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "services.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/services.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "services.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/services.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "services.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/services.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/services.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/services.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "services.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/services.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "services.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/services.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "services.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/services.at:1" { set +x $as_echo "$at_srcdir/services.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "services.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_allow { tcp dport 22 ct state new,untracked accept ip saddr 10.10.10.0/24 tcp dport 22 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:37: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:37" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:37" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:40" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_allow { tcp dport 21 ct helper set \"helper-ftp-tcp\" tcp dport 21 ct state new,untracked accept ip saddr 10.10.10.0/24 tcp dport 21 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-service does-not-exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-service does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/services.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-service does-not-exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-service does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/services.at:91" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-interface raboof0 --add-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-interface raboof0 --add-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/services.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:95: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-interface raboof0 --add-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:95" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-interface raboof0 --add-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/services.at:95" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_SERVICE/d'" != x"ignore"; then $as_echo "services.at:97" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_SERVICE/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/services.at:97" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_165 #AT_START_166 at_fn_group_banner 166 'ports.at:1' \ "ports" " " 7 at_xfail=no ( $as_echo "166. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/ports.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/ports.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "ports.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/ports.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "ports.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/ports.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "ports.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/ports.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/ports.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/ports.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "ports.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/ports.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "ports.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/ports.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "ports.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/ports.at:1" { set +x $as_echo "$at_srcdir/ports.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "ports.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_allow { tcp dport 1234 ct state new,untracked accept udp dport 1234 ct state new,untracked accept udp dport 4321 ct state new,untracked accept udp dport 4444 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/ports.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:51: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:51" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/ports.at:51" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:53" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_allow { udp dport 1234 ct state new,untracked accept sctp dport 4444 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-port 1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:95: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 123443/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:95" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 123443/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-port 123443/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-port 123443/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:96" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234/bogus " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234/bogus ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-port 1234/bogus " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-port 1234/bogus ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=4444 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=4444 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=4444 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=4444 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=99999 protocol=tcp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=99999 protocol=tcp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:102" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=99999 protocol=tcp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=99999 protocol=tcp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=4444 protocol=bogus accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=4444 protocol=bogus accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=4444 protocol=bogus accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=4444 protocol=bogus accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:105" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "ports.at:107" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/ports.at:107" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_166 #AT_START_167 at_fn_group_banner 167 'source_ports.at:1' \ "source ports" " " 7 at_xfail=no ( $as_echo "167. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/source_ports.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/source_ports.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "source_ports.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/source_ports.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "source_ports.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/source_ports.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "source_ports.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/source_ports.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/source_ports.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/source_ports.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "source_ports.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/source_ports.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "source_ports.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/source_ports.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "source_ports.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/source_ports.at:1" { set +x $as_echo "$at_srcdir/source_ports.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "source_ports.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_allow { tcp sport 1234 ct state new,untracked accept udp sport 1234 ct state new,untracked accept udp sport 4321 ct state new,untracked accept udp sport 4444 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/source_ports.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:51: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:51" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/source_ports.at:51" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:53" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_allow { udp sport 1234 ct state new,untracked accept sctp sport 4444 ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:95: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 123443/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:95" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 123443/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 123443/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 123443/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:96" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234/bogus " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234/bogus ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 1234/bogus " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 1234/bogus ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=4444 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=4444 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=4444 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=4444 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=99999 protocol=tcp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=99999 protocol=tcp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:102" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=99999 protocol=tcp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=99999 protocol=tcp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=bogus accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=bogus accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=bogus accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=bogus accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:105" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "source_ports.at:107" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/source_ports.at:107" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_167 #AT_START_168 at_fn_group_banner 168 'forward_ports.at:1' \ "forward ports" " " 7 at_xfail=no ( $as_echo "168. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/forward_ports.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/forward_ports.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "forward_ports.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/forward_ports.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "forward_ports.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/forward_ports.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "forward_ports.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/forward_ports.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/forward_ports.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/forward_ports.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "forward_ports.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/forward_ports.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "forward_ports.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/forward_ports.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "forward_ports.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/forward_ports.at:1" { set +x $as_echo "$at_srcdir/forward_ports.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PRE_policy_foobar_allow { meta nfproto ipv4 tcp dport 33 dnat ip to 10.10.10.10:33 meta nfproto ipv6 udp dport 44 dnat ip6 to [1234::4321]:4444 meta nfproto ipv4 udp dport 444 dnat ip to 10.44.44.44:4444 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PRE_policy_foobar_allow { meta nfproto ipv4 tcp dport 33 dnat ip to 10.10.10.10:33 meta nfproto ipv4 udp dport 444 dnat ip to 10.44.44.44:4444 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port 1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:88" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port 1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=11:proto=tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=11:proto=tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=11:proto=tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=11:proto=tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:91" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:92: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=11:proto=tcpp:toport=1111 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:92" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=11:proto=tcpp:toport=1111 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:92" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=11:proto=tcpp:toport=1111 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=11:proto=tcpp:toport=1111 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=11:proto=tcp:toport=1111:toaddr=10.10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=11:proto=tcp:toport=1111:toaddr=10.10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/forward_ports.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:95: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=11:proto=tcp:toport=1111:toaddr=10.10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:95" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=11:proto=tcp:toport=1111:toaddr=10.10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/forward_ports.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:99: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:99" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/forward_ports.at:99" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/forward_ports.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcpp to-port=1111' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcpp to-port=1111' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcpp to-port=1111' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcpp to-port=1111' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:102" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp to-port=1111 to-addr=10.10.10.10.10' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp to-port=1111 to-addr=10.10.10.10.10' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/forward_ports.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp to-port=1111 to-addr=10.10.10.10.10' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp to-port=1111 to-addr=10.10.10.10.10' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/forward_ports.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:106" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:107" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:110: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:110" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:110" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:111: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:111" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:111" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:113" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PRE_policy_foobar_allow { meta nfproto ipv4 tcp dport 22 redirect to :2222 meta nfproto ipv6 udp dport 444 redirect to :4444 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:134: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:134" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:134" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:136: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:136" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:136" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:137" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:138" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:139" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:142: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:142" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:142" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:144: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:144" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:144" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:145" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:146: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:146" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:146" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:147" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:147" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:149: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:149" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:149" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:150: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:150" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:150" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:151: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:151" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:151" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:152: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:152" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:152" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:155: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone internal --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:155" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone internal --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:155" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:156: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:156" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:156" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:157: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:157" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:157" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:158: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:158" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/forward_ports.at:158" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:159: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:159" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:159" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:160: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:160" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/forward_ports.at:160" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/forward_ports.at:164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/forward_ports.at:166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:168: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone internal --remove-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:168" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone internal --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:168" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:169: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --remove-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:169" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:169" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:173: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone internal --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:173" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone internal --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:173" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:182: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:182" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:182" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:183: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:183" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_PRE_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_PRE_policy_foobar_allow { meta nfproto ipv4 tcp dport 22 dnat ip to 10.0.0.1:2222 meta nfproto ipv4 udp dport 444 dnat ip to 10.44.44.44:4444 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:183" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_FORWARD/d' -e '/ERROR: INVALID_ZONE/d'" != x"ignore"; then $as_echo "forward_ports.at:196" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_FORWARD/d' -e '/ERROR: INVALID_ZONE/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/forward_ports.at:196" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_168 #AT_START_169 at_fn_group_banner 169 'forward_ports.at:199' \ "forward ports (OUTPUT)" " " 7 at_xfail=no ( $as_echo "169. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/forward_ports.at:199: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:199" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/forward_ports.at:199: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "forward_ports.at:199" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/forward_ports.at:199: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "forward_ports.at:199" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/forward_ports.at:199: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:199" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "forward_ports.at:199" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/forward_ports.at:199" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/forward_ports.at:199: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:199" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/forward_ports.at:199: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "forward_ports.at:199" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/forward_ports.at:199: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:199" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:199: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:199" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "forward_ports.at:199" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/forward_ports.at:199" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "forward_ports.at:199" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/forward_ports.at:199" { set +x $as_echo "$at_srcdir/forward_ports.at:202: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:202" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:202" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:203: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-zone localhost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:203" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-zone localhost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:203" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:204: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:204" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:204" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:204: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:204" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:204" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:209: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:209" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:209" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:210: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:210" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:210" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:211: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:211" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:211" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:212" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:213: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:213" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:213" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:214: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:214" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:214" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --add-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --add-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:219: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:219" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:219" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:220: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:220" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:220" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:221: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUT_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:221" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUT_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUT_policy_foobar_allow { meta nfproto ipv4 tcp dport 22 dnat ip to 10.0.0.1:2222 meta nfproto ipv4 udp dport 444 dnat ip to 10.44.44.44:4444 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:221" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:234" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:235" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:236: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --remove-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:236" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --remove-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:236" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:237: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:237" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:237" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:242: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone localhost --add-source 127.0.0.0/8 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:242" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone localhost --add-source 127.0.0.0/8 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:242" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:243" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:244: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone localhost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:244" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone localhost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:244" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:245: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:245" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:245" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:246: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:246" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:246" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:247: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:247" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:247" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:248: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:248" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:248" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:249: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone localhost --add-source 127.0.0.0/8 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:249" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone localhost --add-source 127.0.0.0/8 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:249" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:250: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --add-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:250" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --add-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:250" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:251: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --add-egress-zone localhost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:251" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --add-egress-zone localhost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:251" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:252: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:252" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:252" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:253" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:254" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:255: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:255" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:255" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_OUT_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_OUT_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_OUT_policy_foobar_allow { meta nfproto ipv4 tcp dport 22 dnat ip to 10.0.0.1:2222 meta nfproto ipv4 udp dport 444 dnat ip to 10.44.44.44:4444 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:256" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone localhost --remove-source 127.0.0.0/8 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone localhost --remove-source 127.0.0.0/8 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:269" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:270: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:270" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:270" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:271: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-egress-zone localhost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:271" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-egress-zone localhost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:271" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:272: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone localhost --remove-source 127.0.0.0/8 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:272" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone localhost --remove-source 127.0.0.0/8 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:272" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:273: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --remove-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:273" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --remove-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:273" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:274: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --remove-egress-zone localhost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:274" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --remove-egress-zone localhost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:274" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_FORWARD/d' -e '/ERROR: INVALID_ZONE/d'" != x"ignore"; then $as_echo "forward_ports.at:276" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_FORWARD/d' -e '/ERROR: INVALID_ZONE/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/forward_ports.at:276" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_169 #AT_START_170 at_fn_group_banner 170 'masquerade.at:1' \ "masquerade" " " 7 at_xfail=no ( $as_echo "170. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/masquerade.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/masquerade.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "masquerade.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/masquerade.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "masquerade.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/masquerade.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "masquerade.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/masquerade.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/masquerade.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/masquerade.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "masquerade.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/masquerade.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "masquerade.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/masquerade.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "masquerade.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/masquerade.at:1" { set +x $as_echo "$at_srcdir/masquerade.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POST_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "masquerade.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POST_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POST_policy_foobar_allow { meta nfproto ipv4 oifname != \"lo\" masquerade ip saddr 10.10.10.0/24 oifname != \"lo\" masquerade } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:34" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:37: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:37" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:37" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld nat_POST_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld nat_POST_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain nat_POST_policy_foobar_allow { meta nfproto ipv4 oifname != \"lo\" masquerade ip6 saddr 1234::/64 oifname != \"lo\" masquerade } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar_host " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar_host ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-ingress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:74" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:74" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:77: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar_host --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:77" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar_host --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:77" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:78: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar_host --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:78" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar_host --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:78" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --remove-ingress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --remove-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:79" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:80: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --remove-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:80" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:80" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:84: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar_int_to_pub " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:84" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar_int_to_pub ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:84" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=internal --add-interface foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=internal --add-interface foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:85" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:86: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-ingress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:86" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:86" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:87: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:87" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:87" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:88" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:88" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar_int_to_pub --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar_int_to_pub --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:91" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:92: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:92" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:92" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=internal --remove-interface foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=internal --remove-interface foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=internal --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=internal --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:99: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:99" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:99" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=internal --remove-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=internal --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:101" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_ZONE:/d'" != x"ignore"; then $as_echo "masquerade.at:103" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ZONE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/masquerade.at:103" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_170 #AT_START_171 at_fn_group_banner 171 'protocols.at:1' \ "protocols" " " 7 at_xfail=no ( $as_echo "171. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/protocols.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/protocols.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "protocols.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/protocols.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "protocols.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/protocols.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "protocols.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/protocols.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/protocols.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/protocols.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "protocols.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/protocols.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "protocols.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/protocols.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "protocols.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/protocols.at:1" { set +x $as_echo "$at_srcdir/protocols.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "protocols.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_allow { meta l4proto sctp ct state new,untracked accept meta l4proto ipv6-icmp ct state new,untracked accept meta l4proto dccp ct state new,untracked accept meta l4proto gre ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/protocols.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:51: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:51" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/protocols.at:51" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:53" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_allow { meta l4proto ipv6-icmp ct state new,untracked accept meta l4proto sctp ct state new,untracked accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/protocols.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-protocol dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-protocol dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/protocols.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:95: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule protocol value=\"dummy\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:95" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule protocol value="dummy" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/protocols.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule protocol value=\"dummy\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule protocol value="dummy" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/protocols.at:96" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_PROTOCOL: dummy/d'" != x"ignore"; then $as_echo "protocols.at:98" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_PROTOCOL: dummy/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/protocols.at:98" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_171 #AT_START_172 at_fn_group_banner 172 'rich_rules.at:1' \ "rich rules" " " 7 at_xfail=no ( $as_echo "172. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rich_rules.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rich_rules.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rich_rules.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rich_rules.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rich_rules.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rich_rules.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rich_rules.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rich_rules.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rich_rules.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rich_rules.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rich_rules.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rich_rules.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rich_rules.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rich_rules.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rich_rules.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rich_rules.at:1" { set +x $as_echo "$at_srcdir/rich_rules.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar { jump filter_IN_policy_foobar_pre jump filter_IN_policy_foobar_log jump filter_IN_policy_foobar_deny jump filter_IN_policy_foobar_allow jump filter_IN_policy_foobar_post } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.10 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.10 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 log accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 log accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 audit accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.12 reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.12 reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.13 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.13 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.10.10.14 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.10.10.14 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=1 source address=10.10.10.15 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=1 source address=10.10.10.15 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_pre { ip saddr 10.10.10.14 accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_log { ip saddr 10.10.10.11 log ip saddr 10.10.10.11 log level audit } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:60" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_deny { ip saddr 10.10.10.12 reject with icmp port-unreachable ip saddr 10.10.10.13 drop } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:84: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:84" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_allow { ip saddr 10.10.10.10 accept ip saddr 10.10.10.11 accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:84" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_post { ip saddr 10.10.10.15 accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:110: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.20.20.20 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:110" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.20.20.20 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:110" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:111: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-2 destination address=10.20.20.21 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:111" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-2 destination address=10.20.20.21 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:111" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-3 source address=10.20.20.22 destination address=10.20.20.23 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-3 source address=10.20.20.22 destination address=10.20.20.23 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv6 priority=-4 source address=1234::4321 destination address=1234::4444 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv6 priority=-4 source address=1234::4321 destination address=1234::4444 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:113" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_pre { ip6 daddr 1234::4444 ip6 saddr 1234::4321 drop ip daddr 10.20.20.23 ip saddr 10.20.20.22 drop ip daddr 10.20.20.21 accept ip saddr 10.10.10.14 accept ip saddr 10.20.20.20 accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-1 icmp-type name=\"neighbour-advertisement\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-1 icmp-type name="neighbour-advertisement" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:138" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-2 icmp-type name=\"echo-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-2 icmp-type name="echo-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:139" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:140" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:140" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:141: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:141" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_pre { ip6 daddr 1234::4444 ip6 saddr 1234::4321 drop ip daddr 10.20.20.23 ip saddr 10.20.20.22 drop ip daddr 10.20.20.21 accept icmp echo-request accept icmpv6 echo-request accept ip saddr 10.10.10.14 accept ip saddr 10.20.20.20 accept icmpv6 nd-neighbor-advert accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:141" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:168: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:168" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:168" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:173: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:173" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:173" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_policy_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_policy_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PRE_policy_foobar_pre { mark set mark & 0x0000ff00 ^ 0x00006600 mark set 0x000004d2 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:193: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:193" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:193" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:198: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:198" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:198" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:199: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:199" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:199" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:199: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:199" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:199" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:200: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_policy_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:200" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_policy_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PRE_policy_foobar_pre { mark set mark & 0x0000ff00 ^ 0x00006600 mark set 0x000004d2 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:200" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:221: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:221" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:221" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:222: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:222" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:222" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:223: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:223" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:223" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:223: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:223" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:223" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:224: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_policy_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:224" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld mangle_PRE_policy_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain mangle_PRE_policy_foobar_pre { mark set mark & 0x0000ff00 ^ 0x00006600 mark set 0x000004d2 } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:224" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:240: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:240" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:240" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:241: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --remove-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:241" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:241" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:242: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:242" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:242" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:243" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:244: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=-1 mark set=1234' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:244" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=-1 mark set=1234' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:244" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:245: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --remove-rich-rule='rule priority=-1 mark set=1234' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:245" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --remove-rich-rule='rule priority=-1 mark set=1234' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:245" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:246: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:246" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:246" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:247: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --remove-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:247" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --remove-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:247" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:252: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:252" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:252" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:253" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/rich_rules.at:254" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:255: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:255" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:255" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:256" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:257: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:257" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:257" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:258: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:258" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:258" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/rich_rules.at:259" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:260: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:260" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:260" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:261: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:261" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:261" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:263: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:263" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:263" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:267: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32000 log prefix=\"LOG: \" level=\"warning\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:267" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32000 log prefix="LOG: " level="warning"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:267" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:268: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32001 audit accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:268" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32001 audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:268" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:269" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:269" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:270: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:270" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_post { ip saddr 10.10.10.15 accept log prefix \"LOG: \" log level audit accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:270" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:291: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=32000 log prefix=\"LOG: \" level=\"warning\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:291" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=32000 log prefix="LOG: " level="warning"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:291" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:292: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=32001 audit accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:292" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=32001 audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:292" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:293: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:293" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:293" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:293: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:293" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:293" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:297: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32000 nflog prefix=\"NFLOG: \" queue-size=10' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:297" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32000 nflog prefix="NFLOG: " queue-size=10' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:297" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:298: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32001 audit accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:298" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32001 audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:298" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:299" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:299" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:300: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:300" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_post { ip saddr 10.10.10.15 accept log prefix \"NFLOG: \" group 0 queue-threshold 10 log level audit accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:300" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_ZONE:/d'" != x"ignore"; then $as_echo "rich_rules.at:322" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ZONE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rich_rules.at:322" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_172 #AT_START_173 at_fn_group_banner 173 'icmp_blocks.at:1' \ "ICMP blocks" " " 7 at_xfail=no ( $as_echo "173. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "icmp_blocks.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "icmp_blocks.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "icmp_blocks.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/icmp_blocks.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "icmp_blocks.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "icmp_blocks.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/icmp_blocks.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "icmp_blocks.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/icmp_blocks.at:1" { set +x $as_echo "$at_srcdir/icmp_blocks.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_blocks.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_blocks.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_deny { icmp echo-request reject with icmpx admin-prohibited icmpv6 echo-request reject with icmpx admin-prohibited icmp echo-reply reject with icmpx admin-prohibited icmpv6 echo-reply reject with icmpx admin-prohibited icmp redirect reject with icmpx admin-prohibited icmpv6 nd-redirect reject with icmpx admin-prohibited ip6 saddr 1234:5678::/64 icmpv6 nd-redirect reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:34" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:66" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:74" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_allow { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_foobar_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_foobar_deny { icmp echo-request reject with icmpx admin-prohibited icmpv6 echo-request reject with icmpx admin-prohibited ip6 saddr 1234:5678::/64 icmpv6 nd-redirect reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:141: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:141" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/icmp_blocks.at:141" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:142: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-icmp-block dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:142" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-icmp-block dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/icmp_blocks.at:142" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"dummy\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/icmp_blocks.at:143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"dummy\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/icmp_blocks.at:143" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_ICMPTYPE:/d'" != x"ignore"; then $as_echo "icmp_blocks.at:148" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ICMPTYPE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/icmp_blocks.at:148" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_173 #AT_START_174 at_fn_group_banner 174 'rich_tcp_mss_clamp.at:5' \ "tcp-mss-clamp" " " 7 at_xfail=no ( $as_echo "174. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:5" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rich_tcp_mss_clamp.at:5" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rich_tcp_mss_clamp.at:5" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:5" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rich_tcp_mss_clamp.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rich_tcp_mss_clamp.at:5" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rich_tcp_mss_clamp.at:5" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rich_tcp_mss_clamp.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rich_tcp_mss_clamp.at:5" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rich_tcp_mss_clamp.at:5" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rich_tcp_mss_clamp.at:5" { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:8: mkdir -p ./zones" at_fn_check_prepare_trace "rich_tcp_mss_clamp.at:8" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:8" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/tcp.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:20" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/tcp.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:32" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/tcp.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:44: grep \"WARNING: INVALID_RULE: thisdoesnotexist: rule tcp-mss-clamp value=\"thisdoesnotexist\" \" ./firewalld.log" at_fn_check_prepare_notrace 'an embedded newline' "rich_tcp_mss_clamp.at:44" ( $at_check_trace; grep "WARNING: INVALID_RULE: thisdoesnotexist: rule tcp-mss-clamp value="thisdoesnotexist" " ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:44" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/tcp.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:65: rm ./zones/tcp.xml" at_fn_check_prepare_trace "rich_tcp_mss_clamp.at:65" ( $at_check_trace; rm ./zones/tcp.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=thisdoesnotexist' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=thisdoesnotexist' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:66" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule tcp-mss-clamp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule tcp-mss-clamp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:69: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=0' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:69" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=0' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:69" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=536' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=536' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=pmtu' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=pmtu' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=0' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=0' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:74" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule tcp-mss-clamp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule tcp-mss-clamp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:77: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule tcp-mss-clamp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:77" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule tcp-mss-clamp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:77" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:78: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=536' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:78" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=536' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:78" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=thisdoesnotexist' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=thisdoesnotexist' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:79" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:80: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=pmtu accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:80" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=pmtu accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:80" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:81: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=pmtu' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:81" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=pmtu' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:81" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:83: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_tcp_mss_clamp.at:83" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_public_allow { tcp flags syn tcp option maxseg size set 536 tcp flags syn tcp option maxseg size set rt mtu } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:83" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "rich_tcp_mss_clamp.at:102" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rich_tcp_mss_clamp.at:102" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_174 #AT_START_175 at_fn_group_banner 175 'rich_destination_ipset.at:1' \ "rich destination ipset" " " 7 at_xfail=no ( $as_echo "175. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rich_destination_ipset.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rich_destination_ipset.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rich_destination_ipset.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rich_destination_ipset.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rich_destination_ipset.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rich_destination_ipset.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rich_destination_ipset.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rich_destination_ipset.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rich_destination_ipset.at:1" { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=mypolicy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=mypolicy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=mypolicy --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=mypolicy --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=mypolicy --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=mypolicy --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_destination_ipset.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_public_allow { tcp dport 22 ct state new,untracked accept ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept ip daddr @foobar accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy mypolicy --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy mypolicy --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_mypolicy_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_destination_ipset.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_policy_mypolicy_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_policy_mypolicy_allow { ip daddr @foobar accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_destination_ipset.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_destination_ipset.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/rich_destination_ipset.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/rich_destination_ipset.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_destination_ipset.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy mypolicy --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy mypolicy --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_destination_ipset.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/rich_destination_ipset.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy mypolicy --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy mypolicy --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/rich_destination_ipset.at:50" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_RULE: bad attribute/d' -e '/ERROR: INVALID_DESTINATION: address and ipset/d'" != x"ignore"; then $as_echo "rich_destination_ipset.at:52" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_RULE: bad attribute/d' -e '/ERROR: INVALID_DESTINATION: address and ipset/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rich_destination_ipset.at:52" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_175 #AT_START_176 at_fn_group_banner 176 'zone.at:1' \ "zone - target" " " 7 at_xfail=no ( $as_echo "176. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/zone.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/zone.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "zone.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/zone.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "zone.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/zone.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "zone.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/zone.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/zone.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/zone.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "zone.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/zone.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "zone.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/zone.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "zone.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/zone.at:1" { set +x $as_echo "$at_srcdir/zone.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-zone=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-zone=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=default " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=%%REJECT%% " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=%%REJECT%% ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=CONTINUE " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=CONTINUE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/zone.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DENY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DENY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/zone.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_foobar { jump filter_INPUT_POLICIES_pre jump filter_IN_foobar_pre jump filter_IN_foobar_log jump filter_IN_foobar_deny jump filter_IN_foobar_allow jump filter_IN_foobar_post jump filter_INPUT_POLICIES_post accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_foobar { jump filter_FORWARD_POLICIES_pre jump filter_FWD_foobar_pre jump filter_FWD_foobar_log jump filter_FWD_foobar_deny jump filter_FWD_foobar_allow jump filter_FWD_foobar_post jump filter_FORWARD_POLICIES_post accept } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=default " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_IN_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_IN_foobar { jump filter_INPUT_POLICIES_pre jump filter_IN_foobar_pre jump filter_IN_foobar_log jump filter_IN_foobar_deny jump filter_IN_foobar_allow jump filter_IN_foobar_post jump filter_INPUT_POLICIES_post meta l4proto { icmp, ipv6-icmp } accept reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:91" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone.at:129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_FWD_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_FWD_foobar { jump filter_FORWARD_POLICIES_pre jump filter_FWD_foobar_pre jump filter_FWD_foobar_log jump filter_FWD_foobar_deny jump filter_FWD_foobar_allow jump filter_FWD_foobar_post jump filter_FORWARD_POLICIES_post reject with icmpx admin-prohibited } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:129" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "zone.at:164" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/zone.at:164" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_176 #AT_START_177 at_fn_group_banner 177 'rpfilter.at:1' \ "rpfilter" " " 7 at_xfail=no ( $as_echo "177. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rpfilter.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rpfilter.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rpfilter.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rpfilter.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf" at_fn_check_prepare_trace "rpfilter.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=nftables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf fi function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rpfilter.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rpfilter.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rpfilter.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late cat >./nft_rule_index.nft <<'_ATEOF' add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept _ATEOF { set +x $as_echo "$at_srcdir/rpfilter.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft -f ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft -f ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test "$( env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } )" = "udp dport 4321 accept"; then : else : { set +x $as_echo "$at_srcdir/rpfilter.at:1: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rpfilter.at:1" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rpfilter.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} rm ./nft_rule_index.nft " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} rm ./nft_rule_index.nft ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rpfilter.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} nft delete table inet firewalld_check_rule_index " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} nft delete table inet firewalld_check_rule_index ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rpfilter.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rpfilter.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rpfilter.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rpfilter.at:1" KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : { set +x $as_echo "$at_srcdir/rpfilter.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_PREROUTING { icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept meta nfproto ipv6 fib saddr . mark . iif oif missing drop } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:4" $at_failed && at_fn_log_failure $at_traceon; } else : { set +x $as_echo "$at_srcdir/rpfilter.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { nft \$NFT_NUMERIC_ARGS list chain inet firewalld filter_PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \\(state\\|status\\)/{s/\\(ct \\(state\\|status\\)\\) {/\\1/g; s/ }//; s/\\([a-z]*\\), /\\1,/g;}' -e 's/reject with icmp\\(x\\|v6\\)\\? type port-unreachable/reject/' -e 's/\\(iifname\\|oifname\\) [{] \\([^, ]\\+\\) [}]/\\1 \\2/g' -e 's/\\(icmp\\|icmpv6\\|icmpx\\) type \\([a-z-]\\+\\)/\\1 \\2/g' -e 's/reject\$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { nft $NFT_NUMERIC_ARGS list chain inet firewalld filter_PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sed -e 's/meta mark/mark/g' -e '/type.*hook.*priority.*policy.*/d' -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\([a-z]*\), /\1,/g;}' -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' -e 's/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g' -e 's/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g' -e 's/reject$/reject with icmp port-unreachable/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "table inet firewalld { chain filter_PREROUTING { } } " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:4" $at_failed && at_fn_log_failure $at_traceon; } fi if test x"" != x"ignore"; then $as_echo "rpfilter.at:30" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rpfilter.at:30" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_177 #AT_START_178 at_fn_group_banner 178 'firewall-cmd.at:5' \ "basic options" " " 8 at_xfail=no ( $as_echo "178. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:5" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:5" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:5" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:5: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:5" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:5" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:5" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:5" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:5" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:5" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:5" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:5" { set +x $as_echo "$at_srcdir/firewall-cmd.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -h " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -h ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --help " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --help ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -V " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -V ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --complete-reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --complete-reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --panic-on " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --panic-on ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "yes " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --panic-off " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --panic-off ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-panic " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-panic ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "no " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:24" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:26" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_178 #AT_START_179 at_fn_group_banner 179 'firewall-cmd.at:28' \ "get/list options" " " 8 at_xfail=no ( $as_echo "179. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:28" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:28" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:28" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:28: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:28" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:28" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:28" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:28" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:28" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:28" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:28" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:28" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:28" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:28" { set +x $as_echo "$at_srcdir/firewall-cmd.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-icmptypes " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:34" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-icmptypes " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-all-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-all-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:40" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:41" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:42" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:42" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_179 #AT_START_180 at_fn_group_banner 180 'firewall-cmd.at:44' \ "default zone" " " 8 at_xfail=no ( $as_echo "180. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:44" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:44" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:44" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:44: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:44" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:44" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:44" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:44" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:44" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:44" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:44" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:44" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:44" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:44" { set +x $as_echo "$at_srcdir/firewall-cmd.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=\"home\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone="home" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "home " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:53" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:54" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:54" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_180 #AT_START_181 at_fn_group_banner 181 'firewall-cmd.at:56' \ "user zone" " " 8 at_xfail=no ( $as_echo "181. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:56" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:56" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:56" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:56: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:56" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:56" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:56" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:56" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:56" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:56" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:56" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:56" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:56" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:56" { set +x $as_echo "$at_srcdir/firewall-cmd.at:59: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --new-zone=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:59" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --new-zone=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-zone=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-zone=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:60" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:61: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zones | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:61" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zones | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:61" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep default " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=BAD " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=BAD ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/firewall-cmd.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=%%REJECT%% " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=%%REJECT%% ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:66" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --get-target | grep ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --add-service=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --add-service=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghi " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghij " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=123456789abcefghij ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 116 $at_status "$at_srcdir/firewall-cmd.at:72" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_TARGET: /d' -e '/ERROR: INVALID_NAME: /d'" != x"ignore"; then $as_echo "firewall-cmd.at:73" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_TARGET: /d' -e '/ERROR: INVALID_NAME: /d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:73" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_181 #AT_START_182 at_fn_group_banner 182 'firewall-cmd.at:76' \ "zone interfaces" " " 8 at_xfail=no ( $as_echo "182. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:76" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:76" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:76" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:76: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:76" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:76" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:76" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:76" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:76" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:76" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:76" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:76" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:76" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:76" { set +x $as_echo "$at_srcdir/firewall-cmd.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --add-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --add-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:79" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:80: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:80" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:80" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:83: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:83" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:83" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --change-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --change-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:85" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:86: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:86" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:86" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=block --add-interface=dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=block --add-interface=dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:88" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=block --remove-interface=dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=block --remove-interface=dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --change-zone=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --change-zone=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:91" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:92: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:92" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dmz " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:92" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --list-interfaces " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dummy " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:96" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:99: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --change-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:99" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --change-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:99" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --remove-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --query-interface dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:105" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:106" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:107" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:108: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:108" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:108" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --set-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --set-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:109" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:110: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=dmz --get-zone-of-interface " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:110" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=dmz --get-zone-of-interface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:110" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=perm_dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=perm_dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:113" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --list-interfaces " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "perm_dummy " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:121" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:124" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:125: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:125" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:125" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:127: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:127" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:127" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:128: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:128" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:128" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --change-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:129" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:130: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:130" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:130" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:132: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:132" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface=perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:132" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:133: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:133" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --query-interface perm_dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:133" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:134: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --remove-interface=perm_dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:134" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --remove-interface=perm_dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:134" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:137" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=bar --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=bar --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:138" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:139" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "trusted " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:140" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-interface foo --zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-interface foo --zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-interface bar --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-interface bar --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:145" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:146: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-default-zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:146" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-default-zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:146" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:147" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:147" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:148: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=bar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:148" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=bar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:148" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:153: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=trusted --add-interface=+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:153" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=trusted --add-interface=+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:153" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=foobar+++ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:154" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=foobar+++ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:154" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:155: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:155" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:155" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=trusted --remove-interface=+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=trusted --remove-interface=+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:167: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=foobar+++ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:167" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=foobar+++ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:167" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:168: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:168" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:168" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:169: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:169" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:169" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:170: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-interface=foobar+ " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:170" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-interface=foobar+ ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:170" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:171: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:171" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:171" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:171: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:171" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:171" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: ZONE_CONFLICT: perm_dummy/d'" != x"ignore"; then $as_echo "firewall-cmd.at:172" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: ZONE_CONFLICT: perm_dummy/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:172" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_182 #AT_START_183 at_fn_group_banner 183 'firewall-cmd.at:174' \ "zone sources" " " 8 at_xfail=no ( $as_echo "183. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:174" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:174" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:174" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:174: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:174" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:174" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:174" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:174" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:174" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:174" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:174" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:174" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:174" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:174" { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=192.168.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=192.168.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.1/255.255.255.0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.1/255.255.255.0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 192.168.1.1/255.255.255.0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "192.168.1.1/255.255.255.0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 192.168.1.1/255.255.255.0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=192.168.1.1/255.255.255.0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=192.168.1.1/255.255.255.0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:217" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: 3ffe:501:ffff::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=3ffe:501:ffff::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=3ffe:501:ffff::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep \"^\\(public\\|sources\\)\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-zones | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep "^\(public\|sources\)" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --change-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --change-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=work --remove-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=work --remove-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone work --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone work --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "sources: dead:beef::babe " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --add-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 18 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --change-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-zone-of-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "work " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=work --remove-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone work --query-source=dead:beef::babe " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone work --query-source=dead:beef::babe ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:218" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x" -e '/ERROR: ZONE_CONFLICT/d'" != x"ignore"; then $as_echo "firewall-cmd.at:225" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: ZONE_CONFLICT/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:225" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_183 #AT_START_184 at_fn_group_banner 184 'firewall-cmd.at:227' \ "services" " " 8 at_xfail=no ( $as_echo "184. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:227" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:227" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:227" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:227: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:227" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:227" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:227" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:227" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:227" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:227" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:227" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:227" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:227" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:227" { set +x $as_echo "$at_srcdir/firewall-cmd.at:230: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=dns --timeout 60 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:230" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=dns --timeout 60 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:230" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:231: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:231" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:231" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:232: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:232" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:232" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:233: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:233" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:233" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=smtpssssssss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=smtpssssssss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:234" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=dns --timeout " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=dns --timeout ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:235" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:236: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=dns --add-interface=dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:236" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=dns --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:236" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:238: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --timeout 60 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:238" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --timeout 60 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:238" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:239" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:240: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:240" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dns ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:240" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:242: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-service dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:242" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-service dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:242" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --remove-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --remove-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:243" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:248: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-service=dns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:248" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-service=dns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:248" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:249: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=smtpssssssss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:249" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=smtpssssssss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:249" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:250: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --add-interface=dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:250" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-service=dns --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:250" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:252: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-service=http --add-service=nfs --timeout=1h " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:252" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-service=http --add-service=nfs --timeout=1h ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:252" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:253" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service=nfs --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service=nfs --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:254" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:255: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-service=nfs --remove-service=http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:255" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-service=nfs --remove-service=http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:255" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:256" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:257: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:257" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:257" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-service=http --add-service=nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-service=http --add-service=nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:259" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:260: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:260" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:260" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:261: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service=nfs --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:261" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service=nfs --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:261" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:262: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-service=nfs --remove-service=http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:262" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-service=nfs --remove-service=http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:262" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:267: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service http " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:267" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service http ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:267" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:268: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:268" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:268" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_SERVICE:/d'" != x"ignore"; then $as_echo "firewall-cmd.at:269" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_SERVICE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:269" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_184 #AT_START_185 at_fn_group_banner 185 'firewall-cmd.at:271' \ "user services" " " 8 at_xfail=no ( $as_echo "185. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:271" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:271" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:271" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:271: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:271" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:271" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:271" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:271" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:271" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:271" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:271" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:271" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:271" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:271" { set +x $as_echo "$at_srcdir/firewall-cmd.at:274: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-service=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:274" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-service=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/firewall-cmd.at:274" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:276: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-service=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:276" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:276" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:277: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:277" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:277" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:279: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:279" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:279" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:280: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:280" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:280" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:281: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:281" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:281" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:282: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:282" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:282" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:283: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:283" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:283" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:284: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:284" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:284" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:285: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:285" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:285" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:286: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:286" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:286" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:287: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:287" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:287" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:288: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:288" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:288" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:289: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:289" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:289" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:290: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:290" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:290" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:291: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:291" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:291" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:292: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:292" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:292" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:293: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:293" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-port 999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:293" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:294: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:294" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:294" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:295: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:295" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=666/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:295" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:296: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:296" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-port=999/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:296" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:298: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:298" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:298" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:299" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:300: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:300" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:300" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:301: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:301" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:301" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:302: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:302" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:302" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:303: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:303" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:303" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:304: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:304" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:304" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:306: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:306" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:306" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:307: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:307" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:307" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:308: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:308" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:308" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:309: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:309" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:309" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:310: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:310" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:310" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:311: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:311" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-module=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:311" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:313: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:313" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:313" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:314: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=sip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:314" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=sip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:314" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:315: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:315" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --add-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:315" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:316: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:316" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:316" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:317: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --get-service-helpers " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:317" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --get-service-helpers ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:317" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:320: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:320" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:320" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:321: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:321" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-helper=ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:321" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:323: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:323" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/firewall-cmd.at:323" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:324: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:324" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:324" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:325: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:325" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv4:1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:325" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:326" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --set-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:327" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:327" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --remove-destination=ipv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:327" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=foobar --query-destination=ipv6:fd00:dead:beef:ff0::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:327" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:334: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-service=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:334" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:334" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:335: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:335" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:335" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-service=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-service=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-services | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:337" $at_failed && at_fn_log_failure $at_traceon; } cat >./foobar-to-be-renamed <<'_ATEOF' { set +x $as_echo "$at_srcdir/firewall-cmd.at:339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-service-from-file=\"./foobar-to-be-renamed\" --name=\"foobar-from-file\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-service-from-file="./foobar-to-be-renamed" --name="foobar-from-file" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar-from-file " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-services | grep foobar-from-file ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:339" $at_failed && at_fn_log_failure $at_traceon; } _ATEOF if test x"-e '/ERROR: NAME_CONFLICT: new_service():/d' -e '/ERROR: INVALID_ADDR:/d'" != x"ignore"; then $as_echo "firewall-cmd.at:350" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: NAME_CONFLICT: new_service():/d' -e '/ERROR: INVALID_ADDR:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:350" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_185 #AT_START_186 at_fn_group_banner 186 'firewall-cmd.at:353' \ "ports" " " 8 at_xfail=no ( $as_echo "186. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:353" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:353" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:353" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:353: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:353" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:353" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:353" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:353" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:353" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:353" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:353" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:353" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:353" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:353" { set +x $as_echo "$at_srcdir/firewall-cmd.at:356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone home --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone home --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 254 $at_status "$at_srcdir/firewall-cmd.at:359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo --add-port bar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port 122/udpa --add-port 122/udpp --add-port 8745897/foo --add-port bar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 254 $at_status "$at_srcdir/firewall-cmd.at:360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=666/tcp --zone=public --timeout=30m " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=666/tcp --zone=public --timeout=30m ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:362: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:362" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:362" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:363: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:363" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:363" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:364: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:364" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:364" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:366: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:366" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:366" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:368: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:368" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:368" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:369: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=5000/sctp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:369" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=5000/sctp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:369" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:370: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:370" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:370" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:372: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:372" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:372" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:373: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=222/dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:373" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=222/dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:373" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:374: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:374" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:374" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:375: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:375" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:375" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:377: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:377" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:377" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:378: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:378" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:378" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:379: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:379" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:379" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:380: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port=666/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:380" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port=666/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:380" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:381: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:381" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:381" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:382: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:382" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:382" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:383: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:383" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:383" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:384: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:384" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:384" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:386: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:386" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:386" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:387: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:387" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:387" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:388: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:388" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:388" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:389: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:389" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=5000/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:389" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:390: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:390" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:390" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:391: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:391" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:391" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:392: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:392" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:392" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:393: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:393" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=222/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:393" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:395: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-port=80/tcp --add-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:395" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-port=80/tcp --add-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:395" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:396: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:396" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:396" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:397: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:397" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:397" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:398: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-port 80/tcp --remove-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:398" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-port 80/tcp --remove-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:398" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:399: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:399" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:399" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:400: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:400" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:400" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:402: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-port=80/tcp --add-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:402" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-port=80/tcp --add-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:402" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:403: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:403" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:403" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:404: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:404" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:404" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:405: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-port 80/tcp --remove-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:405" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-port 80/tcp --remove-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:405" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:406: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:406" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:406" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:407: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:407" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:407" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:408" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:408" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_186 #AT_START_187 at_fn_group_banner 187 'firewall-cmd.at:410' \ "source ports" " " 8 at_xfail=no ( $as_echo "187. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:410" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:410" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:410" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:410: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:410" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:410" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:410" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:410" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:410" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:410" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:410" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:410" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:410" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:410" { set +x $as_echo "$at_srcdir/firewall-cmd.at:413: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone home --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:413" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone home --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:413" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:414: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:414" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:414" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:415: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:415" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:415" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:416: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=666/tcp --zone=public --timeout=30m " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:416" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=666/tcp --zone=public --timeout=30m ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:416" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:417: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-source-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:417" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-source-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:417" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:418: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:418" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:418" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:419: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:419" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:419" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:420: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-source-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:420" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-source-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:420" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:421: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:421" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:421" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:423: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:423" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:423" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:424: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=666/dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:424" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=666/dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:424" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:425: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=666/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:425" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=666/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:425" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:426: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-source-port=666/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:426" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-source-port=666/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:426" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:427: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=111-222/udp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:427" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=111-222/udp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:427" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:428: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:428" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:428" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:429: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-source-port 111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:429" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-source-port 111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:429" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:430: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:430" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=111-222/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:430" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:432: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-source-port=80/tcp --add-source-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:432" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-source-port=80/tcp --add-source-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:432" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:433: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:433" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:433" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:434: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:434" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:434" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:435: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-source-port 80/tcp --remove-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:435" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-source-port 80/tcp --remove-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:435" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:436: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:436" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:436" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:437: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:437" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:437" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:439: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-source-port=80/tcp --add-source-port 443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:439" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-source-port=80/tcp --add-source-port 443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:439" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:440: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:440" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:440" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:441: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:441" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:441" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:442: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-source-port 80/tcp --remove-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:442" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-source-port 80/tcp --remove-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:442" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:443: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:443" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=80/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:443" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:444: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:444" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-source-port=443-444/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:444" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:445" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:445" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_187 #AT_START_188 at_fn_group_banner 188 'firewall-cmd.at:447' \ "protocols" " " 8 at_xfail=no ( $as_echo "188. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:447" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:447" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:447" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:447: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:447" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:447" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:447" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:447" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:447" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:447" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:447" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:447" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:447" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:447" { set +x $as_echo "$at_srcdir/firewall-cmd.at:450: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-protocol=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:450" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-protocol=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:450" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:451: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-protocol=dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:451" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-protocol=dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:451" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:452: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:452" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:452" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:453: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:453" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:453" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:454: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:454" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:454" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:455: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-protocol=dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:455" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-protocol=dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:455" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:456: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-protocol=dccp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:456" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-protocol=dccp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:456" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:457: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:457" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:457" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:458: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:458" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:458" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:459: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:459" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:459" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:461: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:461" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:461" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:462: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=ddp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:462" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=ddp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:462" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:463: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:463" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:463" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:464: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-protocol ddp --remove-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:464" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-protocol ddp --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:464" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:465: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:465" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:465" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:466: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:466" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:466" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:467: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-protocol=ddp --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:467" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-protocol=ddp --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:467" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:468: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:468" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:468" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:469: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:469" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:469" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:470: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-protocol ddp --remove-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:470" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-protocol ddp --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:470" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:471: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:471" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=ddp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:471" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:472: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:472" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:472" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_PROTOCOL: dummy/d'" != x"ignore"; then $as_echo "firewall-cmd.at:473" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_PROTOCOL: dummy/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:473" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_188 #AT_START_189 at_fn_group_banner 189 'firewall-cmd.at:475' \ "masquerade" " " 8 at_xfail=no ( $as_echo "189. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:475" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:475" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:475" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:475: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:475" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:475" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:475" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:475" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:475" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:475" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:475" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:475" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:475" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:475" { set +x $as_echo "$at_srcdir/firewall-cmd.at:478: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-masquerade --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:478" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-masquerade --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:478" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:487: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POST_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:487" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POST_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:487" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:490: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POST_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:490" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POST_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:490" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:492: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:492" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:492" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:493: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:493" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:493" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:494: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:494" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:494" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:496: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-masquerade --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:496" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-masquerade --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:496" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:497: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:497" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:497" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:498: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:498" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:498" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:499: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:499" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:499" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:500" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:500" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_189 #AT_START_190 at_fn_group_banner 190 'firewall-cmd.at:502' \ "forward" " " 8 at_xfail=no ( $as_echo "190. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:502" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:502" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:502" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:502: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:502" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:502" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:502" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:502" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:502" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:502" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:502" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:502" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:502" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:502" { set +x $as_echo "$at_srcdir/firewall-cmd.at:505: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --add-interface=dummy --add-interface=dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:505" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --add-interface=dummy --add-interface=dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:505" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:506: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --add-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:506" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:506" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:520: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:520" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:520" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:524: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:524" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ACCEPT all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:524" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:529: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --remove-interface=dummy2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:529" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --remove-interface=dummy2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:529" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:537: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:537" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:537" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:540: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:540" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:540" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:543: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --add-interface=dummy3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:543" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --add-interface=dummy3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:543" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:552: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:552" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:552" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:556: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:556" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ACCEPT all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:556" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:560: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --query-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:560" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:560" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:561: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --remove-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:561" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --remove-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:561" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:568: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:568" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:568" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:570: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:570" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:570" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:572: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --query-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:572" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:572" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:573: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --remove-interface=dummy --remove-interface=dummy3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:573" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --remove-interface=dummy --remove-interface=dummy3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:573" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:575: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=home --add-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:575" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=home --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:575" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:576: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=home --add-interface=dummy --add-interface=dummy3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:576" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=home --add-interface=dummy --add-interface=dummy3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:576" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:577: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=home --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:577" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=home --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:577" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:578: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:578" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:578" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:578: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:578" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:578" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:579: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=home --query-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:579" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=home --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:579" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:589: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:589" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:589" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:594: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_home_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:594" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_home_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ACCEPT all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:594" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:598: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=home --remove-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:598" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=home --remove-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:598" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:599: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=home --query-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:599" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=home --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:599" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:600: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=home --remove-interface=dummy --remove-interface=dummy3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:600" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=home --remove-interface=dummy --remove-interface=dummy3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:600" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:601: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=home --remove-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:601" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=home --remove-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:601" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:602: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:602" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:602" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:602: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:602" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:602" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:605: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-default-zone |grep public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:605" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-default-zone |grep public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:605" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:606: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-interface dummy4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:606" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-interface dummy4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:606" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:607: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:607" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:607" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:615: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:615" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:615" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:618: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:618" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:618" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:623: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:623" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:623" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:624: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=1234::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:624" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=1234::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:624" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:627: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:627" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:627" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:636: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:636" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:636" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:639: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:639" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 1234::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:639" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:642: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-source=1234::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:642" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-source=1234::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:642" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:652: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:652" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:652" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:655: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:655" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:655" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:657: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=10.20.20.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:657" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=10.20.20.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:657" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:658: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=4321::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:658" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=4321::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:658" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:670: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:670" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 10.10.10.0/24 ACCEPT all -- 0.0.0.0/0 10.20.20.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:670" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:674: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:674" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 4321::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:674" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:677: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:677" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:677" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:684: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:684" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:684" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:686: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:686" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:686" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:688" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:688" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_190 #AT_START_191 at_fn_group_banner 191 'firewall-cmd.at:690' \ "forward ports" " " 8 at_xfail=no ( $as_echo "191. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:690" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:690" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:690" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:690: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:690" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:690" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:690" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:690" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:690" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:690" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:690" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:690" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:690" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:690" { set +x $as_echo "$at_srcdir/firewall-cmd.at:693: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:693" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/firewall-cmd.at:693" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:694: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=11:proto=tcp:toport=22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:694" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=11:proto=tcp:toport=22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:694" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:703: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:703" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:11 to::22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:703" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:706: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:706" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:706" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:708: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:708" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:708" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:709: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4444 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:709" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:709" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:710: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:710" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:710" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:719: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:719" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:33 to:4.4.4.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:719" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:722: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:722" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:722" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:724: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:724" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:724" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:725: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:725" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:725" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:726: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:726" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:726" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:727: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:727" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:727" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:728: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:728" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:728" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:729: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:729" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:729" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:730: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:730" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:730" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:731: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:731" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:731" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:732: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:732" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:732" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:733: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:733" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:733" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:733: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:733" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:733" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:733: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:733" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT sctp ::/0 ::/0 sctp dpt:66 to:[fd00:dead:beef:ff0::]:66 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:733" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:733: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:733" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:733" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:733: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:733" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:733" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:733: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:733" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:733" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:752: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:752" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:752" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:753: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:753" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:753" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:754: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:754" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:754" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:755: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:755" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:755" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:756: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:756" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:756" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:757: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:757" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:757" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:758: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-forward-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:758" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-forward-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:758" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:760: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:760" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/firewall-cmd.at:760" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:761: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=11:proto=tcp:toport=22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:761" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=11:proto=tcp:toport=22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:761" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:762: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:762" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=11:proto=tcp:toport=22 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:762" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:763: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4444 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:763" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4444 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/firewall-cmd.at:763" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:764: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:764" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:764" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:765: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:765" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=33:proto=tcp:toaddr=4.4.4.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:765" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:766: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:766" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:766" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:767: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:767" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:767" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:768: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:768" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:768" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:769: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:769" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:769" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:770: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:770" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:770" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:771: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:771" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:771" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:772: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:772" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:772" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:773: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:773" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:773" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:774: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:774" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:774" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:774: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:774" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:774" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:774: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:774" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:774" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:774: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:774" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=66:proto=sctp:toport=66:toaddr=fd00:dead:beef:ff0:: ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:774" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:780: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:780" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:780" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:781: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:781" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:781" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:782: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:782" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:782" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:783: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:783" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-forward-port port=100:proto=tcp:toport=200 --remove-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:783" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:784: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port port=100:proto=tcp:toport=200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:784" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port port=100:proto=tcp:toport=200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:784" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:785: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:785" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-forward-port=port=88:proto=udp:toport=99 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:785" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:786: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-forward-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:786" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-forward-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:786" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then $as_echo "firewall-cmd.at:787" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:787" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_191 #AT_START_192 at_fn_group_banner 192 'firewall-cmd.at:789' \ "ICMP block" " " 8 at_xfail=no ( $as_echo "192. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:789" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:789" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:789" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:789: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:789" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:789" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:789" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:789" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:789" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:789" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:789" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:789" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:789" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:789" { set +x $as_echo "$at_srcdir/firewall-cmd.at:792: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-icmp-blocks " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:792" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-icmp-blocks ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:792" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:794: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=dummyblock " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:794" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=dummyblock ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/firewall-cmd.at:794" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:795: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:795" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:795" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:796: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:796" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:796" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:797: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:797" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:797" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:798: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:798" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:798" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:799: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=dummyblock " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:799" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=dummyblock ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/firewall-cmd.at:799" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:800: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:800" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:800" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:801: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:801" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:801" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:802: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:802" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:802" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:803: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:803" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:803" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:805: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:805" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:805" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:806: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:806" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:806" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:807: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:807" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:807" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:808: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:808" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:808" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:809: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-icmp-block-inversion --zone=public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:809" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-icmp-block-inversion --zone=public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:809" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:810: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:810" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:810" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:811: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:811" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:811" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:812: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:812" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:812" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:814: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=block " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:814" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=block ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:814" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:815: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=block " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:815" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=block ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:815" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:816: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=drop " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:816" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=drop ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:816" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:817: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=drop " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:817" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=drop ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:817" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:818: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:818" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-icmp-block-inversion --zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:818" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:819: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=trusted " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:819" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-icmp-block-inversion --zone=trusted ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:819" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:821: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:821" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:821" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:822: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:822" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:822" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:823: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:823" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:823" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:824: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:824" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:824" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:825: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:825" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:825" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:826: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:826" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:826" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:827: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:827" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --add-icmp-block=echo-reply --add-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:827" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:828: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:828" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:828" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:829: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:829" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:829" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:830: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:830" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --remove-icmp-block echo-reply --remove-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:830" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:831" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:832: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:832" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=external --query-icmp-block=router-solicitation ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:832" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_ICMPTYPE:/d'" != x"ignore"; then $as_echo "firewall-cmd.at:833" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ICMPTYPE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:833" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_192 #AT_START_193 at_fn_group_banner 193 'firewall-cmd.at:835' \ "user ICMP types" " " 8 at_xfail=no ( $as_echo "193. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:835" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:835" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:835" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:835: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:835" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:835" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:835" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:835" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:835" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:835" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:835" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:835" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:835" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:835" { set +x $as_echo "$at_srcdir/firewall-cmd.at:838: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-icmptype=redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:838" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-icmptype=redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/firewall-cmd.at:838" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:840: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-icmptype=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:840" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-icmptype=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:840" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:841: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-icmptypes | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:841" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-icmptypes | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:841" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:843: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv5 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:843" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:843" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:844: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:844" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:844" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:845: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:845" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:845" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:846: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:846" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --add-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:846" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:847: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:847" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:847" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:848: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:848" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --remove-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:848" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:849: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:849" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --icmptype=foobar --query-destination=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:849" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:851: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-icmp-block=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:851" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-icmp-block=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:851" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:852: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:852" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:852" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:854: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-icmptype=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:854" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-icmptype=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:854" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:855: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:855" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --list-icmp-blocks | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:855" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/NAME_CONFLICT: new_icmptype():/d'" != x"ignore"; then $as_echo "firewall-cmd.at:856" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/NAME_CONFLICT: new_icmptype():/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:856" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_193 #AT_START_194 at_fn_group_banner 194 'firewall-cmd.at:858' \ "ipset" " " 8 at_xfail=no ( $as_echo "194. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:858" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:858" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:858" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:858: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:858" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:858" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:858" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:858" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:858" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:858" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:858" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:858" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:858" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:858" $as_echo "firewall-cmd.at:861" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $IPSET -h >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:861" $as_echo "firewall-cmd.at:862" >"$at_check_line_file" (! $IPSET --help | grep "hash:mac") \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:862" $as_echo "firewall-cmd.at:862" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $IPSET create foobar hash:mac >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:862" { set +x $as_echo "$at_srcdir/firewall-cmd.at:862: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$IPSET destroy foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:862" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $IPSET destroy foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:862" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:864: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:864" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:864" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:865: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:865" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:865" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:866: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:866" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:866" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:868: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:868" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:868" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:869: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries | grep \"1.2.3.4\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:869" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries | grep "1.2.3.4" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:869" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:870: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.400 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:870" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.400 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/firewall-cmd.at:870" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:871: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --remove-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:871" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --remove-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:871" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:872: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:872" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:872" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:875: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:875" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:875" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:876: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-source=ipset:foobar | grep public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:876" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-source=ipset:foobar | grep public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:876" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:877: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-sources | grep \"ipset:foobar\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:877" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-sources | grep "ipset:foobar" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:877" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:878: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:878" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:878" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:879: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:879" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:879" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:880: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:880" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --query-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:880" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:882: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:882" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:882" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:883: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:883" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:883" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:886: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:886" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:886" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:887: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:887" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:887" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:888: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,2000-2100 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:888" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,2000-2100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:888" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:889: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:889" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:889" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:889: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:889" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:889" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:900: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:900" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:900" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:901: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:901" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:901" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:902: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:902" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:902" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:902: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:902" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:902" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:905: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:905" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:905" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:906: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:906" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:907: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:907" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,udp:1000-1002 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:907" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:908: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:908" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:908" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:908: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:908" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:908" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:909: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:909" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:909" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:910: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:910" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:910" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:930: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:930" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip,port Members: 10.10.10.10,sctp:1234 10.10.10.10,udp:1000 10.10.10.10,udp:1001 10.10.10.10,udp:1002 20.20.20.20,tcp:8080 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:930" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:940: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,sctp:8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:940" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,sctp:8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:940" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:941: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:941" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:941" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:942: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:942" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:942" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:942: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:942" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:942" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:945: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,mark " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:945" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,mark ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:945" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:946: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,0x100 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:946" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,0x100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:946" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:947: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:947" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:947" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:947: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:947" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:947" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:948: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,0x200 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:948" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.20,0x200 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:948" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:949: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:949" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:949" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:968: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:968" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip,mark Members: 10.10.10.10,0x00000100 20.20.20.20,0x00000200 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:968" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:975: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:975" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:975" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:976: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:976" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:976" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:976: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:976" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:976" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:979: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,port " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:979" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,port ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:979" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:980: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:980" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,sctp:1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:980" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:981: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:981" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:981" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:981: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:981" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:981" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:982: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:982" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:982" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:983: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:983" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:983" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:984: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:984" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:984" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:984: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:984" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:984" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:987: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port,net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:987" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip,port,net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:987" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:988: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:988" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.10,sctp:1234,10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:988" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:989: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:989" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:989" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:989: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:989" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:989" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:990: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080,1.6.0.0/16 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:990" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=1.2.3.4,tcp:8080,1.6.0.0/16 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:990" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1001: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1001" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip,port,net Members: 1.2.3.4,tcp:8080,1.6.0.0/16 10.10.10.10,sctp:1234,10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1001" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1008: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1008" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1008" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1009" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1009: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1009" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1009" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1012: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,iface " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1012" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:net,iface ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1012" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1013: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1013" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=10.10.10.0/24,foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1013" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1014: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1014" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1014" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1014: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1014" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1014" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1015: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.0/24,raboof0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1015" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=20.20.20.0/24,raboof0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1015" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1016: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1016" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source=ipset:foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1016" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1035: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1035" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net,iface Members: 10.10.10.0/24,foobar0 20.20.20.0/24,raboof0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1035" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1042: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1042" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1042" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1043: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1043" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1043" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1043: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1043" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1043" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:mac " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:mac ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=12:34:56:78:90:ab " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=12:34:56:78:90:ab ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=12:34:56:78:90:ac " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=12:34:56:78:90:ac ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-ipset=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1045: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1045" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1045" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"-e '/ERROR: INVALID_ENTRY: invalid address/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1053" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ENTRY: invalid address/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1053" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_194 #AT_START_195 at_fn_group_banner 195 'firewall-cmd.at:1055' \ "user helpers" " " 8 at_xfail=no ( $as_echo "195. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1055" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1055" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1055" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1055: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1055" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1055" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1055" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1055" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1055" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1055" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1055" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1055" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1055" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1055" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1058: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1058" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 132 $at_status "$at_srcdir/firewall-cmd.at:1058" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1059: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=nf_conntrack_foo " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1059" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-helper=foobar --module=nf_conntrack_foo ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1059" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1060: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1060" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1060" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1061: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1061" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1061" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1062: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv5 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1062" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1062" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1063: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1063" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family=ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1063" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1064: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1064" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family | grep ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1064" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1065: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family= " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1065" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --set-family= ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1065" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1067: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1067" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-family ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1067" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1069: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1069" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1069" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1072: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --add-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1072" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --add-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1072" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1073: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports | grep 44 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1073" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports | grep 44 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1073" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1074: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1074" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1074" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1075: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --remove-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1075" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --remove-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1075" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1076: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1076" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --query-port=44/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1076" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1077: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1077" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --helper=foobar --get-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1077" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1079: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --delete-helper=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1079" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --delete-helper=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1079" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1080: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1080" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-helpers | grep foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1080" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_MODULE:/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1081" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_MODULE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1081" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_195 #AT_START_196 at_fn_group_banner 196 'firewall-cmd.at:1083' \ "direct" " " 8 at_xfail=no ( $as_echo "196. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1083" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1083" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1083" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1083: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1083" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1083" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1083" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1083" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1083" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1083" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1083" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1083" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1083" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1083" $as_echo "firewall-cmd.at:1085" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1085" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1087: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1087" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1087" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1088: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-chains ipv4 filter | grep mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1088" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-chains ipv4 filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1088" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1089: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-chains | grep \"ipv4 filter mychain\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1089" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-chains | grep "ipv4 filter mychain" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1089" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1090: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1090" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1090" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1091: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain ipv5 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1091" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain ipv5 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1091" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1092: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain ipv4 badtable mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1092" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain ipv4 badtable mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 108 $at_status "$at_srcdir/firewall-cmd.at:1092" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1094: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1094" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1094" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1095: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1095" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1095" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1096: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 filter mychain 3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1096" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 filter mychain 3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1096" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1097: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1097" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1097" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1098: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1098" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1098" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1099: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1099" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1099" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv5 filter mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv5 filter mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 badtable mychain 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 badtable mychain 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 108 $at_status "$at_srcdir/firewall-cmd.at:1101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1105" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1106" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"3 -s 192.168.1.1 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "3 -s 192.168.1.1 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1107" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1108: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"4 -s 192.168.1.2 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1108" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "4 -s 192.168.1.2 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1108" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"5 -s 192.168.1.3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "5 -s 192.168.1.3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1109" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1110: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep \"6 -s 192.168.1.4 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1110" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-rules ipv4 filter mychain | grep "6 -s 192.168.1.4 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1110" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1111: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rules ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1111" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rules ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1111" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 3 -s 192.168.1.1 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 4 -s 192.168.1.2 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1113" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 5 -s 192.168.1.3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-rule ipv4 filter mychain 6 -s 192.168.1.4 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv5 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv5 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 badtable mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 badtable mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 108 $at_status "$at_srcdir/firewall-cmd.at:1118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-chain ipv4 filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-chain ipv4 filter dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1121" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1124" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1125: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1125" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1125" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1126" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1127: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-default-zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1127" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-default-zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1127" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1128: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --zone=home --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1128" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --zone=home --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1128" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --permanent --list-all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --permanent --list-all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1129" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1132: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-chain ipv4 filter žluÅ¥ouÄký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1132" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-chain ipv4 filter žluÅ¥ouÄký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1132" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1133: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-chains ipv4 filter |grep \"žluÅ¥ouÄký\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1133" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-chains ipv4 filter |grep "žluÅ¥ouÄký" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1133" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1134: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-chains | grep \"ipv4 filter žluÅ¥ouÄký\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1134" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-chains | grep "ipv4 filter žluÅ¥ouÄký" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1134" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluÅ¥ouÄký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluÅ¥ouÄký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1136: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1136" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1136" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-rules ipv4 filter žluÅ¥ouÄký | grep ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-rules ipv4 filter žluÅ¥ouÄký | grep ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1137" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep \"ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep "ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1138" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1139" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1140" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1141: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1141" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-rule ipv4 filter žluÅ¥ouÄký 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1141" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1142: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-chain ipv4 filter žluÅ¥ouÄký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1142" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-chain ipv4 filter žluÅ¥ouÄký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1142" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluÅ¥ouÄký " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-chain ipv4 filter žluÅ¥ouÄký ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1146: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1146" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1146" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter FORWARD_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1147" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter FORWARD_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1147" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1148: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 security INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1148" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 security INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1148" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1149: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 raw PREROUTING_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1149" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 raw PREROUTING_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1149" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1150: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 mangle PREROUTING_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1150" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 mangle PREROUTING_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1150" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1151: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 nat PREROUTING_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1151" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 nat PREROUTING_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1151" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1152: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1152" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 3 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1152" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1153: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1153" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1153" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1153: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1153" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1153" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_TABLE:/d' -e '/WARNING: NOT_ENABLED: chain/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1154" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_TABLE:/d' -e '/WARNING: NOT_ENABLED: chain/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1154" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_196 #AT_START_197 at_fn_group_banner 197 'firewall-cmd.at:1157' \ "direct nat" " " 8 at_xfail=no ( $as_echo "197. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1157" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1157" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1157" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1157: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1157" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1157" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1157" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1157" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1157" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1157" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1157" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1157" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1157" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1157" $as_echo "firewall-cmd.at:1160" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1160" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1167: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1167" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1167" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1168: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1168" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1168" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1169: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1169" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1169" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1170: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1170" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1170" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1171: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1171" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1171" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1172: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1172" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1172" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1173: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules |grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1173" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules |grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 81" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1173" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-rule ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-rules | grep \"ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-rules | grep "ipv4 nat OUTPUT 0 -s 1.2.3.4 -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-ports 82" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1177" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:1180" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1180" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_197 #AT_START_198 at_fn_group_banner 198 'firewall-cmd.at:1182' \ "direct passthrough" " " 8 at_xfail=no ( $as_echo "198. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1182" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1182" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1182" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1182: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1182" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1182" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1182" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1182" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1182" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1182" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1182" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1182" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1182" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1182" $as_echo "firewall-cmd.at:1184" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1184" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1186: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --append POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1186" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --append POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1186" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1187: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --delete POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1187" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 --table mangle --delete POSTROUTING --out-interface dummy0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1187" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1189: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1189" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1189" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1190: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1190" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1190" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1192: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1192" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1192" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1193: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1193" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv7 --table filter -A INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1193" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1194: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1194" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1194" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1195: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1195" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --query-passthrough ipv4 --table filter --append INPUT --in-interface dummy0 --protocol tcp --destination-port 67 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1195" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1197: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1197" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-passthrough ipv6 --table filter --append FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1197" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1197: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-passthroughs ipv6 | grep \"fd00:dead:beef:ff0::/64\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1197" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-passthroughs ipv6 | grep "fd00:dead:beef:ff0::/64" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1197" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1197: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-all-passthroughs | grep \"fd00:dead:beef:ff0::/64\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1197" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-all-passthroughs | grep "fd00:dead:beef:ff0::/64" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1197" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1197: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -nvL | grep \"fd00:dead:beef:ff0::/64\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1197" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -nvL | grep "fd00:dead:beef:ff0::/64" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1197" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1197: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1197" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-passthrough ipv6 --table filter --delete FORWARD --destination fd00:dead:beef:ff0::/64 --in-interface dummy0 --out-interface dummy0 --jump ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1197" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1205: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv5 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1205" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv5 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1205" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1206: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1206" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1206" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1208: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough --get-chains ipv4 filter " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1208" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough --get-chains ipv4 filter ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1208" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1210: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1210" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1210" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1211: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv5 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1211" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv5 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:1211" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1212" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1213: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-passthroughs ipv4 | grep \"\\-nvL\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1213" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-passthroughs ipv4 | grep "\-nvL" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1213" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1214: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-all-passthroughs | grep \"ipv4 \\-nvL\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1214" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-all-passthroughs | grep "ipv4 \-nvL" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1214" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --remove-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --remove-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --query-passthrough ipv4 -nvL ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1217" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/WARNING: NOT_ENABLED: passthrough/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1218" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/WARNING: NOT_ENABLED: passthrough/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1218" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_198 #AT_START_199 at_fn_group_banner 199 'firewall-cmd.at:1220' \ "direct ebtables" " " 8 at_xfail=no ( $as_echo "199. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1220" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1220" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1220" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1220: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1220" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1220" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1220" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1220" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1220" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1220" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1220" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1220" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1220" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1220" $as_echo "firewall-cmd.at:1222" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1222" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1224: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-chain eb filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1224" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-chain eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1224" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1225: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --get-chains eb filter | grep mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1225" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --get-chains eb filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1225" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1226: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1226" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1226" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1227: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1227" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1227" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1228: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L mychain; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1228" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L mychain; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 -j DROP -p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1228" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1233: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1233" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1233" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L mychain; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L mychain; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 --ip6-proto udp ! --ip6-sport 12345 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1234" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1239" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1240: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT_direct 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1240" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule eb filter INPUT_direct 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1240" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1241: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L INPUT_direct; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1241" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L INPUT_direct; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 -j DROP -p IPv6 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1241" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rules eb filter INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rules eb filter INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1253" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rules eb filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rules eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1254" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-chain eb filter mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-chain eb filter mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1256" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1257: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --get-chains eb filter | grep mychain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1257" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --get-chains eb filter | grep mychain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1257" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1258: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1258" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1258" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1259" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1259" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1260: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { ebtables --concurrent -t filter -L mychain; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^Bridge\" | sed -e 's/\\([-][-][-a-zA-Z0-9]\\+\\)[ ]\\+[!]/! \\1/g' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1260" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { ebtables --concurrent -t filter -L mychain; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^Bridge" | sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-p IPv6 -j DROP -j RETURN " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1260" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:1264" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1264" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_199 #AT_START_200 at_fn_group_banner 200 'firewall-cmd.at:1266' \ "lockdown" " " 8 at_xfail=no ( $as_echo "200. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1266" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1266" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1266" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1266: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1266" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1266" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1266" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1266" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1266" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1266" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1266" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1266" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1266" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1266" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1269" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1270: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1270" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1270" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1271: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-commands | grep \"/usr/bin/command\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1271" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-commands | grep "/usr/bin/command" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1271" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1272: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1272" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1272" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1273: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1273" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1273" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1274: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1274" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1274" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1275: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1275" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1275" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1276: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-commands | grep \"/usr/bin/command\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1276" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-commands | grep "/usr/bin/command" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1276" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1277: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1277" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1277" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1278: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1278" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-command /usr/bin/command ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1278" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1280: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1280" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1280" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1281: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1281" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1281" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1282: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-contexts | grep \"system_u:system_r:MadDaemon_t:s0\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1282" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1282" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1283: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1283" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1283" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1284: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1284" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1284" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1285: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1285" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1285" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1286: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1286" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1286" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1287: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-contexts | grep \"system_u:system_r:MadDaemon_t:s0\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1287" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-contexts | grep "system_u:system_r:MadDaemon_t:s0" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1287" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1288: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1288" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1288" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1289: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1289" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-context system_u:system_r:MadDaemon_t:s0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1289" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1291: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1291" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1291" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1292: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1292" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1292" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1293: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-uids | grep \"6666\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1293" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-uids | grep "6666" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1293" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1294: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1294" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1294" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1295: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1295" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1295" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1296: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666x " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1296" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-uid 6666x ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1296" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1297: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1297" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1297" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1298: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1298" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1298" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-uids | grep \"6666\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-uids | grep "6666" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1299" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1300: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1300" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1300" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1301: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1301" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-uid 6666 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1301" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1302: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666x " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1302" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-uid 6666x ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/firewall-cmd.at:1302" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1304: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1304" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1304" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1305: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1305" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1305" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1306: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-lockdown-whitelist-users | grep \"theboss\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1306" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-lockdown-whitelist-users | grep "theboss" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1306" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1307: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1307" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1307" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1308: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1308" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1308" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1309: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1309" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1309" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1310: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1310" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1310" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1311: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-users | grep \"theboss\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1311" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-lockdown-whitelist-users | grep "theboss" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1311" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1312: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1312" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1312" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1313: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1313" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-lockdown-whitelist-user theboss ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1313" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1315" >"$at_check_line_file" (test `whoami` != 'root') \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1315" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1316: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user root " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1316" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-lockdown-whitelist-user root ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1316" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1317: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --lockdown-on " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1317" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --lockdown-on ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1317" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1318: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1318" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1318" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1319: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --lockdown-off " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1319" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --lockdown-off ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1319" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1320: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-lockdown " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1320" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-lockdown ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1320" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:1321" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1321" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_200 #AT_START_201 at_fn_group_banner 201 'firewall-cmd.at:1333' \ "rich rules good" " " 8 at_xfail=no ( $as_echo "201. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1333" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1333" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1333" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1333: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1333" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1333" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1333" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1333" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1333" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1333" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1333" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1333" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1333" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1333" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1336: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1336" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1336" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1337: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"esp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1337" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="esp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1337" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1338: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"sctp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1338" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="sctp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1338" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value=\"igmp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule protocol value="igmp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1339" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1340: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"tftp\" log prefix=\"tftp: \" level=\"info\" limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1340" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp: " level="info" limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1340" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"dns\" log prefix=\"dns: \" level=\"info\" limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="dns" log prefix="dns: " level="info" limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1341" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" service name=\"irc\" nflog prefix=\"irc: \" group=1000 queue-size=10 limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" service name="irc" nflog prefix="irc: " group=1000 queue-size=10 limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1342" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source not address=\"192.168.0.0/24\" service name=\"mysql\" nflog prefix=\"mysql: \" queue-size=100 limit value=\"2/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source not address="192.168.0.0/24" service name="mysql" nflog prefix="mysql: " queue-size=100 limit value="2/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"2222\" protocol=\"tcp\" nflog prefix=\"port-2222: \" queue-size=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="2222" protocol="tcp" nflog prefix="port-2222: " queue-size=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1345: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"3333\" protocol=\"udp\" nflog prefix=\"port-3333: \" queue-size=65535 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1345" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="3333" protocol="udp" nflog prefix="port-3333: " queue-size=65535 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1345" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" service name=\"radius\" log prefix=\"dns -- \" level=\"info\" limit value=\"3/m\" reject type=\"icmp6-addr-unreachable\" limit value=\"20/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns -- " level="info" limit value="3/m" reject type="icmp6-addr-unreachable" limit value="20/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" port port=\"4011\" protocol=\"tcp\" log prefix=\"port 4011: \" level=\"info\" limit value=\"4/m\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" port port="4011" protocol="tcp" log prefix="port 4011: " level="info" limit value="4/m" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"1::2:3:4:7\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="1::2:3:4:7"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log prefix=\"redirected: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirected: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4::/64\" destination address=\"1:2:3:5::/64\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" source address="1:2:3:4::/64" destination address="1:2:3:5::/64" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv6\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv6" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1346" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1354: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"1.2.3.4\" forward-port port=\"4011\" protocol=\"tcp\" to-port=\"4012\" to-addr=\"9.8.7.6\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1354" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="1.2.3.4" forward-port port="4011" protocol="tcp" to-port="4012" to-addr="9.8.7.6"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1354" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.0.0/24\" icmp-block name=\"source-quench\" log prefix=\"source-quench: \" level=\"info\" limit value=\"4/m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.0.0/24" icmp-block name="source-quench" log prefix="source-quench: " level="info" limit value="4/m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1355" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1356: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1356" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1356" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1357: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" source address=\"10.1.1.0/24\" destination address=\"192.168.1.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1357" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" source address="10.1.1.0/24" destination address="192.168.1.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1357" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" destination address=\"192.168.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" destination address="192.168.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1358" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" to-addr=\"192.168.100.2\" protocol=\"tcp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1359" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"66\" to-port=\"666\" to-addr=\"192.168.100.2\" protocol=\"sctp\" family=\"ipv4\" source address=\"192.168.2.100\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1360" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port=\"99\" to-port=\"10999\" to-addr=\"1::2:3:4:7\" protocol=\"dccp\" family=\"ipv6\" source address=\"1:2:3:4:6::\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule forward-port port="99" to-port="10999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1361" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family=\"ipv4\" port port=\"222\" protocol=\"tcp\" mark set=\"0xff\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule family="ipv4" port port="222" protocol="tcp" mark set="0xff"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1365" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1366" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1366" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_201 #AT_START_202 at_fn_group_banner 202 'firewall-cmd.at:1367' \ "rich rules audit" " " 8 at_xfail=no ( $as_echo "202. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1367" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1367" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1367" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1367: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1367" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1367" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1367" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1367" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1367" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1367" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1367" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1367" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1367" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1367" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name=\"ftp\" audit limit value=\"1/m\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule service name="ftp" audit limit value="1/m" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1371" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "firewall-cmd.at:1372" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1372" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_202 #AT_START_203 at_fn_group_banner 203 'firewall-cmd.at:1375' \ "rich rules priority" " " 8 at_xfail=no ( $as_echo "203. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1375" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1375" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1375" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1375: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1375" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1375" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1375" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1375" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1375" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1375" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1375" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1375" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1375" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1375" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1410: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1410" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "INPUT_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_public_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_public_log all -- 0.0.0.0/0 0.0.0.0/0 IN_public_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_public_allow all -- 0.0.0.0/0 0.0.0.0/0 IN_public_post all -- 0.0.0.0/0 0.0.0.0/0 INPUT_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1410" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1421: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_public; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1421" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_public; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FORWARD_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 FWD_public_pre all -- 0.0.0.0/0 0.0.0.0/0 FWD_public_log all -- 0.0.0.0/0 0.0.0.0/0 FWD_public_deny all -- 0.0.0.0/0 0.0.0.0/0 FWD_public_allow all -- 0.0.0.0/0 0.0.0.0/0 FWD_public_post all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1421" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1431: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1431" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "INPUT_POLICIES_pre all ::/0 ::/0 IN_public_pre all ::/0 ::/0 IN_public_log all ::/0 ::/0 IN_public_deny all ::/0 ::/0 IN_public_allow all ::/0 ::/0 IN_public_post all ::/0 ::/0 INPUT_POLICIES_post all ::/0 ::/0 ACCEPT icmpv6 ::/0 ::/0 REJECT all ::/0 ::/0 reject-with icmp6-port-unreachable " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1431" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1442: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_public; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1442" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_public; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FORWARD_POLICIES_pre all ::/0 ::/0 FWD_public_pre all ::/0 ::/0 FWD_public_log all ::/0 ::/0 FWD_public_deny all ::/0 ::/0 FWD_public_allow all ::/0 ::/0 FWD_public_post all ::/0 ::/0 FORWARD_POLICIES_post all ::/0 ::/0 REJECT all ::/0 ::/0 reject-with icmp6-port-unreachable " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1442" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1458: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule port port=\"1111\" protocol=\"tcp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1458" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule port port="1111" protocol="tcp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1458" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1459: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port=\"1122\" protocol=\"tcp\" audit accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1459" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port="1122" protocol="tcp" audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1459" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1460: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule port port=\"2222\" protocol=\"tcp\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1460" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule port port="2222" protocol="tcp" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1460" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1461: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule port port=\"3333\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1461" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule port port="3333" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1461" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1462: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port=\"4444\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1462" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 port port="4444" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1462" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1489: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1489" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 AUDIT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED AUDIT accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1489" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1493: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1493" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1493" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1496: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1496" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1122 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3333 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1496" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1502: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1502" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 AUDIT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED AUDIT accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1502" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1506: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1506" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP tcp ::/0 ::/0 tcp dpt:2222 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1506" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1509: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1509" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:1122 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:3333 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:4444 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1509" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1516: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1516" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1516" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1516: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1516" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1516" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1519: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32768 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1519" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32768 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1519" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1520: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32767 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1520" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32767 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1520" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1521: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32769 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1521" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-32769 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/firewall-cmd.at:1521" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1522: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32768 port port=\"1234\" protocol=\"tcp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1522" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=32768 port port="1234" protocol="tcp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/firewall-cmd.at:1522" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1523: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1523" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1523" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1523: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1523" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1523" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1527: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1527" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1527" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1528: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1528" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1528" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1536: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1536" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1536" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1539: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1539" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1539" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1542: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1542" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1542" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1543: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1543" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1543" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1544: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1544" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1544" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1545: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1545" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1545" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1546: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1546" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1546" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1547: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1547" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/firewall-cmd.at:1547" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1550: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1550" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1550" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1551: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1551" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1551" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1552: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule log prefix=\"foobar: \"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1552" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule log prefix="foobar: "' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1552" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1553: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1553" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1553" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1553: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1553" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1553" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1556: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"10.10.0.0/16\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1556" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.10.0.0/16" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1556" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1557: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-10 source address=\"10.1.1.0/24\" masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1557" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-10 source address="10.1.1.0/24" masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1557" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1558: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-1 source address=\"10.1.0.0/16\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1558" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-1 source address="10.1.0.0/16" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1558" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1560: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=0 forward-port port=\"222\" protocol=\"tcp\" to-port=\"22\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1560" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=0 forward-port port="222" protocol="tcp" to-port="22"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1560" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1561: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=0 forward-port port=\"2222\" protocol=\"tcp\" to-port=\"22\" to-addr=\"10.1.1.1\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1561" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=0 forward-port port="2222" protocol="tcp" to-port="22" to-addr="10.1.1.1"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1561" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-10 forward-port port=\"8888\" protocol=\"tcp\" to-port=\"80\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8888" protocol="tcp" to-port="80"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1562" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1563: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-10 forward-port port=\"8080\" protocol=\"tcp\" to-port=\"80\" to-addr=\"10.1.1.1\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1563" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-10 forward-port port="8080" protocol="tcp" to-port="80" to-addr="10.1.1.1"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1563" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1564: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" priority=0 forward-port port=\"9090\" protocol=\"tcp\" to-port=\"90\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1564" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" priority=0 forward-port port="9090" protocol="tcp" to-port="90"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1564" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1564: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" priority=-123 forward-port port=\"999\" protocol=\"tcp\" to-port=\"99\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1564" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" priority=-123 forward-port port="999" protocol="tcp" to-port="99"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1564" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1564: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" priority=-123 forward-port port=\"9999\" protocol=\"tcp\" to-port=\"9999\" to-addr=\"1234::4321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1564" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" priority=-123 forward-port port="9999" protocol="tcp" to-port="9999" to-addr="1234::4321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1564" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1653: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1653" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP all -- 10.1.0.0/16 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1653" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1656: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1656" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1656" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1659: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1659" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1659" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1661: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1661" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1661" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1663: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1663" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 to::80 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:10.1.1.1:80 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1663" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1667: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1667" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:222 to::22 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:10.1.1.1:22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1667" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1671: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POST_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1671" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POST_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MASQUERADE all -- 10.1.1.0/24 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1671" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1674: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POST_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1674" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POST_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MASQUERADE all -- 10.10.0.0/16 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1674" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1677: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PRE_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1677" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PRE_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1677" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1679: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1679" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1679" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1681: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1681" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1681" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1683: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1683" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1683" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1687: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1687" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1687" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1689: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1689" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1689" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1691: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PRE_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1691" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PRE_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp ::/0 ::/0 tcp dpt:999 to::99 DNAT tcp ::/0 ::/0 tcp dpt:9999 to:[1234::4321]:9999 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1691" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1695: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1695" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp ::/0 ::/0 tcp dpt:9090 to::90 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1695" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1698: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PRE_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1698" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PRE_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1698" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1700: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1700" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1700" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1702: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1702" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1702" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1702: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1702" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1702" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1705: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-block name=\"destination-unreachable\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1705" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-block name="destination-unreachable"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1705" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1706: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-block name=\"destination-unreachable\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1706" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-block name="destination-unreachable"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1706" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1708: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-type name=\"echo-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1708" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule icmp-type name="echo-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1708" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1709: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-type name=\"echo-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1709" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 icmp-type name="echo-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1709" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1756: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1756" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1756" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1760: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1760" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1760" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1763: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1763" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1763" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1767: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1767" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1767" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1769: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1769" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1769" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1771: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1771" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1771" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1773: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1773" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1773" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1777: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1777" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 1 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1777" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1780: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1780" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1780" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1785: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1785" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1785" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1787: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1787" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1787" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1789: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1789" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1789" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1791: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1791" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1791" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1791: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1791" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1791" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1794: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=70 service name=\"smtps\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1794" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=70 service name="smtps" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1794" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1795: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-111 service name=\"ntp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1795" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-111 service name="ntp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1795" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1796: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 port port=\"1111\" protocol=\"tcp\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1796" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-10 port port="1111" protocol="tcp" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1796" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1797: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-100 port port=\"1111\" protocol=\"tcp\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1797" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=-100 port port="1111" protocol="tcp" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1797" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1798: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=\"-77\" service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1798" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority="-77" service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1798" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1799: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=-111 service name=\"ntp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1799" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=-111 service name="ntp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1799" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1800: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-32768 source address=\"10.0.0.0/8\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1800" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-32768 source address="10.0.0.0/8" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1800" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1801: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-2 source address=\"10.0.0.0/8\" log' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1801" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-2 source address="10.0.0.0/8" log' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1801" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1802: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-1 source address=\"10.0.0.0/8\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1802" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-1 source address="10.0.0.0/8" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1802" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1803: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-5 source address=\"10.10.10.0/24\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1803" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-5 source address="10.10.10.0/24" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1803" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1804: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" priority=-3 source address=\"10.100.100.0/24\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1804" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1804" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1805: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1805" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=127 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1805" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1806: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=125 service name=\"imap\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1806" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=125 service name="imap" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1806" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1807: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=126 log prefix=\"DROPPED: \"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1807" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=126 log prefix="DROPPED: "' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1807" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1808: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=10 service name=\"ssh\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1808" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=10 service name="ssh" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1808" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1809: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=1 service name=\"http\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1809" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=1 service name="http" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1809" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1810: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=100 service name=\"https\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1810" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=100 service name="https" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1810" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1811: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=5 service name=\"https\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1811" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=5 service name="https" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1811" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1812: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=66 service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1812" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=66 service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1812" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1813: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=66 service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1813" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=66 service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1813" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1814: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=70 service name=\"smtps\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1814" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=70 service name="smtps" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1814" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1815: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=5 service name=\"https\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1815" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=5 service name="https" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1815" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1816: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority=\"-77\" service name=\"smtp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1816" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule priority="-77" service name="smtp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1816" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1817: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule family=\"ipv4\" priority=-3 source address=\"10.100.100.0/24\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1817" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule family="ipv4" priority=-3 source address="10.100.100.0/24" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1817" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1862: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1862" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG all -- 10.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1111 ctstate NEW,UNTRACKED ACCEPT all -- 10.10.10.0/24 0.0.0.0/0 LOG all -- 10.0.0.0/8 0.0.0.0/0 LOG flags 0 level 4 DROP all -- 10.0.0.0/8 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1862" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1870: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1870" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1870" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1873: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1873" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1873" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1875: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1875" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1875" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1877: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1877" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 ctstate NEW,UNTRACKED LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix \"'DROPPED: '\" DROP all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1877" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1885: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1885" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED LOG flags 0 level 4 DROP tcp ::/0 ::/0 tcp dpt:1111 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1885" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1889: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1889" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1889" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1893: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1893" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1893" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1895: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1895" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1895" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1897: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1897" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:143 ctstate NEW,UNTRACKED LOG all ::/0 ::/0 LOG flags 0 level 4 prefix \"'DROPPED: '\" DROP all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1897" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1905: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1905" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1905" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1906: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1906" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1906: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1906" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1910: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 service name=\"http\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1910" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=0 service name="http" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1910" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1911: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "firewall-cmd.at:1911" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority=\"-32768\" family=\"ipv4\" source address=\"10.0.0.0/8\" log rule priority=\"-100\" port port=\"1111\" protocol=\"tcp\" log rule priority=\"-10\" port port=\"1111\" protocol=\"tcp\" drop rule priority=\"-5\" family=\"ipv4\" source address=\"10.10.10.0/24\" accept rule priority=\"-2\" family=\"ipv4\" source address=\"10.0.0.0/8\" log rule priority=\"-1\" family=\"ipv4\" source address=\"10.0.0.0/8\" drop rule service name=\"http\" accept rule priority=\"1\" service name=\"http\" accept rule priority=\"10\" service name=\"ssh\" accept rule priority=\"100\" service name=\"https\" accept rule priority=\"125\" service name=\"imap\" accept rule priority=\"126\" log prefix=\"DROPPED: \" rule priority=\"127\" drop " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1911" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/INVALID_RULE: no element, no source, no destination/d' -e '/INVALID_RULE: no element, no action/d' -e '/ERROR: INVALID_PRIORITY: /d' -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1941" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/INVALID_RULE: no element, no source, no destination/d' -e '/INVALID_RULE: no element, no action/d' -e '/ERROR: INVALID_PRIORITY: /d' -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1941" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_203 #AT_START_204 at_fn_group_banner 204 'firewall-cmd.at:1946' \ "rich rules bad" " " 8 at_xfail=no ( $as_echo "204. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1946" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1946" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1946" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1946: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1946" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1946" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1946" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1946" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1946" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1946" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1946" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1946" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1946" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1946" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1953: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1953" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1953" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1953: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1953" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1953" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1954: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1954" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1954" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1954: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1954" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1954" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1955: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1955" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1955" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1955: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='protocol value=\"ah\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1955" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='protocol value="ah" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1955" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1956: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"ah\" reject type=\"icmp-host-prohibited\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1956" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="ah" reject type="icmp-host-prohibited"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1956" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1956: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"ah\" reject type=\"icmp-host-prohibited\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1956" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="ah" reject type="icmp-host-prohibited"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1956" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1957: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" protocol value=\"ah\" reject type=\"dummy\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1957" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" protocol value="ah" reject type="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1957" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1957: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" protocol value=\"ah\" reject type=\"dummy\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1957" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" protocol value="ah" reject type="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1957" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1958: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1958" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1958" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1958: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1958" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1958" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1959: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule bad_element' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1959" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule bad_element' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1959" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1959: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule bad_element' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1959" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule bad_element' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1959" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1960: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv5\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1960" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv5"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1960" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1960: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv5\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1960" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv5"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1960" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1961: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1961" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1961" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1961: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule name=\"dns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1961" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule name="dns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1961" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1962: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol=\"ah\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1962" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol="ah" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1962" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1962: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol=\"ah\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1962" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol="ah" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1962" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1963: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"ah\" accept drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1963" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="ah" accept drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1963" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1963: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"ah\" accept drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1963" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="ah" accept drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1963" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1964: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service name=\"radius\" port port=\"4011\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1964" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service name="radius" port port="4011" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1964" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1964: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name=\"radius\" port port=\"4011\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1964" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name="radius" port port="4011" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1964" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1965: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service bad_attribute=\"dns\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1965" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service bad_attribute="dns"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1965" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1965: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service bad_attribute=\"dns\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1965" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service bad_attribute="dns"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1965" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1966: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"igmp\" log level=\"eror\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1966" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="igmp" log level="eror"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 125 $at_status "$at_srcdir/firewall-cmd.at:1966" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1966: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"igmp\" log level=\"eror\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1966" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="igmp" log level="eror"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 125 $at_status "$at_srcdir/firewall-cmd.at:1966" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='family=\"ipv6\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='family="ipv6" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='family=\"ipv6\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='family="ipv6" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 207 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 207 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 123 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" source address=\"1:2:3:4:6::\" icmp-block name=\"redirect\" log level=\"info\" limit value=\"1/2m\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log level="info" limit value="1/2m"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 123 $at_status "$at_srcdir/firewall-cmd.at:1967" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1972: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"esp\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1972" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="esp"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1972" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1972: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"esp\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1972" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="esp"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1972" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1973: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" masquerade drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1973" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" masquerade drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1973" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1973: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" masquerade drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1973" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" masquerade drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1973" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1974: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" icmp-block name=\"redirect\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1974" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" icmp-block name="redirect" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1974" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1974: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" icmp-block name=\"redirect\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1974" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" icmp-block name="redirect" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1974" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1975: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" protocol=\"tcp\" family=\"ipv4\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1975" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule forward-port port="2222" to-port="22" protocol="tcp" family="ipv4" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1975" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1975: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port=\"2222\" to-port=\"22\" protocol=\"tcp\" family=\"ipv4\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1975" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule forward-port port="2222" to-port="22" protocol="tcp" family="ipv4" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/firewall-cmd.at:1975" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1976: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule service name=\"ssh\" log prefix=\"RRClag4hrBx9XZXk+46c6QavQehyRGdy3tjs7gzc+xfSzsd2smjoQ2NCPami6zVyjHtPGziBuqSWT0KII7QbHkwjNMr9pzbcbPue9PMTb5zXlMPphDjeuDdC3QTCH9rGQHooa9LiDWr+DqNPkBs+vb8r50eb+yEQIyhQaiDrQ0sc\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1976" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule service name="ssh" log prefix="RRClag4hrBx9XZXk+46c6QavQehyRGdy3tjs7gzc+xfSzsd2smjoQ2NCPami6zVyjHtPGziBuqSWT0KII7QbHkwjNMr9pzbcbPue9PMTb5zXlMPphDjeuDdC3QTCH9rGQHooa9LiDWr+DqNPkBs+vb8r50eb+yEQIyhQaiDrQ0sc" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 141 $at_status "$at_srcdir/firewall-cmd.at:1976" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1976: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name=\"ssh\" log prefix=\"RRClag4hrBx9XZXk+46c6QavQehyRGdy3tjs7gzc+xfSzsd2smjoQ2NCPami6zVyjHtPGziBuqSWT0KII7QbHkwjNMr9pzbcbPue9PMTb5zXlMPphDjeuDdC3QTCH9rGQHooa9LiDWr+DqNPkBs+vb8r50eb+yEQIyhQaiDrQ0sc\" drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1976" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule service name="ssh" log prefix="RRClag4hrBx9XZXk+46c6QavQehyRGdy3tjs7gzc+xfSzsd2smjoQ2NCPami6zVyjHtPGziBuqSWT0KII7QbHkwjNMr9pzbcbPue9PMTb5zXlMPphDjeuDdC3QTCH9rGQHooa9LiDWr+DqNPkBs+vb8r50eb+yEQIyhQaiDrQ0sc" drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 141 $at_status "$at_srcdir/firewall-cmd.at:1976" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1977: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value=\"sctp\" nflog group=-1 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1977" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule protocol value="sctp" nflog group=-1 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 142 $at_status "$at_srcdir/firewall-cmd.at:1977" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1977: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value=\"sctp\" nflog group=-1 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1977" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule protocol value="sctp" nflog group=-1 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 142 $at_status "$at_srcdir/firewall-cmd.at:1977" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1978: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv4\" service name=\"https\" nflog queue-size=-1 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1978" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv4" service name="https" nflog queue-size=-1 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 143 $at_status "$at_srcdir/firewall-cmd.at:1978" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1978: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" service name=\"https\" nflog queue-size=-1 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1978" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv4" service name="https" nflog queue-size=-1 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 143 $at_status "$at_srcdir/firewall-cmd.at:1978" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1979: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=\"ipv6\" service name=\"https\" nflog queue-size=65536 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1979" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family="ipv6" service name="https" nflog queue-size=65536 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 143 $at_status "$at_srcdir/firewall-cmd.at:1979" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:1979: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=\"ipv6\" service name=\"https\" nflog queue-size=65536 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1979" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family="ipv6" service name="https" nflog queue-size=65536 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 143 $at_status "$at_srcdir/firewall-cmd.at:1979" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_RULE:/d' -e '/ERROR: INVALID_LOG_LEVEL: eror/d' -e '/ERROR: MISSING_FAMILY/d' -e '/ERROR: INVALID_LIMIT: 1\/2m/d' -e '/ERROR: INVALID_LOG_PREFIX:/d' -e '/ERROR: INVALID_NFLOG_GROUP:/d' -e '/ERROR: INVALID_NFLOG_QUEUE:/d'" != x"ignore"; then $as_echo "firewall-cmd.at:1981" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_RULE:/d' -e '/ERROR: INVALID_LOG_LEVEL: eror/d' -e '/ERROR: MISSING_FAMILY/d' -e '/ERROR: INVALID_LIMIT: 1\/2m/d' -e '/ERROR: INVALID_LOG_PREFIX:/d' -e '/ERROR: INVALID_NFLOG_GROUP:/d' -e '/ERROR: INVALID_NFLOG_QUEUE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1981" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_204 #AT_START_205 at_fn_group_banner 205 'firewall-cmd.at:1989' \ "config validation" " " 8 at_xfail=no ( $as_echo "205. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1989" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "firewall-cmd.at:1989" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:1989" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/firewall-cmd.at:1989: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1989" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1989" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "firewall-cmd.at:1989" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/firewall-cmd.at:1989" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "firewall-cmd.at:1989" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1989" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "firewall-cmd.at:1989" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1989" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "firewall-cmd.at:1989" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:1989" { set +x $as_echo "$at_srcdir/firewall-cmd.at:1993: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:1993" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:1993" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' -j LOG _ATEOF cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2011: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2011" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2011" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2011: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2011" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2011" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2012: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2012" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2012" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2017: cp ./firewalld.conf ./firewalld.conf.orig" at_fn_check_prepare_trace "firewall-cmd.at:2017" ( $at_check_trace; cp ./firewalld.conf ./firewalld.conf.orig ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2017" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2018: echo \"SomeBogusField=yes\" >> ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:2018" ( $at_check_trace; echo "SomeBogusField=yes" >> ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2018" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2019: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2019" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2019" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2024: cp ./firewalld.conf.orig ./firewalld.conf" at_fn_check_prepare_trace "firewall-cmd.at:2024" ( $at_check_trace; cp ./firewalld.conf.orig ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2024" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2033: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2033" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:2033" $at_failed && at_fn_log_failure $at_traceon; } cat >./direct.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2041: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2041" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2041" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2042: rm ./direct.xml" at_fn_check_prepare_trace "firewall-cmd.at:2042" ( $at_check_trace; rm ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2042" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2051: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2051" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2051" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2059: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2059" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2059" $at_failed && at_fn_log_failure $at_traceon; } cat >./lockdown-whitelist.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2067: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2067" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2067" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2068: rm ./lockdown-whitelist.xml" at_fn_check_prepare_trace "firewall-cmd.at:2068" ( $at_check_trace; rm ./lockdown-whitelist.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2068" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2071: mkdir -p ./ipsets" at_fn_check_prepare_trace "firewall-cmd.at:2071" ( $at_check_trace; mkdir -p ./ipsets ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2071" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' 12:34:56:78:90 _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2078: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2078" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2078" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' 12:34:56:78:90:ab _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2090: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2090" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2090" $at_failed && at_fn_log_failure $at_traceon; } cat >./ipsets/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2097: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2097" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 119 $at_status "$at_srcdir/firewall-cmd.at:2097" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2098: rm ./ipsets/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2098" ( $at_check_trace; rm ./ipsets/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2098" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2101: mkdir -p ./helpers" at_fn_check_prepare_trace "firewall-cmd.at:2101" ( $at_check_trace; mkdir -p ./helpers ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2101" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2107" $at_failed && at_fn_log_failure $at_traceon; } cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 111 $at_status "$at_srcdir/firewall-cmd.at:2114" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : cat >./helpers/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2116" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2125: rm ./helpers/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2125" ( $at_check_trace; rm ./helpers/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2125" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2128: mkdir -p ./icmptypes" at_fn_check_prepare_trace "firewall-cmd.at:2128" ( $at_check_trace; mkdir -p ./icmptypes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2128" $at_failed && at_fn_log_failure $at_traceon; } cat >./icmptypes/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2135" $at_failed && at_fn_log_failure $at_traceon; } cat >./icmptypes/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2144: rm ./icmptypes/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2144" ( $at_check_trace; rm ./icmptypes/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2144" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2147: mkdir -p ./services" at_fn_check_prepare_trace "firewall-cmd.at:2147" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2147" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2154: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2154" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2154" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2162" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2170: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2170" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2170" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2178" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2186: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2186" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2186" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2194: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2194" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:2194" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2203: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2203" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/firewall-cmd.at:2203" $at_failed && at_fn_log_failure $at_traceon; } cat >./services/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2211: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2211" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2211" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2212: rm ./services/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2212" ( $at_check_trace; rm ./services/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2212" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/firewall-cmd.at:2215: mkdir -p ./zones" at_fn_check_prepare_trace "firewall-cmd.at:2215" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2215" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2219: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2219" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/firewall-cmd.at:2219" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2227: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2227" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/firewall-cmd.at:2227" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2235" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/firewall-cmd.at:2243" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2251: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2251" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2251" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2259" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2267: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2267" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2267" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2275: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2275" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2275" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2283: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2283" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2283" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2291: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2291" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2291" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2299" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2307: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2307" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2307" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2322: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2322" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2322" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2335: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2335" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2335" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2350: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2350" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2350" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2365" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2380: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2380" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2380" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2395: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2395" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2395" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2410: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2410" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 28 $at_status "$at_srcdir/firewall-cmd.at:2410" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/firewall-cmd.at:2412: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "firewall-cmd.at:2412" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2412" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/firewall-cmd.at:2428: rm ./zones/foobar.xml" at_fn_check_prepare_trace "firewall-cmd.at:2428" ( $at_check_trace; rm ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/firewall-cmd.at:2428" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR:/d' -e '/WARNING:/d'" != x"ignore"; then $as_echo "firewall-cmd.at:2430" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR:/d' -e '/WARNING:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/firewall-cmd.at:2430" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_205 #AT_START_206 at_fn_group_banner 206 'rhbz1514043.at:1' \ "--set-log-denied does not zero config" " " 9 at_xfail=no ( $as_echo "206. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1514043.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1514043.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1514043.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1514043.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1514043.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1514043.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1514043.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1514043.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:1" { set +x $as_echo "$at_srcdir/rhbz1514043.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-log-denied=all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-log-denied=all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-service=samba " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-service=samba ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1514043.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "services: dhcpv6-client samba ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1514043.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix \"STATE_INVALID_DROP: \" DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix \"FINAL_REJECT: \" REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1514043.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1514043.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_ZONES all -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG flags 0 level 4 prefix \"STATE_INVALID_DROP: \" DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix \"FINAL_REJECT: \" REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:52" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1514043.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1514043.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 INPUT_direct all ::/0 ::/0 INPUT_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix \"STATE_INVALID_DROP: \" DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix \"FINAL_REJECT: \" REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:62" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1514043.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1514043.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix \"STATE_INVALID_DROP: \" DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix \"FINAL_REJECT: \" REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1514043.at:72" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"" != x"ignore"; then $as_echo "rhbz1514043.at:84" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1514043.at:84" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_206 #AT_START_207 at_fn_group_banner 207 'rhbz1498923.at:1' \ "invalid direct rule causes reload error" " " 9 at_xfail=no ( $as_echo "207. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1498923.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1498923.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1498923.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1498923.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1498923.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1498923.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1498923.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:1" $as_echo "rhbz1498923.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1498923.at:3" { set +x $as_echo "$at_srcdir/rhbz1498923.at:6: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:6" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "no zone " | \ $at_diff - "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 2 $at_status "$at_srcdir/rhbz1498923.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:18: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1498923.at:18" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 8080 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 8080 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 1 --a-bogus-flag " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 1 --a-bogus-flag ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --direct --add-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --direct --add-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1498923.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 251 $at_status "$at_srcdir/rhbz1498923.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "failed " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 251 $at_status "$at_srcdir/rhbz1498923.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rule ipv4 filter INPUT 1 --a-bogus-flag " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rule ipv4 filter INPUT 1 --a-bogus-flag ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:40" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:40" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-zone-of-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1498923.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1498923.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --direct --query-rule ipv4 filter FORWARD 0 -p tcp -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1498923.at:46" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/.*a-bogus-flag.*/d'" != x"ignore"; then $as_echo "rhbz1498923.at:47" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/.*a-bogus-flag.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1498923.at:47" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_207 #AT_START_208 at_fn_group_banner 208 'pr181.at:1' \ "combined zones name length check" " " 9 at_xfail=no ( $as_echo "208. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/pr181.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/pr181.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "pr181.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/pr181.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "pr181.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/pr181.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "pr181.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/pr181.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "pr181.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr181.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "pr181.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr181.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "pr181.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/pr181.at:1" { set +x $as_echo "$at_srcdir/pr181.at:4: mkdir -p ./zones/foobar" at_fn_check_prepare_trace "pr181.at:4" ( $at_check_trace; mkdir -p ./zones/foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:6: echo '' > ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:6" ( $at_check_trace; echo '' > ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:7: echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:7" ( $at_check_trace; echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:8: echo 'foobar' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:8" ( $at_check_trace; echo 'foobar' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:9: echo 'foobar desc' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:9" ( $at_check_trace; echo 'foobar desc' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:10: echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:10" ( $at_check_trace; echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:11: echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:11" ( $at_check_trace; echo '' >> ./zones/foobar/a_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:13: echo '' > ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:13" ( $at_check_trace; echo '' > ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:14: echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:14" ( $at_check_trace; echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:15: echo 'foobar' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:15" ( $at_check_trace; echo 'foobar' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:16: echo 'foobar desc' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:16" ( $at_check_trace; echo 'foobar desc' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:17: echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:17" ( $at_check_trace; echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:18: echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml" at_fn_check_prepare_trace "pr181.at:18" ( $at_check_trace; echo '' >> ./zones/foobar/another_really_long_name_that_trigger_the_bug.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr181.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=foobar --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | grep ^services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr181.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=foobar --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | grep ^services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "services: http ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr181.at:21" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "pr181.at:24" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/pr181.at:24" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_208 #AT_START_209 at_fn_group_banner 209 'gh287.at:1' \ "ICMP block inversion" " " 9 at_xfail=no ( $as_echo "209. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh287.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh287.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh287.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh287.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh287.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh287.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh287.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh287.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh287.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh287.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh287.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh287.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh287.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh287.at:1" { set +x $as_echo "$at_srcdir/gh287.at:4: mkdir -p ./zones" at_fn_check_prepare_trace "gh287.at:4" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:5: echo '' > ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:5" ( $at_check_trace; echo '' > ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:6: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:6" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:7: echo 'foobar' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:7" ( $at_check_trace; echo 'foobar' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:8: echo 'foobar desc' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:8" ( $at_check_trace; echo 'foobar desc' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:9: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:9" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:10: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:10" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:11: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:11" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:12: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh287.at:12" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh287.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh287.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh287.at:14" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh287.at:15" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh287.at:15" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_209 #AT_START_210 at_fn_group_banner 210 'individual_calls.at:1' \ "individual calls" " " 9 at_xfail=no ( $as_echo "210. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/individual_calls.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/individual_calls.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "individual_calls.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/individual_calls.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "individual_calls.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/individual_calls.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "individual_calls.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/individual_calls.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "individual_calls.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/individual_calls.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "individual_calls.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/individual_calls.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "individual_calls.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/individual_calls.at:1" { set +x $as_echo "$at_srcdir/individual_calls.at:4: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "individual_calls.at:4" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/individual_calls.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/individual_calls.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "individual_calls.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/individual_calls.at:5" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "individual_calls.at:7" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/individual_calls.at:7" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_210 #AT_START_211 at_fn_group_banner 211 'rhbz1534571.at:3' \ "rule deduplication" " " 9 at_xfail=no ( $as_echo "211. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:3" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1534571.at:3" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1534571.at:3" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1534571.at:3: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:3" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:3" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1534571.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1534571.at:3" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1534571.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:3" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1534571.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:3" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1534571.at:3" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:3" { set +x $as_echo "$at_srcdir/rhbz1534571.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service nfs --add-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service nfs --add-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-service nfs --add-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-service nfs --add-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs3 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs3 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1534571.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-service nfs " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1534571.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-service nfs ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1534571.at:15" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1534571.at:17" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1534571.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_211 #AT_START_212 at_fn_group_banner 212 'gh290.at:1' \ "invalid syntax in xml files" " " 9 at_xfail=no ( $as_echo "212. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh290.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh290.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh290.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh290.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh290.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh290.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh290.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh290.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh290.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh290.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh290.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:1" $as_echo "gh290.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh290.at:3" { set +x $as_echo "$at_srcdir/gh290.at:6: mkdir -p ./zones" at_fn_check_prepare_trace "gh290.at:6" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:7: echo '' > ./direct.xml" at_fn_check_prepare_trace "gh290.at:7" ( $at_check_trace; echo '' > ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:8: echo '' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:8" ( $at_check_trace; echo '' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:9: echo '' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:9" ( $at_check_trace; echo '' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:10: echo '--destination 127.0.0.1 --jump RETURN' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:10" ( $at_check_trace; echo '--destination 127.0.0.1 --jump RETURN' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:12: echo '' >> ./direct.xml" at_fn_check_prepare_trace "gh290.at:12" ( $at_check_trace; echo '' >> ./direct.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:12" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh290.at:14" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:14" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh290.at:14" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:14" { set +x $as_echo "$at_srcdir/gh290.at:15: grep \"ERROR:.*mismatched tag\" ./firewalld.log" at_fn_check_prepare_trace "gh290.at:15" ( $at_check_trace; grep "ERROR:.*mismatched tag" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:15" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR:.*mismatched tag.*/d'" != x"ignore"; then $as_echo "gh290.at:16" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR:.*mismatched tag.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:16" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_212 #AT_START_213 at_fn_group_banner 213 'gh290.at:19' \ "invalid syntax in xml files" " " 9 at_xfail=no ( $as_echo "213. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh290.at:19: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:19" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh290.at:19: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh290.at:19" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh290.at:19: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh290.at:19" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh290.at:19: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh290.at:19" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:19" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh290.at:19" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh290.at:19" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh290.at:19" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:19" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh290.at:19" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:19" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh290.at:19" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:19" { set +x $as_echo "$at_srcdir/gh290.at:23: mkdir -p ./zones" at_fn_check_prepare_trace "gh290.at:23" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:24: echo '' > ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:24" ( $at_check_trace; echo '' > ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:25: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:25" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:26: echo 'foobar' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:26" ( $at_check_trace; echo 'foobar' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:28: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:28" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:29: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:29" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh290.at:30: echo '' >> ./zones/foobar.xml" at_fn_check_prepare_trace "gh290.at:30" ( $at_check_trace; echo '' >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:30" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh290.at:32" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh290.at:32" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh290.at:32" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:32" { set +x $as_echo "$at_srcdir/gh290.at:33: grep \"ERROR:.*Missing attribute protocol for port\" ./firewalld.log" at_fn_check_prepare_trace "gh290.at:33" ( $at_check_trace; grep "ERROR:.*Missing attribute protocol for port" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh290.at:33" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR:.*Missing attribute protocol for port.*/d'" != x"ignore"; then $as_echo "gh290.at:34" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR:.*Missing attribute protocol for port.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh290.at:34" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_213 #AT_START_214 at_fn_group_banner 214 'icmp_block_in_forward_chain.at:1' \ "ICMP block not present FORWARD chain" " " 9 at_xfail=no ( $as_echo "214. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "icmp_block_in_forward_chain.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "icmp_block_in_forward_chain.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "icmp_block_in_forward_chain.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/icmp_block_in_forward_chain.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "icmp_block_in_forward_chain.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "icmp_block_in_forward_chain.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "icmp_block_in_forward_chain.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:1" { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-icmp-block=host-prohibited " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_block_in_forward_chain.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-icmp-block=host-prohibited ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_block_in_forward_chain.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 code 10 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_block_in_forward_chain.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_block_in_forward_chain.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_block_in_forward_chain.at:23" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "icmp_block_in_forward_chain.at:26" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/icmp_block_in_forward_chain.at:26" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_214 #AT_START_215 at_fn_group_banner 215 'pr323.at:1' \ "GRE proto helper" " " 9 at_xfail=no ( $as_echo "215. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/pr323.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/pr323.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "pr323.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/pr323.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "pr323.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/pr323.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "pr323.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/pr323.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "pr323.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr323.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "pr323.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/pr323.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "pr323.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/pr323.at:1" $as_echo "pr323.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} modinfo nf_conntrack_proto_gre ) \ && at_fn_check_skip 77 "$at_srcdir/pr323.at:4" { set +x $as_echo "$at_srcdir/pr323.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-protocol=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-protocol=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "pr323.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/pr323.at:10: lsmod | grep nf_conntrack_proto_gre" at_fn_check_prepare_notrace 'a shell pipeline' "pr323.at:10" ( $at_check_trace; lsmod | grep nf_conntrack_proto_gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/pr323.at:10" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "pr323.at:12" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/pr323.at:12" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_215 #AT_START_216 at_fn_group_banner 216 'rhbz1506742.at:1' \ "ipset with timeout" " " 9 at_xfail=no ( $as_echo "216. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1506742.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1506742.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1506742.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1506742.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1506742.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1506742.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1506742.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:1" $as_echo "rhbz1506742.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $IPSET -h >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1506742.at:4" { set +x $as_echo "$at_srcdir/rhbz1506742.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --option=maxelem=1000000 --option=family=inet --option=hashsize=4096 --option=timeout=600 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --option=maxelem=1000000 --option=family=inet --option=hashsize=4096 --option=timeout=600 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:11" $at_failed && at_fn_log_failure $at_traceon; } cat >foobar_entries.txt <<'_ATEOF' 1.2.3.4 10.0.1.1 _ATEOF { set +x $as_echo "$at_srcdir/rhbz1506742.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entries-from-file=foobar_entries.txt " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --add-entries-from-file=foobar_entries.txt ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entries-from-file=foobar_entries.txt " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entries-from-file=foobar_entries.txt ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --query-entry=1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 32 $at_status "$at_srcdir/rhbz1506742.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1506742.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entries-from-file=foobar_entries.txt " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1506742.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entries-from-file=foobar_entries.txt ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1506742.at:20" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/Error: IPSET_WITH_TIMEOUT/d' -e '/ERROR: IPSET_WITH_TIMEOUT/d' -e '/WARNING: NOT_ENABLED/d'" != x"ignore"; then $as_echo "rhbz1506742.at:21" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/Error: IPSET_WITH_TIMEOUT/d' -e '/ERROR: IPSET_WITH_TIMEOUT/d' -e '/WARNING: NOT_ENABLED/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1506742.at:21" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_216 #AT_START_217 at_fn_group_banner 217 'rhbz1594657.at:1' \ "no log untracked passthrough queries" " " 9 at_xfail=no ( $as_echo "217. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1594657.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1594657.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1594657.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1594657.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1594657.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1594657.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1594657.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1594657.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:1" $as_echo "rhbz1594657.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1594657.at:3" { set +x $as_echo "$at_srcdir/rhbz1594657.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L dummy_chain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L dummy_chain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough eb -t filter -L INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -C dummy_chain -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L dummy_chain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L dummy_chain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv4 -t filter -L INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:10" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1594657.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -C dummy_chain -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L dummy_chain " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L dummy_chain ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 13 $at_status "$at_srcdir/rhbz1594657.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1594657.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1594657.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --passthrough ipv6 -t filter -L INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1594657.at:12" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"" != x"ignore"; then $as_echo "rhbz1594657.at:17" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1594657.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_217 #AT_START_218 at_fn_group_banner 218 'rhbz1571957.at:1' \ "set-log-denied w/ ICMP block inversion" " " 9 at_xfail=no ( $as_echo "218. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1571957.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1571957.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1571957.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1571957.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1571957.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1571957.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1571957.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1571957.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:1" { set +x $as_echo "$at_srcdir/rhbz1571957.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=public --add-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-log-denied=all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-log-denied=all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:7: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1571957.at:7" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --set-log-denied=broadcast " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --set-log-denied=broadcast ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1571957.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1571957.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1571957.at:10" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1571957.at:12" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1571957.at:12" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_218 #AT_START_219 at_fn_group_banner 219 'rhbz1404076.at:1' \ "query single port added with range" " " 9 at_xfail=no ( $as_echo "219. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1404076.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1404076.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1404076.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1404076.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1404076.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1404076.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1404076.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1404076.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:1" { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=8070-8080/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=8070-8080/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9050-10050/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9050-10050/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9000/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9000/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8085-8087/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8085-8087/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8080-8089/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8080-8089/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8081-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8081-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=webcache/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=webcache/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8091/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8091/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=8085/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=8085/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=10000-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=10000-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9999/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9999/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=10011/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=10011/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9095-10000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9095-10000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9090-9094/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9090-9094/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=9099-10001/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=9099-10001/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=10005-10020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=10005-10020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=10021-10022/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=10021-10022/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9080-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9080-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=9079-10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=9079-10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=9093-10025/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=9093-10025/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: grep \"WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:70" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=9090-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=9090-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9000/tcp 9010-9020/tcp 9079-10041/tcp 10050-10060/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=9079/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=9079/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=9080-9085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=9080-9085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=10035-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=10035-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=10005-10009/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=10005-10009/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-port=10100-10110/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-port=10100-10110/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: grep \"WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:70" ( $at_check_trace; grep "WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10001-10004/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10001-10004/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10016-10019/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10016-10019/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10003-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10003-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10004-10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10004-10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-port=10009-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-port=10009-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9086-10004/tcp 10010-10034/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=8070-8080/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=8070-8080/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9050-10050/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9050-10050/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9000/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9000/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8085-8087/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8085-8087/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8089/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8080-8089/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8081-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8081-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=webcache/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=webcache/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8091/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8091/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=8085/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=10000-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=10000-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9999/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9999/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=10011/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=10011/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9095-10000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9095-10000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9090-9094/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9090-9094/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=9099-10001/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=9099-10001/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=10005-10020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=10005-10020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=10021-10022/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=10021-10022/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9080-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9080-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=9079-10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=9079-10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=9093-10025/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=9093-10025/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: grep \"WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:71" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=9090-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=9090-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9000/tcp 9010-9020/tcp 9079-10041/tcp 10050-10060/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=9079/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=9079/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=9080-9085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=9080-9085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=10035-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=10035-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=10005-10009/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=10005-10009/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-port=10100-10110/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-port=10100-10110/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: grep \"WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:71" ( $at_check_trace; grep "WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10001-10004/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10001-10004/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10016-10019/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10016-10019/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10003-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10003-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10004-10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10004-10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-port=10009-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-port=10009-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9086-10004/tcp 10010-10034/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=8070-8080/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=8070-8080/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9050-10050/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9050-10050/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9000/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9000/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8085-8087/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8085-8087/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8080-8089/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8080-8089/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8081-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8081-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=webcache/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=webcache/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8091/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8091/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=8085/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=8085/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=10000-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=10000-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9999/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9999/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=10011/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=10011/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9095-10000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9095-10000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9090-9094/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9090-9094/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=9099-10001/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=9099-10001/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=10005-10020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=10005-10020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=10021-10022/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=10021-10022/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9080-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9080-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=9079-10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=9079-10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=9093-10025/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=9093-10025/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-source-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-source-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: grep \"WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:72" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=9090-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=9090-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9000/tcp 9010-9020/tcp 9079-10041/tcp 10050-10060/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=9079/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=9079/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=9080-9085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=9080-9085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=10035-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=10035-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=10005-10009/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=10005-10009/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-source-port=10100-10110/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-source-port=10100-10110/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: grep \"WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:72" ( $at_check_trace; grep "WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10001-10004/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10001-10004/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10016-10019/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10016-10019/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10003-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10003-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10004-10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10004-10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --query-source-port=10009-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --query-source-port=10009-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9086-10004/tcp 10010-10034/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=8070-8080/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=8070-8080/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9050-10050/sctp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9050-10050/sctp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9000/dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9000/dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8085-8087/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8085-8087/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8080-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8080-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8080-8089/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8080-8089/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8081-8090/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8081-8090/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=webcache/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=webcache/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8091/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8091/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8085/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=8085/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10000-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10000-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9999/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9999/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10011/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10011/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9095-10000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9095-10000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9090-9094/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9090-9094/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=9099-10001/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=9099-10001/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10005-10020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10005-10020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10021-10022/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10021-10022/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9080-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9080-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9079-10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=9079-10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=9093-10025/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=9093-10025/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10010-10015/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-source-port=10010-10015/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: grep \"WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:73" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '10010-10015:tcp' already in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=9090-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=9090-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9000/tcp 9010-9020/tcp 9079-10041/tcp 10050-10060/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9000/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9000/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9010-9020/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9010-9020/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10050-10060/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10050-10060/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9079/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9079/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10041/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10041/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9080-9085/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=9080-9085/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10035-10040/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10035-10040/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10005-10009/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10005-10009/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10100-10110/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-source-port=10100-10110/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: grep \"WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1404076.at:73" ( $at_check_trace; grep "WARNING: NOT_ENABLED: '10100-10110:tcp' not in 'public'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10001-10004/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10001-10004/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10016-10019/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10016-10019/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10003-10030/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10003-10030/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10004-10005/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10004-10005/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10009-10010/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --query-source-port=10009-10010/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1404076.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1404076.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "9000/dccp 9050-10050/sctp 8080-8090/tcp 9086-10004/tcp 10010-10034/tcp 8070-8080/udp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1404076.at:73" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/WARNING: ALREADY_ENABLED:/d' -e '/WARNING: NOT_ENABLED:/d'" != x"ignore"; then $as_echo "rhbz1404076.at:76" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/WARNING: ALREADY_ENABLED:/d' -e '/WARNING: NOT_ENABLED:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1404076.at:76" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_219 #AT_START_220 at_fn_group_banner 220 'gh366.at:1' \ "service destination multiple IP versions" " " 9 at_xfail=no ( $as_echo "220. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh366.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh366.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh366.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh366.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh366.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh366.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh366.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh366.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh366.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh366.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh366.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh366.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh366.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh366.at:1" { set +x $as_echo "$at_srcdir/gh366.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-service=mdns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-service=mdns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh366.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:26" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh366.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh366.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:26" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh366.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --remove-service=mdns " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --remove-service=mdns ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule=\"rule service name=\"mdns\" accept\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule="rule service name="mdns" accept" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh366.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh366.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:30" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh366.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh366.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh366.at:30" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh366.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule='rule family=\"ipv4\" destination address=\"10.10.10.0/24\" service name=\"mdns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh366.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-rich-rule='rule family="ipv4" destination address="10.10.10.0/24" service name="mdns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 122 $at_status "$at_srcdir/gh366.at:33" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_RULE: Destination conflict with service/d'" != x"ignore"; then $as_echo "gh366.at:36" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_RULE: Destination conflict with service/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh366.at:36" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_220 #AT_START_221 at_fn_group_banner 221 'rhbz1601610.at:1' \ "ipset duplicate entries" " " 9 at_xfail=no ( $as_echo "221. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1601610.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1601610.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1601610.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1601610.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1601610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1601610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1601610.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:1" $as_echo "rhbz1601610.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $IPSET -h >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1601610.at:4" { set +x $as_echo "$at_srcdir/rhbz1601610.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --new-ipset=foobar --permanent --type=hash:net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --new-ipset=foobar --permanent --type=hash:net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.1.2.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.1.2.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=10.1.2.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=10.1.2.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "Warning: ALREADY_ENABLED: '10.1.0.0/22' already is in 'foobar' " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=10.2.0.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --add-entry=10.2.0.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "10.1.0.0/22 10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:15" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/rhbz1601610.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.1.0.0/22 10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:28" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1601610.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --remove-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:37: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:37" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/rhbz1601610.at:37" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.1.2.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.1.2.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/rhbz1601610.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.2.0.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --query-entry 10.2.0.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:40" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/rhbz1601610.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.2.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:52" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1601610.at:59: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --add-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:59" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --add-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "10.1.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:60" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --remove-entry=10.1.1.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset=foobar --remove-entry=10.1.1.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.3.0.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset=foobar --add-entry=10.3.0.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:69: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:69" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:69" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:70" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/rhbz1601610.at:80: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:80" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.2.0.0/22 10.3.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:80" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1601610.at:89: sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1601610.at:89" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1601610.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1601610.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:90" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/rhbz1601610.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1601610.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:net Members: 10.2.0.0/22 10.3.0.0/22 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1601610.at:100" $at_failed && at_fn_log_failure $at_traceon; } fi if test x"-e '/ERROR: COMMAND_FAILED:.*already added.*/d' -e '/ERROR: COMMAND_FAILED:.*element.*exists/d' -e '/Kernel support protocol versions/d' -e '/WARNING: ALREADY_ENABLED:/d'" != x"ignore"; then $as_echo "rhbz1601610.at:108" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: COMMAND_FAILED:.*already added.*/d' -e '/ERROR: COMMAND_FAILED:.*element.*exists/d' -e '/Kernel support protocol versions/d' -e '/WARNING: ALREADY_ENABLED:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1601610.at:108" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_221 #AT_START_222 at_fn_group_banner 222 'gh303.at:1' \ "unicode in XML" " " 9 at_xfail=no ( $as_echo "222. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh303.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh303.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh303.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh303.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh303.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh303.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh303.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh303.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh303.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh303.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh303.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh303.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh303.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh303.at:1" { set +x $as_echo "$at_srcdir/gh303.at:4: mkdir -p ./services" at_fn_check_prepare_trace "gh303.at:4" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:5: cat < ./services/unicode-service-test.xml unicode-service-test A string with unicode characters; Рώ € ⇶ ▜ ◯ ★ ☠ ☯ ☺ ♻ HERE " at_fn_check_prepare_notrace 'an embedded newline' "gh303.at:5" ( $at_check_trace; cat < ./services/unicode-service-test.xml unicode-service-test A string with unicode characters; Рώ € ⇶ ▜ ◯ ★ ☠ ☯ ☺ ♻ HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:5" $at_failed && at_fn_log_failure $at_traceon; } LC_ALL="C" export LC_ALL pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh303.at:17" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh303.at:17" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh303.at:17" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh303.at:17" { set +x $as_echo "$at_srcdir/gh303.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-service=unicode-service-test " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-service=unicode-service-test ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh303.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh303.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh303.at:20" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh303.at:22" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh303.at:22" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_222 #AT_START_223 at_fn_group_banner 223 'gh335.at:1' \ "forward-port toaddr enables IP forwarding" " " 9 at_xfail=no ( $as_echo "223. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh335.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh335.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh335.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh335.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh335.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh335.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh335.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh335.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh335.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh335.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh335.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh335.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh335.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh335.at:1" { set +x $as_echo "$at_srcdir/gh335.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:4" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:5" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:11" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr=\"1234:5678::4321\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321:toaddr="1234:5678::4321" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:13" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:26" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:27" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\" to-addr=\"10.10.10.10\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="10.10.10.10"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:33" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\" to-addr=\"1234:5678::4321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321" to-addr="1234:5678::4321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:35" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv4.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:49" $at_failed && at_fn_log_failure $at_traceon; } if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -w net.ipv6.conf.all.forwarding=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:50" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh335.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-forward-port=port=12345:proto=tcp:toport=54321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:56" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv4 forward-port port="12345" protocol="tcp" to-port="54321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:59: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:59" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:60" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh335.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port=\"12345\" protocol=\"tcp\" to-port=\"54321\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=ipv6 forward-port port="12345" protocol="tcp" to-port="54321"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh335.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv4.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv4.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh335.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sysctl -a |grep \"net.ipv6.conf.all.forwarding[ ]*=[ ]*1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh335.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sysctl -a |grep "net.ipv6.conf.all.forwarding[ ]*=[ ]*1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh335.at:62" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"-e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d'" != x"ignore"; then $as_echo "gh335.at:68" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: Failed to write to file .*\/proc\/sys\/net\/ipv6\/conf\/all\/forwarding.*/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh335.at:68" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_223 #AT_START_224 at_fn_group_banner 224 'gh482.at:1' \ "remove forward-port after reload" " " 9 at_xfail=no ( $as_echo "224. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh482.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh482.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh482.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh482.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh482.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh482.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh482.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh482.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh482.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh482.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh482.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh482.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh482.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh482.at:1" { set +x $as_echo "$at_srcdir/gh482.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-rich-rule='rule family=\"ipv4\" forward-port port=\"49152\" protocol=\"tcp\" to-port=\"49153\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-rich-rule='rule family="ipv4" forward-port port="49152" protocol="tcp" to-port="49153"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-forward-port=port=1234:proto=tcp:toport=4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-forward-port=port=1234:proto=tcp:toport=4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --remove-forward-port=port=1234:proto=tcp:toport=4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --remove-forward-port=port=1234:proto=tcp:toport=4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh482.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --remove-forward-port=port=1234:proto=tcp:toport=4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh482.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --remove-forward-port=port=1234:proto=tcp:toport=4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh482.at:15" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh482.at:17" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh482.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_224 #AT_START_225 at_fn_group_banner 225 'gh478.at:1' \ "rich rule marks every packet" " " 9 at_xfail=no ( $as_echo "225. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh478.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh478.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh478.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh478.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh478.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh478.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh478.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh478.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh478.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh478.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh478.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh478.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh478.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh478.at:1" { set +x $as_echo "$at_srcdir/gh478.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule port port=1234 protocol=tcp mark set=10' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule protocol value=icmp mark set=11' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule protocol value=icmp mark set=11' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh478.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-rich-rule='rule source-port port=4321 protocol=tcp mark set=12' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh478.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh478.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234 MARK set 0xa MARK icmp -- 0.0.0.0/0 0.0.0.0/0 MARK set 0xb MARK tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:4321 MARK set 0xc " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:17" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh478.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh478.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MARK tcp ::/0 ::/0 tcp dpt:1234 MARK set 0xa MARK icmp ::/0 ::/0 MARK set 0xb MARK tcp ::/0 ::/0 tcp spt:4321 MARK set 0xc " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh478.at:22" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"" != x"ignore"; then $as_echo "gh478.at:28" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh478.at:28" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_225 #AT_START_226 at_fn_group_banner 226 'gh258.at:1' \ "zone dispatch layout" " " 9 at_xfail=no ( $as_echo "226. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh258.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh258.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh258.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh258.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh258.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh258.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh258.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh258.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh258.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh258.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh258.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh258.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh258.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh258.at:1" { set +x $as_echo "$at_srcdir/gh258.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-source=\"1.2.3.0/24\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-source="1.2.3.0/24" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:4" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source=\"dead:beef::/54\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source="dead:beef::/54" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:5" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh258.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=trusted --add-interface=dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=dummy1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=dummy1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh258.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:11" $at_failed && at_fn_log_failure $at_traceon; } KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : fi { set +x $as_echo "$at_srcdir/gh258.at:133: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:133" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:133" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:141: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:141" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:141" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:147" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:147" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:155: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:155" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] FWD_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWD_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWD_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:155" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:171: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:171" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:171" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_trusted all -- 1.2.3.0/24 0.0.0.0/0 [goto] PRE_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] PRE_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:185" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:191" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh258.at:195: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:195" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_trusted all -- 0.0.0.0/0 1.2.3.0/24 [goto] POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:195" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:202: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:202" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 INPUT_direct all ::/0 ::/0 INPUT_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:202" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:210: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:210" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_public all dead:beef::/54 ::/0 [goto] IN_trusted all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:210" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:216" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:225: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:225" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_public all dead:beef::/54 ::/0 [goto] FWD_trusted all ::/0 ::/0 [goto] FWD_public all ::/0 ::/0 [goto] FWD_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:225" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:231: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:231" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:231" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_public all dead:beef::/54 ::/0 [goto] PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:235" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:241: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:241" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 DROP all ::/0 ::/0 rpfilter validmark invert PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:241" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:248: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:248" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_public all dead:beef::/54 ::/0 [goto] PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:248" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:254" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:258: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:258" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_public all dead:beef::/54 ::/0 [goto] PRE_trusted all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] PRE_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:258" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:264: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:264" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POSTROUTING_direct all ::/0 ::/0 POSTROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:264" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh258.at:268: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh258.at:268" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_public all ::/0 dead:beef::/54 [goto] POST_trusted all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh258.at:268" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"" != x"ignore"; then $as_echo "gh258.at:275" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh258.at:275" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_226 #AT_START_227 at_fn_group_banner 227 'rhbz1715977.at:1' \ "rich rule src/dst with service destination" " " 9 at_xfail=no ( $as_echo "227. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1715977.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1715977.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1715977.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1715977.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1715977.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1715977.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1715977.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1715977.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:1" { set +x $as_echo "$at_srcdir/rhbz1715977.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.122.235/32\" service name=\"ssh\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="ssh" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:21" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1715977.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:28" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1715977.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.111.222/32\" source address=\"10.10.10.0/24\" service name=\"ssh\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.111.222/32" source address="10.10.10.0/24" service name="ssh" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 10.10.10.0/24 192.168.111.222 tcp dpt:22 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:52" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1715977.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:60" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1715977.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 service name=\"ssdp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 service name="ssdp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 192.168.122.235 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 10.10.10.0/24 192.168.111.222 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:85" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1715977.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_internal_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1715977.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_internal_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:137 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:138 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:94" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1715977.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.122.235/32\" service name=\"mdns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rhbz1715977.at:102" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address=\"192.168.122.235/32\" service name=\"mdns\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1715977.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rhbz1715977.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1715977.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1715977.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 251 $at_status "$at_srcdir/rhbz1715977.at:104" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_RULE: Destination conflict with service/d'" != x"ignore"; then $as_echo "rhbz1715977.at:106" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_RULE: Destination conflict with service/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1715977.at:106" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_227 #AT_START_228 at_fn_group_banner 228 'rhbz1723610.at:1' \ "direct remove-rules per family" " " 9 at_xfail=no ( $as_echo "228. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1723610.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1723610.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1723610.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1723610.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1723610.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1723610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1723610.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1723610.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:1" $as_echo "rhbz1723610.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1723610.at:3" { set +x $as_echo "$at_srcdir/rhbz1723610.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --add-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv6 filter INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv6 filter INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv4 filter INPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --remove-rules ipv4 filter INPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --remove-rules ipv4 filter OUTPUT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --remove-rules ipv4 filter OUTPUT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1723610.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter OUTPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.1 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1723610.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1723610.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --query-rule ipv4 filter INPUT 0 -d 127.0.0.2 -p tcp --dport 22 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/rhbz1723610.at:30" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1723610.at:32" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1723610.at:32" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_228 #AT_START_229 at_fn_group_banner 229 'rhbz1734765.at:1' \ "zone sources ordered by name" " " 9 at_xfail=no ( $as_echo "229. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1734765.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1734765.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1734765.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1734765.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1734765.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1734765.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1734765.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1734765.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:1" { set +x $as_echo "$at_srcdir/rhbz1734765.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_00 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_00 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_05 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_05 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_02 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_02 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_03 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_03 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_01 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_01 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_04 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_04 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_010 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_010 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_011 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_011 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_012 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-zone=foobar_012 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv4' --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv4' --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv6' --type hash:ip --family=inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset 'ipsetv6' --type hash:ip --family=inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv4 --add-entry '192.0.2.12' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv4 --add-entry '192.0.2.12' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv6 --add-entry '::2' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset ipsetv6 --add-entry '::2' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_011 --add-source ipset:ipsetv4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_011 --add-source ipset:ipsetv4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source=\"10.1.1.0/24\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source="10.1.1.0/24" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source=\"10.1.0.0/16\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source="10.1.0.0/16" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source=\"10.2.0.0/16\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source="10.2.0.0/16" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source=\"10.1.1.1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source="10.1.1.1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source=\"10.2.2.0/24\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source="10.2.2.0/24" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source=\"10.0.0.0/8\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source="10.0.0.0/8" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:28" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source=\"1234:5678::1:1:0/112\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_01 --add-source="1234:5678::1:1:0/112" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source=\"1234:5678::1:0:0/96\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_02 --add-source="1234:5678::1:0:0/96" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source=\"1234:5678::2:0:0/96\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_04 --add-source="1234:5678::2:0:0/96" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source=\"1234:5678::2:2:0/112\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_03 --add-source="1234:5678::2:2:0/112" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source=\"1234:5678::0:0:0/80\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_05 --add-source="1234:5678::0:0:0/80" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source=\"1234:5678::1:1:1\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=foobar_00 --add-source="1234:5678::1:1:1" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:29" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=internal --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=trusted --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=trusted --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source=\"10.10.10.10\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source="10.10.10.10" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-source=\"20.20.20.20\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-source="20.20.20.20" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:63" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1734765.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source=\"1234:5678::10:10:10\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-source="1234:5678::10:10:10" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=public --add-source=\"1234:5678::20:20:20\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=public --add-source="1234:5678::20:20:20" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_012 --add-source ipset:ipsetv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_012 --add-source ipset:ipsetv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:64" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:69: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-interface=foobar2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1734765.at:69" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=foobar_010 --add-interface=foobar2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:69" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1734765.at:128: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:128" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_foobar_00 all -- 10.1.1.1 0.0.0.0/0 [goto] IN_foobar_01 all -- 10.1.1.0/24 0.0.0.0/0 [goto] IN_foobar_010 all -- 10.10.10.10 0.0.0.0/0 [goto] IN_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 src IN_foobar_02 all -- 10.1.0.0/16 0.0.0.0/0 [goto] IN_foobar_03 all -- 10.2.2.0/24 0.0.0.0/0 [goto] IN_foobar_04 all -- 10.2.0.0/16 0.0.0.0/0 [goto] IN_foobar_05 all -- 10.0.0.0/8 0.0.0.0/0 [goto] IN_public all -- 20.20.20.20 0.0.0.0/0 [goto] IN_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:128" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1734765.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_foobar_00 all 1234:5678::1:1:1 ::/0 [goto] IN_foobar_01 all 1234:5678::1:1:0/112 ::/0 [goto] IN_foobar_010 all 1234:5678::10:10:10 ::/0 [goto] IN_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 src IN_foobar_02 all 1234:5678::1:0:0/96 ::/0 [goto] IN_foobar_03 all 1234:5678::2:2:0/112 ::/0 [goto] IN_foobar_04 all 1234:5678::2:0:0/96 ::/0 [goto] IN_foobar_05 all 1234:5678::/80 ::/0 [goto] IN_public all 1234:5678::20:20:20 ::/0 [goto] IN_foobar_010 all ::/0 ::/0 [goto] IN_trusted all ::/0 ::/0 [goto] IN_internal all ::/0 ::/0 [goto] IN_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:143" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1734765.at:158: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:158" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar_00 all -- 0.0.0.0/0 10.1.1.1 [goto] POST_foobar_01 all -- 0.0.0.0/0 10.1.1.0/24 [goto] POST_foobar_010 all -- 0.0.0.0/0 10.10.10.10 [goto] POST_foobar_011 all -- 0.0.0.0/0 0.0.0.0/0 [goto] match-set ipsetv4 dst POST_foobar_02 all -- 0.0.0.0/0 10.1.0.0/16 [goto] POST_foobar_03 all -- 0.0.0.0/0 10.2.2.0/24 [goto] POST_foobar_04 all -- 0.0.0.0/0 10.2.0.0/16 [goto] POST_foobar_05 all -- 0.0.0.0/0 10.0.0.0/8 [goto] POST_public all -- 0.0.0.0/0 20.20.20.20 [goto] POST_foobar_010 all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_trusted all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_internal all -- 0.0.0.0/0 0.0.0.0/0 [goto] POST_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:158" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1734765.at:173: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_ZONES; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1734765.at:173" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_ZONES; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar_00 all ::/0 1234:5678::1:1:1 [goto] POST_foobar_01 all ::/0 1234:5678::1:1:0/112 [goto] POST_foobar_010 all ::/0 1234:5678::10:10:10 [goto] POST_foobar_012 all ::/0 ::/0 [goto] match-set ipsetv6 dst POST_foobar_02 all ::/0 1234:5678::1:0:0/96 [goto] POST_foobar_03 all ::/0 1234:5678::2:2:0/112 [goto] POST_foobar_04 all ::/0 1234:5678::2:0:0/96 [goto] POST_foobar_05 all ::/0 1234:5678::/80 [goto] POST_public all ::/0 1234:5678::20:20:20 [goto] POST_foobar_010 all ::/0 ::/0 [goto] POST_trusted all ::/0 ::/0 [goto] POST_internal all ::/0 ::/0 [goto] POST_public all ::/0 ::/0 [goto] " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1734765.at:173" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"" != x"ignore"; then $as_echo "rhbz1734765.at:189" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1734765.at:189" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_229 #AT_START_230 at_fn_group_banner 230 'gh567.at:1' \ "rich rule source w/ mark action" " " 9 at_xfail=no ( $as_echo "230. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh567.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh567.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh567.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh567.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh567.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh567.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh567.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh567.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh567.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh567.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh567.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh567.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh567.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh567.at:1" $as_echo "gh567.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $IPSET -h >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh567.at:3" { set +x $as_echo "$at_srcdir/gh567.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=Teste --type=hash:net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=Teste --type=hash:net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule \"rule family=ipv4 source ipset=Teste mark set=2\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --add-rich-rule "rule family=ipv4 source ipset=Teste mark set=2" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh567.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh567.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh567.at:7" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh567.at:9" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh567.at:9" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_230 #AT_START_231 at_fn_group_banner 231 'rhbz1779835.at:1' \ "ipv6 address with brackets" " " 9 at_xfail=no ( $as_echo "231. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1779835.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1779835.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1779835.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1779835.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1779835.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1779835.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1779835.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1779835.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:1" $as_echo "rhbz1779835.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $IPSET -h >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1779835.at:3" if $IP6TABLES -L >/dev/null 2>&1; then : else : $as_echo "rhbz1779835.at:5" >"$at_check_line_file" at_fn_check_skip 77 "$at_srcdir/rhbz1779835.at:5" fi { set +x $as_echo "$at_srcdir/rhbz1779835.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --family=inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar --type=hash:ip --family=inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry='[1234::4321]' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry='[1234::4321]' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar2 --type=hash:net --family=inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset=foobar2 --type=hash:net --family=inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar2 --add-entry='[1234::]/64' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar2 --add-entry='[1234::]/64' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:12" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1779835.at:14" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:14" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_231 #AT_START_232 at_fn_group_banner 232 'rhbz1779835.at:16' \ "ipv6 address with brackets" " " 9 at_xfail=no ( $as_echo "232. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:16" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1779835.at:16" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1779835.at:16" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1779835.at:16: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:16" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:16" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1779835.at:16" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1779835.at:16" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1779835.at:16" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:16" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1779835.at:16" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:16" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1779835.at:16" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:16" if $IP6TABLES -L >/dev/null 2>&1; then : else : $as_echo "rhbz1779835.at:19" >"$at_check_line_file" at_fn_check_skip 77 "$at_srcdir/rhbz1779835.at:19" fi { set +x $as_echo "$at_srcdir/rhbz1779835.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-source='[::1234]' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-source='[::1234]' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-source='[1234::]/64' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-source='[1234::]/64' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-forward-port=port=1234:proto=tcp:toport=4321:toaddr=[::1234] " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-forward-port=port=1234:proto=tcp:toport=4321:toaddr=[::1234] ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] forward-port port=\"1234\" protocol=tcp to-port=\"4321\" to-addr=\"[::1234]\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] forward-port port="1234" protocol=tcp to-port="4321" to-addr="[::1234]"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:27" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 forward-port port=\"1234\" protocol=tcp to-port=\"4321\" to-addr=\"[::1234]\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 forward-port port="1234" protocol=tcp to-port="4321" to-addr="[::1234]"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[::4321] accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 source address=[1234::]/64 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[::4321] accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[::4321] accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1779835.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[1234::]/64 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1779835.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone internal --add-rich-rule='rule family=ipv6 destination address=[1234::]/64 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1779835.at:34" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1779835.at:36" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1779835.at:36" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_232 #AT_START_233 at_fn_group_banner 233 'gh330.at:1' \ "ipset cleanup on reload/stop" " " 9 at_xfail=no ( $as_echo "233. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh330.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh330.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh330.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh330.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh330.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh330.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh330.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh330.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh330.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:1" { set +x $as_echo "$at_srcdir/gh330.at:4: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:4" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:8" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:10" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:25" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/gh330.at:27" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:30: sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:30" ( $at_check_trace; sed -i 's/^FlushAllOnReload.*/FlushAllOnReload=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:31: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:31" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:34" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:36" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:52" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:54" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 4.3.2.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --ipset foobar --add-entry 4.3.2.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:72" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 4.3.2.1 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:74" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:95: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:95" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 6.6.6.6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 6.6.6.6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:96" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:97" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 10.10.10.10 4.3.2.1 6.6.6.6 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:98" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh330.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:120: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf" at_fn_check_prepare_trace "gh330.at:120" ( $at_check_trace; sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:121" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh330.at:122: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:122" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:122" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh330.at:123" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:123" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh330.at:123" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:123" { set +x $as_echo "$at_srcdir/gh330.at:124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh330.at:124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --delete-ipset foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:124" $at_failed && at_fn_log_failure $at_traceon; } pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh330.at:127: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh330.at:127" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh330.at:127" $at_failed && at_fn_log_failure $at_traceon; } fi FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh330.at:142" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh330.at:142" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh330.at:142" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:142" if test x"" != x"ignore"; then $as_echo "gh330.at:144" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh330.at:144" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_233 #AT_START_234 at_fn_group_banner 234 'gh599.at:1' \ "writing to log after copytruncate" " " 9 at_xfail=no ( $as_echo "234. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh599.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh599.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh599.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh599.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh599.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh599.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh599.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh599.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh599.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh599.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh599.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh599.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh599.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh599.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh599.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh599.at:1" $as_echo "gh599.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which truncate >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh599.at:4" $as_echo "gh599.at:5" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which wc >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh599.at:5" $as_echo "gh599.at:6" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which expr >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh599.at:6" { set +x $as_echo "$at_srcdir/gh599.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} truncate -s 0 ./firewalld.log " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh599.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} truncate -s 0 ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh599.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=this_does_not_exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh599.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=this_does_not_exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/gh599.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh599.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} expr \$(cat ./firewalld.log | wc -c) \">\" 0 " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh599.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} expr $(cat ./firewalld.log | wc -c) ">" 0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh599.at:15" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_SERVICE: this_does_not_exist/d'" != x"ignore"; then $as_echo "gh599.at:17" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_SERVICE: this_does_not_exist/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh599.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_234 #AT_START_235 at_fn_group_banner 235 'rhbz1829104.at:1' \ "direct rule in zone chain" " " 9 at_xfail=no ( $as_echo "235. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1829104.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1829104.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1829104.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1829104.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1829104.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1829104.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1829104.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1829104.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1829104.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1829104.at:1" $as_echo "rhbz1829104.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1829104.at:1" { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 raw PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 raw PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 raw PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 raw PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 raw PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 raw PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 raw PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 raw PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 raw PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 raw PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 raw PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 raw PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 mangle PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 mangle PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 mangle PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 mangle PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 mangle PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 mangle PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 mangle PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 mangle PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 mangle PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 mangle PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 mangle PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 mangle PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat PRE_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat PRE_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat PRE_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat PRE_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat PRE_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat PRE_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter IN_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter IN_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter IN_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter IN_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter IN_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter IN_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter IN_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter IN_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter IN_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter IN_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter IN_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter IN_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter FWD_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter FWD_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter FWD_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter FWD_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter FWD_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter FWD_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter FWD_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter FWD_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter FWD_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter FWD_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter FWD_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 filter FWD_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat POST_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat POST_public 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat POST_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat POST_public_pre 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat POST_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat POST_public_log 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat POST_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat POST_public_deny 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat POST_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat POST_public_allow 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1829104.at:1: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat POST_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1829104.at:1" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --direct --add-rule ipv4 nat POST_public_post 0 -s 10.10.10.0/24 ! -d 10.0.0.0/8 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1829104.at:1" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1829104.at:1" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1829104.at:1" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_235 #AT_START_236 at_fn_group_banner 236 'rhbz1843398.at:1' \ "rich rule source mac" " " 9 at_xfail=no ( $as_echo "236. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1843398.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1843398.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1843398.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1843398.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1843398.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1843398.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1843398.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1843398.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1843398.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1843398.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1843398.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1843398.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1843398.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1843398.at:1" { set +x $as_echo "$at_srcdir/rhbz1843398.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule source mac=\"11:22:33:44:55:66\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule source mac="11:22:33:44:55:66" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1843398.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule source mac=\"11:22:33:44:55:66\" reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule source mac="11:22:33:44:55:66" reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1843398.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1843398.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1843398.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1843398.at:6" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1843398.at:8" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1843398.at:8" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_236 #AT_START_237 at_fn_group_banner 237 'rhbz1839781.at:1' \ "service RH-Satellite-6" " " 9 at_xfail=no ( $as_echo "237. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1839781.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1839781.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1839781.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1839781.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1839781.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1839781.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1839781.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1839781.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1839781.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1839781.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1839781.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1839781.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1839781.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1839781.at:1" { set +x $as_echo "$at_srcdir/rhbz1839781.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone trusted --add-interface dummy0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone trusted --add-interface dummy0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1839781.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone trusted --add-service RH-Satellite-6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone trusted --add-service RH-Satellite-6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1839781.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_trusted_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1839781.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_trusted_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:69 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8140 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5646:5647 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5671 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:29" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1839781.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_trusted_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1839781.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_trusted_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:53 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:53 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:67 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:69 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:68 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8140 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:5000 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpts:5646:5647 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:5671 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8000 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8080 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:45" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1839781.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone trusted --remove-service RH-Satellite-6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone trusted --remove-service RH-Satellite-6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1839781.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone trusted --add-service RH-Satellite-6-capsule " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1839781.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone trusted --add-service RH-Satellite-6-capsule ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1839781.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_trusted_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1839781.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_trusted_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:69 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8140 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5646:5647 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5671 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:88" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1839781.at:105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_trusted_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1839781.at:105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_trusted_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:53 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:53 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:80 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:443 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:67 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:69 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:68 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8140 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:5000 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpts:5646:5647 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:5671 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8000 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8080 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:9090 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:8443 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1839781.at:105" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"" != x"ignore"; then $as_echo "rhbz1839781.at:123" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1839781.at:123" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_237 #AT_START_238 at_fn_group_banner 238 'rhbz1689429.at:1' \ "rich rule invalid priority" " " 9 at_xfail=no ( $as_echo "238. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1689429.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1689429.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1689429.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1689429.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1689429.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1689429.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1689429.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1689429.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1689429.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1689429.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1689429.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1689429.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1689429.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1689429.at:1" { set +x $as_echo "$at_srcdir/rhbz1689429.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=foo accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule priority=foo accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "Error: INVALID_PRIORITY: invalid 'priority' attribute value 'foo'. " | \ $at_diff - "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 139 $at_status "$at_srcdir/rhbz1689429.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1689429.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule priority=foo accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule priority=foo accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "Error: INVALID_PRIORITY: invalid 'priority' attribute value 'foo'. " | \ $at_diff - "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 139 $at_status "$at_srcdir/rhbz1689429.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1689429.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1689429.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1689429.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1689429.at:10" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "rhbz1689429.at:12" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1689429.at:12" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_238 #AT_START_239 at_fn_group_banner 239 'rhbz1483921.at:1' \ "direct and zone mutually exclusive" " " 9 at_xfail=no ( $as_echo "239. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1483921.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1483921.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1483921.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1483921.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1483921.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1483921.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1483921.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1483921.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1483921.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1483921.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1483921.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1483921.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1483921.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1483921.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1483921.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1483921.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1483921.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1483921.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1483921.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1483921.at:1" $as_echo "rhbz1483921.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1483921.at:3" { set +x $as_echo "$at_srcdir/rhbz1483921.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1483921.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/rhbz1483921.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1483921.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1483921.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --direct --add-rule ipv4 nat OUTPUT 1 -p tcp --dport 8443 -j DNAT --to-port 9443 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/rhbz1483921.at:7" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1483921.at:9" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1483921.at:9" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_239 #AT_START_240 at_fn_group_banner 240 'rhbz1541077.at:1' \ "hash:mac and family mutually exclusive" " " 9 at_xfail=no ( $as_echo "240. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1541077.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1541077.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1541077.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1541077.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1541077.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1541077.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1541077.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1541077.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1541077.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1541077.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1541077.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1541077.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1541077.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1541077.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1541077.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1541077.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1541077.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1541077.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1541077.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1541077.at:1" { set +x $as_echo "$at_srcdir/rhbz1541077.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset hashmacv6 --type hash:mac --family inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1541077.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset hashmacv6 --type hash:mac --family inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/rhbz1541077.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1541077.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --new-ipset hashmacv6 --type hash:mac --family inet6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1541077.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --new-ipset hashmacv6 --type hash:mac --family inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/rhbz1541077.at:5" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rhbz1541077.at:7: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --new-ipset hashmacv6 --type hash:mac --family inet6" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset hashmacv6 --type hash:mac --family inet6" "rhbz1541077.at:7" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --new-ipset hashmacv6 --type hash:mac --family inet6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/rhbz1541077.at:7" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1541077.at:9" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1541077.at:9" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_240 #AT_START_241 at_fn_group_banner 241 'rhbz1855140.at:1' \ "rich rule icmptypes with one family" " " 9 at_xfail=no ( $as_echo "241. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1855140.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1855140.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1855140.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1855140.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1855140.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1855140.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1855140.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1855140.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1855140.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1855140.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1855140.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1855140.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1855140.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1855140.at:1" { set +x $as_echo "$at_srcdir/rhbz1855140.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule icmp-type name=\"echo-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule icmp-type name="echo-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule icmp-type name=\"neighbour-advertisement\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule icmp-type name="neighbour-advertisement" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule icmp-type name=\"timestamp-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule icmp-type name="timestamp-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule 'rule icmp-type name=bad-header mark set=0x86/0x86' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule 'rule icmp-type name=bad-header mark set=0x86/0x86' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1855140.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1855140.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 13 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:30" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1855140.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1855140.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MARK icmpv6 ::/0 ::/0 ipv6-icmptype 4 code 0 MARK or 0x86 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:35" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1855140.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1855140.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 136 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1855140.at:38" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rhbz1855140.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule 'rule icmp-type name=bogus mark set=0x86/0x86' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule 'rule icmp-type name=bogus mark set=0x86/0x86' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/rhbz1855140.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule 'rule icmp-type name=bogus mark set=0x86/0x86' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule 'rule icmp-type name=bogus mark set=0x86/0x86' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/rhbz1855140.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1855140.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule 'rule family=ipv6 icmp-type name=timestamp-request drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule 'rule family=ipv6 icmp-type name=timestamp-request drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/rhbz1855140.at:48" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rhbz1855140.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule 'rule family=ipv6 icmp-type name=timestamp-request drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1855140.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule 'rule family=ipv6 icmp-type name=timestamp-request drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/rhbz1855140.at:49" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"-e '/ERROR: INVALID_ICMPTYPE:/d'" != x"ignore"; then $as_echo "rhbz1855140.at:53" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ICMPTYPE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1855140.at:53" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_241 #AT_START_242 at_fn_group_banner 242 'rhbz1871298.at:1' \ "rich rule parsing bottleneck" " " 9 at_xfail=no ( $as_echo "242. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1871298.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1871298.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1871298.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1871298.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1871298.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1871298.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1871298.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1871298.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1871298.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1871298.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1871298.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1871298.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1871298.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1871298.at:1" $as_echo "rhbz1871298.at:4" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which timeout >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1871298.at:4" { set +x $as_echo "$at_srcdir/rhbz1871298.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} mkdir -p ./zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1871298.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} echo '' > ./zones/foobar.xml " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} echo '' > ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1871298.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} echo \"\" >> ./zones/foobar.xml " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} echo "" >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1871298.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} echo \"foobar\" >> ./zones/foobar.xml " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} echo "foobar" >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1871298.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh -c 'for I in \$(seq 10000); do echo \"\" >> ./zones/foobar.xml; done' " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1871298.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c 'for I in $(seq 10000); do echo "" >> ./zones/foobar.xml; done' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1871298.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} echo \"\" >> ./zones/foobar.xml " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} echo "" >> ./zones/foobar.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:11" $at_failed && at_fn_log_failure $at_traceon; } if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/rhbz1871298.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} timeout 45 firewall-offline-cmd --system-config ./ \$FIREWALL_OFFLINE_CMD_ARGS --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1871298.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} timeout 45 firewall-offline-cmd --system-config ./ $FIREWALL_OFFLINE_CMD_ARGS --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1871298.at:16" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1871298.at:18" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1871298.at:18" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_242 #AT_START_243 at_fn_group_banner 243 'rhbz1596304.at:1' \ "rich rules strip non-printable characters" " " 9 at_xfail=no ( $as_echo "243. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1596304.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1596304.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1596304.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1596304.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1596304.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1596304.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1596304.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1596304.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1596304.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1596304.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1596304.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1596304.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1596304.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1596304.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1596304.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1596304.at:1" { set +x $as_echo "$at_srcdir/rhbz1596304.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-rich-rule 'rule family=\"ipv4\" source address=\"104.243.250.0/22 \" port port=80 protocol=tcp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1596304.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="104.243.250.0/22 " port port=80 protocol=tcp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1596304.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1596304.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1596304.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1596304.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1596304.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1596304.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv4\" source address=\"104.243.250.0/22\" port port=\"80\" protocol=\"tcp\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1596304.at:7" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1596304.at:24" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1596304.at:24" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_243 #AT_START_244 at_fn_group_banner 244 'gh703.at:1' \ "add source with mac address" " " 9 at_xfail=no ( $as_echo "244. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh703.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh703.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh703.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh703.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh703.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh703.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh703.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh703.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh703.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh703.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh703.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh703.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh703.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh703.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh703.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh703.at:1" { set +x $as_echo "$at_srcdir/gh703.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=home --add-source=34:7e:5c:3a:4c:32 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh703.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=home --add-source=34:7e:5c:3a:4c:32 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh703.at:4" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh703.at:17" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh703.at:17" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_244 #AT_START_245 at_fn_group_banner 245 'ipset_netmask_allowed.at:1' \ "ipset netmask allowed type hash:ip" " " 9 at_xfail=no ( $as_echo "245. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "ipset_netmask_allowed.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "ipset_netmask_allowed.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "ipset_netmask_allowed.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/ipset_netmask_allowed.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "ipset_netmask_allowed.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/ipset_netmask_allowed.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "ipset_netmask_allowed.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/ipset_netmask_allowed.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "ipset_netmask_allowed.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/ipset_netmask_allowed.at:1" { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset foobar --type hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset foobar --type hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 4.3.2.1/32 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 4.3.2.1/32 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 4.3.2.1/32 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 4.3.2.1/32 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ipset_netmask_allowed.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/ipset_netmask_allowed.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.0/22 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.0/22 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/ipset_netmask_allowed.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4/30 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4/30 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/ipset_netmask_allowed.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ipset_netmask_allowed.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4/30 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ipset_netmask_allowed.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4/30 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/ipset_netmask_allowed.at:23" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_ENTRY:/d'" != x"ignore"; then $as_echo "ipset_netmask_allowed.at:25" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ENTRY:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/ipset_netmask_allowed.at:25" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_245 #AT_START_246 at_fn_group_banner 246 'rhbz1940928.at:1' \ "direct -s/-d multiple addresses" " " 9 at_xfail=no ( $as_echo "246. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1940928.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1940928.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1940928.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1940928.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1940928.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1940928.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1940928.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1940928.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1940928.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1940928.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1940928.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1940928.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1940928.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1940928.at:1" $as_echo "rhbz1940928.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1940928.at:3" { set +x $as_echo "$at_srcdir/rhbz1940928.at:7: sed -i 's/^IndividualCalls.*/IndividualCalls=no/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1940928.at:7" ( $at_check_trace; sed -i 's/^IndividualCalls.*/IndividualCalls=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 2 -p tcp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 2 -p tcp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 2 -p udp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 2 -p udp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 9 -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 9 -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_direct; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1940928.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_direct; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT tcp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT tcp -- 0.0.0.0/0 192.168.0.0/24 ACCEPT udp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT udp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT udp -- 0.0.0.0/0 192.168.0.0/24 DROP all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p sctp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p sctp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_direct; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1940928.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_direct; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT sctp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT sctp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT sctp -- 0.0.0.0/0 192.168.0.0/24 ACCEPT tcp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT tcp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT tcp -- 0.0.0.0/0 192.168.0.0/24 ACCEPT udp -- 0.0.0.0/0 10.0.0.0/8 ACCEPT udp -- 0.0.0.0/0 172.16.0.0/16 ACCEPT udp -- 0.0.0.0/0 192.168.0.0/24 DROP all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -p sctp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -p sctp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 2 -p tcp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 2 -p tcp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 2 -p udp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 2 -p udp -d 10.0.0.0/8,172.16.0.0/16,192.168.0.0/24 -j ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 9 -j DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1940928.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 9 -j DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1940928.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_direct; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1940928.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_direct; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1940928.at:49" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1940928.at:52" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1940928.at:52" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_246 #AT_START_247 at_fn_group_banner 247 'rhbz1936896.at:1' \ "ipset type hash:net,net" " " 9 at_xfail=no ( $as_echo "247. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1936896.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1936896.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1936896.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1936896.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1936896.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1936896.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1936896.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1936896.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1936896.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1936896.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1936896.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1936896.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1936896.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1936896.at:1" $as_echo "rhbz1936896.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $IPSET -h >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1936896.at:3" { set +x $as_echo "$at_srcdir/rhbz1936896.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-ipset testset --type hash:net,net " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-ipset testset --type hash:net,net ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1936896.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=testset --add-entry=192.168.0.0/24,10.0.1.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=testset --add-entry=192.168.0.0/24,10.0.1.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1936896.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1936896.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1936896.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1936896.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-ipset=testset | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1936896.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-ipset=testset | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "testset type: hash:net,net options: entries: 192.168.0.0/24,10.0.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:8" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/rhbz1936896.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list testset; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rhbz1936896.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list testset; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: testset Type: hash:net,net Members: 192.168.0.0/24,10.0.1.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1936896.at:15" $at_failed && at_fn_log_failure $at_traceon; } fi if test x"" != x"ignore"; then $as_echo "rhbz1936896.at:32" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1936896.at:32" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_247 #AT_START_248 at_fn_group_banner 248 'gh795.at:1' \ "ipset entry delete w/ timeout=0" " " 9 at_xfail=no ( $as_echo "248. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh795.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh795.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh795.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh795.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh795.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh795.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh795.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh795.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh795.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh795.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh795.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh795.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh795.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh795.at:1" { set +x $as_echo "$at_srcdir/gh795.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset foobar --type=hash:ip --option=timeout=0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset foobar --type=hash:ip --option=timeout=0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --remove-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --remove-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --remove-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --remove-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo >>"$at_stderr"; $as_echo "Warning: ALREADY_ENABLED: '1.2.3.4' already is in 'foobar' " | \ $at_diff - "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --remove-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --remove-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --add-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1.2.3.4 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:22" $at_failed && at_fn_log_failure $at_traceon; } if $IPSET list >/dev/null 2>&1; then { set +x $as_echo "$at_srcdir/gh795.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPSET list foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | grep -v \"^\\(Revision\\|Header\\|Size\\|References\\|Number\\)\" | awk 'NR <= 3; NR > 3 {print | \"sort\"}' >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh795.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPSET list foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | grep -v "^\(Revision\|Header\|Size\|References\|Number\)" | awk 'NR <= 3; NR > 3 {print | "sort"}' >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "Name: foobar Type: hash:ip Members: 1.2.3.4 timeout 0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:36" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh795.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --remove-entry 1.2.3.4 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --remove-entry 1.2.3.4 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh795.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --ipset foobar --get-entries " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh795.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --ipset foobar --get-entries ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo " " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh795.at:44" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/WARNING: ALREADY_ENABLED:/d'" != x"ignore"; then $as_echo "gh795.at:48" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/WARNING: ALREADY_ENABLED:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh795.at:48" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_248 #AT_START_249 at_fn_group_banner 249 'rhbz1914935.at:1' \ "zone overlapping ports" " " 9 at_xfail=no ( $as_echo "249. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1914935.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1914935.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1914935.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1914935.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1914935.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1914935.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1914935.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1914935.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1914935.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1914935.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1914935.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1914935.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1914935.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1914935.at:1" { set +x $as_echo "$at_srcdir/rhbz1914935.at:4: mkdir -p ./zones" at_fn_check_prepare_trace "rhbz1914935.at:4" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:4" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rhbz1914935.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:15: grep \"WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1914935.at:15" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:16: grep \"WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1914935.at:16" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone foobar --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone foobar --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1024-65535/tcp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:17" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rhbz1914935.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:30: grep \"WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1914935.at:30" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '1234:tcp' already in 'foobar'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:31: grep \"WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1914935.at:31" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '2000-3000:tcp' already in 'foobar'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:31" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone foobar --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone foobar --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1024-65535/tcp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:32" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rhbz1914935.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:45: grep \"WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1914935.at:45" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/rhbz1914935.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone foobar --list-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone foobar --list-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1024-2500/tcp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:46" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rhbz1914935.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:59: grep \"WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'\" ./firewalld.log" at_fn_check_prepare_trace "rhbz1914935.at:59" ( $at_check_trace; grep "WARNING: ALREADY_ENABLED: '1500-2500:tcp' already in 'foobar'" ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/rhbz1914935.at:59" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1914935.at:60: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone foobar --list-source-ports " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1914935.at:60" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone foobar --list-source-ports ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "1024-2500/tcp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1914935.at:60" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/WARNING: ALREADY_ENABLED:/d'" != x"ignore"; then $as_echo "rhbz1914935.at:64" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/WARNING: ALREADY_ENABLED:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1914935.at:64" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_249 #AT_START_250 at_fn_group_banner 250 'gh696.at:1' \ "icmp-block-inversion no log blocked" " " 9 at_xfail=no ( $as_echo "250. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh696.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh696.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh696.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh696.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh696.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh696.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh696.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh696.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh696.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh696.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh696.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh696.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh696.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh696.at:1" { set +x $as_echo "$at_srcdir/gh696.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --remove-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --remove-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh696.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:17" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh696.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh696.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 128 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:20" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh696.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-log-denied all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-log-denied all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:25" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh696.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 LOG flags 0 level 4 prefix \"zone_public_HOST_ICMP_BLOCK: \" REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:38" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh696.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh696.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG icmpv6 ::/0 ::/0 ipv6-icmptype 128 LOG flags 0 level 4 prefix \"zone_public_HOST_ICMP_BLOCK: \" REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 128 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:42" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh696.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-icmp-block-inversion " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-icmp-block-inversion ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:53" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-log-denied off " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-log-denied off ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh696.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:67" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh696.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh696.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:71" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/gh696.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-log-denied all " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh696.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-log-denied all ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:79" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh696.at:92: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh696.at:92" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:92" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/gh696.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh696.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh696.at:96" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"-d '/WARNING: NOT_ENABLED: icmp-block-inversion/d'" != x"ignore"; then $as_echo "gh696.at:102" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -d '/WARNING: NOT_ENABLED: icmp-block-inversion/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh696.at:102" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_250 #AT_START_251 at_fn_group_banner 251 'rhbz1917766.at:1' \ "rich rule source with netmask" " " 9 at_xfail=no ( $as_echo "251. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz1917766.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz1917766.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz1917766.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz1917766.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz1917766.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz1917766.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz1917766.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz1917766.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz1917766.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1917766.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz1917766.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz1917766.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz1917766.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz1917766.at:1" { set +x $as_echo "$at_srcdir/rhbz1917766.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --add-rich-rule='rule family=ipv4 source address=\"192.168.1.0/255.255.255.0\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --add-rich-rule='rule family=ipv4 source address="192.168.1.0/255.255.255.0" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1917766.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule family=ipv4 source address=\"192.168.1.0/255.255.255.0\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone public --add-rich-rule='rule family=ipv4 source address="192.168.1.0/255.255.255.0" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:8" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' foobar foobar _ATEOF { set +x $as_echo "$at_srcdir/rhbz1917766.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1917766.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rhbz1917766.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone foobar --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz1917766.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone foobar --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rhbz1917766.at:22" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "rhbz1917766.at:24" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz1917766.at:24" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_251 #AT_START_252 at_fn_group_banner 252 'rhbz2014383.at:1' \ "same source in two zone xml" " " 9 at_xfail=no ( $as_echo "252. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rhbz2014383.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz2014383.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rhbz2014383.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rhbz2014383.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rhbz2014383.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rhbz2014383.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rhbz2014383.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz2014383.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rhbz2014383.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rhbz2014383.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rhbz2014383.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz2014383.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rhbz2014383.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rhbz2014383.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rhbz2014383.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rhbz2014383.at:1" { set +x $as_echo "$at_srcdir/rhbz2014383.at:4: mkdir -p ./zones" at_fn_check_prepare_trace "rhbz2014383.at:4" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rhbz2014383.at:4" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' foobar foobar _ATEOF cat >./zones/foobar2.xml <<'_ATEOF' foobar2 foobar2 _ATEOF { set +x $as_echo "$at_srcdir/rhbz2014383.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz2014383.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/rhbz2014383.at:28" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/foobar.xml <<'_ATEOF' foobar foobar _ATEOF cat >./zones/foobar2.xml <<'_ATEOF' foobar2 foobar2 _ATEOF { set +x $as_echo "$at_srcdir/rhbz2014383.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rhbz2014383.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 104 $at_status "$at_srcdir/rhbz2014383.at:54" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "rhbz2014383.at:56" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rhbz2014383.at:56" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_252 #AT_START_253 at_fn_group_banner 253 'gh874.at:1' \ "policy masquerade w/ ingress interface" " " 9 at_xfail=no ( $as_echo "253. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh874.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh874.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh874.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh874.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh874.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh874.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh874.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh874.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh874.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh874.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh874.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh874.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh874.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh874.at:1" { set +x $as_echo "$at_srcdir/gh874.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-zone foobar_zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-zone foobar_zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy foobar_policy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy foobar_policy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar_policy --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar_policy --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar_policy --add-ingress-zone foobar_zone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar_policy --add-ingress-zone foobar_zone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar_policy --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar_policy --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone foobar_zone --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone foobar_zone --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/gh874.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sed -i '2a \\ ' ./zones/foobar_zone.xml " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sed -i '2a \ ' ./zones/foobar_zone.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh874.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh874.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh874.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/gh874.at:23" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "gh874.at:25" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh874.at:25" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_253 #AT_START_254 at_fn_group_banner 254 'gh881.at:1' \ "ipset entry overlap detect perf" " " 9 at_xfail=no ( $as_echo "254. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/gh881.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/gh881.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "gh881.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/gh881.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "gh881.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/gh881.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "gh881.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/gh881.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "gh881.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh881.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "gh881.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/gh881.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "gh881.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/gh881.at:1" : >./deny_cidr { set +x $as_echo "$at_srcdir/gh881.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh -c ' for I in \$(seq 250); do for J in \$(seq 250); do echo \"10.\${I}.\${J}.0/24\" >> ./deny_cidr done done ' " at_fn_check_prepare_notrace 'a $(...) command substitution' "gh881.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c ' for I in $(seq 250); do for J in $(seq 250); do echo "10.${I}.${J}.0/24" >> ./deny_cidr done done ' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh881.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} echo \"10.254.0.0/16\" >> ./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} echo "10.254.0.0/16" >> ./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh881.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=deny_set --type=hash:net --option=family=inet --option=hashsize=16384 --option=maxelem=20000 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=deny_set --type=hash:net --option=family=inet --option=hashsize=16384 --option=maxelem=20000 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/gh881.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:19" $at_failed && at_fn_log_failure $at_traceon; } cat >./deny_cidr <<'_ATEOF' 9.0.0.0/8 11.1.0.0/16 _ATEOF { set +x $as_echo "$at_srcdir/gh881.at:27: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:27" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:27" $at_failed && at_fn_log_failure $at_traceon; } cat >./deny_cidr <<'_ATEOF' 10.1.0.0/16 10.2.0.0/16 10.250.0.0/16 _ATEOF { set +x $as_echo "$at_srcdir/gh881.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/gh881.at:36" $at_failed && at_fn_log_failure $at_traceon; } cat >./deny_cidr <<'_ATEOF' 10.253.0.0/16 10.253.128.0/17 _ATEOF { set +x $as_echo "$at_srcdir/gh881.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/gh881.at:42" $at_failed && at_fn_log_failure $at_traceon; } cat >./deny_cidr <<'_ATEOF' 10.1.1.1/32 _ATEOF { set +x $as_echo "$at_srcdir/gh881.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/gh881.at:47" $at_failed && at_fn_log_failure $at_traceon; } cat >./deny_cidr <<'_ATEOF' 10.0.0.0/8 10.0.0.0/25 _ATEOF { set +x $as_echo "$at_srcdir/gh881.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} time firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 136 $at_status "$at_srcdir/gh881.at:53" $at_failed && at_fn_log_failure $at_traceon; } : >./deny_cidr { set +x $as_echo "$at_srcdir/gh881.at:57: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "gh881.at:57" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --ipset=deny_set --add-entries-from-file=./deny_cidr ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/gh881.at:57" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "gh881.at:59" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/gh881.at:59" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_254 #AT_START_255 at_fn_group_banner 255 'service_includes_for_builtin.at:1' \ "service include for built-in" " " 9 at_xfail=no ( $as_echo "255. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_includes_for_builtin.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "service_includes_for_builtin.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "service_includes_for_builtin.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_includes_for_builtin.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_includes_for_builtin.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "service_includes_for_builtin.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service_includes_for_builtin.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "service_includes_for_builtin.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service_includes_for_builtin.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "service_includes_for_builtin.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/service_includes_for_builtin.at:1" $as_echo "service_includes_for_builtin.at:6" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:6" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getServiceByName \"ssh\"; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config --method org.fedoraproject.FirewallD1.config.getServiceByName "ssh"; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; tee stdout <"$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:6" $at_failed && at_fn_log_failure $at_traceon; } SERVICE_OBJ=$(sed -e "s/.*config\/service\/\([^']\+\)['].*/\1/" ./stdout) export SERVICE_OBJ $as_echo "service_includes_for_builtin.at:13" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:13" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(@as [],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:13" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_includes_for_builtin.at:16" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:16" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.setIncludes '[\"https\", \"http\"]'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.setIncludes '["https", "http"]'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:16" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_includes_for_builtin.at:17" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:17" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.getIncludes ; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(['https', 'http'],) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:17" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_includes_for_builtin.at:20" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:20" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.addInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.addInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:20" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_includes_for_builtin.at:21" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:21" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(true,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:21" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_includes_for_builtin.at:24" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:24" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.removeInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.removeInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:24" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_includes_for_builtin.at:25" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} which gdbus >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_includes_for_builtin.at:25" { set +x $as_echo "$at_srcdir/service_includes_for_builtin.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/\${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '\"http\"'; echo \$? >&3; } | sed -e 's/^({//' -e 's/},)\$//' -e 's/>,/>\\n/g' | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | sort >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_includes_for_builtin.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { gdbus call --system --dest=org.fedoraproject.FirewallD1 --object-path /org/fedoraproject/FirewallD1/config/service/${SERVICE_OBJ} --method org.fedoraproject.FirewallD1.config.service.queryInclude '"http"'; echo $? >&3; } | sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g' | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | sort >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "(false,) " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_includes_for_builtin.at:25" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "service_includes_for_builtin.at:29" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/service_includes_for_builtin.at:29" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_255 #AT_START_256 at_fn_group_banner 256 'python.at:3' \ "firewalld_test.py" " " 10 at_xfail=no ( $as_echo "256. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:3: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:3: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:3" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:3: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:3" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:3: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:3" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:3" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "python.at:3" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/python.at:3" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:3" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:3" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:3" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:3" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:3" { set +x $as_echo "$at_srcdir/python.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_test.py " at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_test.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:5" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "python.at:6" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/python.at:6" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_256 #AT_START_257 at_fn_group_banner 257 'python.at:8' \ "firewalld_config.py" " " 10 at_xfail=no ( $as_echo "257. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:8: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:8: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:8" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:8: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:8" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:8: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:8" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:8" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "python.at:8" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/python.at:8" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:8" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:8" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:8" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:8" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:8" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:8" { set +x $as_echo "$at_srcdir/python.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_config.py " at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_config.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:10" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "python.at:11" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/python.at:11" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_257 #AT_START_258 at_fn_group_banner 258 'python.at:13' \ "firewalld_rich.py" " " 10 at_xfail=no ( $as_echo "258. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:13: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:13: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:13" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:13: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:13" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:13: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:13" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:13" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "python.at:13" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/python.at:13" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:13" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:13" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:13" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:13" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:13" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:13" { set +x $as_echo "$at_srcdir/python.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_rich.py " at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_rich.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:15" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "python.at:16" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/python.at:16" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_258 #AT_START_259 at_fn_group_banner 259 'python.at:18' \ "firewalld_direct.py" " " 10 at_xfail=no ( $as_echo "259. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/python.at:18: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/python.at:18: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "python.at:18" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/python.at:18: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "python.at:18" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/python.at:18: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "python.at:18" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/python.at:18" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "python.at:18" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/python.at:18" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "python.at:18" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:18" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "python.at:18" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/python.at:18" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "python.at:18" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/python.at:18" $as_echo "python.at:20" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/python.at:20" { set +x $as_echo "$at_srcdir/python.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} \$PYTHON \$(dirname \${at_myself})/python/firewalld_direct.py " at_fn_check_prepare_notrace 'a $(...) command substitution' "python.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} $PYTHON $(dirname ${at_myself})/python/firewalld_direct.py ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/python.at:21" $at_failed && at_fn_log_failure $at_traceon; } if test x"ignore" != x"ignore"; then $as_echo "python.at:22" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/python.at:22" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_259 #AT_START_260 at_fn_group_banner 260 'rfc3964_ipv4.at:1' \ "RFC3964_IPv4" " " 11 at_xfail=no ( $as_echo "260. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rfc3964_ipv4.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rfc3964_ipv4.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rfc3964_ipv4.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rfc3964_ipv4.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rfc3964_ipv4.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rfc3964_ipv4.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:1" { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:4: sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:4" ( $at_check_trace; sed -i 's/^LogDenied.*/LogDenied=all/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:5: sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:5" ( $at_check_trace; sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=yes/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:6" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L RFC3964_IPv4; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L RFC3964_IPv4; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG all ::/0 2002:e000::/19 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002:e000::/19 reject-with icmp6-addr-unreachable LOG all ::/0 2002:a9fe::/32 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002:a9fe::/32 reject-with icmp6-addr-unreachable LOG all ::/0 2002:c0a8::/32 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002:c0a8::/32 reject-with icmp6-addr-unreachable LOG all ::/0 2002:ac10::/28 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002:ac10::/28 reject-with icmp6-addr-unreachable LOG all ::/0 2002:7f00::/24 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002:7f00::/24 reject-with icmp6-addr-unreachable LOG all ::/0 2002:a00::/24 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002:a00::/24 reject-with icmp6-addr-unreachable LOG all ::/0 2002::/24 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 2002::/24 reject-with icmp6-addr-unreachable LOG all ::/0 ::ffff:0.0.0.0/96 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 ::ffff:0.0.0.0/96 reject-with icmp6-addr-unreachable LOG all ::/0 ::/96 LOG flags 0 level 4 prefix \"RFC3964_IPv4_REJECT: \" REJECT all ::/0 ::/96 reject-with icmp6-addr-unreachable " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:34" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix \"STATE_INVALID_DROP: \" DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix \"FINAL_REJECT: \" REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:54" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED ACCEPT all ::/0 ::/0 OUTPUT_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 OUTPUT_POLICIES_pre all ::/0 ::/0 OUTPUT_POLICIES_post all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:65" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:74: sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf" at_fn_check_prepare_trace "rfc3964_ipv4.at:74" ( $at_check_trace; sed -i 's/^RFC3964_IPv4.*/RFC3964_IPv4=no/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:74" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rfc3964_ipv4.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:75" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L RFC3964_IPv4; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L RFC3964_IPv4; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/rfc3964_ipv4.at:102" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 FORWARD_ZONES all ::/0 ::/0 LOG all ::/0 ::/0 ctstate INVALID LOG flags 0 level 4 prefix \"STATE_INVALID_DROP: \" DROP all ::/0 ::/0 ctstate INVALID LOG all ::/0 ::/0 LOG flags 0 level 4 prefix \"FINAL_REJECT: \" REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:103" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rfc3964_ipv4.at:113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rfc3964_ipv4.at:113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED ACCEPT all ::/0 ::/0 OUTPUT_direct all ::/0 ::/0 OUTPUT_POLICIES_pre all ::/0 ::/0 OUTPUT_POLICIES_post all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rfc3964_ipv4.at:113" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"" != x"ignore"; then $as_echo "rfc3964_ipv4.at:121" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rfc3964_ipv4.at:121" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_260 #AT_START_261 at_fn_group_banner 261 'service_include.at:1' \ "service include" " " 11 at_xfail=no ( $as_echo "261. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/service_include.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/service_include.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "service_include.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/service_include.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "service_include.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/service_include.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "service_include.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/service_include.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "service_include.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service_include.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "service_include.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/service_include.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "service_include.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/service_include.at:1" { set +x $as_echo "$at_srcdir/service_include.at:4: mkdir -p ./services" at_fn_check_prepare_trace "service_include.at:4" ( $at_check_trace; mkdir -p ./services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:5: cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE " at_fn_check_prepare_notrace 'an embedded newline' "service_include.at:5" ( $at_check_trace; cat < ./services/my-service-with-include.xml my-service-with-include This service includes other services HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:17: cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE " at_fn_check_prepare_notrace 'an embedded newline' "service_include.at:17" ( $at_check_trace; cat < ./services/recursive-service.xml recursive-service Include a service that included us HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:26" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:28: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:28" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:28" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --add-service=my-service-with-include " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --add-service=my-service-with-include ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=drop --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=drop --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --add-service=recursive-service " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --add-service=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --zone=drop --remove-service=recursive-service " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --zone=drop --remove-service=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_drop_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_drop_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12345 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:49" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/service_include.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_drop_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_drop_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT udp ::/0 ff02::c udp dpt:1900 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ff02::fb udp dpt:5353 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:12345 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:54" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/service_include.at:61: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=recursive-service " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:61" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:61" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:64: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:64" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:66" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:67: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:67" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --get-includes " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --service=my-service-with-include --get-includes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "mdns recursive-service ssdp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:81: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:81" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:81" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:93: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service" "service_include.at:93" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=recursive-service ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:93" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:94: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh" "service_include.at:94" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --add-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:94" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:95: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" "service_include.at:95" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:96: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:96" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:96" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:97: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh" "service_include.at:97" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS -q --service=my-service-with-include --remove-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:97" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:98: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh" "service_include.at:98" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --query-include=ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:99: grep '' ./services/my-service-with-include.xml " at_fn_check_prepare_trace "service_include.at:99" ( $at_check_trace; grep '' ./services/my-service-with-include.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/service_include.at:99" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:100: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes" at_fn_check_prepare_dynamic "firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes" "service_include.at:100" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --service=my-service-with-include --get-includes ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "mdns recursive-service ssdp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:100" $at_failed && at_fn_log_failure $at_traceon; } FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi { set +x $as_echo "$at_srcdir/service_include.at:103: firewall-offline-cmd \$FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; }" at_fn_check_prepare_notrace 'a $(...) command substitution' "service_include.at:103" ( $at_check_trace; firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS --info-service=my-service-with-include | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "my-service-with-include ports: 12345/tcp protocols: source-ports: modules: destination: includes: mdns recursive-service ssdp helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-service=my-service-with-include " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --zone=drop --add-service=my-service-with-include ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=does-not-exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --add-include=does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/service_include.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 251 $at_status "$at_srcdir/service_include.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --list-services " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --list-services ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "dhcpv6-client ssh " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:123: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=does-not-exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:123" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=my-service-with-include --remove-include=does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:123" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:124" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/service_include.at:124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "service_include.at:124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/service_include.at:124" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_SERVICE: does-not-exist/d'" != x"ignore"; then $as_echo "service_include.at:126" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_SERVICE: does-not-exist/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/service_include.at:126" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_261 #AT_START_262 at_fn_group_banner 262 'helpers_custom.at:1' \ "customer helpers" " " 11 at_xfail=no ( $as_echo "262. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/helpers_custom.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/helpers_custom.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "helpers_custom.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/helpers_custom.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "helpers_custom.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/helpers_custom.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "helpers_custom.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/helpers_custom.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "helpers_custom.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "helpers_custom.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "helpers_custom.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:1" { set +x $as_echo "$at_srcdir/helpers_custom.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-helper=\"ftptest\" --module=\"nf_conntrack_ftp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-helper="ftptest" --module="nf_conntrack_ftp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --helper=ftptest --add-port=\"2121/tcp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --helper=ftptest --add-port="2121/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --new-service=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --new-service="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port=\"2121/tcp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port="2121/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: ftptest destination: includes: helpers: " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftptest " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftptest ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:48" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/helpers_custom.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:52" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/helpers_custom.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:55" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/helpers_custom.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --query-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 1 $at_status "$at_srcdir/helpers_custom.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-service=ftptest | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ftptest ports: 2121/tcp protocols: source-ports: modules: destination: includes: helpers: ftptest " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:87: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftptest " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:87" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftptest ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:87" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:99: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:99" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:99" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:102" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/helpers_custom.at:106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:106" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/helpers_custom.at:109: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:109" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:109" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/helpers_custom.at:116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-module="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-helper=\"ftptest\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --remove-helper="ftptest" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper=\"ftp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-helper="ftp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port=\"21/tcp\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --permanent --service=ftptest --add-port="21/tcp" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:122: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --add-service=ftptest " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "helpers_custom.at:122" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --add-service=ftptest ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:122" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:136: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:136" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 CT helper ftp CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:136" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/helpers_custom.at:140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2121 ctstate NEW,UNTRACKED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:140" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/helpers_custom.at:145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PRE_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PRE_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp ::/0 ::/0 tcp dpt:21 CT helper ftp CT tcp ::/0 ::/0 tcp dpt:2121 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:145" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/helpers_custom.at:149: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "helpers_custom.at:149" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT udp ::/0 fe80::/64 udp dpt:546 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:2121 ctstate NEW,UNTRACKED ACCEPT tcp ::/0 ::/0 tcp dpt:21 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/helpers_custom.at:149" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"" != x"ignore"; then $as_echo "helpers_custom.at:156" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/helpers_custom.at:156" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_262 #AT_START_263 at_fn_group_banner 263 'policy.at:5' \ "policy - xml" " " 11 at_xfail=no ( $as_echo "263. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:5: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:5" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:5: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:5" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:5: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:5" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:5: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:5" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:5" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy.at:5" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy.at:5" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:5" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:5" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:5" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:5" { set +x $as_echo "$at_srcdir/policy.at:8: mkdir -p ./policies" at_fn_check_prepare_trace "policy.at:8" ( $at_check_trace; mkdir -p ./policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:8" $at_failed && at_fn_log_failure $at_traceon; } cat >./policies/foobar.xml <<'_ATEOF' foobar foobar policy _ATEOF { set +x $as_echo "$at_srcdir/policy.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:71" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy.at:73" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:73" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_263 #AT_START_264 at_fn_group_banner 264 'policy.at:79' \ "policy - create" " " 11 at_xfail=no ( $as_echo "264. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:79: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:79" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:79: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:79" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:79: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:79" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:79: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:79" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:79" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy.at:79" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy.at:79" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:79" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:79" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:79" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:79" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:79" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:79" { set +x $as_echo "$at_srcdir/policy.at:83: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy worldToHost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:83" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy worldToHost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:83" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:84: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy hostToWorld " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:84" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy hostToWorld ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:84" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy zoneToZone " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy zoneToZone ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:85" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:86: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:86" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 hostToWorld worldToHost zoneToZone " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:86" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 hostToWorld worldToHost zoneToZone " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:90" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy.at:94" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:94" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_264 #AT_START_265 at_fn_group_banner 265 'policy.at:96' \ "policy - name" " " 11 at_xfail=no ( $as_echo "265. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:96: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:96" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:96: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:96" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:96: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:96" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:96: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:96" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:96" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy.at:96" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy.at:96" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:96" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:96" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:96" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:96" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:96" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:96" { set +x $as_echo "$at_srcdir/policy.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy 123456789012345678 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy 123456789012345678 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy 1234567890123456789 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy 1234567890123456789 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 116 $at_status "$at_srcdir/policy.at:101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/policy.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-zone allow-host-ipv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-zone allow-host-ipv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 26 $at_status "$at_srcdir/policy.at:105" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_NAME:/d' -e '/ERROR: NAME_CONFLICT:/d'" != x"ignore"; then $as_echo "policy.at:107" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_NAME:/d' -e '/ERROR: NAME_CONFLICT:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:107" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_265 #AT_START_266 at_fn_group_banner 266 'policy.at:109' \ "policy - list" " " 11 at_xfail=no ( $as_echo "266. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:109: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:109" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:109: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:109" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:109: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:109" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:109: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:109" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:109" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy.at:109" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy.at:109" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:109" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:109" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:109" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:109" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:109" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:109" { set +x $as_echo "$at_srcdir/policy.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --info-policy allow-host-ipv6 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --info-policy allow-host-ipv6 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --info-policy allow-host-ipv6 | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:131" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --info-policy allow-host-ipv6 | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:131" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:151: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-all-policies | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:151" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-all-policies | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:151" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:170: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-all-policies | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:170" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-all-policies | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:170" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:190: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:190" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:190" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:209: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --list-all | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:209" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --list-all | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 (active) priority: -15000 target: CONTINUE ingress-zones: ANY egress-zones: HOST services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept rule family=\"ipv6\" icmp-type name=\"redirect\" accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:209" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy.at:229" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:229" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_266 #AT_START_267 at_fn_group_banner 267 'policy.at:231' \ "policy - options" " " 11 at_xfail=no ( $as_echo "267. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:231: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:231" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:231: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:231" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:231: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:231" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:231: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:231" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:231" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy.at:231" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy.at:231" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:231" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:231" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:231" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:231" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:231" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:231" { set +x $as_echo "$at_srcdir/policy.at:235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:235" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:236: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:236" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:236" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:239: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:239" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:239" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:240: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:240" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:240" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:241: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --remove-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:241" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:241" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:242: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --remove-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:242" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:242" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --query-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --query-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:243" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:244: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --query-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:244" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --query-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:244" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:245: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --list-interfaces " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:245" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:245" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:246: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --list-interfaces " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:246" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --list-interfaces ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:246" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:249: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:249" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:249" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:250: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:250" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:250" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:251: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --remove-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:251" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:251" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:252: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --remove-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:252" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:252" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --query-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --query-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:253" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --query-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --query-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:254" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:255: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:255" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:255" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --list-sources " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --list-sources ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:256" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --add-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:259" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:260: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:260" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:260" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:261: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --remove-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:261" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --remove-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:261" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:262: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --remove-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:262" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --remove-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:262" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:263: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --query-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:263" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy allow-host-ipv6 --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:263" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:264: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --query-forward " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:264" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --query-forward ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:264" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:267: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:267" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:267" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:268: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:268" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:268" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:269" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:270: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-egress-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:270" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-egress-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:270" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:271: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:271" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:271" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:272: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:272" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:272" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:273: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:273" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:273" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:274: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-egress-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:274" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-egress-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:274" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:275: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-ingress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:275" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:275" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:276: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-ingress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:276" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:276" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:277: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-ingress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:277" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:277" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:278: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --list-ingress-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:278" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --list-ingress-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:278" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:279: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-ingress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:279" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:279" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:280: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-ingress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:280" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:280" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:281: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --query-ingress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:281" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --query-ingress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:281" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:282: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --list-ingress-zones " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:282" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --list-ingress-zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:282" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:283: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-priority " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:283" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-priority ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:283" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:284: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --set-priority 5 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:284" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --set-priority 5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:284" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:285: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-priority " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:285" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-priority ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:285" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:286: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --set-priority 5 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:286" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --set-priority 5 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/policy.at:286" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy.at:288" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:288" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_267 #AT_START_268 at_fn_group_banner 268 'policy.at:290' \ "policy - priority" " " 11 at_xfail=no ( $as_echo "268. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:290: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:290" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:290: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:290" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:290: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:290" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:290: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:290" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:290" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy.at:290" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy.at:290" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:290" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:290" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:290" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:290" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:290" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:290" { set +x $as_echo "$at_srcdir/policy.at:294: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy worldToHost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:294" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy worldToHost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:294" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:295: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:295" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:295" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:296: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:296" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:296" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:297: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority -1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:297" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority -1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:297" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:298: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --get-priority " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:298" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --get-priority ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "-1 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:298" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:301: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:301" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:301" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:301: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:301" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:301" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:316: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:316" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 IN_worldToHost all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:316" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:320: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:320" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:320" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:322: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:322" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 IN_worldToHost all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:322" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:326" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:330: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:330" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:330" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:331: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:331" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:331" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:331: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:331" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:331" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:346" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:349: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:349" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_worldToHost all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:349" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:352: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:352" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:352" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:355: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:355" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_worldToHost all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:355" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:360: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy first " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:360" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy first ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:360" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy first --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy first --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:361" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:362: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy first --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:362" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy first --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:362" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:363: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy second " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:363" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy second ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:363" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:364: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy second --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:364" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy second --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:364" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:365: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy second --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:365" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy second --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:365" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:366: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy third " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:366" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy third ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:366" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:367: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy third --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:367" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy third --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:367" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:368: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy third --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:368" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy third --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:368" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:369: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy fourth " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:369" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy fourth ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:369" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:370: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy fourth --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:370" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy fourth --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:370" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy fourth --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy fourth --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:371" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:372: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy fifth " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:372" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy fifth ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:372" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:373: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy fifth --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:373" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy fifth --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:373" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:374: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy fifth --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:374" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy fifth --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:374" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:376: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy fourth --set-priority -100 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:376" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy fourth --set-priority -100 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:376" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:377: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy second --set-priority -5000 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:377" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy second --set-priority -5000 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:377" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:378: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy first --set-priority -10000 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:378" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy first --set-priority -10000 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:378" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:379: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy third --set-priority -1000 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:379" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy third --set-priority -1000 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:379" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:380: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy fifth --set-priority -10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:380" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy fifth --set-priority -10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:380" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:381: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:381" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:381" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:381: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:381" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:381" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:394: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:394" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 IN_first all -- 0.0.0.0/0 0.0.0.0/0 IN_second all -- 0.0.0.0/0 0.0.0.0/0 IN_third all -- 0.0.0.0/0 0.0.0.0/0 IN_fourth all -- 0.0.0.0/0 0.0.0.0/0 IN_fifth all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:394" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:402: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:402" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 IN_first all ::/0 ::/0 IN_second all ::/0 ::/0 IN_third all ::/0 ::/0 IN_fourth all ::/0 ::/0 IN_fifth all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:402" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:412: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:412" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/policy.at:412" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:413: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority -32769 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:413" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority -32769 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/policy.at:413" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:414: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority -32768 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:414" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority -32768 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:414" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:415: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 32768 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:415" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 32768 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 139 $at_status "$at_srcdir/policy.at:415" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:416: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 32767 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:416" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy worldToHost --set-priority 32767 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:416" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_PRIORITY/d'" != x"ignore"; then $as_echo "policy.at:418" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_PRIORITY/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:418" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_268 #AT_START_269 at_fn_group_banner 269 'policy.at:420' \ "policy - zones" " " 11 at_xfail=no ( $as_echo "269. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:420: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:420" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:420: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:420" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:420: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:420" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:420: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:420" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:420" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy.at:420" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy.at:420" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:420" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:420" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:420" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:420" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:420" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:420" { set +x $as_echo "$at_srcdir/policy.at:423: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:423" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:423" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:424: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=internal --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:424" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=internal --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:424" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:426: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:426" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:426" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:427: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-priority -1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:427" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-priority -1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:427" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:428: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:428" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:428" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:428: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:428" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:428" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:431: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:431" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:431" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:432: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:432" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:432" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:433: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:433" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:433" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:434: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:434" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:434" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:435: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:435" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:435" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:436: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:436" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:436" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:437: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:437" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:437" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:438: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:438" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:438" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:439: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:439" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:439" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:440: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:440" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:440" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:441: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:441" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:441" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:442: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:442" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:442" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:443: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:443" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:443" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:444: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:444" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:444" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:445: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:445" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:445" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:446: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:446" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:446" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:447: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:447" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/policy.at:447" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:448: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:448" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/policy.at:448" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:449: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:449" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:449" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:450: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:450" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:450" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:451: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:451" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:451" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:452: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:452" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:452" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:453: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:453" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:453" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:454: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:454" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:454" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:455: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:455" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:455" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:456: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:456" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:456" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:457: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:457" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:457" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:458: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:458" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:458" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:459: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:459" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:459" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:460: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:460" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:460" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:461: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:461" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:461" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:462: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:462" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:462" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:463: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:463" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:463" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:464: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:464" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:464" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:465: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:465" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:465" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:466: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:466" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:466" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:467: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:467" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/policy.at:467" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:468: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:468" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/policy.at:468" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:469: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:469" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:469" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:470: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:470" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:470" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:473: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:473" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:473" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:474: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:474" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:474" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:475: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:475" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:475" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:476: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:476" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:476" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:477: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:477" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:477" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:478: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:478" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:478" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:479: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:479" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:479" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:480: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:480" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:480" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:481: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:481" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:481" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:482: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:482" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:482" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:483: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:483" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:483" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:484: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:484" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:484" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:485: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:485" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:485" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:486: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:486" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:486" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:487: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:487" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:487" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:488: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:488" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:488" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:489: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:489" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:489" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:490: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:490" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:490" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:491: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:491" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:491" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:492: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:492" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:492" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:493: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:493" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:493" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:494: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:494" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:494" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:495: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:495" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:495" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:496: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:496" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:496" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:497: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:497" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:497" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:498: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:498" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:498" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:499: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:499" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:499" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:500: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:500" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:500" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:503: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:503" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:503" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:504: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:504" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:504" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:505: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:505" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:505" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:506: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:506" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:506" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:507: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:507" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:507" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:508: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:508" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:508" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:509: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:509" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:509" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:510: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:510" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:510" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:511: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:511" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:511" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:512: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:512" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:512" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:513: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:513" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:513" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:514: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:514" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:514" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:517: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:517" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:517" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:518: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:518" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:518" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:519: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:519" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:519" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:520: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:520" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:520" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:521: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:521" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:521" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:522: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:522" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:522" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:523: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:523" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:523" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:524: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:524" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:524" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:525: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:525" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:525" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:526: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:526" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:526" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:527: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:527" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:527" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:528: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:528" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:528" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:531: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:531" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:531" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:532: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:532" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:532" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:533: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:533" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:533" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:534: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:534" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:534" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:535: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:535" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:535" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:536: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:536" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:536" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:539: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"does_not_exist\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:539" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="does_not_exist" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:539" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:540: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"does_not_exist\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:540" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="does_not_exist" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:540" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:541: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"does_not_exist\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:541" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="does_not_exist" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:541" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:542: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"does_not_exist\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:542" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="does_not_exist" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/policy.at:542" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:547: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:547" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:547" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:548: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:548" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:548" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:548: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:548" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:548" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:549: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:549" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 ingress-zones: ANY egress-zones: HOST " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:549" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:560: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:560" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:560" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:562: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:562" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:562" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:564: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:564" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:564" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:565: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:565" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:565" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:565: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:565" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:565" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:566: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:566" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 ingress-zones: ANY egress-zones: HOST foobar ingress-zones: public egress-zones: internal " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:566" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:581: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:581" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:581" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:584: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:584" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:584" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:587: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:587" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:587" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:588: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:588" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:588" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:588: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:588" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:588" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:589: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:589" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 ingress-zones: ANY egress-zones: HOST " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:589" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:600: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:600" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:600" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:602: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:602" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:602" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"-e '/ERROR: INVALID_ZONE:/d'" != x"ignore"; then $as_echo "policy.at:605" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ZONE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:605" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_269 #AT_START_270 at_fn_group_banner 270 'policy.at:607' \ "policy - dispatch" " " 11 at_xfail=no ( $as_echo "270. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:607: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:607" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:607: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:607" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:607: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:607" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:607: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:607" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:607" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy.at:607" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy.at:607" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:607" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:607" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:607" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:607" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:607" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:607" { set +x $as_echo "$at_srcdir/policy.at:610: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:610" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:610" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:611: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=internal --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:611" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=internal --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:611" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:613: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:613" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:613" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:614: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-priority -1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:614" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-priority -1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:614" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:615: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:615" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:615" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:615: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:615" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:615" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:617: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:617" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 ingress-zones: ANY egress-zones: HOST " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:617" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:627: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:627" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:627" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:631: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:631" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:631" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:643: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:643" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:643" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:647: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:647" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:647" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:661: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:661" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 OUTPUT_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 OUTPUT_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:661" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:666: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:666" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "OUTPUT_direct all ::/0 ::/0 OUTPUT_POLICIES_pre all ::/0 ::/0 OUTPUT_POLICIES_post all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:666" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:679: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:679" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:679" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:683: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:683" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POSTROUTING_direct all ::/0 ::/0 POSTROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:683" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:695: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:695" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0 PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:695" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:701: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:701" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 DROP all ::/0 ::/0 rpfilter validmark invert PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:701" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:721: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:721" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:721" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:729: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:729" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 INPUT_direct all ::/0 ::/0 INPUT_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:729" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:751: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:751" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:751" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:759: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:759" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED,DNAT ACCEPT all ::/0 ::/0 FORWARD_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 FORWARD_ZONES all ::/0 ::/0 DROP all ::/0 ::/0 ctstate INVALID REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:759" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:780: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:780" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 OUTPUT_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 OUTPUT_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:780" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:787: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:787" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all ::/0 ::/0 ctstate RELATED,ESTABLISHED ACCEPT all ::/0 ::/0 OUTPUT_direct all ::/0 ::/0 RFC3964_IPv4 all ::/0 ::/0 OUTPUT_POLICIES_pre all ::/0 ::/0 OUTPUT_POLICIES_post all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:787" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:798: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:798" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:798" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:799: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:799" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:799" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:800: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-active-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:800" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-active-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 ingress-zones: ANY egress-zones: HOST foobar ingress-zones: public egress-zones: HOST " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:800" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:817: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:817" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:817" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:821: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:821" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 IN_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:821" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:832: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:832" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:832" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:834: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:834" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:834" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:843: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:843" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:843" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:845: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:845" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:845" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:848: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:848" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:848" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:852: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:852" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:852" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:864: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:864" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:864" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:867: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:867" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:867" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:878: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:878" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:878" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:881: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:881" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:881" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:891: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:891" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:891" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:893: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:893" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:893" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:902: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:902" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:902" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:904: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:904" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:904" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:906: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:906" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:907: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:907" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:907" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:911: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:911" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:911" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:912: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:912" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:912" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:922: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:922" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:922" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:926: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:926" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 IN_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:926" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:937: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:937" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:937" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:939: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:939" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:939" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:948: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:948" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:948" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:950: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:950" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:950" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:953: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:953" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:953" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:957: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:957" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:957" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:970: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:970" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:970" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:974: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:974" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:974" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:987: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:987" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:987" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:991: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:991" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:991" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1002: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1002" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1002" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1004: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1004" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1004" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1013: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1013" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1013" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1015: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1015" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1015" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1017: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1017" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1017" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1018: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1018" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1018" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1022: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1022" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1022" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1023: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1023" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1023" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1032: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1032" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1032" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1035: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1035" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1035" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1046: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1046" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "OUT_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1046" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1049: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1049" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "OUT_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1049" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1059: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1059" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1059" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1061: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1061" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1061" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1064: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1064" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1064" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1067: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1067" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1067" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1078: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1078" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1078" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1081: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1081" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1081" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1092: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1092" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1092" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1095: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1095" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1095" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1105" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1107" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "OUT_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1117" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "OUT_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1120" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1123: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1123" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1123" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1124: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1124" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1124" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1128: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1128" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1128" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1129" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1138" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1141: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1141" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1141" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1152: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1152" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "OUT_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1152" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1155: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1155" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "OUT_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1155" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1165" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1167: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1167" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1167" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1170: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1170" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1170" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1173: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1173" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1173" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1184: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1184" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1184" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1187: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1187" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1187" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1198: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1198" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1198" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1201: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1201" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1201" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1211: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1211" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1211" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1213: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1213" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1213" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1223: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1223" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "OUT_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1223" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1226: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1226" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "OUT_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1226" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1229: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"HOST\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1229" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="HOST" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1229" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1230: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1230" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1230" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1234" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1235" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1244: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1244" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1244" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1247: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1247" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1247" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1257: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1257" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1257" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1259" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1269" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1272: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1272" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1272" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1276: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1276" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1276" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1280: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1280" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1280" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1293: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1293" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1293" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1297: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1297" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1297" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1310: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1310" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1310" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1314: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1314" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1314" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1326: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1326" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1326" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1329: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1329" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1329" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1339: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1339" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1339" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1341: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1341" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1341" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1343: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1343" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1343" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1344: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1344" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1344" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1348: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1348" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1348" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1349: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1349" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1349" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1358: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1358" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1358" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1361: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1361" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1361" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1371: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1371" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1371" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1373: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1373" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1373" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1383: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1383" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1383" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1386: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1386" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1386" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1390: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1390" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1390" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1394: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1394" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1394" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1406: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1406" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1406" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1409: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1409" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1409" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1420: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1420" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1420" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1423: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1423" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1423" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1434: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1434" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1434" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1437: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1437" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1437" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1447: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1447" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1447" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1449: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1449" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1449" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1451: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1451" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1451" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1452: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1452" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1452" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1453: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1453" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1453" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1454: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1454" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1454" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1458: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1458" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1458" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1459: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1459" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1459" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1460: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1460" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1460" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1469: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1469" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1469" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1472: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1472" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1472" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1482: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1482" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1482" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1484: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1484" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1484" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1494: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1494" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1494" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1497: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1497" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1497" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1500: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1500" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1500" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1504: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1504" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1504" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1516: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1516" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1516" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1520: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1520" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1520" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1532: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1532" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1532" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1536: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1536" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1536" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1547: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1547" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1547" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1550: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1550" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1550" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1559: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1559" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1559" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1561: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1561" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1561" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1563: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1563" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1563" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1564: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1564" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1564" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1565: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1565" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1565" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1569: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1569" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1569" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1570: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1570" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1570" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1571: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1571" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1571" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1580: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1580" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1580" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1583: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1583" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1583" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1593: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1593" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1593" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1595: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1595" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1595" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1605: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1605" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1605" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1608: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1608" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1608" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1612: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1612" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1612" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1616: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1616" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1616" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1629: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1629" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1629" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1633: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1633" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1633" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1646: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1646" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1646" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1650: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1650" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1650" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1661: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1661" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1661" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1663: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1663" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1663" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1672: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1672" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1672" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1674: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1674" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1674" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1676: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1676" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1676" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1677: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1677" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1677" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1678: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1678" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1678" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1682: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1682" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1682" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1683: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1683" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1683" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1684: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1684" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1684" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1693: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1693" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1693" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1696: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1696" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1696" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1706: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1706" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1706" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1708: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1708" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1708" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1718: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1718" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all -- 10.10.10.0/24 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1718" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1721: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1721" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1721" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1724: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1724" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1724" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1728: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1728" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1728" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1740: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1740" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1740" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1744: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1744" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1744" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1756: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1756" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1756" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1760: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1760" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1760" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1771: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1771" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar all -- 10.10.10.0/24 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1771" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1774: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1774" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1774" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1783: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1783" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1783" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1785: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1785" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1785" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1787: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1787" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1787" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1788: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"ANY\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1788" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="ANY" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1788" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1789: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1789" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1789" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1794: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1794" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1794" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1795: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1795" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1795" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1796: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1796" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1796" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1797: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1797" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1797" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1806: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1806" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1806" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1809: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1809" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1809" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1819: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1819" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1819" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1821: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1821" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1821" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1831: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1831" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1831" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1834: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1834" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1834" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1838: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1838" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1838" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1842: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1842" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1842" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1854: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1854" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1854" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1857: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1857" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1857" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1868: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1868" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1868" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1871: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1871" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1871" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1881: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1881" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1881" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1883: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1883" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1883" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1892: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1892" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1892" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1894: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1894" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1894" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1896: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1896" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1896" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1897: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1897" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1897" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1898: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1898" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1898" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1899: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1899" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1899" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1904: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1904" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1904" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1905: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1905" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1905" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1906: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1906" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1906" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1907: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:1907" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1907" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:1916: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1916" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1916" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1919: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1919" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1919" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1929: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1929" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1929" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1931: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1931" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1931" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1941: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1941" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1941" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1944: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1944" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1944" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1947: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1947" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1947" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1951: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1951" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1951" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1963: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1963" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1963" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1967: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1967" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1967" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1979: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1979" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1979" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1983: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1983" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1983" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:1993: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1993" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1993" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:1995: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:1995" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:1995" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2004: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2004" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2004" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2006: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2006" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2006" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2008: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2008" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2008" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2009: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2009" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2009" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2010: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2010" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-interface=foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2010" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2011: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2011" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2011" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2016: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2016" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2016" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2017: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2017" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2017" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2018: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2018" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2018" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2019: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2019" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2019" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2028: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2028" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2028" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2031: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2031" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2031" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2041: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2041" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2041" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2043: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2043" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2043" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2053: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2053" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all -- 10.10.10.0/24 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2053" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2056: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2056" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2056" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2059: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2059" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2059" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2063: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2063" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2063" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2074: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2074" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2074" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2077: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2077" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2077" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2088: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2088" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2088" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2091: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2091" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2091" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar all -- 10.10.10.0/24 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2102" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2105" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2114" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2116" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2120: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2120" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2120" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2121: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-interface=foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2121" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-interface=foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2121" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --add-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2126" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2127: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-source=10.20.20.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2127" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-source=10.20.20.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2127" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2128: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2128" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2128" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2129: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2129" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2129" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2138" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2141: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2141" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L INPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2141" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2151: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2151" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2151" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2153: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2153" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2153" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all -- 10.10.10.0/24 10.20.20.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2163" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2166" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2169: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2169" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 10.20.20.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2169" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2173: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2173" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2173" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 10.20.20.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2185" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2189: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2189" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2189" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2201: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2201" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 10.10.10.0/24 10.20.20.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2201" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2205: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2205" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2205" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "POST_foobar all -- 10.10.10.0/24 10.20.20.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2216" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2219: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2219" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POSTROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2219" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2228: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2228" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2228" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2230: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2230" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L OUTPUT_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2230" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2232: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone=\"internal\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2232" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-ingress-zone="internal" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2232" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2233: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone=\"public\" " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2233" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone="public" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2233" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=internal --remove-source=10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2234" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-source=10.20.20.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-source=10.20.20.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2235" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy.at:2237" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2237" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_270 #AT_START_271 at_fn_group_banner 271 'policy.at:2239' \ "policy - interfaces/sources" " " 11 at_xfail=no ( $as_echo "271. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:2239: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2239" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:2239: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:2239" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:2239: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:2239" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:2239: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2239" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2239" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy.at:2239" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy.at:2239" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:2239" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:2239" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:2239" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:2239" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:2239" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2239" { set +x $as_echo "$at_srcdir/policy.at:2242: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2242" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2242" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2243" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2244: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone internal --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2244" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone internal --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2244" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2245: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2245" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2245" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2246: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2246" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2246" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2246: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2246" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2246" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2253" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2255: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2255" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2255" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2261: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --add-interface foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2261" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --add-interface foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2261" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2270: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2270" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2270" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2273: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2273" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2273" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2279: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --add-interface foobar2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2279" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --add-interface foobar2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2279" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2288: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2288" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2288" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2292: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2292" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all ::/0 ::/0 FWD_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2292" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --remove-interface foobar2 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --remove-interface foobar2 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2299" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2308: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2308" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2308" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2311: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2311" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FWD_foobar all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2311" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2318: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --remove-interface foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2318" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --remove-interface foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2318" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2325: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2325" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2325" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2327: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2327" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2327" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2333: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2333" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2333" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2342: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2342" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2342" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2346: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2346" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2346" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2352: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --add-source 1234::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2352" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --add-source 1234::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2352" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2359: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2359" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2359" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2363: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2363" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 PRE_foobar all ::/0 1234::/64 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2363" $at_failed && at_fn_log_failure $at_traceon; } else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2370: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --remove-source 1234::/64 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2370" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --remove-source 1234::/64 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2370" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2381: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2381" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all -- 0.0.0.0/0 0.0.0.0/0 PRE_foobar all -- 0.0.0.0/0 10.10.10.0/24 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2381" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2385: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2385" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PREROUTING_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "PRE_allow-host-ipv6 all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2385" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/policy.at:2392: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone public --remove-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2392" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone public --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2392" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2399: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2399" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2399" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2401: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2401" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FORWARD_POLICIES_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2401" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"" != x"ignore"; then $as_echo "policy.at:2404" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2404" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_271 #AT_START_272 at_fn_group_banner 272 'policy.at:2406' \ "policy - target" " " 11 at_xfail=no ( $as_echo "272. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:2406: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2406" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:2406: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:2406" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:2406: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:2406" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:2406: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2406" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2406" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy.at:2406" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy.at:2406" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:2406" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:2406" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:2406" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:2406" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:2406" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2406" { set +x $as_echo "$at_srcdir/policy.at:2409: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2409" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2409" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2411: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=CONTINUE " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2411" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=CONTINUE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2411" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2412: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2412" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2412" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2413: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2413" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2413" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2414: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=REJECT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2414" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=REJECT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2414" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2415: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=DENY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2415" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=DENY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/policy.at:2415" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2416: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=default " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2416" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/policy.at:2416" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2419: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2419" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2419" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2420: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2420" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2420" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2421: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone internal --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2421" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone internal --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2421" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2422: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2422" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2422" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2423: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2423" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2423" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2423: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2423" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2423" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2436: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2436" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_foobar_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_log all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_allow all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2436" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/policy.at:2444: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "policy.at:2444" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_foobar_pre all ::/0 ::/0 IN_foobar_log all ::/0 ::/0 IN_foobar_deny all ::/0 ::/0 IN_foobar_allow all ::/0 ::/0 IN_foobar_post all ::/0 ::/0 ACCEPT all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2444" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"ignore" != x"ignore"; then $as_echo "policy.at:2453" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2453" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_272 #AT_START_273 at_fn_group_banner 273 'policy.at:2455' \ "policy - from file" " " 11 at_xfail=no ( $as_echo "273. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/policy.at:2455: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2455" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/policy.at:2455: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "policy.at:2455" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/policy.at:2455: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "policy.at:2455" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/policy.at:2455: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2455" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2455" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "policy.at:2455" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/policy.at:2455" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "policy.at:2455" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:2455" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "policy.at:2455" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/policy.at:2455" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "policy.at:2455" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2455" { set +x $as_echo "$at_srcdir/policy.at:2458: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2458" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy allow-host-ipv6 --add-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2458" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2459: ls \"./policies/allow-host-ipv6.xml\"" at_fn_check_prepare_trace "policy.at:2459" ( $at_check_trace; ls "./policies/allow-host-ipv6.xml" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2459" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2460: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy-from-file \"./policies/allow-host-ipv6.xml\" --name my-allow-host-ipv6 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2460" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy-from-file "./policies/allow-host-ipv6.xml" --name my-allow-host-ipv6 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2460" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2461: ls \"./policies/my-allow-host-ipv6.xml\"" at_fn_check_prepare_trace "policy.at:2461" ( $at_check_trace; ls "./policies/my-allow-host-ipv6.xml" ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2461" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2462: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --get-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2462" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --get-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 my-allow-host-ipv6 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2462" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2465: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2465" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2465" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2465: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2465" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2465" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/policy.at:2466: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --get-policies " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "policy.at:2466" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --get-policies ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "allow-host-ipv6 my-allow-host-ipv6 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/policy.at:2466" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "policy.at:2470" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/policy.at:2470" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_273 #AT_START_274 at_fn_group_banner 274 'services.at:1' \ "services" " " 11 at_xfail=no ( $as_echo "274. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/services.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/services.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "services.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/services.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "services.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/services.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "services.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/services.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "services.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/services.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "services.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/services.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "services.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/services.at:1" { set +x $as_echo "$at_srcdir/services.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "services.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT tcp -- 10.10.10.0/24 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:25" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/services.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "services.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:22 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:29" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/services.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:37: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:37" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:37" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:40" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ssh accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ssh accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED ACCEPT tcp -- 10.10.10.0/24 0.0.0.0/0 tcp dpt:21 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:21 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t raw -L PRE_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t raw -L PRE_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 CT helper ftp CT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t raw -L PRE_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t raw -L PRE_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "CT tcp ::/0 ::/0 tcp dpt:21 CT helper ftp " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-service ftp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-service ftp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=\"10.10.10.0/24\" service name=ftp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address="10.10.10.0/24" service name=ftp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/services.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-service does-not-exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-service does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/services.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-service does-not-exist " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-service does-not-exist ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 101 $at_status "$at_srcdir/services.at:91" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-interface raboof0 --add-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-interface raboof0 --add-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/services.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/services.at:95: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-interface raboof0 --add-service ssh " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "services.at:95" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-interface raboof0 --add-service ssh ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 2 $at_status "$at_srcdir/services.at:95" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_SERVICE/d'" != x"ignore"; then $as_echo "services.at:97" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_SERVICE/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/services.at:97" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_274 #AT_START_275 at_fn_group_banner 275 'ports.at:1' \ "ports" " " 11 at_xfail=no ( $as_echo "275. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/ports.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/ports.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "ports.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/ports.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "ports.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/ports.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "ports.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/ports.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "ports.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/ports.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "ports.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/ports.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "ports.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/ports.at:1" { set +x $as_echo "$at_srcdir/ports.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "ports.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1234 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1234 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4321 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4444 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:32" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/ports.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "ports.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp dpt:1234 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:1234 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:4321 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp dpt:4444 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:38" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/ports.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/ports.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:51: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:51" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/ports.at:51" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:53" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1234 ctstate NEW,UNTRACKED ACCEPT sctp -- 0.0.0.0/0 0.0.0.0/0 sctp dpt:4444 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT udp ::/0 ::/0 udp dpt:1234 ctstate NEW,UNTRACKED ACCEPT sctp ::/0 ::/0 sctp dpt:4444 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-port 1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:95: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 123443/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:95" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 123443/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-port 123443/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-port 123443/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:96" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234/bogus " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-port 1234/bogus ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-port 1234/bogus " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-port 1234/bogus ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=4444 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=4444 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=4444 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=4444 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=99999 protocol=tcp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=99999 protocol=tcp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:102" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=99999 protocol=tcp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=99999 protocol=tcp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/ports.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=4444 protocol=bogus accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule port port=4444 protocol=bogus accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/ports.at:105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=4444 protocol=bogus accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "ports.at:105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule port port=4444 protocol=bogus accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/ports.at:105" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "ports.at:107" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/ports.at:107" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_275 #AT_START_276 at_fn_group_banner 276 'source_ports.at:1' \ "source ports" " " 11 at_xfail=no ( $as_echo "276. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/source_ports.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/source_ports.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "source_ports.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/source_ports.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "source_ports.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/source_ports.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "source_ports.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/source_ports.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "source_ports.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/source_ports.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "source_ports.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/source_ports.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "source_ports.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/source_ports.at:1" { set +x $as_echo "$at_srcdir/source_ports.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "source_ports.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:1234 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:1234 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:4321 ctstate NEW,UNTRACKED ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:4444 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:32" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/source_ports.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "source_ports.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp ::/0 ::/0 tcp spt:1234 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp spt:1234 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp spt:4321 ctstate NEW,UNTRACKED ACCEPT udp ::/0 ::/0 udp spt:4444 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:38" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/source_ports.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/source_ports.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:51: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:51" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/source_ports.at:51" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:53" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 4321/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 4321/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=udp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=udp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:1234 ctstate NEW,UNTRACKED ACCEPT sctp -- 0.0.0.0/0 0.0.0.0/0 sctp spt:4444 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT udp ::/0 ::/0 udp spt:1234 ctstate NEW,UNTRACKED ACCEPT sctp ::/0 ::/0 sctp spt:4444 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-source-port 1234/udp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule source-port port=4444 protocol=sctp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/source_ports.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:95: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 123443/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:95" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 123443/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 123443/tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 123443/tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:96" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234/bogus " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-source-port 1234/bogus ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 1234/bogus " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-source-port 1234/bogus ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=4444 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=4444 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=4444 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=4444 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=99999 protocol=tcp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=99999 protocol=tcp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:102" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=99999 protocol=tcp accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=99999 protocol=tcp accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/source_ports.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=bogus accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=bogus accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/source_ports.at:105: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=bogus accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "source_ports.at:105" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule source-port port=4444 protocol=bogus accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/source_ports.at:105" $at_failed && at_fn_log_failure $at_traceon; } if test x"" != x"ignore"; then $as_echo "source_ports.at:107" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/source_ports.at:107" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_276 #AT_START_277 at_fn_group_banner 277 'forward_ports.at:1' \ "forward ports" " " 11 at_xfail=no ( $as_echo "277. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/forward_ports.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/forward_ports.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "forward_ports.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/forward_ports.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "forward_ports.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/forward_ports.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "forward_ports.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/forward_ports.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "forward_ports.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/forward_ports.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "forward_ports.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/forward_ports.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "forward_ports.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/forward_ports.at:1" { set +x $as_echo "$at_srcdir/forward_ports.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:9" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/forward_ports.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:10" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/forward_ports.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:14" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/forward_ports.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:15" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/forward_ports.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:20" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/forward_ports.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:21" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/forward_ports.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:24" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:33 to:10.10.10.10:33 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:444 to:10.44.44.44:4444 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:34" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/forward_ports.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PRE_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PRE_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT udp ::/0 ::/0 udp dpt:44 to:[1234::4321]:4444 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:38" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/forward_ports.at:41: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:41" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:41" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:42" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/forward_ports.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:43" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/forward_ports.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:48" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/forward_ports.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=44:proto=udp:toport=4444:toaddr=1234::4321 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:49" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/forward_ports.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:33 to:10.10.10.10:33 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:444 to:10.44.44.44:4444 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PRE_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PRE_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-forward-port port=33:proto=tcp:toport=33:toaddr=10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/forward_ports.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port 1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:88" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port 1234 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port 1234 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=11:proto=tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=11:proto=tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=11:proto=tcp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=11:proto=tcp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:91" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:92: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=11:proto=tcpp:toport=1111 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:92" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=11:proto=tcpp:toport=1111 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:92" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=11:proto=tcpp:toport=1111 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=11:proto=tcpp:toport=1111 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=11:proto=tcp:toport=1111:toaddr=10.10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=11:proto=tcp:toport=1111:toaddr=10.10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/forward_ports.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:95: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=11:proto=tcp:toport=1111:toaddr=10.10.10.10.10 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:95" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=11:proto=tcp:toport=1111:toaddr=10.10.10.10.10 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/forward_ports.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:99: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:99" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/forward_ports.at:99" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 102 $at_status "$at_srcdir/forward_ports.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcpp to-port=1111' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcpp to-port=1111' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:101" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:102: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcpp to-port=1111' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:102" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcpp to-port=1111' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/forward_ports.at:102" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:103: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp to-port=1111 to-addr=10.10.10.10.10' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:103" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp to-port=1111 to-addr=10.10.10.10.10' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/forward_ports.at:103" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp to-port=1111 to-addr=10.10.10.10.10' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=tcp to-port=1111 to-addr=10.10.10.10.10' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 105 $at_status "$at_srcdir/forward_ports.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:106" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:107: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:107" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:107" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:110: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:110" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:110" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:111: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:111" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:111" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:113" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:115: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:115" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:115" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:116: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:116" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:116" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:117" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:118: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:118" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:118" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:119: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:119" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:119" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:128: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:128" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 to::2222 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:128" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/forward_ports.at:131: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L PRE_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:131" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L PRE_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT udp ::/0 ::/0 udp dpt:444 to::4444 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:131" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/forward_ports.at:134: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:134" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:134" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:135: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:135" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:135" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:136: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:136" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:136" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:137: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:137" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:137" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv6 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:138" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:139" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:142: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:142" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:142" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:144: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:144" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:144" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:145: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:145" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:145" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:146: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:146" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:146" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:147: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:147" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:147" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:149: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:149" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:149" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:150: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:150" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:150" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:151: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:151" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:151" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:152: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:152" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:152" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:155: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone internal --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:155" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone internal --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:155" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:156: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:156" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:156" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:157: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:157" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:157" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:158: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:158" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/forward_ports.at:158" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:159: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:159" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:159" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:160: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:160" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/forward_ports.at:160" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:161: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:161" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:161" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:162" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:163: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:163" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:163" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:164: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:164" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/forward_ports.at:164" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:165: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:165" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:165" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:166: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:166" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/forward_ports.at:166" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:168: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone internal --remove-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:168" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone internal --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:168" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:169: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --remove-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:169" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:169" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:173: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone internal --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:173" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone internal --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:173" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:177: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:177" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:177" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:178: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone internal --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:178" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone internal --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:178" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:179: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:179" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:179" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:180: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:180" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:180" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:181: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:181" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:181" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:182: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:182" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:182" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:191: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L PRE_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:191" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L PRE_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 to:10.0.0.1:2222 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:444 to:10.44.44.44:4444 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:191" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_FORWARD/d' -e '/ERROR: INVALID_ZONE/d'" != x"ignore"; then $as_echo "forward_ports.at:196" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_FORWARD/d' -e '/ERROR: INVALID_ZONE/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/forward_ports.at:196" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_277 #AT_START_278 at_fn_group_banner 278 'forward_ports.at:199' \ "forward ports (OUTPUT)" " " 11 at_xfail=no ( $as_echo "278. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/forward_ports.at:199: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:199" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/forward_ports.at:199: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "forward_ports.at:199" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/forward_ports.at:199: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "forward_ports.at:199" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/forward_ports.at:199: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:199" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:199" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "forward_ports.at:199" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/forward_ports.at:199" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "forward_ports.at:199" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/forward_ports.at:199" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "forward_ports.at:199" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/forward_ports.at:199" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "forward_ports.at:199" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/forward_ports.at:199" { set +x $as_echo "$at_srcdir/forward_ports.at:202: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:202" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:202" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:203: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-zone localhost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:203" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-zone localhost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:203" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:204: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:204" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:204" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:204: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:204" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:204" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:209: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:209" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:209" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:210: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:210" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:210" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:211: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:211" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:211" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:212" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:213: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:213" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:213" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:214: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:214" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:214" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:215: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --add-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:215" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --add-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:215" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:217: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:217" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:217" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:218: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:218" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:218" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:219: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:219" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:219" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:220: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:220" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:220" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:229: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUT_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:229" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUT_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 to:10.0.0.1:2222 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:444 to:10.44.44.44:4444 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:229" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:234: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:234" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:234" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:235: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:235" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:235" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:236: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --remove-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:236" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --remove-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:236" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:237: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:237" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:237" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:242: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone localhost --add-source 127.0.0.0/8 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:242" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone localhost --add-source 127.0.0.0/8 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:242" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:243" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:244: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone localhost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:244" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-egress-zone localhost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:244" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:245: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:245" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:245" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:246: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:246" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:246" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:247: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:247" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:247" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:248: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:248" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:248" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:249: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone localhost --add-source 127.0.0.0/8 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:249" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone localhost --add-source 127.0.0.0/8 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:249" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:250: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --add-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:250" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --add-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:250" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:251: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --add-egress-zone localhost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:251" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --add-egress-zone localhost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:251" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:252: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:252" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:252" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-forward-port port=22:proto=tcp:toport=2222:toaddr=10.0.0.1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:253" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 106 $at_status "$at_srcdir/forward_ports.at:254" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:255: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:255" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv4 forward-port port=444 protocol=udp to-port=4444 to-addr=10.44.44.44' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:255" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:264: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L OUT_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "forward_ports.at:264" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L OUT_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 to:10.0.0.1:2222 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:444 to:10.44.44.44:4444 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:264" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone localhost --remove-source 127.0.0.0/8 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone localhost --remove-source 127.0.0.0/8 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:269" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:270: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:270" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:270" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:271: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-egress-zone localhost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:271" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-egress-zone localhost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:271" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:272: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone localhost --remove-source 127.0.0.0/8 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:272" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone localhost --remove-source 127.0.0.0/8 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:272" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:273: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --remove-ingress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:273" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --remove-ingress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:273" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/forward_ports.at:274: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --remove-egress-zone localhost " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "forward_ports.at:274" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --remove-egress-zone localhost ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/forward_ports.at:274" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_FORWARD/d' -e '/ERROR: INVALID_ZONE/d'" != x"ignore"; then $as_echo "forward_ports.at:276" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_FORWARD/d' -e '/ERROR: INVALID_ZONE/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/forward_ports.at:276" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_278 #AT_START_279 at_fn_group_banner 279 'masquerade.at:1' \ "masquerade" " " 11 at_xfail=no ( $as_echo "279. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/masquerade.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/masquerade.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "masquerade.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/masquerade.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "masquerade.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/masquerade.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "masquerade.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/masquerade.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "masquerade.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/masquerade.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "masquerade.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/masquerade.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "masquerade.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/masquerade.at:1" { set +x $as_echo "$at_srcdir/masquerade.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:26: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POST_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "masquerade.at:26" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POST_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 MASQUERADE all -- 10.10.10.0/24 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:26" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/masquerade.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POST_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "masquerade.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POST_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:30" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/masquerade.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:32" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:33: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:33" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:33" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:34: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:34" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:34" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:35: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:35" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:35" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:36: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:36" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:36" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:37: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:37" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:37" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:39: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:39" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:39" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t nat -L POST_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t nat -L POST_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t nat -L POST_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t nat -L POST_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MASQUERADE all 1234::/64 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234::/64 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/masquerade.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar_host " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar_host ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-ingress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:74" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:74" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:77: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar_host --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:77" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar_host --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:77" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:78: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar_host --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:78" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar_host --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:78" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --remove-ingress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --remove-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:79" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:80: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --remove-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:80" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_host --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:80" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:84: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar_int_to_pub " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:84" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar_int_to_pub ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:84" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:85: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=internal --add-interface foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:85" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=internal --add-interface foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:85" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:86: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-ingress-zone internal " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:86" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-ingress-zone internal ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:86" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:87: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:87" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:87" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:88" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:88: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:88" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:88" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:91: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar_int_to_pub --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:91" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar_int_to_pub --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:91" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:92: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:92" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/masquerade.at:92" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=internal --remove-interface foobar1 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=internal --remove-interface foobar1 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=internal --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=internal --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:97" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:98: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:98" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:98" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:99: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-masquerade " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:99" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-masquerade ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:99" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:100: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:100" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar_int_to_pub --add-rich-rule='rule family=ipv4 source address=10.10.10.0/24 masquerade' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:100" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/masquerade.at:101: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=internal --remove-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "masquerade.at:101" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=internal --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/masquerade.at:101" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_ZONE:/d'" != x"ignore"; then $as_echo "masquerade.at:103" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ZONE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/masquerade.at:103" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_279 #AT_START_280 at_fn_group_banner 280 'protocols.at:1' \ "protocols" " " 11 at_xfail=no ( $as_echo "280. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/protocols.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/protocols.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "protocols.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/protocols.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "protocols.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/protocols.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "protocols.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/protocols.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "protocols.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/protocols.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "protocols.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/protocols.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "protocols.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/protocols.at:1" { set +x $as_echo "$at_srcdir/protocols.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:17" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:18" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:19: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:19" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:19" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:20" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "protocols.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT sctp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED ACCEPT icmpv6-- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED ACCEPT 33 -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:32" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/protocols.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "protocols.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT sctp ::/0 ::/0 ctstate NEW,UNTRACKED ACCEPT icmpv6 ::/0 ::/0 ctstate NEW,UNTRACKED ACCEPT 33 ::/0 ::/0 ctstate NEW,UNTRACKED ACCEPT 47 ::/0 ::/0 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:38" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/protocols.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/protocols.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:50" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:51: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:51" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/protocols.at:51" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:52: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:52" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:52" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:53: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol dccp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:53" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol dccp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:53" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:54: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol gre " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:54" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol gre ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:54" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:55: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:55" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:55" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT icmpv6-- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED ACCEPT sctp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT icmpv6 ::/0 ::/0 ctstate NEW,UNTRACKED ACCEPT sctp ::/0 ::/0 ctstate NEW,UNTRACKED " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-protocol ipv6-icmp ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:58: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule protocol value=\"sctp\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:58" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule protocol value="sctp" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/protocols.at:58" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:93: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:93" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-protocol dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/protocols.at:93" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:94: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-protocol dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:94" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-protocol dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/protocols.at:94" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:95: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule protocol value=\"dummy\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:95" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule protocol value="dummy" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/protocols.at:95" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/protocols.at:96: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule protocol value=\"dummy\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "protocols.at:96" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule protocol value="dummy" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 103 $at_status "$at_srcdir/protocols.at:96" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_PROTOCOL: dummy/d'" != x"ignore"; then $as_echo "protocols.at:98" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_PROTOCOL: dummy/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/protocols.at:98" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_280 #AT_START_281 at_fn_group_banner 281 'rich_rules.at:1' \ "rich rules" " " 11 at_xfail=no ( $as_echo "281. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rich_rules.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rich_rules.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rich_rules.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rich_rules.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rich_rules.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rich_rules.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rich_rules.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rich_rules.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rich_rules.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rich_rules.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rich_rules.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rich_rules.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rich_rules.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rich_rules.at:1" { set +x $as_echo "$at_srcdir/rich_rules.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_foobar_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_log all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_allow all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_post all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:25" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rich_rules.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "IN_foobar_pre all ::/0 ::/0 IN_foobar_log all ::/0 ::/0 IN_foobar_deny all ::/0 ::/0 IN_foobar_allow all ::/0 ::/0 IN_foobar_post all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:32" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rich_rules.at:42: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.10 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:42" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 source address=10.10.10.10 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:42" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 log accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 log accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 audit accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.11 audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.12 reject' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.12 reject' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.13 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=0 source address=10.10.10.13 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.10.10.14 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.10.10.14 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=1 source address=10.10.10.15 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=1 source address=10.10.10.15 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:57: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:57" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 10.10.10.14 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:57" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_log; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_log; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG all -- 10.10.10.11 0.0.0.0/0 LOG flags 0 level 4 AUDIT all -- 10.10.10.11 0.0.0.0/0 AUDIT accept " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:80: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:80" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT all -- 10.10.10.12 0.0.0.0/0 reject-with icmp-port-unreachable DROP all -- 10.10.10.13 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:80" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:92: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:92" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 10.10.10.10 0.0.0.0/0 ACCEPT all -- 10.10.10.11 0.0.0.0/0 ACCEPT all -- 10.10.10.11 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:92" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:104: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:104" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 10.10.10.15 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:104" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:110: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.20.20.20 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:110" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-1 source address=10.20.20.20 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:110" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:111: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-2 destination address=10.20.20.21 accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:111" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-2 destination address=10.20.20.21 accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:111" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:112: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-3 source address=10.20.20.22 destination address=10.20.20.23 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:112" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv4 priority=-3 source address=10.20.20.22 destination address=10.20.20.23 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:112" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:113: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv6 priority=-4 source address=1234::4321 destination address=1234::4444 drop' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:113" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule family=ipv6 priority=-4 source address=1234::4321 destination address=1234::4444 drop' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:113" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:114: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:114" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:114" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:126: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:126" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP all -- 10.20.20.22 10.20.20.23 ACCEPT all -- 0.0.0.0/0 10.20.20.21 ACCEPT all -- 10.10.10.14 0.0.0.0/0 ACCEPT all -- 10.20.20.20 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:126" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rich_rules.at:132: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:132" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP all 1234::4321 1234::4444 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:132" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rich_rules.at:138: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-1 icmp-type name=\"neighbour-advertisement\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:138" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-1 icmp-type name="neighbour-advertisement" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:138" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:139: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-2 icmp-type name=\"echo-request\" accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:139" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-2 icmp-type name="echo-request" accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:139" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:140" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:140: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:140" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:140" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:155: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:155" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP all -- 10.20.20.22 10.20.20.23 ACCEPT all -- 0.0.0.0/0 10.20.20.21 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ACCEPT all -- 10.10.10.14 0.0.0.0/0 ACCEPT all -- 10.20.20.20 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:155" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rich_rules.at:162: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:162" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "DROP all 1234::4321 1234::4444 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 128 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 136 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:162" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rich_rules.at:168: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:168" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:168" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:173: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:173" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:173" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:174: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:174" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:174" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:175: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:175" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:175" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:176: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:176" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:176" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:185: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PRE_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:185" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PRE_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK xset 0x6600/0xff00 MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x4d2 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:185" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rich_rules.at:189: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PRE_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:189" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PRE_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MARK all ::/0 ::/0 MARK xset 0x6600/0xff00 MARK all ::/0 ::/0 MARK set 0x4d2 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:189" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rich_rules.at:193: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:193" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:193" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:198: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:198" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:198" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:199: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:199" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:199" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:199: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:199" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:199" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:208: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PRE_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:208" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PRE_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK xset 0x6600/0xff00 MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x4d2 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:208" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rich_rules.at:212: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PRE_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:212" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PRE_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MARK all ::/0 ::/0 MARK xset 0x6600/0xff00 MARK all ::/0 ::/0 MARK set 0x4d2 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:212" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rich_rules.at:216: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:216" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:216" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:221: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:221" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:221" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:222: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:222" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:222" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:223: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:223" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:223" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:223: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:223" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:223" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:232: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t mangle -L PRE_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:232" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t mangle -L PRE_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK xset 0x6600/0xff00 MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x4d2 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:232" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rich_rules.at:236: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PRE_foobar_pre; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:236" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PRE_foobar_pre; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "MARK all ::/0 ::/0 MARK xset 0x6600/0xff00 MARK all ::/0 ::/0 MARK set 0x4d2 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:236" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rich_rules.at:240: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:240" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:240" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:241: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --remove-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:241" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:241" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:242: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:242" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:242" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:243: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-source 10.10.10.0/24 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:243" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-source 10.10.10.0/24 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:243" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:244: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=-1 mark set=1234' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:244" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=-1 mark set=1234' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:244" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:245: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --remove-rich-rule='rule priority=-1 mark set=1234' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:245" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --remove-rich-rule='rule priority=-1 mark set=1234' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:245" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:246: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:246" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:246" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:247: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --remove-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:247" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --remove-rich-rule='rule priority=-2 mark set=0x6600/0xFF00' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:247" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:252: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:252" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:252" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:253: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:253" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:253" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:254: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:254" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/rich_rules.at:254" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:255: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:255" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=public --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:255" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:256: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:256" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:256" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:257: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:257" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:257" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:258: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:258" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:258" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:259: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:259" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --add-rich-rule='rule priority=-1 mark set=1234' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 112 $at_status "$at_srcdir/rich_rules.at:259" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:260: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --zone=public --remove-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:260" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --zone=public --remove-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:260" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:261: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone public " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:261" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-egress-zone public ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:261" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:263: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:263" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:263" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:267: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32000 log prefix=\"LOG: \" level=\"warning\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:267" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32000 log prefix="LOG: " level="warning"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:267" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:268: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32001 audit accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:268" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32001 audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:268" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:269" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:269: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:269" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:269" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:280: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:280" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 10.10.10.15 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix \"'LOG: '\" AUDIT all -- 0.0.0.0/0 0.0.0.0/0 AUDIT accept ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:280" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rich_rules.at:286: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:286" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "LOG all ::/0 ::/0 LOG flags 0 level 4 prefix \"'LOG: '\" AUDIT all ::/0 ::/0 AUDIT accept ACCEPT all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:286" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/rich_rules.at:291: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=32000 log prefix=\"LOG: \" level=\"warning\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:291" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=32000 log prefix="LOG: " level="warning"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:291" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:292: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=32001 audit accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:292" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --remove-rich-rule='rule priority=32001 audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:292" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:293: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:293" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:293" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:293: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:293" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:293" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:297: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32000 nflog prefix=\"NFLOG: \" queue-size=10' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:297" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32000 nflog prefix="NFLOG: " queue-size=10' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:297" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:298: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32001 audit accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:298" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --add-rich-rule='rule priority=32001 audit accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:298" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:299" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:299: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_rules.at:299" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:299" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_rules.at:310: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:310" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 10.10.10.15 0.0.0.0/0 NFLOG all -- 0.0.0.0/0 0.0.0.0/0 nflog-prefix \"NFLOG: \" nflog-threshold 10 AUDIT all -- 0.0.0.0/0 0.0.0.0/0 AUDIT accept ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:310" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rich_rules.at:316: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_post; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_rules.at:316" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_post; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "NFLOG all ::/0 ::/0 nflog-prefix \"NFLOG: \" nflog-threshold 10 AUDIT all ::/0 ::/0 AUDIT accept ACCEPT all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_rules.at:316" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"-e '/ERROR: INVALID_ZONE:/d'" != x"ignore"; then $as_echo "rich_rules.at:322" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ZONE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rich_rules.at:322" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_281 #AT_START_282 at_fn_group_banner 282 'icmp_blocks.at:1' \ "ICMP blocks" " " 11 at_xfail=no ( $as_echo "282. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "icmp_blocks.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "icmp_blocks.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/icmp_blocks.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "icmp_blocks.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/icmp_blocks.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "icmp_blocks.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/icmp_blocks.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "icmp_blocks.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/icmp_blocks.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "icmp_blocks.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/icmp_blocks.at:1" { set +x $as_echo "$at_srcdir/icmp_blocks.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:11" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:12" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:16: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:16" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:16" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:17: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:17" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:17" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:18: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:18" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:18" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:21: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:21" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:21" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:22" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:24: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:24" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:24" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:25: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:25" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:25" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_blocks.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:47" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_blocks.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:49" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:51: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_blocks.at:51" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 reject-with icmp-host-prohibited REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 0 reject-with icmp-host-prohibited REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 5 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:51" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:56: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_blocks.at:56" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 128 reject-with icmp6-adm-prohibited REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 129 reject-with icmp6-adm-prohibited REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 137 reject-with icmp6-adm-prohibited REJECT icmpv6 1234:5678::/64 ::/0 ipv6-icmptype 137 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:56" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:63: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:63" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:63" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:64: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:64" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:64" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:65: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:65" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:66" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:67" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:72: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:72" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:72" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:73: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:73" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:73" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block echo-reply " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block echo-reply ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:74" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block redirect " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block redirect ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:75" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:76" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --runtime-to-permanent " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --runtime-to-permanent ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 reject-with icmp-host-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar_deny; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar_deny; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "REJECT icmpv6 ::/0 ::/0 ipv6-icmptype 128 reject-with icmp6-adm-prohibited REJECT icmpv6 1234:5678::/64 ::/0 ipv6-icmptype 137 reject-with icmp6-adm-prohibited " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --remove-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy foobar --query-icmp-block echo-request ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:82: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"redirect\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:82" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --query-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="redirect"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 1 $at_status "$at_srcdir/icmp_blocks.at:82" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/icmp_blocks.at:141: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:141" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-icmp-block dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/icmp_blocks.at:141" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:142: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-icmp-block dummy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:142" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-icmp-block dummy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/icmp_blocks.at:142" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/icmp_blocks.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"dummy\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/icmp_blocks.at:143" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/icmp_blocks.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name=\"dummy\"' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "icmp_blocks.at:143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy=foobar --add-rich-rule='rule family=ipv6 source address=1234:5678::/64 icmp-block name="dummy"' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 107 $at_status "$at_srcdir/icmp_blocks.at:143" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"-e '/ERROR: INVALID_ICMPTYPE:/d'" != x"ignore"; then $as_echo "icmp_blocks.at:148" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_ICMPTYPE:/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/icmp_blocks.at:148" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_282 #AT_START_283 at_fn_group_banner 283 'rich_tcp_mss_clamp.at:5' \ "tcp-mss-clamp" " " 11 at_xfail=no ( $as_echo "283. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:5" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rich_tcp_mss_clamp.at:5" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rich_tcp_mss_clamp.at:5" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:5: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:5" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:5" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rich_tcp_mss_clamp.at:5" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rich_tcp_mss_clamp.at:5" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rich_tcp_mss_clamp.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rich_tcp_mss_clamp.at:5" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rich_tcp_mss_clamp.at:5" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rich_tcp_mss_clamp.at:5" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rich_tcp_mss_clamp.at:5" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rich_tcp_mss_clamp.at:5" { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:8: mkdir -p ./zones" at_fn_check_prepare_trace "rich_tcp_mss_clamp.at:8" ( $at_check_trace; mkdir -p ./zones ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:8" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/tcp.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:20: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:20" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:20" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/tcp.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:32: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:32" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:32" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/tcp.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:44: grep \"WARNING: INVALID_RULE: thisdoesnotexist: rule tcp-mss-clamp value=\"thisdoesnotexist\" \" ./firewalld.log" at_fn_check_prepare_notrace 'an embedded newline' "rich_tcp_mss_clamp.at:44" ( $at_check_trace; grep "WARNING: INVALID_RULE: thisdoesnotexist: rule tcp-mss-clamp value="thisdoesnotexist" " ./firewalld.log ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:44" $at_failed && at_fn_log_failure $at_traceon; } cat >./zones/tcp.xml <<'_ATEOF' _ATEOF { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:62: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --check-config " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:62" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --check-config ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:62" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:65: rm ./zones/tcp.xml" at_fn_check_prepare_trace "rich_tcp_mss_clamp.at:65" ( $at_check_trace; rm ./zones/tcp.xml ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:65" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=thisdoesnotexist' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=thisdoesnotexist' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:66" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:67: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:67" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:67" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:68: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule tcp-mss-clamp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:68" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --remove-rich-rule='rule tcp-mss-clamp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:68" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:69: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=0' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:69" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=0' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:69" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:70: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=536' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:70" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=536' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:70" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:71: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=pmtu' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:71" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule tcp-mss-clamp value=pmtu' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:71" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:74: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=0' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:74" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=0' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:74" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:75: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:75" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:75" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --query-rich-rule='rule tcp-mss-clamp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --query-rich-rule='rule tcp-mss-clamp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:76" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:77: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --remove-rich-rule='rule tcp-mss-clamp' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:77" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --remove-rich-rule='rule tcp-mss-clamp' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:77" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:78: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=536' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:78" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=536' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:78" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:79: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=thisdoesnotexist' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:79" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=thisdoesnotexist' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:79" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:80: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=pmtu accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:80" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=pmtu accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:80" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:81: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=pmtu' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_tcp_mss_clamp.at:81" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule tcp-mss-clamp value=pmtu' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:81" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:92: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_tcp_mss_clamp.at:92" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS set 536 TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:92" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rich_tcp_mss_clamp.at:97: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_tcp_mss_clamp.at:97" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "TCPMSS tcp ::/0 ::/0 tcp flags:0x06/0x02 TCPMSS set 536 TCPMSS tcp ::/0 ::/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_tcp_mss_clamp.at:97" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"ignore" != x"ignore"; then $as_echo "rich_tcp_mss_clamp.at:102" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rich_tcp_mss_clamp.at:102" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_283 #AT_START_284 at_fn_group_banner 284 'rich_destination_ipset.at:1' \ "rich destination ipset" " " 11 at_xfail=no ( $as_echo "284. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rich_destination_ipset.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rich_destination_ipset.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rich_destination_ipset.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rich_destination_ipset.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rich_destination_ipset.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rich_destination_ipset.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rich_destination_ipset.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rich_destination_ipset.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rich_destination_ipset.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rich_destination_ipset.at:1" { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-policy=mypolicy " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-policy=mypolicy ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:5: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=mypolicy --add-ingress-zone ANY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:5" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=mypolicy --add-ingress-zone ANY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:5" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy=mypolicy --add-egress-zone HOST " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy=mypolicy --add-egress-zone HOST ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-ipset=foobar --type=hash:ip ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:12: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:12" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:12" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:23: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_public_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_destination_ipset.at:23" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_public_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW,UNTRACKED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 match-set foobar dst " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:23" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:29: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:29" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:29" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy mypolicy --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy mypolicy --add-rich-rule='rule family=ipv4 destination ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:30" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:38: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_mypolicy_allow; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rich_destination_ipset.at:38" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_mypolicy_allow; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 match-set foobar dst " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rich_destination_ipset.at:38" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:43: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:43" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_destination_ipset.at:43" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:44: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:44" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_destination_ipset.at:44" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:45: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:45" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/rich_destination_ipset.at:45" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:46: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:46" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/rich_destination_ipset.at:46" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:47: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:47" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_destination_ipset.at:47" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:48: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy mypolicy --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:48" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy mypolicy --add-rich-rule='rule family=ipv4 destination bogus=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 122 $at_status "$at_srcdir/rich_destination_ipset.at:48" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:49: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:49" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --policy mypolicy --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/rich_destination_ipset.at:49" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/rich_destination_ipset.at:50: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --policy mypolicy --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rich_destination_ipset.at:50" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --policy mypolicy --add-rich-rule='rule family=ipv4 destination address=10.0.0.1 ipset=foobar accept' ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 121 $at_status "$at_srcdir/rich_destination_ipset.at:50" $at_failed && at_fn_log_failure $at_traceon; } if test x"-e '/ERROR: INVALID_RULE: bad attribute/d' -e '/ERROR: INVALID_DESTINATION: address and ipset/d'" != x"ignore"; then $as_echo "rich_destination_ipset.at:52" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed -e '/ERROR: INVALID_RULE: bad attribute/d' -e '/ERROR: INVALID_DESTINATION: address and ipset/d' | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rich_destination_ipset.at:52" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_284 #AT_START_285 at_fn_group_banner 285 'zone.at:1' \ "zone - target" " " 11 at_xfail=no ( $as_echo "285. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/zone.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/zone.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "zone.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/zone.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "zone.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/zone.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "zone.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/zone.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "zone.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/zone.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "zone.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/zone.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "zone.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/zone.at:1" { set +x $as_echo "$at_srcdir/zone.at:4: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --new-zone=foobar " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:4" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --new-zone=foobar ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:4" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:6: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=default " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:6" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:6" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:7: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:7" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:7" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:8: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DROP " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:8" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DROP ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:8" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:9: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=%%REJECT%% " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:9" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=%%REJECT%% ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:9" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:10: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=CONTINUE " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:10" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=CONTINUE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/zone.at:10" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:11: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DENY " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:11" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=DENY ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter echo stderr:; cat "$at_stderr" echo stdout:; cat "$at_stdout" at_fn_check_status 110 $at_status "$at_srcdir/zone.at:11" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:13: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:13" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=ACCEPT ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:13" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:14: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --add-interface foobar0 " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:14" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --add-interface foobar0 ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:14" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:15: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:15" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:15" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:30: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone.at:30" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "INPUT_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_log all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_allow all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_post all -- 0.0.0.0/0 0.0.0.0/0 INPUT_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:30" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/zone.at:40: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone.at:40" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "INPUT_POLICIES_pre all ::/0 ::/0 IN_foobar_pre all ::/0 ::/0 IN_foobar_log all ::/0 ::/0 IN_foobar_deny all ::/0 ::/0 IN_foobar_allow all ::/0 ::/0 IN_foobar_post all ::/0 ::/0 INPUT_POLICIES_post all ::/0 ::/0 ACCEPT all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:40" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/zone.at:66: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone.at:66" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FORWARD_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_pre all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_log all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_deny all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_allow all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_post all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:66" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/zone.at:76: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone.at:76" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FORWARD_POLICIES_pre all ::/0 ::/0 FWD_foobar_pre all ::/0 ::/0 FWD_foobar_log all ::/0 ::/0 FWD_foobar_deny all ::/0 ::/0 FWD_foobar_allow all ::/0 ::/0 FWD_foobar_post all ::/0 ::/0 FORWARD_POLICIES_post all ::/0 ::/0 ACCEPT all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:76" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/zone.at:89: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=default " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:89" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --permanent --zone=foobar --set-target=default ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo stdout:; cat "$at_stdout" at_fn_check_status 0 $at_status "$at_srcdir/zone.at:89" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --reload " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --reload ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:90: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} firewall-cmd -q --state " at_fn_check_prepare_notrace 'a ${...} parameter expansion' "zone.at:90" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd -q --state ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:90" $at_failed && at_fn_log_failure $at_traceon; } { set +x $as_echo "$at_srcdir/zone.at:106: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L IN_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone.at:106" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L IN_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "INPUT_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_pre all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_log all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_allow all -- 0.0.0.0/0 0.0.0.0/0 IN_foobar_post all -- 0.0.0.0/0 0.0.0.0/0 INPUT_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:106" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/zone.at:117: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L IN_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone.at:117" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L IN_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "INPUT_POLICIES_pre all ::/0 ::/0 IN_foobar_pre all ::/0 ::/0 IN_foobar_log all ::/0 ::/0 IN_foobar_deny all ::/0 ::/0 IN_foobar_allow all ::/0 ::/0 IN_foobar_post all ::/0 ::/0 INPUT_POLICIES_post all ::/0 ::/0 ACCEPT icmpv6 ::/0 ::/0 REJECT all ::/0 ::/0 reject-with icmp6-port-unreachable " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:117" $at_failed && at_fn_log_failure $at_traceon; } else : fi { set +x $as_echo "$at_srcdir/zone.at:143: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IPTABLES -w -n -t filter -L FWD_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone.at:143" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IPTABLES -w -n -t filter -L FWD_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FORWARD_POLICIES_pre all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_pre all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_log all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_deny all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_allow all -- 0.0.0.0/0 0.0.0.0/0 FWD_foobar_post all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_POLICIES_post all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:143" $at_failed && at_fn_log_failure $at_traceon; } if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/zone.at:153: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t filter -L FWD_foobar; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "zone.at:153" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t filter -L FWD_foobar; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "FORWARD_POLICIES_pre all ::/0 ::/0 FWD_foobar_pre all ::/0 ::/0 FWD_foobar_log all ::/0 ::/0 FWD_foobar_deny all ::/0 ::/0 FWD_foobar_allow all ::/0 ::/0 FWD_foobar_post all ::/0 ::/0 FORWARD_POLICIES_post all ::/0 ::/0 REJECT all ::/0 ::/0 reject-with icmp6-port-unreachable " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/zone.at:153" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"ignore" != x"ignore"; then $as_echo "zone.at:164" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | sed ignore | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/zone.at:164" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_285 #AT_START_286 at_fn_group_banner 286 'rpfilter.at:1' \ "rpfilter" " " 11 at_xfail=no ( $as_echo "286. $at_setup_line: testing $at_desc ..." $at_traceon test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then { set +x $as_echo "$at_srcdir/rpfilter.at:1: if ! cp \"\${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf\" ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:1" ( $at_check_trace; if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } else { set +x $as_echo "$at_srcdir/rpfilter.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi" at_fn_check_prepare_trace "rpfilter.at:1" ( $at_check_trace; if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } fi { set +x $as_echo "$at_srcdir/rpfilter.at:1: sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf" at_fn_check_prepare_trace "rpfilter.at:1" ( $at_check_trace; sed -i 's/^FirewallBackend.*/FirewallBackend=iptables/' ./firewalld.conf ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } function kill_firewalld() { pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } } function kill_networkmanager() { if test -f networkmanager.pid; then pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } fi } echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT echo "ip netns delete fwd-test-${at_group_normalized}" >> ./cleanup_late { set +x $as_echo "$at_srcdir/rpfilter.at:1: ip netns add fwd-test-\${at_group_normalized}" at_fn_check_prepare_notrace 'a ${...} parameter expansion' "rpfilter.at:1" ( $at_check_trace; ip netns add fwd-test-${at_group_normalized} ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: at_fn_diff_devnull "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:1" $at_failed && at_fn_log_failure $at_traceon; } $as_echo "rpfilter.at:1" >"$at_check_line_file" (! env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1 ) \ && at_fn_check_skip 77 "$at_srcdir/rpfilter.at:1" cat >./dbus.conf <<'_ATEOF' EXTERNAL unix:path=/tmp/dummy _ATEOF DBUS_PID=` env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} dbus-daemon --address="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" --print-pid --config-file="./dbus.conf" ` if test $? -ne 0; then $as_echo "rpfilter.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rpfilter.at:1" fi echo "kill $DBUS_PID" >> ./cleanup_late FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi ulimit -d $(expr 1024 \* 100) env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewalld $FIREWALLD_ARGS & if test $? -ne 0; then $as_echo "rpfilter.at:1" >"$at_check_line_file" at_fn_check_skip 99 "$at_srcdir/rpfilter.at:1" fi echo "$!" > firewalld.pid up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} firewall-cmd --state ; then up=1 break fi sleep 1 done $as_echo "rpfilter.at:1" >"$at_check_line_file" (test $up -ne 1) \ && at_fn_check_skip 99 "$at_srcdir/rpfilter.at:1" KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : else : fi if $IP6TABLES -L >/dev/null 2>&1; then : { set +x $as_echo "$at_srcdir/rpfilter.at:22: env DBUS_SYSTEM_BUS_ADDRESS=\"unix:abstract=firewalld-testsuite-dbus-system-socket-\${at_group_normalized}\" ip netns exec fwd-test-\${at_group_normalized} sh <<-\"HERE\" { { { { \$IP6TABLES -w -n -t mangle -L PREROUTING; echo \$? >&3; } | sed -e 's/^[ \\t]*//' -e 's/[ \\t]*\$//' | sed -e '/^[ \\t]*\$/d' | sed -e 's/[ \\t]\\+/ /g' | { printf \"%s\" \"\$(cat /dev/stdin)\"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit \$RC; } } 4>&1 HERE " at_fn_check_prepare_notrace 'a $(...) command substitution' "rpfilter.at:22" ( $at_check_trace; env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}" ip netns exec fwd-test-${at_group_normalized} sh <<-"HERE" { { { { $IP6TABLES -w -n -t mangle -L PREROUTING; echo $? >&3; } | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//' | sed -e '/^[ \t]*$/d' | sed -e 's/[ \t]\+/ /g' | { printf "%s" "$(cat /dev/stdin)"; echo; } | tail -n +3 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ) >>"$at_stdout" 2>>"$at_stderr" 5>&- at_status=$? at_failed=false $at_check_filter at_fn_diff_devnull "$at_stderr" || at_failed=: echo >>"$at_stdout"; $as_echo "ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 134 ACCEPT icmpv6 ::/0 ::/0 ipv6-icmptype 135 DROP all ::/0 ::/0 rpfilter validmark invert PREROUTING_direct all ::/0 ::/0 PREROUTING_ZONES all ::/0 ::/0 " | \ $at_diff - "$at_stdout" || at_failed=: at_fn_check_status 0 $at_status "$at_srcdir/rpfilter.at:22" $at_failed && at_fn_log_failure $at_traceon; } else : fi if test x"" != x"ignore"; then $as_echo "rpfilter.at:30" >"$at_check_line_file" (cat ./firewalld.log | sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)') \ && at_fn_check_skip 99 "$at_srcdir/rpfilter.at:30" fi set +x $at_times_p && times >"$at_times_file" ) 5>&1 2>&1 7>&- | eval $at_tee_pipe read at_status <"$at_status_file" #AT_STOP_286 firewalld-1.1.1/src/tests/README0000644000000000000000000000210214217342322016265 0ustar00rootroot00000000000000# firewalld testsuite This is the firewalld testsuite. It consists of standalone autotest scripts that can be run from any location. # Example usage The tests can be run from any location. They generate output in the current directory so it's suggested to run them from `/tmp`. Tests must be run as root. ## Standard tests The standard testsuite is run inside temporary network namespaces. As such they're non-destructive to the host and may be run while firewalld is running on the host. To run the tests serially: # cd /tmp # /usr/share/firewalld/testsuite/testsuite To run the tests in parallel: # /usr/share/firewalld/testsuite/testsuite -j4 To run a test for a specific bug use a keyword: # /usr/share/firewalld/testsuite/testsuite -k rhbz1404076 # /usr/share/firewalld/testsuite/testsuite -k gh366 ## Integration tests The integration tests are destructive and require that at least firewalld and NetworkManager are _not_ running on the host. These tests _must_ be run serially: # cd /tmp # /usr/share/firewalld/testsuite/integration/testsuite firewalld-1.1.1/src/tests/Makefile.in0000644000000000000000000006271414217352322017472 0ustar00rootroot00000000000000# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = src/tests ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(dist_testsuite_SCRIPTS) \ $(dist_testsuite_integration_SCRIPTS) $(dist_testsuite_DATA) \ $(dist_testsuite_python_DATA) $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = atlocal CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(testsuitedir)" \ "$(DESTDIR)$(testsuite_integrationdir)" \ "$(DESTDIR)$(testsuitedir)" "$(DESTDIR)$(testsuite_pythondir)" SCRIPTS = $(dist_testsuite_SCRIPTS) \ $(dist_testsuite_integration_SCRIPTS) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac DATA = $(dist_testsuite_DATA) $(dist_testsuite_python_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/atlocal.in README DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ TESTSUITE = $(srcdir)/testsuite TESTSUITE_INTEGRATION = $(srcdir)/integration/testsuite TESTSUITE_FILES = \ $(wildcard $(srcdir)/*.at) \ $(wildcard $(srcdir)/cli/*.at) \ $(wildcard $(srcdir)/dbus/*.at) \ $(wildcard $(srcdir)/features/*.at) \ $(wildcard $(srcdir)/integration/*.at) \ $(wildcard $(srcdir)/python/*.at) \ $(wildcard $(srcdir)/regression/*.at) EXTRA_DIST = \ $(TESTSUITE) \ $(TESTSUITE_INTEGRATION) \ $(TESTSUITE_FILES) \ $(wildcard $(srcdir)/python/*.py) \ $(srcdir)/package.m4 \ atlocal.in DISTCLEANFILES = atconfig testsuitedir = $(pkgdatadir)/testsuite dist_testsuite_SCRIPTS = $(TESTSUITE) dist_testsuite_DATA = README testsuite_integrationdir = $(pkgdatadir)/testsuite/integration dist_testsuite_integration_SCRIPTS = $(TESTSUITE_INTEGRATION) testsuite_pythondir = $(pkgdatadir)/testsuite/python dist_testsuite_python_DATA = python/*.py AUTOM4TE = $(SHELL) $(top_srcdir)/missing --run autom4te AUTOTEST = $(AUTOM4TE) --language=autotest CONTAINER_TARGETS = check-container-debian-sid check-container-fedora-rawhide check-container-centos8-stream all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign src/tests/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): atlocal: $(top_builddir)/config.status $(srcdir)/atlocal.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-dist_testsuiteSCRIPTS: $(dist_testsuite_SCRIPTS) @$(NORMAL_INSTALL) @list='$(dist_testsuite_SCRIPTS)'; test -n "$(testsuitedir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(testsuitedir)'"; \ $(MKDIR_P) "$(DESTDIR)$(testsuitedir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n' \ -e 'h;s|.*|.|' \ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) { files[d] = files[d] " " $$1; \ if (++n[d] == $(am__install_max)) { \ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ else { print "f", d "/" $$4, $$1 } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(testsuitedir)$$dir'"; \ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(testsuitedir)$$dir" || exit $$?; \ } \ ; done uninstall-dist_testsuiteSCRIPTS: @$(NORMAL_UNINSTALL) @list='$(dist_testsuite_SCRIPTS)'; test -n "$(testsuitedir)" || exit 0; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 's,.*/,,;$(transform)'`; \ dir='$(DESTDIR)$(testsuitedir)'; $(am__uninstall_files_from_dir) install-dist_testsuite_integrationSCRIPTS: $(dist_testsuite_integration_SCRIPTS) @$(NORMAL_INSTALL) @list='$(dist_testsuite_integration_SCRIPTS)'; test -n "$(testsuite_integrationdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(testsuite_integrationdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(testsuite_integrationdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n' \ -e 'h;s|.*|.|' \ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) { files[d] = files[d] " " $$1; \ if (++n[d] == $(am__install_max)) { \ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ else { print "f", d "/" $$4, $$1 } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(testsuite_integrationdir)$$dir'"; \ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(testsuite_integrationdir)$$dir" || exit $$?; \ } \ ; done uninstall-dist_testsuite_integrationSCRIPTS: @$(NORMAL_UNINSTALL) @list='$(dist_testsuite_integration_SCRIPTS)'; test -n "$(testsuite_integrationdir)" || exit 0; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 's,.*/,,;$(transform)'`; \ dir='$(DESTDIR)$(testsuite_integrationdir)'; $(am__uninstall_files_from_dir) install-dist_testsuiteDATA: $(dist_testsuite_DATA) @$(NORMAL_INSTALL) @list='$(dist_testsuite_DATA)'; test -n "$(testsuitedir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(testsuitedir)'"; \ $(MKDIR_P) "$(DESTDIR)$(testsuitedir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(testsuitedir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(testsuitedir)" || exit $$?; \ done uninstall-dist_testsuiteDATA: @$(NORMAL_UNINSTALL) @list='$(dist_testsuite_DATA)'; test -n "$(testsuitedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(testsuitedir)'; $(am__uninstall_files_from_dir) install-dist_testsuite_pythonDATA: $(dist_testsuite_python_DATA) @$(NORMAL_INSTALL) @list='$(dist_testsuite_python_DATA)'; test -n "$(testsuite_pythondir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(testsuite_pythondir)'"; \ $(MKDIR_P) "$(DESTDIR)$(testsuite_pythondir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(testsuite_pythondir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(testsuite_pythondir)" || exit $$?; \ done uninstall-dist_testsuite_pythonDATA: @$(NORMAL_UNINSTALL) @list='$(dist_testsuite_python_DATA)'; test -n "$(testsuite_pythondir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(testsuite_pythondir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-local check: check-am all-am: Makefile $(SCRIPTS) $(DATA) installdirs: for dir in "$(DESTDIR)$(testsuitedir)" "$(DESTDIR)$(testsuite_integrationdir)" "$(DESTDIR)$(testsuitedir)" "$(DESTDIR)$(testsuite_pythondir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-local mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dist_testsuiteDATA \ install-dist_testsuiteSCRIPTS \ install-dist_testsuite_integrationSCRIPTS \ install-dist_testsuite_pythonDATA install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: installcheck-local maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-dist_testsuiteDATA \ uninstall-dist_testsuiteSCRIPTS \ uninstall-dist_testsuite_integrationSCRIPTS \ uninstall-dist_testsuite_pythonDATA .MAKE: check-am install-am install-strip .PHONY: all all-am check check-am check-local clean clean-generic \ clean-local cscopelist-am ctags-am distclean distclean-generic \ distdir dvi dvi-am html html-am info info-am install \ install-am install-data install-data-am \ install-dist_testsuiteDATA install-dist_testsuiteSCRIPTS \ install-dist_testsuite_integrationSCRIPTS \ install-dist_testsuite_pythonDATA install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installcheck-local installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-dist_testsuiteDATA \ uninstall-dist_testsuiteSCRIPTS \ uninstall-dist_testsuite_integrationSCRIPTS \ uninstall-dist_testsuite_pythonDATA .PRECIOUS: Makefile $(srcdir)/package.m4: $(top_srcdir)/configure.ac $(top_srcdir)/firewalld.spec $(srcdir)/Makefile :;{ \ echo 'm4_define([AT_PACKAGE_NAME],[$(PACKAGE_NAME)])' && \ echo 'm4_define([AT_PACKAGE_VERSION],[$(PACKAGE_VERSION)])' && \ echo 'm4_define([AT_PACKAGE_STRING],[$(PACKAGE_STRING)])' && \ echo 'm4_define([AT_PACKAGE_URL],[http://firewalld.org/])' && \ echo 'm4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld])' ; \ } > "$@" check-local: atconfig atlocal $(TESTSUITE) $(SHELL) '$(TESTSUITE)' $(TESTSUITEFLAGS) \ AUTOTEST_PATH="src" \ PYTHONPATH="${abs_top_srcdir}/src:${PYTHONPATH}" \ FIREWALLD_DEFAULT_CONFIG="${abs_top_srcdir}/config" installcheck-local: atconfig atlocal $(TESTSUITE) $(SHELL) '$(TESTSUITE)' $(TESTSUITEFLAGS) clean-local: test ! -f '$(TESTSUITE)' || $(SHELL) '$(TESTSUITE)' --clean -rm $(srcdir)/package.m4 $(TESTSUITE) $(TESTSUITE_INTEGRATION): $(TESTSUITE_FILES) $(srcdir)/package.m4 $(AUTOTEST) -I '$(srcdir)' -o $@.tmp $@.at mv $@.tmp $@ check-container-debian-sid-image: check-container-%-image: (cd $(abs_top_srcdir) && { \ echo "FROM debian:sid" && \ echo "RUN apt-get update" && \ echo "RUN apt-get install -y autoconf automake pkg-config intltool libglib2.0-dev \ xsltproc docbook-xsl docbook-xml iproute2 iptables ipset ebtables \ nftables libxml2-utils libdbus-1-dev libgirepository1.0-dev \ python3-dbus python3-gi python3-nftables \ procps network-manager gir1.2-nm-1.0" && \ echo "COPY . /tmp/firewalld"; \ } | $(PODMAN) build -t firewalld-testsuite-$* -f - . ) check-container-fedora-rawhide-image: check-container-%-image: (cd $(abs_top_srcdir) && { \ echo "FROM fedora:rawhide" && \ echo "RUN dnf -y makecache" && \ echo "RUN dnf -y install autoconf automake conntrack-tools desktop-file-utils \ docbook-style-xsl file gettext glib2-devel intltool ipset \ iptables iptables-nft libtool libxml2 libxslt make nftables \ python3-nftables python3-gobject-base \ diffutils procps-ng iproute which dbus-daemon \ NetworkManager NetworkManager-ovs" && \ echo "RUN alternatives --set ebtables /usr/sbin/ebtables-nft" && \ echo "COPY . /tmp/firewalld"; \ } | $(PODMAN) build -t firewalld-testsuite-$* -f - . ) check-container-centos8-stream-image: check-container-%-image: (cd $(abs_top_srcdir) && { \ echo "FROM centos:8" && \ echo "RUN dnf -y makecache" && \ echo "RUN dnf -y install centos-release-stream" && \ echo "RUN dnf -y install autoconf automake conntrack-tools desktop-file-utils \ docbook-style-xsl file gettext glib2-devel intltool ipset \ iptables iptables-ebtables nftables libtool libxml2 \ libxslt make nftables python3-nftables \ python3-gobject-base diffutils procps-ng iproute which dbus-daemon \ NetworkManager NetworkManager-ovs" && \ echo "COPY . /tmp/firewalld"; \ } | $(PODMAN) build -t firewalld-testsuite-$* -f - . ) check-container-debian-sid: PYTHON=/usr/bin/python3 check-container-fedora-rawhide: PYTHON=/usr/bin/python3 check-container-centos8-stream: PYTHON=/usr/libexec/platform-python $(CONTAINER_TARGETS): check-container-%: check-container-%-image $(PODMAN) run -i --rm --privileged firewalld-testsuite-$* bash -c " \ cd /tmp/firewalld && \ ./autogen.sh && \ ./configure PYTHON=\"${PYTHON}\" && \ make && \ { make -C src/tests check-local TESTSUITEFLAGS=\"$(TESTSUITEFLAGS)\" || \ make -C src/tests check-local TESTSUITEFLAGS=\"--recheck --errexit --verbose\" ; } && \ make -C src/tests check-integration TESTSUITEFLAGS=\"$(TESTSUITEFLAGS)\" " $(PODMAN) rmi firewalld-testsuite-$* check-container: $(CONTAINER_TARGETS) .PHONY: check-container .PHONY: $(CONTAINER_TARGETS) $(foreach container,$(CONTAINER_TARGETS),$(container)-image) check-integration: atconfig atlocal $(TESTSUITE_INTEGRATION) $(SHELL) '$(TESTSUITE_INTEGRATION)' $(TESTSUITEFLAGS) -j1 \ AUTOTEST_PATH="src" \ PYTHONPATH="${abs_top_srcdir}/src:${PYTHONPATH}" \ FIREWALLD_DEFAULT_CONFIG="${abs_top_srcdir}/config" installcheck-integration: atconfig atlocal $(TESTSUITE_INTEGRATION) $(SHELL) '$(TESTSUITE_INTEGRATION)' $(TESTSUITEFLAGS) -j1 .PHONY: check-integration installcheck-integration # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-1.1.1/src/tests/atlocal.in0000644000000000000000000000050214217342322017356 0ustar00rootroot00000000000000export PYTHON="@PYTHON@" export IPTABLES="@IPTABLES@" export IPTABLES_RESTORE="@IPTABLES_RESTORE@" export IP6TABLES="@IP6TABLES@" export IP6TABLES_RESTORE="@IP6TABLES_RESTORE@" export IPSET="@IPSET@" export NFT_NUMERIC_ARGS="$(nft -h |grep numeric-protocol >/dev/null && echo -n '' || { echo -n '-' && echo -n 'nn'; })" firewalld-1.1.1/src/tests/testsuite.at0000644000000000000000000000071014217342322017767 0ustar00rootroot00000000000000AT_INIT AT_COLOR_TESTS dnl Override m4_include to avoid warning about inclusion dnl m4_define([m4_include], [m4_builtin([include], [$1])]) m4_include([functions.at]) m4_include([cli/firewall-offline-cmd.at]) m4_include([dbus/dbus.at]) m4_foreach([FIREWALL_BACKEND], [[nftables], [iptables]], [ m4_include([cli/firewall-cmd.at]) m4_include([regression/regression.at]) m4_include([python/python.at]) m4_include([features/features.at]) ]) firewalld-1.1.1/src/tests/functions.at0000644000000000000000000006367714217342322017773 0ustar00rootroot00000000000000m4_define([FWD_STOP_FIREWALLD], [ pid=$(< firewalld.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } ]) m4_define([FWD_START_FIREWALLD], [ FIREWALLD_ARGS="--nofork --nopid --log-file ./firewalld.log --system-config ./" dnl if testsuite ran with debug flag, add debug output ${at_debug_p} && FIREWALLD_ARGS="--debug=9 ${FIREWALLD_ARGS}" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALLD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi dnl limit data (and heap) to catch unexpected increases in memory usage ulimit -d $(expr 1024 \* 100) NS_CMD([firewalld $FIREWALLD_ARGS &]) if test $? -ne 0; then AT_FAIL_IF([:]) fi echo "$!" > firewalld.pid dnl Give it some time for the dbus interface to come up up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if NS_CMD([firewall-cmd --state]); then up=1 break fi sleep 1 done AT_FAIL_IF([test $up -ne 1]) ]) m4_define([START_NETWORKMANAGER], [ AT_SKIP_IF([! NS_CMD([which NetworkManager >/dev/null 2>&1])]) AT_SKIP_IF([ NS_CMD([pgrep NetworkManager >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([which nmcli >/dev/null 2>&1])]) AT_DATA([./NetworkManager.conf], [dnl [[main]] plugins= [[logging]] #level=DEBUG #domains=ALL ]) NM_ARGS="--no-daemon --config ./NetworkManager.conf" NS_CMD([NetworkManager $NM_ARGS &]) if test $? -ne 0; then AT_FAIL_IF([:]) fi echo "$!" > networkmanager.pid dnl Give it some time for the dbus interface to come up up=0 for I in 1 2 3 4 5 6 7 8 9 0; do if NS_CMD([nmcli general status >/dev/null 2>&1]); then up=1 break fi sleep 1 done AT_FAIL_IF([test $up -ne 1]) ]) m4_define([STOP_NETWORKMANAGER], [ pid=$(< networkmanager.pid) kill $pid for I in 1 2 3 4 5 6 7 8 9 0; do ps --pid $pid >/dev/null || { pid=0; break; } sleep 1 done test $pid -eq 0 || { kill -9 $pid; sleep 3; } ]) m4_define([FWD_RELOAD], [ FWD_CHECK([-q --reload], [$1], [$2], [$3]) FWD_CHECK([-q --state], [$4], [$5], [$6]) ]) m4_define([FWD_RESTART], [ FWD_STOP_FIREWALLD FWD_START_FIREWALLD ]) m4_define([FWD_START_TEST], [ AT_SETUP([$1]) AT_KEYWORDS(FIREWALL_BACKEND) dnl Default values for things that should be defined in atlocal. If atlocal dnl can't be found it's likely because the testsuite is run "standalone" and dnl atconfig/atlocal aren't available. There should be one here for every value dnl in atlocal. dnl test -z "$PYTHON" && export PYTHON="python3" test -z "$IPTABLES" && export IPTABLES="iptables" test -z "$IPTABLES_RESTORE" && export IPTABLES_RESTORE="iptables-restore" test -z "$IP6TABLES" && export IP6TABLES="ip6tables" test -z "$IP6TABLES_RESTORE" && export IP6TABLES_RESTORE="ip6tables-restore" test -z "$IPSET" && export IPSET="ipset" dnl We test some unicode strings and autotest overrides LC_ALL=C, so set it dnl again for every test. if locale -a |grep "^C.utf8" >/dev/null; then LC_ALL="C.UTF-8" export LC_ALL fi dnl start every test with the default config if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then AT_CHECK([if ! cp "${FIREWALLD_DEFAULT_CONFIG}/firewalld.conf" ./firewalld.conf; then exit 77; fi]) else AT_CHECK([if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi]) fi m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [ ], [ dnl set the appropriate backend AT_CHECK([sed -i 's/^FirewallBackend.*/FirewallBackend=FIREWALL_BACKEND/' ./firewalld.conf]) dnl fib matching is pretty new in nftables. Don't use rpfilter on older dnl kernels. m4_if(nftables, FIREWALL_BACKEND, [ IF_HOST_SUPPORTS_NFT_FIB([], [ sed -i 's/^IPv6_rpfilter.*/IPv6_rpfilter=no/' ./firewalld.conf ]) ]) dnl dummy wrapper for trap syntax function kill_firewalld() { FWD_STOP_FIREWALLD } function kill_networkmanager() { if test -f networkmanager.pid; then STOP_NETWORKMANAGER fi } dnl run cleanup commands on test exit echo "" > cleanup echo "" > cleanup_late trap ". ./cleanup; kill_firewalld; kill_networkmanager; . ./cleanup_late" EXIT dnl create a namespace and dbus-daemon m4_ifdef([TESTING_INTEGRATION], [], [ m4_define([CURRENT_DBUS_ADDRESS], [unix:abstract=firewalld-testsuite-dbus-system-socket-${at_group_normalized}]) ]) m4_define([CURRENT_TEST_NS], [fwd-test-${at_group_normalized}]) echo "ip netns delete CURRENT_TEST_NS" >> ./cleanup_late AT_CHECK([ip netns add CURRENT_TEST_NS]) m4_if(iptables, FIREWALL_BACKEND, [ CHECK_IPTABLES ]) AT_DATA([./dbus.conf], [ EXTERNAL unix:path=/tmp/dummy ]) m4_ifdef([TESTING_INTEGRATION], [ AT_SKIP_IF([NS_CMD([pgrep firewalld >/dev/null 2>&1])]) dnl dbus has a firewalld spec AT_SKIP_IF([! test -r /usr/share/dbus-1/system.d/FirewallD.conf]) dnl polkit is installed and can be started by dbus-daemon AT_SKIP_IF([! test -r /usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service]) dnl polkit has a firewalld policy (firewalld has been installed) AT_SKIP_IF([! test -r /usr/share/polkit-1/actions/org.fedoraproject.FirewallD1.policy]) ], [ DBUS_PID=`NS_CMD([dbus-daemon --address="CURRENT_DBUS_ADDRESS" --print-pid --config-file="./dbus.conf"])` if test $? -ne 0; then AT_FAIL_IF([:]) fi echo "kill $DBUS_PID" >> ./cleanup_late ]) IF_HOST_SUPPORTS_NFT_RULE_INDEX([], [ AT_CHECK([sed -i 's/^IndividualCalls.*/IndividualCalls=yes/' ./firewalld.conf]) ]) FWD_START_FIREWALLD ]) ]) m4_define([FWD_END_TEST], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ if test x"$1" != x"ignore"; then AT_FAIL_IF([cat ./firewalld.log | dnl sed "/WARNING: ip6tables not usable, disabling IPv6 firewall/d" | dnl m4_ifnblank([$1], [sed $1 |]) dnl [grep '^[0-9-]*[ ]\+[0-9:]*[ ]\+\(ERROR\|WARNING\)']]) fi m4_ifdef([CURRENT_DBUS_ADDRESS], [m4_undefine([CURRENT_DBUS_ADDRESS])]) m4_undefine([CURRENT_TEST_NS]) ]) AT_CLEANUP ]) m4_define([FWD_OFFLINE_CHECK], [ FIREWALL_OFFLINE_CMD_ARGS="--system-config ./" if test "x${FIREWALLD_DEFAULT_CONFIG}" != x ; then FIREWALL_OFFLINE_CMD_ARGS+=" --default-config ${FIREWALLD_DEFAULT_CONFIG}" fi AT_CHECK([firewall-offline-cmd $FIREWALL_OFFLINE_CMD_ARGS $1], [$2], [$3], [$4], [$5], [$6]) ]) m4_define([FWD_CHECK], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [ dnl Silently skip tests that don't affect permanent config or other dnl flags we're interested in. dnl dnl if TESTING_FIREWALL_OFFLINE_CMD_PASSTHROUGH dnl firewall-offline-cmd ... dnl else dnl if ! --permanent dnl if -default-zone dnl firewall-offline-cmd ... dnl else dnl if ! --timeout dnl firewall-offline-cmd ... dnl m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD_PASSTHROUGH], [ m4_define([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD]) ], [ m4_if(-1, m4_index([$1], [--permanent]), [ m4_if(-1, m4_index([$1], [-default-zone]), [], [ m4_define([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD]) ]) m4_if(-1, m4_index([$1], [--check-config]), [], [ m4_define([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD]) ]) ], [ m4_if(-1, m4_index([$1], [--timeout]), [ m4_define([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD]) ], []) ]) ]) m4_ifdef([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD], [ m4_undefine([FWD_CHECK_RUN_FIREWALL_OFFLINE_CMD]) FWD_OFFLINE_CHECK([dnl dnl This m4 mess is all about stripping --permanent dnl flag if it exists, otherwise we pass arg 1 verbatim. m4_if(-1, m4_index([$1], [--permanent]), [$1], [ dnl m4_substr([$1],0,m4_index([$1], [--permanent])) dnl before --permanent m4_substr([$1],m4_eval(m4_index([$1], [--permanent])+11),m4_eval(m4_len([$1])-11)) dnl after --permanent ])], [$2], [$3], [$4], [$5], [$6]) ]) ], [ NS_CHECK([firewall-cmd $1], [$2], [$3], [$4], [$5], [$6]) ]) ]) m4_define([FWD_GREP_LOG], [ AT_CHECK([grep "$1" ./firewalld.log], $2, [ignore], [ignore]) ]) m4_define([TRIM], [[sed -e 's/^[ \t]*//' -e 's/[ \t]*$//']]) m4_define([TRIMV], [[sed -e '/^[ \t]*$/d']]) m4_define([TRIM_INTERNAL], [[sed -e 's/[ \t]\+/ /g']]) m4_define([CHOMP], [printf "%s" "$(cat /dev/stdin)"]) m4_define([TRIM_WHITESPACE], [TRIM | TRIMV | TRIM_INTERNAL | { CHOMP; echo; }]) dnl m4sugar's m4_strip has a bug that causes it to print a space after dnl newlines. So implement our own suck-less version. m4_define([m4_strip], [m4_bpatsubsts([$1], [[ ]+], [ ], [^ ?\(.*\) ?$], [\1])]) m4_define([NS_CMD], [dnl m4_ifdef([TESTING_INTEGRATION], [], [env DBUS_SYSTEM_BUS_ADDRESS="CURRENT_DBUS_ADDRESS"]) dnl command continues to next line ip netns exec CURRENT_TEST_NS $1 dnl ]) m4_define([NS_CHECK], [ AT_CHECK([NS_CMD([$1])], [$2], [$3], [$4], [$5], [$6]) ]) dnl implement PIPESTATUS[0] in a portable way dnl m4_define([PIPESTATUS0], [dnl sh <<-"HERE" { { { { $1; echo $? >&3; } | $2 >&4; } 3>&1; } | { read RC; exit $RC; } } 4>&1 HERE ]) m4_define([EBTABLES_LIST_RULES_NORMALIZE], [dnl TRIM_WHITESPACE | dnl grep -v "^Bridge" | dnl [sed -e 's/\([-][-][-a-zA-Z0-9]\+\)[ ]\+[!]/! \1/g'] dnl ]) m4_define([EBTABLES_LIST_RULES], [ dnl ebtables commit 5f508b76a0ce change list output for inversion. m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ NS_CHECK([PIPESTATUS0([ebtables --concurrent -t $1 -L $2], [EBTABLES_LIST_RULES_NORMALIZE])], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) ]) m4_define([IPTABLES_LIST_RULES_NORMALIZE], [dnl TRIM_WHITESPACE | dnl tail -n +3 dnl ]) m4_define([IPTABLES_LIST_RULES_ALWAYS], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ NS_CHECK([PIPESTATUS0([$IPTABLES -w -n -t $1 -L $2], [IPTABLES_LIST_RULES_NORMALIZE])], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) ]) m4_define([IPTABLES_LIST_RULES], [ m4_if(iptables, FIREWALL_BACKEND, [ IPTABLES_LIST_RULES_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6], [$7]) ]) ]) m4_define([IP6TABLES_LIST_RULES_NORMALIZE], [dnl TRIM_WHITESPACE | dnl tail -n +3 dnl ]) m4_define([IP6TABLES_LIST_RULES_ALWAYS], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ IF_HOST_SUPPORTS_IP6TABLES([ NS_CHECK([PIPESTATUS0([$IP6TABLES -w -n -t $1 -L $2], [IP6TABLES_LIST_RULES_NORMALIZE])], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) ]) ]) m4_define([IP6TABLES_LIST_RULES], [ m4_if(iptables, FIREWALL_BACKEND, [ IP6TABLES_LIST_RULES_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6], [$7]) ]) ]) m4_define([NFT_LIST_RULES_NORMALIZE], [dnl TRIM_WHITESPACE | dnl dnl nftables commit 6dd848339444 change list output to show "meta mark" dnl instead of just "mark". sed -e 's/meta mark/mark/g'dnl -e '/type.*hook.*priority.*policy.*/d'dnl dnl transform ct state { established,related } to ct state established,related -e '/ct \(state\|status\)/{s/\(ct \(state\|status\)\) {/\1/g; s/ }//; s/\(@<:@a-z@:>@*\), /\1,/g;}' dnl -e 's/reject with icmp\(x\|v6\)\? type port-unreachable/reject/' dnl dnl transform iifname { "foobar0" } to iifname "foobar0" -e ['s/\(iifname\|oifname\) [{] \([^, ]\+\) [}]/\1 \2/g'] dnl dnl transform "icmp type foobar" to "icmp foobar" -e ['s/\(icmp\|icmpv6\|icmpx\) type \([a-z-]\+\)/\1 \2/g'] dnl dnl transform bare "reject" to "reject with icmp port-unreachable" -e ['s/reject$/reject with icmp port-unreachable/g'] dnl ]) m4_define([NFT_LIST_RULES_ALWAYS], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ NS_CHECK([PIPESTATUS0([nft $NFT_NUMERIC_ARGS list chain $1 firewalld $2], [NFT_LIST_RULES_NORMALIZE])], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) ]) m4_define([NFT_LIST_RULES], [ m4_if(nftables, FIREWALL_BACKEND, [ NFT_LIST_RULES_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6], [$7]) ]) ]) m4_define([IPSET_LIST_SET_NORMALIZE], [dnl TRIM_WHITESPACE |dnl grep -v "^\(Revision\|Header\|Size\|References\|Number\)" |dnl awk 'NR <= 3; NR > 3 {print | "sort"}' dnl ]) m4_define([IPSET_LIST_SET], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ if $IPSET list >/dev/null 2>&1; then NS_CHECK([PIPESTATUS0([$IPSET list $1], [IPSET_LIST_SET_NORMALIZE])], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) fi ]) ]) m4_define([NFT_LIST_SET_NORMALIZE], [dnl TRIM_WHITESPACE dnl ]) m4_define([NFT_LIST_SET_ALWAYS], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ NS_CHECK([PIPESTATUS0([nft $NFT_NUMERIC_ARGS list set inet firewalld $1], [NFT_LIST_SET_NORMALIZE])], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) ]) ]) m4_define([NFT_LIST_SET], [ m4_if(nftables, FIREWALL_BACKEND, [ NFT_LIST_SET_ALWAYS([$1], [$2], [$3], [$4], [$5], [$6]) ]) ]) m4_define([DBUS_INTROSPECT], [ AT_SKIP_IF([! NS_CMD([which gdbus >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([which xmllint >/dev/null 2>&1])]) NS_CHECK([PIPESTATUS0([gdbus introspect --xml --system --dest=org.fedoraproject.FirewallD1 dnl m4_ifblank([$1], [--object-path /org/fedoraproject/FirewallD1], [--object-path /org/fedoraproject/FirewallD1/$1])], dnl [m4_ifnblank([$2], [xmllint --xpath '$2' - |]) xmllint --format - | xmllint --c14n - | TRIM_WHITESPACE])], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) m4_define([DBUS_CHECK_NORMALIZE], [dnl [sed -e 's/^({//' -e 's/},)$//' -e 's/>,/>\n/g'] | dnl truncate dictionary output TRIM_WHITESPACE | dnl sort dnl sort dictionaries by keys ]) m4_define([DBUS_CHECK], [ AT_SKIP_IF([! NS_CMD([which gdbus >/dev/null 2>&1])]) NS_CHECK([PIPESTATUS0([gdbus call --system --dest=org.fedoraproject.FirewallD1 dnl m4_ifblank([$1], [--object-path /org/fedoraproject/FirewallD1], [--object-path /org/fedoraproject/FirewallD1/$1]) dnl --method org.fedoraproject.FirewallD1.$2 $3], [DBUS_CHECK_NORMALIZE])], [$4], [m4_strip([$5])], [m4_strip([$6])], [$7], [$8]) ]) m4_define([DBUS_GETALL_NORMALIZE], dnl m4_escape([awk 'BEGIN{line_mark=-99; line=0} {line++; if (line == line_mark + 1) {buffer = $0}; if (line == line_mark + 2) {print buffer " : " $0} } /^dict entry/{line_mark=line}' | sort])dnl ) m4_define([DBUS_GETALL], [ NS_CHECK([dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 dnl /org/fedoraproject/FirewallD1/$1 dnl org.freedesktop.DBus.Properties.GetAll string:"org.fedoraproject.FirewallD1.$2" dnl | TRIM_WHITESPACE | DBUS_GETALL_NORMALIZE], [$3], [m4_strip([$4])], [m4_strip([$5])], [$6], [$7]) ]) m4_define([DBUS_GET], [ NS_CHECK([dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 dnl /org/fedoraproject/FirewallD1/$1 dnl org.freedesktop.DBus.Properties.Get string:"org.fedoraproject.FirewallD1.$2" $3 dnl | tail -n +2 | TRIM_WHITESPACE], [$4], [m4_strip([$5])], [m4_strip([$6])], [$7], [$8]) ]) m4_define([DBUS_SET], [ NS_CHECK([dbus-send --system --print-reply --dest=org.fedoraproject.FirewallD1 dnl /org/fedoraproject/FirewallD1/$1 dnl org.freedesktop.DBus.Properties.Set string:"org.fedoraproject.FirewallD1.$2" $3], [$4], [$5], [$6], [$7], [$8]) ]) m4_define([CHECK_IPSET], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ m4_if(nftables, FIREWALL_BACKEND, [ dnl If our nft binary has buggy flush set, then skip the test NS_CHECK([nft add table inet firewalld_check_ipset]) NS_CHECK([nft add set inet firewalld_check_ipset foobar { type ipv4_addr \; }]) AT_SKIP_IF([! NS_CMD([nft flush set inet firewalld_check_ipset foobar >/dev/null 2>&1])]) dnl If nft set has has no timeout support, then skip the test AT_SKIP_IF([! NS_CMD([nft add set inet firewalld_check_ipset foobar_timeout { type ipv4_addr \; timeout 600s \; } >/dev/null 2>&1])]) dnl If nft set has has no size support, then skip the test AT_SKIP_IF([! NS_CMD([nft add set inet firewalld_check_ipset foobar_size { type ipv4_addr \; size 100000 \; } >/dev/null 2>&1])]) AT_SKIP_IF([! NS_CMD([nft add set inet firewalld_check_ipset foobar_timeout_size { type ipv4_addr \; timeout 600s \; size 100000 \; } >/dev/null 2>&1])]) dnl If nft set doesn't allow interval + concat, then skip the test AT_SKIP_IF([! NS_CMD([nft add set inet firewalld_check_ipset foobar_interval_concat { type ipv4_addr . inet_service \; flags interval \; } >/dev/null 2>&1])]) dnl use JSON to verify a JSON parser bug is also fixed AT_SKIP_IF([! NS_CMD([[nft -j '{"nftables": [{"add": {"element": {"family": "inet", "table": "firewalld_check_ipset", "name": "foobar_interval_concat", "elem": [{"concat": [{"prefix": {"addr": "10.10.10.0", "len": 24}}, {"range": ["1234", "2000"]}]}]}}}]}' >/dev/null 2>&1]])]) NS_CHECK([nft delete table inet firewalld_check_ipset]) ]) m4_if(iptables, FIREWALL_BACKEND, [ AT_SKIP_IF([! NS_CMD([$IPSET -h >/dev/null 2>&1 ])]) ]) ]) ]) m4_define([CHECK_IPSET_HASH_MAC], [ dnl skip if ipset hash:mac support is there m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ m4_if(iptables, FIREWALL_BACKEND, [ AT_SKIP_IF([! $IPSET --help | grep "hash:mac"]) AT_SKIP_IF([! NS_CMD([$IPSET create foobar hash:mac >/dev/null 2>&1])]) NS_CHECK([$IPSET destroy foobar]) ]) ]) ]) m4_define([CHECK_NAT_COEXISTENCE], [ dnl verify the host can support simultaneous iptables and nftables NAT m4_if(nftables, FIREWALL_BACKEND, [ KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 18 || test ${KERNEL_MAJOR} -gt 4; then : else AT_SKIP_IF([true]) fi ]) ]) m4_define([CHECK_LOG_AUDIT], [ m4_if(nftables, FIREWALL_BACKEND, [ NS_CHECK([nft add table inet firewalld_check_log_audit]) NS_CHECK([nft add chain inet firewalld_check_log_audit foobar { type filter hook input priority 0 \; } ]) AT_SKIP_IF([! NS_CMD([nft add rule inet firewalld_check_log_audit foobar log level audit >/dev/null 2>&1])]) NS_CHECK([nft delete table inet firewalld_check_log_audit]) ]) ]) m4_define([CHECK_NFT_CT_HELPER], [ m4_if(nftables, FIREWALL_BACKEND, [ NS_CHECK([nft add table inet firewalld_check_ct_helper]) AT_SKIP_IF([! NS_CMD([nft add ct helper inet firewalld helper-ftp-tcp { type \"ftp\" protocol tcp \; } >/dev/null 2>&1])]) NS_CHECK([nft delete table inet firewalld_check_ct_helper]) ]) ]) m4_define([CHECK_MODULE_PROTO_GRE], [ AT_SKIP_IF([! NS_CMD([modinfo nf_conntrack_proto_gre])]) ]) m4_define([CHECK_IPTABLES], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ AT_SKIP_IF([! NS_CMD([sh -c "{ $IPTABLES_RESTORE -h || $IPTABLES -h; }" >/dev/null 2>&1])]) ]) ]) m4_define([IF_HOST_SUPPORTS_NFT_FIB], [ KERNEL_MAJOR=`uname -r | cut -d. -f1` KERNEL_MINOR=`uname -r | cut -d. -f2` if test ${KERNEL_MAJOR} -eq 4 && test ${KERNEL_MINOR} -ge 10 || test ${KERNEL_MAJOR} -gt 4; then : $1 else : $2 fi ]) m4_define([IF_HOST_SUPPORTS_IP6TABLES], [ if $IP6TABLES -L >/dev/null 2>&1; then : $1 else : $2 fi ]) m4_define([IF_HOST_SUPPORTS_IPV6], [ if sysctl -a |grep -F "net.ipv6" >/dev/null 2>&1; then : $1 else : $2 fi ]) m4_define([IF_HOST_SUPPORTS_IPV6_RULES], [ m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [$1], [ m4_if(nftables, FIREWALL_BACKEND, [$1], [ IF_HOST_SUPPORTS_IP6TABLES([$1], [$2]) ])]) ]) m4_define([NMCLI_CHECK], [ AT_SKIP_IF([! NS_CMD([nmcli connection show >/dev/null 2>&1])]) NS_CHECK([PIPESTATUS0([nmcli $1], [TRIM_WHITESPACE])], [$2], [m4_strip([$3])], [m4_strip([$4])], [$5], [$6]) ]) m4_define([IF_HOST_SUPPORTS_NFT_RULE_INDEX], [ m4_if(nftables, FIREWALL_BACKEND, [ AT_DATA([./nft_rule_index.nft], [ add table inet firewalld_check_rule_index add chain inet firewalld_check_rule_index foobar { type filter hook input priority 0 ; } add rule inet firewalld_check_rule_index foobar tcp dport 1234 accept add rule inet firewalld_check_rule_index foobar accept insert rule inet firewalld_check_rule_index foobar index 1 udp dport 4321 accept ]) NS_CHECK([nft -f ./nft_rule_index.nft]) if test "$( NS_CMD([nft list chain inet firewalld_check_rule_index foobar | head -n 5 |tail -n 1 | TRIM_WHITESPACE]) )" = "udp dport 4321 accept"; then : $1 else : $2 fi NS_CHECK([rm ./nft_rule_index.nft]) NS_CHECK([nft delete table inet firewalld_check_rule_index]) ], [$1]) ]) firewalld-1.1.1/src/tests/package.m40000644000000000000000000000040114217353175017252 0ustar00rootroot00000000000000m4_define([AT_PACKAGE_NAME],[firewalld]) m4_define([AT_PACKAGE_VERSION],[1.1.1]) m4_define([AT_PACKAGE_STRING],[firewalld 1.1.1]) m4_define([AT_PACKAGE_URL],[http://firewalld.org/]) m4_define([AT_PACKAGE_BUGREPORT],[https://github.com/firewalld/firewalld]) firewalld-1.1.1/Makefile.am0000644000000000000000000001257614217342322015530 0ustar00rootroot00000000000000SUBDIRS = config doc po shell-completion src DIST_TARGETS = dist-gzip dist-container EXTRA_DIST = \ COPYING \ README \ autogen.sh \ ${PACKAGE_NAME}.spec CLEANFILES = *~ *\# .\#* *.tar* DISTCLEANFILES = config.log intltool-* DISTCLEANDIRS = autom4te.cache ${PACKAGE_NAME}-* tag: @spec_ver=`awk '/Version:/ { print $$2}' ${PACKAGE_NAME}.spec`; \ if test "$$spec_ver" != "${PACKAGE_VERSION}"; then \ echo "Spec file and package versions differ: $$spec_ver != ${PACKAGE_VERSION}"; \ secs=10; \ echo -n "Using ./autogen.sh in $$secs seconds: "; \ for i in `seq $$secs -1 1`; do echo -n "."; sleep 1; done; echo; \ ./autogen.sh; \ echo; \ echo "Please run make again to apply version changes."; \ exit 1; \ fi @if ! git diff --quiet --exit-code; then \ clear; \ echo -n "========================================"; \ echo "========================================"; \ PAGER= git diff; \ echo -n "========================================"; \ echo "========================================"; \ echo "Do you want to commit these changes? (y/N)"; \ read answer; \ [ "$$answer" == "Y" -o "$$answer" == "y" ] || exit 1; \ git commit -a -m "$(PACKAGE_TAG)"; \ fi git tag -f $(PACKAGE_TAG) git push git push --tags dist: clean-docs update-docs dist-container: $(PODMAN) build --squash-all -t firewalld -f $(abs_top_srcdir)/Dockerfile $(abs_top_srcdir) $(PODMAN) tag firewalld firewalld:$(PACKAGE_VERSION) $(PODMAN) tag firewalld firewalld:latest $(PODMAN) tag firewalld:$(PACKAGE_VERSION) quay.io/firewalld/firewalld:$(PACKAGE_VERSION) $(PODMAN) tag firewalld:latest quay.io/firewalld/firewalld:latest $(PODMAN) push quay.io/firewalld/firewalld:$(PACKAGE_VERSION) $(PODMAN) push quay.io/firewalld/firewalld:latest $(PODMAN) save --format oci-archive --output firewalld-oci-$(PACKAGE_VERSION).tar firewalld:$(PACKAGE_VERSION) dist-check: @rm -f _dist_check_failed @(cat config/Makefile.am | sed -n '/^CONFIG_FILES/,/^$$/p' | head -n-1 | tail -n+2) > _config @(cd config; git ls-files icmptypes helpers ipsets services zones | sort | sed -e 's/^/\t/' | sed ':a;N;$$!ba;s/\n/ \\\n/g') > _provided_config @diff -u1B _config _provided_config > _missing_config; \ if [ $$? -ne 0 ]; then \ echo; \ echo "============================================================================="; \ echo " Fix config/Makefile.am:"; \ echo "============================================================================="; \ touch _dist_check_failed; \ cat _missing_config | tail -n +3; \ echo; \ fi @rm -f _config _provided_config _missing_config @(cat src/Makefile.am | sed -n '/^nobase_dist_python_DATA/,/^$$/p' | head -n-1 | tail -n+2) > _config @(cd src; git ls-files firewall | sort | sed -e 's/^/\t/' -e "s/.py.in/.py/" | sed ':a;N;$$!ba;s/\n/ \\\n/g') > _provided_config @diff -u1B _config _provided_config > _missing_config; \ if [ $$? -ne 0 ]; then \ echo; \ echo "============================================================================="; \ echo " Fix src/Makefile.am:"; \ echo "============================================================================="; \ touch _dist_check_failed; \ cat _missing_config | tail -n +3; \ echo; \ fi @rm -f _config _provided_config _missing_config @if [ -f "_dist_check_failed" ]; then \ rm -f _dist_check_failed; \ exit 1; \ fi check-container check-integration installcheck-integration: $(MAKE) -C src/tests $@ .PHONY: check-container check-integration installcheck-integration .PHONY: dist-container update-docs: $(MAKE) -C doc/xml clean-docs: $(MAKE) -C doc/xml clean archive: dist-check $(desktop_DATA) tag dist local: distclean @rm -rf ${PACKAGE_NAME}-$(PACKAGE_VERSION).tar.gz @rm -rf /tmp/${PACKAGE_NAME}-$(PACKAGE_VERSION) /tmp/${PACKAGE_NAME} @dir=$$PWD; cd /tmp; cp -a $$dir ${PACKAGE_NAME} @mv /tmp/${PACKAGE_NAME} /tmp/${PACKAGE_NAME}-$(PACKAGE_VERSION) @dir=$$PWD; cd /tmp; tar --gzip -cSpf $$dir/${PACKAGE_NAME}-$(PACKAGE_VERSION).tar.gz ${PACKAGE_NAME}-$(PACKAGE_VERSION) @rm -rf /tmp/${PACKAGE_NAME}-$(PACKAGE_VERSION) @echo "The archive is in ${PACKAGE_NAME}-$(PACKAGE_VERSION).tar.gz" test-rpm: dist-gzip @rpmbuild -ta $(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz test-srpm: dist-gzip @rpmbuild -ts $(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz update-po: ls $(top_srcdir)/po/*.po | sed 's/.*\/po\///;s/.po//' > $(top_srcdir)/po/LINGUAS $(MAKE) -C po update-po ${PACKAGE_NAME}.pot cp po/${PACKAGE_NAME}.pot po/${PACKAGE_NAME}.weblate.pot # This merges translations from the upstream master branch. # It's only meant to be used from the stable branches. Translations # contributions are only done against master. merge-po: update-po git fetch -q https://github.com/firewalld/firewalld master; \ for po in $(top_srcdir)/po/*.po; do \ mv $${po} $${po}.old; \ git checkout -q FETCH_HEAD $${po}; \ msgcat --use-first -o $${po}.merged $${po} $${po}.old; \ mv $${po}.merged $${po}; \ git add $${po}; \ done clean-po: @for cat in `cat ${top_srcdir}/po/LINGUAS`; do \ msgattrib --translated --no-fuzzy --no-obsolete --force-po --no-location --clear-previous --strict $(top_srcdir)/po/$$cat.po -o $(top_srcdir)/po/$$cat.out; \ mv -f $(top_srcdir)/po/$$cat.out $(top_srcdir)/po/$$cat.po; \ done report: @for cat in `cat ${top_srcdir}/po/LINGUAS`; do \ echo -n "$$cat: "; \ $(MSGFMT) --statistics -o /dev/null $(top_srcdir)/po/$$cat.po; \ done distclean-local: -test -z "$(DISTCLEANDIRS)" || rm -rf $(DISTCLEANDIRS) firewalld-1.1.1/configure0000755000000000000000000057612614217352322015412 0ustar00rootroot00000000000000#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69 for firewalld 1.1.1. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then _as_can_reexec=no; export _as_can_reexec; # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 as_fn_exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='firewalld' PACKAGE_TARNAME='firewalld' PACKAGE_VERSION='1.1.1' PACKAGE_STRING='firewalld 1.1.1' PACKAGE_BUGREPORT='' PACKAGE_URL='' ac_unique_file="src/firewalld.in" ac_default_prefix=/usr ac_subst_vars='LTLIBOBJS LIBOBJS XGETTEXT_EXTRA_OPTIONS XGETTEXT_015 GMSGFMT_015 MSGFMT_015 GETTEXT_MACRO_VERSION ALL_LINGUAS INTLTOOL_PERL GMSGFMT MSGFMT MSGMERGE XGETTEXT INTLTOOL_POLICY_RULE INTLTOOL_SERVICE_RULE INTLTOOL_THEME_RULE INTLTOOL_SCHEMAS_RULE INTLTOOL_CAVES_RULE INTLTOOL_XML_NOMERGE_RULE INTLTOOL_XML_RULE INTLTOOL_KBD_RULE INTLTOOL_XAM_RULE INTLTOOL_UI_RULE INTLTOOL_SOUNDLIST_RULE INTLTOOL_SHEET_RULE INTLTOOL_SERVER_RULE INTLTOOL_PONG_RULE INTLTOOL_OAF_RULE INTLTOOL_PROP_RULE INTLTOOL_KEYS_RULE INTLTOOL_DIRECTORY_RULE INTLTOOL_DESKTOP_RULE intltool__v_merge_options_0 intltool__v_merge_options_ INTLTOOL_V_MERGE_OPTIONS INTLTOOL__v_MERGE_0 INTLTOOL__v_MERGE_ INTLTOOL_V_MERGE INTLTOOL_EXTRACT INTLTOOL_MERGE INTLTOOL_UPDATE USE_NLS GETTEXT_PACKAGE IPSET EBTABLES_RESTORE EBTABLES IP6TABLES_RESTORE IP6TABLES IPTABLES_RESTORE IPTABLES IFCFGDIR ZSHCOMPLETIONDIR BASHCOMPLETIONDIR SYSTEMD_UNITDIR INSTALL_RPMMACROS INSTALL_RPMMACROS_FALSE INSTALL_RPMMACROS_TRUE INSTALL_SYSCONFIG INSTALL_SYSCONFIG_FALSE INSTALL_SYSCONFIG_TRUE USE_SYSTEMD USE_SYSTEMD_FALSE USE_SYSTEMD_TRUE XMLCATALOG XML_CATALOG_FILE ENABLE_DOCS_FALSE ENABLE_DOCS_TRUE GSETTINGS_RULES GLIB_COMPILE_SCHEMAS gsettingsschemadir PKG_CONFIG_LIBDIR PKG_CONFIG_PATH PKG_CONFIG GSETTINGS_DISABLE_SCHEMAS_COMPILE PODMAN SYSCTL RMMOD MODPROBE KILL XSLTPROC pkgpyexecdir pyexecdir pkgpythondir pythondir PYTHON_PLATFORM PYTHON_EXEC_PREFIX PYTHON_PREFIX PYTHON_VERSION PYTHON GREP SED LN_S PACKAGE_TAG PACKAGE_RELEASE AM_BACKSLASH AM_DEFAULT_VERBOSITY AM_DEFAULT_V AM_V am__untar am__tar AMTAR am__leading_dot SET_MAKE AWK mkdir_p MKDIR_P INSTALL_STRIP_PROGRAM STRIP install_sh MAKEINFO AUTOHEADER AUTOMAKE AUTOCONF ACLOCAL VERSION PACKAGE CYGPATH_W am__isrc INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking enable_silent_rules enable_schemas_compile enable_docs with_xml_catalog enable_systemd enable_sysconfig enable_rpmmacros with_systemd_unitdir with_bashcompletiondir with_zshcompletiondir with_ifcfgdir with_iptables with_iptables_restore with_ip6tables with_ip6tables_restore with_ebtables with_ebtables_restore with_ipset enable_nls ' ac_precious_vars='build_alias host_alias target_alias PYTHON PKG_CONFIG PKG_CONFIG_PATH PKG_CONFIG_LIBDIR' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *=) ac_optarg= ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) as_fn_error $? "unrecognized option: \`$ac_option' Try \`$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures firewalld 1.1.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/firewalld] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of firewalld 1.1.1:";; esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-silent-rules less verbose build output (undo: "make V=1") --disable-silent-rules verbose build output (undo: "make V=0") --disable-schemas-compile Disable regeneration of gschemas.compiled on install --disable-docs Disable building documentation --disable-systemd Disable systemd support --enable-sysconfig Install sysconfig file --enable-rpmmacros Install rpm macros file --disable-nls do not use Native Language Support Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-xml-catalog=CATALOG path to xml catalog to use --with-systemd-unitdir Directory for systemd service files --with-bashcompletiondir=DIR Bash completions directory --with-zshcompletiondir=DIR Zsh completions directory --with-ifcfgdir=DIR The ifcfg configuration directory --with-iptables Path to iptables executable --with-iptables-restore Path to iptables-restore executable --with-ip6tables Path to ip6tables executable --with-ip6tables-restore Path to ip6tables-restore executable --with-ebtables Path to ebtables executable --with-ebtables-restore Path to ebtables-restore executable --with-ipset Path to ipset executable Some influential environment variables: PYTHON the Python interpreter PKG_CONFIG path to pkg-config utility PKG_CONFIG_PATH directories to add to pkg-config's search path PKG_CONFIG_LIBDIR path overriding pkg-config's built-in search path Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to the package provider. _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF firewalld configure 1.1.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by firewalld $as_me 1.1.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo $as_echo "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo $as_echo "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then $as_echo "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then $as_echo "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h $as_echo "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_URL "$PACKAGE_URL" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then # We do not want a PATH search for config.site. case $CONFIG_SITE in #(( -*) ac_site_file1=./$CONFIG_SITE;; */*) ac_site_file1=$CONFIG_SITE;; *) ac_site_file1=./$CONFIG_SITE;; esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu am__api_version='1.16' ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then if ${ac_cv_path_install+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in #(( ./ | .// | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else rm -rf conftest.one conftest.two conftest.dir echo one > conftest.one echo two > conftest.two mkdir conftest.dir if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi fi done done ;; esac done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[\\\"\#\$\&\'\`$am_lf]*) as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; esac # Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( am_has_slept=no for am_try in 1 2; do echo "timestamp, slept: $am_has_slept" > conftest.file set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$*" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi if test "$*" != "X $srcdir/configure conftest.file" \ && test "$*" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". as_fn_error $? "ls -t appears to fail. Make sure there is not a broken alias in your environment" "$LINENO" 5 fi if test "$2" = conftest.file || test $am_try -eq 2; then break fi # Just in case. sleep 1 am_has_slept=yes done test "$2" = conftest.file ) then # Ok. : else as_fn_error $? "newly created file is older than distributed files! Check your system clock" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= if grep 'slept: no' conftest.file >/dev/null 2>&1; then ( sleep 1 ) & am_sleep_pid=$! fi rm -f conftest.file test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. test "$program_suffix" != NONE && program_transform_name="s&\$&$program_suffix&;$program_transform_name" # Double any \ or $. # By default was `s,x,x', remove it if useless. ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` # Expand $ac_aux_dir to an absolute path. am_aux_dir=`cd "$ac_aux_dir" && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --is-lightweight"; then am_missing_run="$MISSING " else am_missing_run= { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 $as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi # Installed binaries are usually stripped using 'strip' when the user # run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the 'STRIP' environment variable to overrule this program. if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_STRIP+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 $as_echo_n "checking for a thread-safe mkdir -p... " >&6; } if test -z "$MKDIR_P"; then if ${ac_cv_path_mkdir+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( 'mkdir (GNU coreutils) '* | \ 'mkdir (coreutils) '* | \ 'mkdir (fileutils) '4.1*) ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext break 3;; esac done done done IFS=$as_save_IFS fi test -d ./--version && rmdir ./--version if test "${ac_cv_path_mkdir+set}" = set; then MKDIR_P="$ac_cv_path_mkdir -p" else # As a last resort, use the slow shell script. Don't cache a # value for MKDIR_P within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. MKDIR_P="$ac_install_sh -d" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 $as_echo "$MKDIR_P" >&6; } for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AWK+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 $as_echo "$AWK" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AWK" && break done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null # Check whether --enable-silent-rules was given. if test "${enable_silent_rules+set}" = set; then : enableval=$enable_silent_rules; fi case $enable_silent_rules in # ((( yes) AM_DEFAULT_VERBOSITY=0;; no) AM_DEFAULT_VERBOSITY=1;; *) AM_DEFAULT_VERBOSITY=1;; esac am_make=${MAKE-make} { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 $as_echo_n "checking whether $am_make supports nested variables... " >&6; } if ${am_cv_make_support_nested_variables+:} false; then : $as_echo_n "(cached) " >&6 else if $as_echo 'TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 am__doit: @$(TRUE) .PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then am_cv_make_support_nested_variables=yes else am_cv_make_support_nested_variables=no fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 $as_echo "$am_cv_make_support_nested_variables" >&6; } if test $am_cv_make_support_nested_variables = yes; then AM_V='$(V)' AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' else AM_V=$AM_DEFAULT_VERBOSITY AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY fi AM_BACKSLASH='\' if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi # Define the identity of the package. PACKAGE='firewalld' VERSION='1.1.1' # Some tools Automake needs. ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: # # mkdir_p='$(MKDIR_P)' # We need awk for the "check" target (and possibly the TAP driver). The # system "awk" is bad on some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' # We'll loop over all known methods to create a tar archive until one works. _am_tools='gnutar plaintar pax cpio none' # The POSIX 1988 'ustar' format is defined with fixed-size fields. # There is notably a 21 bits limit for the UID and the GID. In fact, # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 # and bug#13588). am_max_uid=2097151 # 2^21 - 1 am_max_gid=$am_max_uid # The $UID and $GID variables are not portable, so we need to resort # to the POSIX-mandated id(1) utility. Errors in the 'id' calls # below are definitely unexpected, so allow the users to see them # (that is, avoid stderr redirection). am_uid=`id -u || echo unknown` am_gid=`id -g || echo unknown` { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether UID '$am_uid' is supported by ustar format" >&5 $as_echo_n "checking whether UID '$am_uid' is supported by ustar format... " >&6; } if test $am_uid -le $am_max_uid; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } _am_tools=none fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether GID '$am_gid' is supported by ustar format" >&5 $as_echo_n "checking whether GID '$am_gid' is supported by ustar format... " >&6; } if test $am_gid -le $am_max_gid; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } _am_tools=none fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to create a ustar tar archive" >&5 $as_echo_n "checking how to create a ustar tar archive... " >&6; } # Go ahead even if we have the value already cached. We do so because we # need to set the values for the 'am__tar' and 'am__untar' variables. _am_tools=${am_cv_prog_tar_ustar-$_am_tools} for _am_tool in $_am_tools; do case $_am_tool in gnutar) for _am_tar in tar gnutar gtar; do { echo "$as_me:$LINENO: $_am_tar --version" >&5 ($_am_tar --version) >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && break done am__tar="$_am_tar --format=ustar -chf - "'"$$tardir"' am__tar_="$_am_tar --format=ustar -chf - "'"$tardir"' am__untar="$_am_tar -xf -" ;; plaintar) # Must skip GNU tar: if it does not support --format= it doesn't create # ustar tarball either. (tar --version) >/dev/null 2>&1 && continue am__tar='tar chf - "$$tardir"' am__tar_='tar chf - "$tardir"' am__untar='tar xf -' ;; pax) am__tar='pax -L -x ustar -w "$$tardir"' am__tar_='pax -L -x ustar -w "$tardir"' am__untar='pax -r' ;; cpio) am__tar='find "$$tardir" -print | cpio -o -H ustar -L' am__tar_='find "$tardir" -print | cpio -o -H ustar -L' am__untar='cpio -i -H ustar -d' ;; none) am__tar=false am__tar_=false am__untar=false ;; esac # If the value was cached, stop now. We just wanted to have am__tar # and am__untar set. test -n "${am_cv_prog_tar_ustar}" && break # tar/untar a dummy directory, and stop if the command works. rm -rf conftest.dir mkdir conftest.dir echo GrepMe > conftest.dir/file { echo "$as_me:$LINENO: tardir=conftest.dir && eval $am__tar_ >conftest.tar" >&5 (tardir=conftest.dir && eval $am__tar_ >conftest.tar) >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } rm -rf conftest.dir if test -s conftest.tar; then { echo "$as_me:$LINENO: $am__untar &5 ($am__untar &5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } { echo "$as_me:$LINENO: cat conftest.dir/file" >&5 (cat conftest.dir/file) >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } grep GrepMe conftest.dir/file >/dev/null 2>&1 && break fi done rm -rf conftest.dir if ${am_cv_prog_tar_ustar+:} false; then : $as_echo_n "(cached) " >&6 else am_cv_prog_tar_ustar=$_am_tool fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_tar_ustar" >&5 $as_echo "$am_cv_prog_tar_ustar" >&6; } # POSIX will say in a future version that running "rm -f" with no argument # is OK; and we want to be able to make that assumption in our Makefile # recipes. So use an aggressive probe to check that the usage we want is # actually supported "in the wild" to an acceptable degree. # See automake bug#10828. # To make any issue more visible, cause the running configure to be aborted # by default if the 'rm' program in use doesn't match our expectations; the # user can still override this though. if rm -f && rm -fr && rm -rf; then : OK; else cat >&2 <<'END' Oops! Your 'rm' program seems unable to run without file operands specified on the command line, even when the '-f' option is present. This is contrary to the behaviour of most rm programs out there, and not conforming with the upcoming POSIX standard: Please tell bug-automake@gnu.org about your system, including the value of your $PATH and any error possibly output before this message. This can help us improve future automake versions. END if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then echo 'Configuration will proceed anyway, since you have set the' >&2 echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 echo >&2 else cat >&2 <<'END' Aborting the configuration process, to ensure you take notice of the issue. You can download and install GNU coreutils to get an 'rm' implementation that behaves properly: . If you want to complete the configuration process using your problematic 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM to "yes", and re-run configure. END as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5 fi fi PACKAGE_RELEASE='1' cat >>confdefs.h <<_ACEOF #define PACKAGE_RELEASE "$PACKAGE_RELEASE" _ACEOF PACKAGE_TAG='v1.1.1' cat >>confdefs.h <<_ACEOF #define PACKAGE_TAG "$PACKAGE_TAG" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 $as_echo_n "checking for a sed that does not truncate output... " >&6; } if ${ac_cv_path_SED+:} false; then : $as_echo_n "(cached) " >&6 else ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" done echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed { ac_script=; unset ac_script;} if test -z "$SED"; then ac_path_SED_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED case `"$ac_path_SED" --version 2>&1` in *GNU*) ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo '' >> "conftest.nl" "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_SED_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_SED="$ac_path_SED" ac_path_SED_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_SED_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_SED"; then as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 fi else ac_cv_path_SED=$SED fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 $as_echo "$ac_cv_path_SED" >&6; } SED="$ac_cv_path_SED" rm -f conftest.sed { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_AWK+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 $as_echo "$AWK" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AWK" && break done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi if test -n "$PYTHON"; then # If the user set $PYTHON, use it and don't search something else. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 3.6" >&5 $as_echo_n "checking whether $PYTHON version is >= 3.6... " >&6; } prog="import sys # split strings by '.' and convert to numeric. Append some zeros # because we need at least 4 digits for the hex conversion. # map returns an iterator in Python 3.0 and a list in 2.x minver = list(map(int, '3.6'.split('.'))) + [0, 0, 0] minverhex = 0 # xrange is not present in Python 3.0 and range returns an iterator for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i] sys.exit(sys.hexversion < minverhex)" if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5 ($PYTHON -c "$prog") >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } as_fn_error $? "Python interpreter is too old" "$LINENO" 5 fi am_display_PYTHON=$PYTHON else # Otherwise, try each interpreter until we find one that satisfies # VERSION. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 3.6" >&5 $as_echo_n "checking for a Python interpreter with version >= 3.6... " >&6; } if ${am_cv_pathless_PYTHON+:} false; then : $as_echo_n "(cached) " >&6 else for am_cv_pathless_PYTHON in python python2 python3 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do test "$am_cv_pathless_PYTHON" = none && break prog="import sys # split strings by '.' and convert to numeric. Append some zeros # because we need at least 4 digits for the hex conversion. # map returns an iterator in Python 3.0 and a list in 2.x minver = list(map(int, '3.6'.split('.'))) + [0, 0, 0] minverhex = 0 # xrange is not present in Python 3.0 and range returns an iterator for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i] sys.exit(sys.hexversion < minverhex)" if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5 ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5 ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); }; then : break fi done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5 $as_echo "$am_cv_pathless_PYTHON" >&6; } # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. if test "$am_cv_pathless_PYTHON" = none; then PYTHON=: else # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args. set dummy $am_cv_pathless_PYTHON; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PYTHON+:} false; then : $as_echo_n "(cached) " >&6 else case $PYTHON in [\\/]* | ?:[\\/]*) ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PYTHON=$ac_cv_path_PYTHON if test -n "$PYTHON"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 $as_echo "$PYTHON" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi am_display_PYTHON=$am_cv_pathless_PYTHON fi if test "$PYTHON" = :; then as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5 else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5 $as_echo_n "checking for $am_display_PYTHON version... " >&6; } if ${am_cv_python_version+:} false; then : $as_echo_n "(cached) " >&6 else am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"` fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5 $as_echo "$am_cv_python_version" >&6; } PYTHON_VERSION=$am_cv_python_version PYTHON_PREFIX='${prefix}' PYTHON_EXEC_PREFIX='${exec_prefix}' { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5 $as_echo_n "checking for $am_display_PYTHON platform... " >&6; } if ${am_cv_python_platform+:} false; then : $as_echo_n "(cached) " >&6 else am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"` fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5 $as_echo "$am_cv_python_platform" >&6; } PYTHON_PLATFORM=$am_cv_python_platform # Just factor out some code duplication. am_python_setup_sysconfig="\ import sys # Prefer sysconfig over distutils.sysconfig, for better compatibility # with python 3.x. See automake bug#10227. try: import sysconfig except ImportError: can_use_sysconfig = 0 else: can_use_sysconfig = 1 # Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: # try: from platform import python_implementation if python_implementation() == 'CPython' and sys.version[:3] == '2.7': can_use_sysconfig = 0 except ImportError: pass" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5 $as_echo_n "checking for $am_display_PYTHON script directory... " >&6; } if ${am_cv_python_pythondir+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$prefix" = xNONE then am_py_prefix=$ac_default_prefix else am_py_prefix=$prefix fi am_cv_python_pythondir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') sys.stdout.write(sitedir)"` case $am_cv_python_pythondir in $am_py_prefix*) am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` ;; *) case $am_py_prefix in /usr|/System*) ;; *) am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5 $as_echo "$am_cv_python_pythondir" >&6; } pythondir=$am_cv_python_pythondir pkgpythondir=\${pythondir}/$PACKAGE { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5 $as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; } if ${am_cv_python_pyexecdir+:} false; then : $as_echo_n "(cached) " >&6 else if test "x$exec_prefix" = xNONE then am_py_exec_prefix=$am_py_prefix else am_py_exec_prefix=$exec_prefix fi am_cv_python_pyexecdir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') sys.stdout.write(sitedir)"` case $am_cv_python_pyexecdir in $am_py_exec_prefix*) am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` ;; *) case $am_py_exec_prefix in /usr|/System*) ;; *) am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5 $as_echo "$am_cv_python_pyexecdir" >&6; } pyexecdir=$am_cv_python_pyexecdir pkgpyexecdir=\${pyexecdir}/$PACKAGE fi # Extract the first word of "xsltproc", so it can be a program name with args. set dummy xsltproc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_XSLTPROC+:} false; then : $as_echo_n "(cached) " >&6 else case $XSLTPROC in [\\/]* | ?:[\\/]*) ac_cv_path_XSLTPROC="$XSLTPROC" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_XSLTPROC="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi XSLTPROC=$ac_cv_path_XSLTPROC if test -n "$XSLTPROC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XSLTPROC" >&5 $as_echo "$XSLTPROC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "kill", so it can be a program name with args. set dummy kill; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_KILL+:} false; then : $as_echo_n "(cached) " >&6 else case $KILL in [\\/]* | ?:[\\/]*) ac_cv_path_KILL="$KILL" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_KILL="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_KILL" && ac_cv_path_KILL="/usr/bin/kill" ;; esac fi KILL=$ac_cv_path_KILL if test -n "$KILL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $KILL" >&5 $as_echo "$KILL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "modprobe", so it can be a program name with args. set dummy modprobe; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MODPROBE+:} false; then : $as_echo_n "(cached) " >&6 else case $MODPROBE in [\\/]* | ?:[\\/]*) ac_cv_path_MODPROBE="$MODPROBE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_MODPROBE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_MODPROBE" && ac_cv_path_MODPROBE="/sbin/modprobe" ;; esac fi MODPROBE=$ac_cv_path_MODPROBE if test -n "$MODPROBE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MODPROBE" >&5 $as_echo "$MODPROBE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "rmmod", so it can be a program name with args. set dummy rmmod; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_RMMOD+:} false; then : $as_echo_n "(cached) " >&6 else case $RMMOD in [\\/]* | ?:[\\/]*) ac_cv_path_RMMOD="$RMMOD" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_RMMOD="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_RMMOD" && ac_cv_path_RMMOD="/sbin/rmmod" ;; esac fi RMMOD=$ac_cv_path_RMMOD if test -n "$RMMOD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RMMOD" >&5 $as_echo "$RMMOD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "sysctl", so it can be a program name with args. set dummy sysctl; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_SYSCTL+:} false; then : $as_echo_n "(cached) " >&6 else case $SYSCTL in [\\/]* | ?:[\\/]*) ac_cv_path_SYSCTL="$SYSCTL" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_SYSCTL="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_SYSCTL" && ac_cv_path_SYSCTL="/sbin/sysctl" ;; esac fi SYSCTL=$ac_cv_path_SYSCTL if test -n "$SYSCTL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SYSCTL" >&5 $as_echo "$SYSCTL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi ac_config_commands="$ac_config_commands src/tests/atconfig" for ac_prog in podman docker do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PODMAN+:} false; then : $as_echo_n "(cached) " >&6 else case $PODMAN in [\\/]* | ?:[\\/]*) ac_cv_path_PODMAN="$PODMAN" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PODMAN="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PODMAN=$ac_cv_path_PODMAN if test -n "$PODMAN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PODMAN" >&5 $as_echo "$PODMAN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$PODMAN" && break done test -n "$PODMAN" || PODMAN="/bin/false" # Check whether --enable-schemas-compile was given. if test "${enable_schemas_compile+set}" = set; then : enableval=$enable_schemas_compile; case ${enableval} in yes) GSETTINGS_DISABLE_SCHEMAS_COMPILE="" ;; no) GSETTINGS_DISABLE_SCHEMAS_COMPILE="1" ;; *) as_fn_error $? "bad value ${enableval} for --enable-schemas-compile" "$LINENO" 5 ;; esac fi if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else case $PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PKG_CONFIG=$ac_cv_path_PKG_CONFIG if test -n "$PKG_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 $as_echo "$PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_path_PKG_CONFIG"; then ac_pt_PKG_CONFIG=$PKG_CONFIG # Extract the first word of "pkg-config", so it can be a program name with args. set dummy pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : $as_echo_n "(cached) " >&6 else case $ac_pt_PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG if test -n "$ac_pt_PKG_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 $as_echo "$ac_pt_PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_pt_PKG_CONFIG" = x; then PKG_CONFIG="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac PKG_CONFIG=$ac_pt_PKG_CONFIG fi else PKG_CONFIG="$ac_cv_path_PKG_CONFIG" fi fi if test -n "$PKG_CONFIG"; then _pkg_min_version=0.16 { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 $as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } PKG_CONFIG="" fi fi gsettingsschemadir=${datadir}/glib-2.0/schemas if test x$cross_compiling != xyes; then GLIB_COMPILE_SCHEMAS=`$PKG_CONFIG --variable glib_compile_schemas gio-2.0` else # Extract the first word of "glib-compile-schemas", so it can be a program name with args. set dummy glib-compile-schemas; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_GLIB_COMPILE_SCHEMAS+:} false; then : $as_echo_n "(cached) " >&6 else case $GLIB_COMPILE_SCHEMAS in [\\/]* | ?:[\\/]*) ac_cv_path_GLIB_COMPILE_SCHEMAS="$GLIB_COMPILE_SCHEMAS" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_GLIB_COMPILE_SCHEMAS="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi GLIB_COMPILE_SCHEMAS=$ac_cv_path_GLIB_COMPILE_SCHEMAS if test -n "$GLIB_COMPILE_SCHEMAS"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GLIB_COMPILE_SCHEMAS" >&5 $as_echo "$GLIB_COMPILE_SCHEMAS" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test "x$GLIB_COMPILE_SCHEMAS" = "x"; then as_fn_error $? "glib-compile-schemas not found." "$LINENO" 5 else : fi GSETTINGS_RULES=' .PHONY : uninstall-gsettings-schemas install-gsettings-schemas clean-gsettings-schemas mostlyclean-am: clean-gsettings-schemas gsettings__enum_file = $(addsuffix .enums.xml,$(gsettings_ENUM_NAMESPACE)) %.gschema.valid: %.gschema.xml $(gsettings__enum_file) $(AM_V_GEN) $(GLIB_COMPILE_SCHEMAS) --strict --dry-run $(addprefix --schema-file=,$(gsettings__enum_file)) --schema-file=$< && mkdir -p $(@D) && touch $@ all-am: $(gsettings_SCHEMAS:.xml=.valid) uninstall-am: uninstall-gsettings-schemas install-data-am: install-gsettings-schemas .SECONDARY: $(gsettings_SCHEMAS) install-gsettings-schemas: $(gsettings_SCHEMAS) $(gsettings__enum_file) @$(NORMAL_INSTALL) if test -n "$^"; then \ test -z "$(gsettingsschemadir)" || $(MKDIR_P) "$(DESTDIR)$(gsettingsschemadir)"; \ $(INSTALL_DATA) $^ "$(DESTDIR)$(gsettingsschemadir)"; \ test -n "$(GSETTINGS_DISABLE_SCHEMAS_COMPILE)$(DESTDIR)" || $(GLIB_COMPILE_SCHEMAS) $(gsettingsschemadir); \ fi uninstall-gsettings-schemas: @$(NORMAL_UNINSTALL) @list='\''$(gsettings_SCHEMAS) $(gsettings__enum_file)'\''; test -n "$(gsettingsschemadir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e '\''s|^.*/||'\''`; \ test -n "$$files" || exit 0; \ echo " ( cd '\''$(DESTDIR)$(gsettingsschemadir)'\'' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(gsettingsschemadir)" && rm -f $$files test -n "$(GSETTINGS_DISABLE_SCHEMAS_COMPILE)$(DESTDIR)" || $(GLIB_COMPILE_SCHEMAS) $(gsettingsschemadir) clean-gsettings-schemas: rm -f $(gsettings_SCHEMAS:.xml=.valid) $(gsettings__enum_file) ifdef gsettings_ENUM_NAMESPACE $(gsettings__enum_file): $(gsettings_ENUM_FILES) $(AM_V_GEN) glib-mkenums --comments '\'''\'' --fhead "" --vhead " <@type@ id='\''$(gsettings_ENUM_NAMESPACE).@EnumName@'\''>" --vprod " " --vtail " " --ftail "" $^ > $@.tmp && mv $@.tmp $@ endif ' ############################################################# # Check whether --enable-docs was given. if test "${enable_docs+set}" = set; then : enableval=$enable_docs; fi if test x$enable_docs != xno; then ENABLE_DOCS_TRUE= ENABLE_DOCS_FALSE='#' else ENABLE_DOCS_TRUE='#' ENABLE_DOCS_FALSE= fi # check for the presence of the XML catalog # Check whether --with-xml-catalog was given. if test "${with_xml_catalog+set}" = set; then : withval=$with_xml_catalog; else with_xml_catalog=/etc/xml/catalog fi jh_found_xmlcatalog=true XML_CATALOG_FILE="$with_xml_catalog" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for XML catalog ($XML_CATALOG_FILE)" >&5 $as_echo_n "checking for XML catalog ($XML_CATALOG_FILE)... " >&6; } if test -f "$XML_CATALOG_FILE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 $as_echo "found" >&6; } else jh_found_xmlcatalog=false { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } fi # check for the xmlcatalog program # Extract the first word of "xmlcatalog", so it can be a program name with args. set dummy xmlcatalog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_XMLCATALOG+:} false; then : $as_echo_n "(cached) " >&6 else case $XMLCATALOG in [\\/]* | ?:[\\/]*) ac_cv_path_XMLCATALOG="$XMLCATALOG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_XMLCATALOG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_XMLCATALOG" && ac_cv_path_XMLCATALOG="no" ;; esac fi XMLCATALOG=$ac_cv_path_XMLCATALOG if test -n "$XMLCATALOG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XMLCATALOG" >&5 $as_echo "$XMLCATALOG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$XMLCATALOG" = xno; then jh_found_xmlcatalog=false fi if $jh_found_xmlcatalog; then : else : fi if test -z "$ENABLE_DOCS_TRUE"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DocBook XSL Stylesheets in XML catalog" >&5 $as_echo_n "checking for DocBook XSL Stylesheets in XML catalog... " >&6; } if $jh_found_xmlcatalog && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$XMLCATALOG --noout \"\$XML_CATALOG_FILE\" \"http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl\" >&2"; } >&5 ($XMLCATALOG --noout "$XML_CATALOG_FILE" "http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl" >&2) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 $as_echo "found" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } as_fn_error $? "could not find DocBook XSL Stylesheets in XML catalog" "$LINENO" 5 fi fi ############################################################# # Check whether --enable-systemd was given. if test "${enable_systemd+set}" = set; then : enableval=$enable_systemd; use_systemd=$enableval else use_systemd=yes fi if test x$use_systemd = xyes; then USE_SYSTEMD_TRUE= USE_SYSTEMD_FALSE='#' else USE_SYSTEMD_TRUE='#' USE_SYSTEMD_FALSE= fi # Check whether --enable-sysconfig was given. if test "${enable_sysconfig+set}" = set; then : enableval=$enable_sysconfig; INSTALL_SYSCONFIG="${enableval}" else INSTALL_SYSCONFIG='no' fi if test x$INSTALL_SYSCONFIG = xyes; then INSTALL_SYSCONFIG_TRUE= INSTALL_SYSCONFIG_FALSE='#' else INSTALL_SYSCONFIG_TRUE='#' INSTALL_SYSCONFIG_FALSE= fi # Check whether --enable-rpmmacros was given. if test "${enable_rpmmacros+set}" = set; then : enableval=$enable_rpmmacros; INSTALL_RPMMACROS="${enableval}" else INSTALL_RPMMACROS='no' fi if test x$INSTALL_RPMMACROS = xyes; then INSTALL_RPMMACROS_TRUE= INSTALL_RPMMACROS_FALSE='#' else INSTALL_RPMMACROS_TRUE='#' INSTALL_RPMMACROS_FALSE= fi # Check whether --with-systemd-unitdir was given. if test "${with_systemd_unitdir+set}" = set; then : withval=$with_systemd_unitdir; SYSTEMD_UNITDIR=$withval else SYSTEMD_UNITDIR="\${prefix}/lib/systemd/system" fi # Check whether --with-bashcompletiondir was given. if test "${with_bashcompletiondir+set}" = set; then : withval=$with_bashcompletiondir; BASHCOMPLETIONDIR=$withval else BASHCOMPLETIONDIR="${datadir}/bash-completion/completions" fi # Check whether --with-zshcompletiondir was given. if test "${with_zshcompletiondir+set}" = set; then : withval=$with_zshcompletiondir; ZSHCOMPLETIONDIR=$withval else ZSHCOMPLETIONDIR="${datadir}/zsh/site-functions" fi # Check whether --with-ifcfgdir was given. if test "${with_ifcfgdir+set}" = set; then : withval=$with_ifcfgdir; IFCFGDIR=$withval else IFCFGDIR="/etc/sysconfig/network-scripts" fi # Extend PATH to include /sbin etc in case we are building as non-root FW_TOOLS_PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin" # Check whether --with-iptables was given. if test "${with_iptables+set}" = set; then : withval=$with_iptables; IPTABLES=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for iptables: $IPTABLES" >&5 $as_echo "$as_me: Using for iptables: $IPTABLES" >&6;} else # Extract the first word of "iptables", so it can be a program name with args. set dummy iptables; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_IPTABLES+:} false; then : $as_echo_n "(cached) " >&6 else case $IPTABLES in [\\/]* | ?:[\\/]*) ac_cv_path_IPTABLES="$IPTABLES" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_IPTABLES="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_IPTABLES" && ac_cv_path_IPTABLES="/bin/false" ;; esac fi IPTABLES=$ac_cv_path_IPTABLES if test -n "$IPTABLES"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IPTABLES" >&5 $as_echo "$IPTABLES" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi # Check whether --with-iptables-restore was given. if test "${with_iptables_restore+set}" = set; then : withval=$with_iptables_restore; IPTABLES_RESTORE=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for iptables-restore: $IPTABLES_RESTORE" >&5 $as_echo "$as_me: Using for iptables-restore: $IPTABLES_RESTORE" >&6;} else # Extract the first word of "iptables-restore", so it can be a program name with args. set dummy iptables-restore; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_IPTABLES_RESTORE+:} false; then : $as_echo_n "(cached) " >&6 else case $IPTABLES_RESTORE in [\\/]* | ?:[\\/]*) ac_cv_path_IPTABLES_RESTORE="$IPTABLES_RESTORE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_IPTABLES_RESTORE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_IPTABLES_RESTORE" && ac_cv_path_IPTABLES_RESTORE="/bin/false" ;; esac fi IPTABLES_RESTORE=$ac_cv_path_IPTABLES_RESTORE if test -n "$IPTABLES_RESTORE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IPTABLES_RESTORE" >&5 $as_echo "$IPTABLES_RESTORE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi # Check whether --with-ip6tables was given. if test "${with_ip6tables+set}" = set; then : withval=$with_ip6tables; IP6TABLES=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for ip6tables: $IP6TABLES" >&5 $as_echo "$as_me: Using for ip6tables: $IP6TABLES" >&6;} else # Extract the first word of "ip6tables", so it can be a program name with args. set dummy ip6tables; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_IP6TABLES+:} false; then : $as_echo_n "(cached) " >&6 else case $IP6TABLES in [\\/]* | ?:[\\/]*) ac_cv_path_IP6TABLES="$IP6TABLES" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_IP6TABLES="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_IP6TABLES" && ac_cv_path_IP6TABLES="/bin/false" ;; esac fi IP6TABLES=$ac_cv_path_IP6TABLES if test -n "$IP6TABLES"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IP6TABLES" >&5 $as_echo "$IP6TABLES" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi # Check whether --with-ip6tables-restore was given. if test "${with_ip6tables_restore+set}" = set; then : withval=$with_ip6tables_restore; IP6TABLES_RESTORE=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for ip6tables-restore: $IP6TABLES_RESTORE" >&5 $as_echo "$as_me: Using for ip6tables-restore: $IP6TABLES_RESTORE" >&6;} else # Extract the first word of "ip6tables-restore", so it can be a program name with args. set dummy ip6tables-restore; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_IP6TABLES_RESTORE+:} false; then : $as_echo_n "(cached) " >&6 else case $IP6TABLES_RESTORE in [\\/]* | ?:[\\/]*) ac_cv_path_IP6TABLES_RESTORE="$IP6TABLES_RESTORE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_IP6TABLES_RESTORE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_IP6TABLES_RESTORE" && ac_cv_path_IP6TABLES_RESTORE="/bin/false" ;; esac fi IP6TABLES_RESTORE=$ac_cv_path_IP6TABLES_RESTORE if test -n "$IP6TABLES_RESTORE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IP6TABLES_RESTORE" >&5 $as_echo "$IP6TABLES_RESTORE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi # Check whether --with-ebtables was given. if test "${with_ebtables+set}" = set; then : withval=$with_ebtables; EBTABLES=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for ebtables: $EBTABLES" >&5 $as_echo "$as_me: Using for ebtables: $EBTABLES" >&6;} else # Extract the first word of "ebtables", so it can be a program name with args. set dummy ebtables; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_EBTABLES+:} false; then : $as_echo_n "(cached) " >&6 else case $EBTABLES in [\\/]* | ?:[\\/]*) ac_cv_path_EBTABLES="$EBTABLES" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_EBTABLES="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_EBTABLES" && ac_cv_path_EBTABLES="/bin/false" ;; esac fi EBTABLES=$ac_cv_path_EBTABLES if test -n "$EBTABLES"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $EBTABLES" >&5 $as_echo "$EBTABLES" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi # Check whether --with-ebtables-restore was given. if test "${with_ebtables_restore+set}" = set; then : withval=$with_ebtables_restore; EBTABLES_RESTORE=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for ebtables-restore: $EBTABLES_RESTORE" >&5 $as_echo "$as_me: Using for ebtables-restore: $EBTABLES_RESTORE" >&6;} else # Extract the first word of "ebtables-restore", so it can be a program name with args. set dummy ebtables-restore; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_EBTABLES_RESTORE+:} false; then : $as_echo_n "(cached) " >&6 else case $EBTABLES_RESTORE in [\\/]* | ?:[\\/]*) ac_cv_path_EBTABLES_RESTORE="$EBTABLES_RESTORE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_EBTABLES_RESTORE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_EBTABLES_RESTORE" && ac_cv_path_EBTABLES_RESTORE="/bin/false" ;; esac fi EBTABLES_RESTORE=$ac_cv_path_EBTABLES_RESTORE if test -n "$EBTABLES_RESTORE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $EBTABLES_RESTORE" >&5 $as_echo "$EBTABLES_RESTORE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi # Check whether --with-ipset was given. if test "${with_ipset+set}" = set; then : withval=$with_ipset; IPSET=$withval { $as_echo "$as_me:${as_lineno-$LINENO}: Using for ipset: $IPSET" >&5 $as_echo "$as_me: Using for ipset: $IPSET" >&6;} else # Extract the first word of "ipset", so it can be a program name with args. set dummy ipset; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_IPSET+:} false; then : $as_echo_n "(cached) " >&6 else case $IPSET in [\\/]* | ?:[\\/]*) ac_cv_path_IPSET="$IPSET" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $FW_TOOLS_PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_IPSET="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_IPSET" && ac_cv_path_IPSET="/bin/false" ;; esac fi IPSET=$ac_cv_path_IPSET if test -n "$IPSET"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IPSET" >&5 $as_echo "$IPSET" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi ############################################################# GETTEXT_PACKAGE='firewalld' cat >>confdefs.h <<_ACEOF #define GETTEXT_PACKAGE "$GETTEXT_PACKAGE" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5 $as_echo_n "checking whether NLS is requested... " >&6; } # Check whether --enable-nls was given. if test "${enable_nls+set}" = set; then : enableval=$enable_nls; USE_NLS=$enableval else USE_NLS=yes fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 $as_echo "$USE_NLS" >&6; } case "$am__api_version" in 1.01234) as_fn_error $? "Automake 1.5 or newer is required to use intltool" "$LINENO" 5 ;; *) ;; esac INTLTOOL_REQUIRED_VERSION_AS_INT=`echo 0.35.0 | awk -F. '{ print $ 1 * 1000 + $ 2 * 100 + $ 3; }'` INTLTOOL_APPLIED_VERSION=`intltool-update --version | head -1 | cut -d" " -f3` INTLTOOL_APPLIED_VERSION_AS_INT=`echo $INTLTOOL_APPLIED_VERSION | awk -F. '{ print $ 1 * 1000 + $ 2 * 100 + $ 3; }'` if test -n "0.35.0"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intltool >= 0.35.0" >&5 $as_echo_n "checking for intltool >= 0.35.0... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_APPLIED_VERSION found" >&5 $as_echo "$INTLTOOL_APPLIED_VERSION found" >&6; } test "$INTLTOOL_APPLIED_VERSION_AS_INT" -ge "$INTLTOOL_REQUIRED_VERSION_AS_INT" || as_fn_error $? "Your intltool is too old. You need intltool 0.35.0 or later." "$LINENO" 5 fi # Extract the first word of "intltool-update", so it can be a program name with args. set dummy intltool-update; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_INTLTOOL_UPDATE+:} false; then : $as_echo_n "(cached) " >&6 else case $INTLTOOL_UPDATE in [\\/]* | ?:[\\/]*) ac_cv_path_INTLTOOL_UPDATE="$INTLTOOL_UPDATE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_INTLTOOL_UPDATE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi INTLTOOL_UPDATE=$ac_cv_path_INTLTOOL_UPDATE if test -n "$INTLTOOL_UPDATE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_UPDATE" >&5 $as_echo "$INTLTOOL_UPDATE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "intltool-merge", so it can be a program name with args. set dummy intltool-merge; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_INTLTOOL_MERGE+:} false; then : $as_echo_n "(cached) " >&6 else case $INTLTOOL_MERGE in [\\/]* | ?:[\\/]*) ac_cv_path_INTLTOOL_MERGE="$INTLTOOL_MERGE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_INTLTOOL_MERGE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi INTLTOOL_MERGE=$ac_cv_path_INTLTOOL_MERGE if test -n "$INTLTOOL_MERGE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_MERGE" >&5 $as_echo "$INTLTOOL_MERGE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "intltool-extract", so it can be a program name with args. set dummy intltool-extract; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_INTLTOOL_EXTRACT+:} false; then : $as_echo_n "(cached) " >&6 else case $INTLTOOL_EXTRACT in [\\/]* | ?:[\\/]*) ac_cv_path_INTLTOOL_EXTRACT="$INTLTOOL_EXTRACT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_INTLTOOL_EXTRACT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi INTLTOOL_EXTRACT=$ac_cv_path_INTLTOOL_EXTRACT if test -n "$INTLTOOL_EXTRACT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_EXTRACT" >&5 $as_echo "$INTLTOOL_EXTRACT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$INTLTOOL_UPDATE" -o -z "$INTLTOOL_MERGE" -o -z "$INTLTOOL_EXTRACT"; then as_fn_error $? "The intltool scripts were not found. Please install intltool." "$LINENO" 5 fi if test -z "$AM_DEFAULT_VERBOSITY"; then AM_DEFAULT_VERBOSITY=1 fi INTLTOOL_V_MERGE='$(INTLTOOL__v_MERGE_$(V))' INTLTOOL__v_MERGE_='$(INTLTOOL__v_MERGE_$(AM_DEFAULT_VERBOSITY))' INTLTOOL__v_MERGE_0='@echo " ITMRG " $@;' INTLTOOL_V_MERGE_OPTIONS='$(intltool__v_merge_options_$(V))' intltool__v_merge_options_='$(intltool__v_merge_options_$(AM_DEFAULT_VERBOSITY))' intltool__v_merge_options_0='-q' INTLTOOL_DESKTOP_RULE='%.desktop: %.desktop.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_DIRECTORY_RULE='%.directory: %.directory.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_KEYS_RULE='%.keys: %.keys.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -k -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_PROP_RULE='%.prop: %.prop.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_OAF_RULE='%.oaf: %.oaf.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -o -p $(top_srcdir)/po $< $@' INTLTOOL_PONG_RULE='%.pong: %.pong.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_SERVER_RULE='%.server: %.server.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -o -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_SHEET_RULE='%.sheet: %.sheet.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_SOUNDLIST_RULE='%.soundlist: %.soundlist.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_UI_RULE='%.ui: %.ui.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_XML_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' if test "$INTLTOOL_APPLIED_VERSION_AS_INT" -ge 5000; then INTLTOOL_XML_NOMERGE_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u --no-translations $< $@' else INTLTOOL_XML_NOMERGE_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) ; $(INTLTOOL_V_MERGE)_it_tmp_dir=tmp.intltool.$$RANDOM && mkdir $$_it_tmp_dir && LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u $$_it_tmp_dir $< $@ && rmdir $$_it_tmp_dir' fi INTLTOOL_XAM_RULE='%.xam: %.xml.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_KBD_RULE='%.kbd: %.kbd.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -m -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_CAVES_RULE='%.caves: %.caves.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_SCHEMAS_RULE='%.schemas: %.schemas.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -s -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_THEME_RULE='%.theme: %.theme.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_SERVICE_RULE='%.service: %.service.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' INTLTOOL_POLICY_RULE='%.policy: %.policy.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' # Check the gettext tools to make sure they are GNU # Extract the first word of "xgettext", so it can be a program name with args. set dummy xgettext; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_XGETTEXT+:} false; then : $as_echo_n "(cached) " >&6 else case $XGETTEXT in [\\/]* | ?:[\\/]*) ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_XGETTEXT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi XGETTEXT=$ac_cv_path_XGETTEXT if test -n "$XGETTEXT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5 $as_echo "$XGETTEXT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "msgmerge", so it can be a program name with args. set dummy msgmerge; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MSGMERGE+:} false; then : $as_echo_n "(cached) " >&6 else case $MSGMERGE in [\\/]* | ?:[\\/]*) ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_MSGMERGE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi MSGMERGE=$ac_cv_path_MSGMERGE if test -n "$MSGMERGE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5 $as_echo "$MSGMERGE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "msgfmt", so it can be a program name with args. set dummy msgfmt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MSGFMT+:} false; then : $as_echo_n "(cached) " >&6 else case $MSGFMT in [\\/]* | ?:[\\/]*) ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_MSGFMT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi MSGFMT=$ac_cv_path_MSGFMT if test -n "$MSGFMT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5 $as_echo "$MSGFMT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "gmsgfmt", so it can be a program name with args. set dummy gmsgfmt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_GMSGFMT+:} false; then : $as_echo_n "(cached) " >&6 else case $GMSGFMT in [\\/]* | ?:[\\/]*) ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT" ;; esac fi GMSGFMT=$ac_cv_path_GMSGFMT if test -n "$GMSGFMT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5 $as_echo "$GMSGFMT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$XGETTEXT" -o -z "$MSGMERGE" -o -z "$MSGFMT"; then as_fn_error $? "GNU gettext tools not found; required for intltool" "$LINENO" 5 fi xgversion="`$XGETTEXT --version|grep '(GNU ' 2> /dev/null`" mmversion="`$MSGMERGE --version|grep '(GNU ' 2> /dev/null`" mfversion="`$MSGFMT --version|grep '(GNU ' 2> /dev/null`" if test -z "$xgversion" -o -z "$mmversion" -o -z "$mfversion"; then as_fn_error $? "GNU gettext tools not found; required for intltool" "$LINENO" 5 fi # Extract the first word of "perl", so it can be a program name with args. set dummy perl; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_INTLTOOL_PERL+:} false; then : $as_echo_n "(cached) " >&6 else case $INTLTOOL_PERL in [\\/]* | ?:[\\/]*) ac_cv_path_INTLTOOL_PERL="$INTLTOOL_PERL" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_INTLTOOL_PERL="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi INTLTOOL_PERL=$ac_cv_path_INTLTOOL_PERL if test -n "$INTLTOOL_PERL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_PERL" >&5 $as_echo "$INTLTOOL_PERL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$INTLTOOL_PERL"; then as_fn_error $? "perl not found" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for perl >= 5.8.1" >&5 $as_echo_n "checking for perl >= 5.8.1... " >&6; } $INTLTOOL_PERL -e "use 5.8.1;" > /dev/null 2>&1 if test $? -ne 0; then as_fn_error $? "perl 5.8.1 is required for intltool" "$LINENO" 5 else IT_PERL_VERSION=`$INTLTOOL_PERL -e "printf '%vd', $^V"` { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IT_PERL_VERSION" >&5 $as_echo "$IT_PERL_VERSION" >&6; } fi if test "xno-xml" != "xno-xml"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for XML::Parser" >&5 $as_echo_n "checking for XML::Parser... " >&6; } if `$INTLTOOL_PERL -e "require XML::Parser" 2>/dev/null`; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } else as_fn_error $? "XML::Parser perl module is required for intltool" "$LINENO" 5 fi fi # Substitute ALL_LINGUAS so we can use it in po/Makefile GETTEXT_MACRO_VERSION=0.19 # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which # contains only /bin. Note that ksh looks also at the FPATH variable, # so we have to set that as well for the test. PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ || PATH_SEPARATOR=';' } fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "msgfmt", so it can be a program name with args. set dummy msgfmt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MSGFMT+:} false; then : $as_echo_n "(cached) " >&6 else case "$MSGFMT" in [\\/]* | ?:[\\/]*) ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then echo "$as_me: trying $ac_dir/$ac_word..." >&5 if $ac_dir/$ac_word --statistics /dev/null >&5 2>&1 && (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then ac_cv_path_MSGFMT="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" test -z "$ac_cv_path_MSGFMT" && ac_cv_path_MSGFMT=":" ;; esac fi MSGFMT="$ac_cv_path_MSGFMT" if test "$MSGFMT" != ":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5 $as_echo "$MSGFMT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "gmsgfmt", so it can be a program name with args. set dummy gmsgfmt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_GMSGFMT+:} false; then : $as_echo_n "(cached) " >&6 else case $GMSGFMT in [\\/]* | ?:[\\/]*) ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT" ;; esac fi GMSGFMT=$ac_cv_path_GMSGFMT if test -n "$GMSGFMT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5 $as_echo "$GMSGFMT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;; *) MSGFMT_015=$MSGFMT ;; esac case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;; *) GMSGFMT_015=$GMSGFMT ;; esac # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which # contains only /bin. Note that ksh looks also at the FPATH variable, # so we have to set that as well for the test. PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ || PATH_SEPARATOR=';' } fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "xgettext", so it can be a program name with args. set dummy xgettext; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_XGETTEXT+:} false; then : $as_echo_n "(cached) " >&6 else case "$XGETTEXT" in [\\/]* | ?:[\\/]*) ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then echo "$as_me: trying $ac_dir/$ac_word..." >&5 if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&5 2>&1 && (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then ac_cv_path_XGETTEXT="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" test -z "$ac_cv_path_XGETTEXT" && ac_cv_path_XGETTEXT=":" ;; esac fi XGETTEXT="$ac_cv_path_XGETTEXT" if test "$XGETTEXT" != ":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5 $as_echo "$XGETTEXT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f messages.po case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;; *) XGETTEXT_015=$XGETTEXT ;; esac # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which # contains only /bin. Note that ksh looks also at the FPATH variable, # so we have to set that as well for the test. PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ || PATH_SEPARATOR=';' } fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "msgmerge", so it can be a program name with args. set dummy msgmerge; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_MSGMERGE+:} false; then : $as_echo_n "(cached) " >&6 else case "$MSGMERGE" in [\\/]* | ?:[\\/]*) ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then echo "$as_me: trying $ac_dir/$ac_word..." >&5 if $ac_dir/$ac_word --update -q /dev/null /dev/null >&5 2>&1; then ac_cv_path_MSGMERGE="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" test -z "$ac_cv_path_MSGMERGE" && ac_cv_path_MSGMERGE=":" ;; esac fi MSGMERGE="$ac_cv_path_MSGMERGE" if test "$MSGMERGE" != ":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5 $as_echo "$MSGMERGE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$localedir" || localedir='${datadir}/locale' test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS= ac_config_commands="$ac_config_commands po-directories" ac_config_commands="$ac_config_commands xsl-cleanup" ac_config_files="$ac_config_files Makefile doxygen.conf config/lockdown-whitelist.xml config/Makefile doc/Makefile doc/man/Makefile doc/man/man1/Makefile doc/man/man5/Makefile doc/xml/Makefile po/Makefile.in shell-completion/Makefile src/firewall/config/__init__.py src/Makefile src/tests/Makefile src/tests/atlocal src/icons/Makefile" ac_config_files="$ac_config_files src/firewall-applet" ac_config_files="$ac_config_files src/firewall-cmd" ac_config_files="$ac_config_files src/firewall-offline-cmd" ac_config_files="$ac_config_files src/firewall-config" ac_config_files="$ac_config_files src/firewalld" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else case $cache_file in #( */* | ?:*) mv -f confcache "$cache_file"$$ && mv -f "$cache_file"$$ "$cache_file" ;; #( *) mv -f confcache "$cache_file" ;; esac fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' # Transform confdefs.h into DEFS. # Protect against shell expansion while executing Makefile rules. # Protect against Makefile macro expansion. # # If the first sed substitution is executed (which looks for macros that # take arguments), then branch to the quote section. Otherwise, # look for a macro that doesn't take arguments. ac_script=' :mline /\\$/{ N s,\\\n,, b mline } t clear :clear s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g t quote s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g t quote b any :quote s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g s/\[/\\&/g s/\]/\\&/g s/\$/$$/g H :any ${ g s/^\n// s/\n/ /g p } ' DEFS=`sed -n "$ac_script" confdefs.h` ac_libobjs= ac_ltlibobjs= U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs { $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 $as_echo_n "checking that generated files are newer than configure... " >&6; } if test -n "$am_sleep_pid"; then # Hide warnings about reused PIDs. wait $am_sleep_pid 2>/dev/null fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 $as_echo "done" >&6; } if test -z "${ENABLE_DOCS_TRUE}" && test -z "${ENABLE_DOCS_FALSE}"; then as_fn_error $? "conditional \"ENABLE_DOCS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${USE_SYSTEMD_TRUE}" && test -z "${USE_SYSTEMD_FALSE}"; then as_fn_error $? "conditional \"USE_SYSTEMD\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${INSTALL_SYSCONFIG_TRUE}" && test -z "${INSTALL_SYSCONFIG_FALSE}"; then as_fn_error $? "conditional \"INSTALL_SYSCONFIG\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${INSTALL_RPMMACROS_TRUE}" && test -z "${INSTALL_RPMMACROS_FALSE}"; then as_fn_error $? "conditional \"INSTALL_RPMMACROS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi ac_config_commands="$ac_config_commands po/stamp-it" : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by firewalld $as_me 1.1.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_commands="$ac_config_commands" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE Configuration files: $config_files Configuration commands: $config_commands Report bugs to the package provider." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ firewalld config.status 1.1.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' MKDIR_P='$MKDIR_P' AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; --*=) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg= ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --he | --h | --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # # INIT-COMMANDS # # Capture the value of obsolete ALL_LINGUAS because we need it to compute # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it # from automake < 1.5. eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"' # Capture the value of LINGUAS because we need it to compute CATALOGS. LINGUAS="${LINGUAS-%UNSET%}" rm -f doc/xml/transform-*.xsl _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "src/tests/atconfig") CONFIG_COMMANDS="$CONFIG_COMMANDS src/tests/atconfig" ;; "po-directories") CONFIG_COMMANDS="$CONFIG_COMMANDS po-directories" ;; "xsl-cleanup") CONFIG_COMMANDS="$CONFIG_COMMANDS xsl-cleanup" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "doxygen.conf") CONFIG_FILES="$CONFIG_FILES doxygen.conf" ;; "config/lockdown-whitelist.xml") CONFIG_FILES="$CONFIG_FILES config/lockdown-whitelist.xml" ;; "config/Makefile") CONFIG_FILES="$CONFIG_FILES config/Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "doc/man/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/Makefile" ;; "doc/man/man1/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/man1/Makefile" ;; "doc/man/man5/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/man5/Makefile" ;; "doc/xml/Makefile") CONFIG_FILES="$CONFIG_FILES doc/xml/Makefile" ;; "po/Makefile.in") CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;; "shell-completion/Makefile") CONFIG_FILES="$CONFIG_FILES shell-completion/Makefile" ;; "src/firewall/config/__init__.py") CONFIG_FILES="$CONFIG_FILES src/firewall/config/__init__.py" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/tests/Makefile" ;; "src/tests/atlocal") CONFIG_FILES="$CONFIG_FILES src/tests/atlocal" ;; "src/icons/Makefile") CONFIG_FILES="$CONFIG_FILES src/icons/Makefile" ;; "src/firewall-applet") CONFIG_FILES="$CONFIG_FILES src/firewall-applet" ;; "src/firewall-cmd") CONFIG_FILES="$CONFIG_FILES src/firewall-cmd" ;; "src/firewall-offline-cmd") CONFIG_FILES="$CONFIG_FILES src/firewall-offline-cmd" ;; "src/firewall-config") CONFIG_FILES="$CONFIG_FILES src/firewall-config" ;; "src/firewalld") CONFIG_FILES="$CONFIG_FILES src/firewalld" ;; "po/stamp-it") CONFIG_COMMANDS="$CONFIG_COMMANDS po/stamp-it" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove sole $(srcdir), # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ h s/// s/^/:/ s/[ ]*$/:/ s/:\$(srcdir):/:/g s/:\${srcdir}:/:/g s/:@srcdir@:/:/g s/^:*// s/:*$// x s/\(=[ ]*\).*/\1/ G s/\n// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" eval set X " :F $CONFIG_FILES :C $CONFIG_COMMANDS" shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac ac_MKDIR_P=$MKDIR_P case $MKDIR_P in [\\/$]* | ?:[\\/]* ) ;; */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 $as_echo "$as_me: executing $ac_file commands" >&6;} ;; esac case $ac_file$ac_mode in "src/tests/atconfig":C) cat >src/tests/atconfig < "$ac_dir/POTFILES" POMAKEFILEDEPS="POTFILES.in" # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend # on $ac_dir but don't depend on user-specified configuration # parameters. if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then # The LINGUAS file contains the set of available languages. if test -n "$OBSOLETE_ALL_LINGUAS"; then test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" fi ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"` # Hide the ALL_LINGUAS assignment from automake < 1.5. eval 'ALL_LINGUAS''=$ALL_LINGUAS_' POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" else # The set of available languages was given in configure.in. # Hide the ALL_LINGUAS assignment from automake < 1.5. eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS' fi # Compute POFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po) # Compute UPDATEPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update) # Compute DUMMYPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop) # Compute GMOFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo) case "$ac_given_srcdir" in .) srcdirpre= ;; *) srcdirpre='$(srcdir)/' ;; esac POFILES= UPDATEPOFILES= DUMMYPOFILES= GMOFILES= for lang in $ALL_LINGUAS; do POFILES="$POFILES $srcdirpre$lang.po" UPDATEPOFILES="$UPDATEPOFILES $lang.po-update" DUMMYPOFILES="$DUMMYPOFILES $lang.nop" GMOFILES="$GMOFILES $srcdirpre$lang.gmo" done # CATALOGS depends on both $ac_dir and the user's LINGUAS # environment variable. INST_LINGUAS= if test -n "$ALL_LINGUAS"; then for presentlang in $ALL_LINGUAS; do useit=no if test "%UNSET%" != "$LINGUAS"; then desiredlanguages="$LINGUAS" else desiredlanguages="$ALL_LINGUAS" fi for desiredlang in $desiredlanguages; do # Use the presentlang catalog if desiredlang is # a. equal to presentlang, or # b. a variant of presentlang (because in this case, # presentlang can be used as a fallback for messages # which are not translated in the desiredlang catalog). case "$desiredlang" in "$presentlang"*) useit=yes;; esac done if test $useit = yes; then INST_LINGUAS="$INST_LINGUAS $presentlang" fi done fi CATALOGS= if test -n "$INST_LINGUAS"; then for lang in $INST_LINGUAS; do CATALOGS="$CATALOGS $lang.gmo" done fi test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile" sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile" for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do if test -f "$f"; then case "$f" in *.orig | *.bak | *~) ;; *) cat "$f" >> "$ac_dir/Makefile" ;; esac fi done fi ;; esac done ;; "src/firewall-applet":F) chmod +x src/firewall-applet ;; "src/firewall-cmd":F) chmod +x src/firewall-cmd ;; "src/firewall-offline-cmd":F) chmod +x src/firewall-offline-cmd ;; "src/firewall-config":F) chmod +x src/firewall-config ;; "src/firewalld":F) chmod +x src/firewalld ;; "po/stamp-it":C) if ! grep "^# INTLTOOL_MAKEFILE$" "po/Makefile.in" > /dev/null ; then as_fn_error $? "po/Makefile.in.in was not created by intltoolize." "$LINENO" 5 fi rm -f "po/stamp-it" "po/stamp-it.tmp" "po/POTFILES" "po/Makefile.tmp" >"po/stamp-it.tmp" sed '/^#/d s/^[[].*] *// /^[ ]*$/d '"s|^| $ac_top_srcdir/|" \ "$srcdir/po/POTFILES.in" | sed '$!s/$/ \\/' >"po/POTFILES" sed '/^POTFILES =/,/[^\\]$/ { /^POTFILES =/!d r po/POTFILES } ' "po/Makefile.in" >"po/Makefile" rm -f "po/Makefile.tmp" mv "po/stamp-it.tmp" "po/stamp-it" ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi firewalld-1.1.1/configure.ac0000644000000000000000000001463214217342322015755 0ustar00rootroot00000000000000# Process this file with autoconf to produce a configure script. AC_PREREQ([2.68]) m4_define([PKG_NAME], firewalld) m4_define([PKG_VERSION], m4_bpatsubst(m4_esyscmd([grep "Version:" firewalld.spec]), [Version:\W\([0-9.]*\)\W], [\1])) m4_define([PKG_RELEASE], m4_bpatsubst(m4_esyscmd([grep "Release:" firewalld.spec]), [Release:\W\([0-9.]*\).*\W], [\1])) m4_define([PKG_TAG], m4_format(v%s, PKG_VERSION)) AC_INIT(PKG_NAME,PKG_VERSION) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([src/firewalld.in]) AC_PREFIX_DEFAULT([/usr]) AM_INIT_AUTOMAKE([1.11 tar-ustar no-define foreign dist-bzip2 no-dist-gzip]) AC_SUBST([PACKAGE_RELEASE], '[PKG_RELEASE]') AC_DEFINE_UNQUOTED([PACKAGE_RELEASE], ["$PACKAGE_RELEASE"]) AC_SUBST([PACKAGE_TAG], '[PKG_TAG]') AC_DEFINE_UNQUOTED([PACKAGE_TAG], ["$PACKAGE_TAG"]) AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MKDIR_P AC_PROG_SED AC_PROG_GREP AC_PROG_AWK AC_PROG_MAKE_SET AM_PATH_PYTHON([3.6]) AC_PATH_PROG([XSLTPROC], [xsltproc]) AC_PATH_PROG([KILL], [kill], [/usr/bin/kill]) AC_PATH_PROG([MODPROBE], [modprobe], [/sbin/modprobe]) AC_PATH_PROG([RMMOD], [rmmod], [/sbin/rmmod]) AC_PATH_PROG([SYSCTL], [sysctl], [/sbin/sysctl]) AC_CONFIG_TESTDIR([src/tests]) AC_PATH_PROGS([PODMAN], [podman docker], [/bin/false]) GLIB_GSETTINGS ############################################################# AC_ARG_ENABLE([docs], [AS_HELP_STRING([--disable-docs], [Disable building documentation])]) AM_CONDITIONAL([ENABLE_DOCS], [test x$enable_docs != xno]) AM_COND_IF([ENABLE_DOCS], [ JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl], [DocBook XSL Stylesheets]) ]) ############################################################# AC_ARG_ENABLE([systemd], AS_HELP_STRING([--disable-systemd], [Disable systemd support]), [use_systemd=$enableval], [use_systemd=yes]) AM_CONDITIONAL(USE_SYSTEMD, test x$use_systemd = xyes) AC_SUBST(USE_SYSTEMD) AC_ARG_ENABLE([sysconfig], [AS_HELP_STRING([--enable-sysconfig], [Install sysconfig file])], [INSTALL_SYSCONFIG="${enableval}"], [INSTALL_SYSCONFIG='no']) AM_CONDITIONAL(INSTALL_SYSCONFIG, [test x$INSTALL_SYSCONFIG = xyes]) AC_SUBST(INSTALL_SYSCONFIG) AC_ARG_ENABLE([rpmmacros], [AS_HELP_STRING([--enable-rpmmacros], [Install rpm macros file])], [INSTALL_RPMMACROS="${enableval}"], [INSTALL_RPMMACROS='no']) AM_CONDITIONAL(INSTALL_RPMMACROS, [test x$INSTALL_RPMMACROS = xyes]) AC_SUBST(INSTALL_RPMMACROS) AC_ARG_WITH([systemd-unitdir], AS_HELP_STRING([--with-systemd-unitdir], [Directory for systemd service files]), [SYSTEMD_UNITDIR=$withval], [SYSTEMD_UNITDIR="\${prefix}/lib/systemd/system"]) AC_SUBST(SYSTEMD_UNITDIR) AC_ARG_WITH([bashcompletiondir], AS_HELP_STRING([--with-bashcompletiondir=DIR], [Bash completions directory]), [BASHCOMPLETIONDIR=$withval], [BASHCOMPLETIONDIR="${datadir}/bash-completion/completions"]) AC_SUBST(BASHCOMPLETIONDIR) AC_ARG_WITH([zshcompletiondir], AS_HELP_STRING([--with-zshcompletiondir=DIR], [Zsh completions directory]), [ZSHCOMPLETIONDIR=$withval], [ZSHCOMPLETIONDIR="${datadir}/zsh/site-functions"]) AC_SUBST(ZSHCOMPLETIONDIR) AC_ARG_WITH([ifcfgdir], AS_HELP_STRING([--with-ifcfgdir=DIR], [The ifcfg configuration directory]), [IFCFGDIR=$withval], [IFCFGDIR="/etc/sysconfig/network-scripts"]) AC_SUBST(IFCFGDIR) # Extend PATH to include /sbin etc in case we are building as non-root FW_TOOLS_PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin" AC_ARG_WITH([iptables], AS_HELP_STRING([--with-iptables], [Path to iptables executable]), [IPTABLES=$withval AC_MSG_NOTICE([Using for iptables: $IPTABLES])], [AC_PATH_PROG([IPTABLES], [iptables], [/bin/false], [$FW_TOOLS_PATH])]) AC_SUBST(IPTABLES) AC_ARG_WITH([iptables-restore], AS_HELP_STRING([--with-iptables-restore], [Path to iptables-restore executable]), [IPTABLES_RESTORE=$withval AC_MSG_NOTICE([Using for iptables-restore: $IPTABLES_RESTORE])], [AC_PATH_PROG([IPTABLES_RESTORE], [iptables-restore], [/bin/false], [$FW_TOOLS_PATH])]) AC_SUBST(IPTABLES_RESTORE) AC_ARG_WITH([ip6tables], AS_HELP_STRING([--with-ip6tables], [Path to ip6tables executable]), [IP6TABLES=$withval AC_MSG_NOTICE([Using for ip6tables: $IP6TABLES])], [AC_PATH_PROG([IP6TABLES], [ip6tables], [/bin/false], [$FW_TOOLS_PATH])]) AC_SUBST(IP6TABLES) AC_ARG_WITH([ip6tables-restore], AS_HELP_STRING([--with-ip6tables-restore], [Path to ip6tables-restore executable]), [IP6TABLES_RESTORE=$withval AC_MSG_NOTICE([Using for ip6tables-restore: $IP6TABLES_RESTORE])], [AC_PATH_PROG([IP6TABLES_RESTORE], [ip6tables-restore], [/bin/false], [$FW_TOOLS_PATH])]) AC_SUBST(IP6TABLES_RESTORE) AC_ARG_WITH([ebtables], AS_HELP_STRING([--with-ebtables], [Path to ebtables executable]), [EBTABLES=$withval AC_MSG_NOTICE([Using for ebtables: $EBTABLES])], [AC_PATH_PROG([EBTABLES], [ebtables], [/bin/false], [$FW_TOOLS_PATH])]) AC_SUBST(EBTABLES) AC_ARG_WITH([ebtables-restore], AS_HELP_STRING([--with-ebtables-restore], [Path to ebtables-restore executable]), [EBTABLES_RESTORE=$withval AC_MSG_NOTICE([Using for ebtables-restore: $EBTABLES_RESTORE])], [AC_PATH_PROG([EBTABLES_RESTORE], [ebtables-restore], [/bin/false], [$FW_TOOLS_PATH])]) AC_SUBST(EBTABLES_RESTORE) AC_ARG_WITH([ipset], AS_HELP_STRING([--with-ipset], [Path to ipset executable]), [IPSET=$withval AC_MSG_NOTICE([Using for ipset: $IPSET])], [AC_PATH_PROG([IPSET], [ipset], [/bin/false], [$FW_TOOLS_PATH])]) AC_SUBST(IPSET) ############################################################# AC_SUBST([GETTEXT_PACKAGE], '[PKG_NAME]') AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE], ["$GETTEXT_PACKAGE"],) IT_PROG_INTLTOOL([0.35.0], [no-xml]) AM_PO_SUBDIRS AC_CONFIG_COMMANDS([xsl-cleanup],,[rm -f doc/xml/transform-*.xsl]) AC_CONFIG_FILES([Makefile doxygen.conf config/lockdown-whitelist.xml config/Makefile doc/Makefile doc/man/Makefile doc/man/man1/Makefile doc/man/man5/Makefile doc/xml/Makefile po/Makefile.in shell-completion/Makefile src/firewall/config/__init__.py src/Makefile src/tests/Makefile src/tests/atlocal src/icons/Makefile]) m4_foreach([FILE], [[src/firewall-applet], [src/firewall-cmd], [src/firewall-offline-cmd], [src/firewall-config], [src/firewalld]], [AC_CONFIG_FILES(FILE, chmod +x FILE)] ) AC_OUTPUT firewalld-1.1.1/aclocal.m40000644000000000000000000023120514217352321015324 0ustar00rootroot00000000000000# generated automatically by aclocal 1.16.1 -*- Autoconf -*- # Copyright (C) 1996-2018 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, [m4_warning([this file was generated for autoconf 2.69. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) # Increment this whenever this file is changed. #serial 1 dnl GLIB_GSETTINGS dnl Defines GSETTINGS_SCHEMAS_INSTALL which controls whether dnl the schema should be compiled dnl AC_DEFUN([GLIB_GSETTINGS], [ m4_pattern_allow([AM_V_GEN]) AC_ARG_ENABLE(schemas-compile, AS_HELP_STRING([--disable-schemas-compile], [Disable regeneration of gschemas.compiled on install]), [case ${enableval} in yes) GSETTINGS_DISABLE_SCHEMAS_COMPILE="" ;; no) GSETTINGS_DISABLE_SCHEMAS_COMPILE="1" ;; *) AC_MSG_ERROR([bad value ${enableval} for --enable-schemas-compile]) ;; esac]) AC_SUBST([GSETTINGS_DISABLE_SCHEMAS_COMPILE]) PKG_PROG_PKG_CONFIG([0.16]) AC_SUBST(gsettingsschemadir, [${datadir}/glib-2.0/schemas]) if test x$cross_compiling != xyes; then GLIB_COMPILE_SCHEMAS=`$PKG_CONFIG --variable glib_compile_schemas gio-2.0` else AC_PATH_PROG(GLIB_COMPILE_SCHEMAS, glib-compile-schemas) fi AC_SUBST(GLIB_COMPILE_SCHEMAS) if test "x$GLIB_COMPILE_SCHEMAS" = "x"; then ifelse([$2],,[AC_MSG_ERROR([glib-compile-schemas not found.])],[$2]) else ifelse([$1],,[:],[$1]) fi GSETTINGS_RULES=' .PHONY : uninstall-gsettings-schemas install-gsettings-schemas clean-gsettings-schemas mostlyclean-am: clean-gsettings-schemas gsettings__enum_file = $(addsuffix .enums.xml,$(gsettings_ENUM_NAMESPACE)) %.gschema.valid: %.gschema.xml $(gsettings__enum_file) $(AM_V_GEN) $(GLIB_COMPILE_SCHEMAS) --strict --dry-run $(addprefix --schema-file=,$(gsettings__enum_file)) --schema-file=$< && mkdir -p [$](@D) && touch [$]@ all-am: $(gsettings_SCHEMAS:.xml=.valid) uninstall-am: uninstall-gsettings-schemas install-data-am: install-gsettings-schemas .SECONDARY: $(gsettings_SCHEMAS) install-gsettings-schemas: $(gsettings_SCHEMAS) $(gsettings__enum_file) @$(NORMAL_INSTALL) if test -n "$^"; then \ test -z "$(gsettingsschemadir)" || $(MKDIR_P) "$(DESTDIR)$(gsettingsschemadir)"; \ $(INSTALL_DATA) $^ "$(DESTDIR)$(gsettingsschemadir)"; \ test -n "$(GSETTINGS_DISABLE_SCHEMAS_COMPILE)$(DESTDIR)" || $(GLIB_COMPILE_SCHEMAS) $(gsettingsschemadir); \ fi uninstall-gsettings-schemas: @$(NORMAL_UNINSTALL) @list='\''$(gsettings_SCHEMAS) $(gsettings__enum_file)'\''; test -n "$(gsettingsschemadir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e '\''s|^.*/||'\''`; \ test -n "$$files" || exit 0; \ echo " ( cd '\''$(DESTDIR)$(gsettingsschemadir)'\'' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(gsettingsschemadir)" && rm -f $$files test -n "$(GSETTINGS_DISABLE_SCHEMAS_COMPILE)$(DESTDIR)" || $(GLIB_COMPILE_SCHEMAS) $(gsettingsschemadir) clean-gsettings-schemas: rm -f $(gsettings_SCHEMAS:.xml=.valid) $(gsettings__enum_file) ifdef gsettings_ENUM_NAMESPACE $(gsettings__enum_file): $(gsettings_ENUM_FILES) $(AM_V_GEN) glib-mkenums --comments '\'''\'' --fhead "" --vhead " <@type@ id='\''$(gsettings_ENUM_NAMESPACE).@EnumName@'\''>" --vprod " " --vtail " " --ftail "" [$]^ > [$]@.tmp && mv [$]@.tmp [$]@ endif ' _GSETTINGS_SUBST(GSETTINGS_RULES) ]) dnl _GSETTINGS_SUBST(VARIABLE) dnl Abstract macro to do either _AM_SUBST_NOTMAKE or AC_SUBST AC_DEFUN([_GSETTINGS_SUBST], [ AC_SUBST([$1]) m4_ifdef([_AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE([$1])]) ] ) # nls.m4 serial 5 (gettext-0.18) dnl Copyright (C) 1995-2003, 2005-2006, 2008-2014, 2016 Free Software dnl Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl dnl This file can be used in projects which are not available under dnl the GNU General Public License or the GNU Library General Public dnl License but which still want to provide support for the GNU gettext dnl functionality. dnl Please note that the actual code of the GNU gettext library is covered dnl by the GNU Library General Public License, and the rest of the GNU dnl gettext package is covered by the GNU General Public License. dnl They are *not* in the public domain. dnl Authors: dnl Ulrich Drepper , 1995-2000. dnl Bruno Haible , 2000-2003. AC_PREREQ([2.50]) AC_DEFUN([AM_NLS], [ AC_MSG_CHECKING([whether NLS is requested]) dnl Default is enabled NLS AC_ARG_ENABLE([nls], [ --disable-nls do not use Native Language Support], USE_NLS=$enableval, USE_NLS=yes) AC_MSG_RESULT([$USE_NLS]) AC_SUBST([USE_NLS]) ]) # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- # serial 11 (pkg-config-0.29.1) dnl Copyright © 2004 Scott James Remnant . dnl Copyright © 2012-2015 Dan Nicholson dnl dnl This program is free software; you can redistribute it and/or modify dnl it under the terms of the GNU General Public License as published by dnl the Free Software Foundation; either version 2 of the License, or dnl (at your option) any later version. dnl dnl This program is distributed in the hope that it will be useful, but dnl WITHOUT ANY WARRANTY; without even the implied warranty of dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU dnl General Public License for more details. dnl dnl You should have received a copy of the GNU General Public License dnl along with this program; if not, write to the Free Software dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA dnl 02111-1307, USA. dnl dnl As a special exception to the GNU General Public License, if you dnl distribute this file as part of a program that contains a dnl configuration script generated by Autoconf, you may include it under dnl the same distribution terms that you use for the rest of that dnl program. dnl PKG_PREREQ(MIN-VERSION) dnl ----------------------- dnl Since: 0.29 dnl dnl Verify that the version of the pkg-config macros are at least dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's dnl installed version of pkg-config, this checks the developer's version dnl of pkg.m4 when generating configure. dnl dnl To ensure that this macro is defined, also add: dnl m4_ifndef([PKG_PREREQ], dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])]) dnl dnl See the "Since" comment for each macro you use to see what version dnl of the macros you require. m4_defun([PKG_PREREQ], [m4_define([PKG_MACROS_VERSION], [0.29.1]) m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) ])dnl PKG_PREREQ dnl PKG_PROG_PKG_CONFIG([MIN-VERSION]) dnl ---------------------------------- dnl Since: 0.16 dnl dnl Search for the pkg-config tool and set the PKG_CONFIG variable to dnl first found in the path. Checks that the version of pkg-config found dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is dnl used since that's the first version where most current features of dnl pkg-config existed. AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) fi if test -n "$PKG_CONFIG"; then _pkg_min_version=m4_default([$1], [0.9.0]) AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) PKG_CONFIG="" fi fi[]dnl ])dnl PKG_PROG_PKG_CONFIG dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) dnl ------------------------------------------------------------------- dnl Since: 0.18 dnl dnl Check to see whether a particular set of modules exists. Similar to dnl PKG_CHECK_MODULES(), but does not set variables or print errors. dnl dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) dnl only at the first occurence in configure.ac, so if the first place dnl it's called might be skipped (such as if it is within an "if", you dnl have to call PKG_CHECK_EXISTS manually AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl if test -n "$PKG_CONFIG" && \ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then m4_default([$2], [:]) m4_ifvaln([$3], [else $3])dnl fi]) dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) dnl --------------------------------------------- dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting dnl pkg_failed based on the result. m4_define([_PKG_CONFIG], [if test -n "$$1"; then pkg_cv_[]$1="$$1" elif test -n "$PKG_CONFIG"; then PKG_CHECK_EXISTS([$3], [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes ], [pkg_failed=yes]) else pkg_failed=untried fi[]dnl ])dnl _PKG_CONFIG dnl _PKG_SHORT_ERRORS_SUPPORTED dnl --------------------------- dnl Internal check to see if pkg-config supports short errors. AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], [AC_REQUIRE([PKG_PROG_PKG_CONFIG]) if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi[]dnl ])dnl _PKG_SHORT_ERRORS_SUPPORTED dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], dnl [ACTION-IF-NOT-FOUND]) dnl -------------------------------------------------------------- dnl Since: 0.4.0 dnl dnl Note that if there is a possibility the first call to dnl PKG_CHECK_MODULES might not happen, you should be sure to include an dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac AC_DEFUN([PKG_CHECK_MODULES], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl pkg_failed=no AC_MSG_CHECKING([for $1]) _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) _PKG_CONFIG([$1][_LIBS], [libs], [$2]) m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS and $1[]_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.]) if test $pkg_failed = yes; then AC_MSG_RESULT([no]) _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` else $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD m4_default([$4], [AC_MSG_ERROR( [Package requirements ($2) were not met: $$1_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. _PKG_TEXT])[]dnl ]) elif test $pkg_failed = untried; then AC_MSG_RESULT([no]) m4_default([$4], [AC_MSG_FAILURE( [The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. _PKG_TEXT To get pkg-config, see .])[]dnl ]) else $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS $1[]_LIBS=$pkg_cv_[]$1[]_LIBS AC_MSG_RESULT([yes]) $3 fi[]dnl ])dnl PKG_CHECK_MODULES dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], dnl [ACTION-IF-NOT-FOUND]) dnl --------------------------------------------------------------------- dnl Since: 0.29 dnl dnl Checks for existence of MODULES and gathers its build flags with dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags dnl and VARIABLE-PREFIX_LIBS from --libs. dnl dnl Note that if there is a possibility the first call to dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to dnl include an explicit call to PKG_PROG_PKG_CONFIG in your dnl configure.ac. AC_DEFUN([PKG_CHECK_MODULES_STATIC], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl _save_PKG_CONFIG=$PKG_CONFIG PKG_CONFIG="$PKG_CONFIG --static" PKG_CHECK_MODULES($@) PKG_CONFIG=$_save_PKG_CONFIG[]dnl ])dnl PKG_CHECK_MODULES_STATIC dnl PKG_INSTALLDIR([DIRECTORY]) dnl ------------------------- dnl Since: 0.27 dnl dnl Substitutes the variable pkgconfigdir as the location where a module dnl should install pkg-config .pc files. By default the directory is dnl $libdir/pkgconfig, but the default can be changed by passing dnl DIRECTORY. The user can override through the --with-pkgconfigdir dnl parameter. AC_DEFUN([PKG_INSTALLDIR], [m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) m4_pushdef([pkg_description], [pkg-config installation directory @<:@]pkg_default[@:>@]) AC_ARG_WITH([pkgconfigdir], [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, [with_pkgconfigdir=]pkg_default) AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) m4_popdef([pkg_default]) m4_popdef([pkg_description]) ])dnl PKG_INSTALLDIR dnl PKG_NOARCH_INSTALLDIR([DIRECTORY]) dnl -------------------------------- dnl Since: 0.27 dnl dnl Substitutes the variable noarch_pkgconfigdir as the location where a dnl module should install arch-independent pkg-config .pc files. By dnl default the directory is $datadir/pkgconfig, but the default can be dnl changed by passing DIRECTORY. The user can override through the dnl --with-noarch-pkgconfigdir parameter. AC_DEFUN([PKG_NOARCH_INSTALLDIR], [m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) m4_pushdef([pkg_description], [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) AC_ARG_WITH([noarch-pkgconfigdir], [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, [with_noarch_pkgconfigdir=]pkg_default) AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) m4_popdef([pkg_default]) m4_popdef([pkg_description]) ])dnl PKG_NOARCH_INSTALLDIR dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) dnl ------------------------------------------- dnl Since: 0.28 dnl dnl Retrieves the value of the pkg-config variable for the given module. AC_DEFUN([PKG_CHECK_VAR], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl _PKG_CONFIG([$1], [variable="][$3]["], [$2]) AS_VAR_COPY([$1], [pkg_cv_][$1]) AS_VAR_IF([$1], [""], [$5], [$4])dnl ])dnl PKG_CHECK_VAR dnl PKG_WITH_MODULES(VARIABLE-PREFIX, MODULES, dnl [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND], dnl [DESCRIPTION], [DEFAULT]) dnl ------------------------------------------ dnl dnl Prepare a "--with-" configure option using the lowercase dnl [VARIABLE-PREFIX] name, merging the behaviour of AC_ARG_WITH and dnl PKG_CHECK_MODULES in a single macro. AC_DEFUN([PKG_WITH_MODULES], [ m4_pushdef([with_arg], m4_tolower([$1])) m4_pushdef([description], [m4_default([$5], [build with ]with_arg[ support])]) m4_pushdef([def_arg], [m4_default([$6], [auto])]) m4_pushdef([def_action_if_found], [AS_TR_SH([with_]with_arg)=yes]) m4_pushdef([def_action_if_not_found], [AS_TR_SH([with_]with_arg)=no]) m4_case(def_arg, [yes],[m4_pushdef([with_without], [--without-]with_arg)], [m4_pushdef([with_without],[--with-]with_arg)]) AC_ARG_WITH(with_arg, AS_HELP_STRING(with_without, description[ @<:@default=]def_arg[@:>@]),, [AS_TR_SH([with_]with_arg)=def_arg]) AS_CASE([$AS_TR_SH([with_]with_arg)], [yes],[PKG_CHECK_MODULES([$1],[$2],$3,$4)], [auto],[PKG_CHECK_MODULES([$1],[$2], [m4_n([def_action_if_found]) $3], [m4_n([def_action_if_not_found]) $4])]) m4_popdef([with_arg]) m4_popdef([description]) m4_popdef([def_arg]) ])dnl PKG_WITH_MODULES dnl PKG_HAVE_WITH_MODULES(VARIABLE-PREFIX, MODULES, dnl [DESCRIPTION], [DEFAULT]) dnl ----------------------------------------------- dnl dnl Convenience macro to trigger AM_CONDITIONAL after PKG_WITH_MODULES dnl check._[VARIABLE-PREFIX] is exported as make variable. AC_DEFUN([PKG_HAVE_WITH_MODULES], [ PKG_WITH_MODULES([$1],[$2],,,[$3],[$4]) AM_CONDITIONAL([HAVE_][$1], [test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"]) ])dnl PKG_HAVE_WITH_MODULES dnl PKG_HAVE_DEFINE_WITH_MODULES(VARIABLE-PREFIX, MODULES, dnl [DESCRIPTION], [DEFAULT]) dnl ------------------------------------------------------ dnl dnl Convenience macro to run AM_CONDITIONAL and AC_DEFINE after dnl PKG_WITH_MODULES check. HAVE_[VARIABLE-PREFIX] is exported as make dnl and preprocessor variable. AC_DEFUN([PKG_HAVE_DEFINE_WITH_MODULES], [ PKG_HAVE_WITH_MODULES([$1],[$2],[$3],[$4]) AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"], [AC_DEFINE([HAVE_][$1], 1, [Enable ]m4_tolower([$1])[ support])]) ])dnl PKG_HAVE_DEFINE_WITH_MODULES # po.m4 serial 24 (gettext-0.19) dnl Copyright (C) 1995-2014, 2016 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl dnl This file can be used in projects which are not available under dnl the GNU General Public License or the GNU Library General Public dnl License but which still want to provide support for the GNU gettext dnl functionality. dnl Please note that the actual code of the GNU gettext library is covered dnl by the GNU Library General Public License, and the rest of the GNU dnl gettext package is covered by the GNU General Public License. dnl They are *not* in the public domain. dnl Authors: dnl Ulrich Drepper , 1995-2000. dnl Bruno Haible , 2000-2003. AC_PREREQ([2.60]) dnl Checks for all prerequisites of the po subdirectory. AC_DEFUN([AM_PO_SUBDIRS], [ AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl AC_REQUIRE([AC_PROG_SED])dnl AC_REQUIRE([AM_NLS])dnl dnl Release version of the gettext macros. This is used to ensure that dnl the gettext macros and po/Makefile.in.in are in sync. AC_SUBST([GETTEXT_MACRO_VERSION], [0.19]) dnl Perform the following tests also if --disable-nls has been given, dnl because they are needed for "make dist" to work. dnl Search for GNU msgfmt in the PATH. dnl The first test excludes Solaris msgfmt and early GNU msgfmt versions. dnl The second test excludes FreeBSD msgfmt. AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt, [$ac_dir/$ac_word --statistics /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 && (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], :) AC_PATH_PROG([GMSGFMT], [gmsgfmt], [$MSGFMT]) dnl Test whether it is GNU msgfmt >= 0.15. changequote(,)dnl case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;; *) MSGFMT_015=$MSGFMT ;; esac changequote([,])dnl AC_SUBST([MSGFMT_015]) changequote(,)dnl case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;; *) GMSGFMT_015=$GMSGFMT ;; esac changequote([,])dnl AC_SUBST([GMSGFMT_015]) dnl Search for GNU xgettext 0.12 or newer in the PATH. dnl The first test excludes Solaris xgettext and early GNU xgettext versions. dnl The second test excludes FreeBSD xgettext. AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, [$ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 && (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], :) dnl Remove leftover from FreeBSD xgettext call. rm -f messages.po dnl Test whether it is GNU xgettext >= 0.15. changequote(,)dnl case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;; *) XGETTEXT_015=$XGETTEXT ;; esac changequote([,])dnl AC_SUBST([XGETTEXT_015]) dnl Search for GNU msgmerge 0.11 or newer in the PATH. AM_PATH_PROG_WITH_TEST(MSGMERGE, msgmerge, [$ac_dir/$ac_word --update -q /dev/null /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1], :) dnl Installation directories. dnl Autoconf >= 2.60 defines localedir. For older versions of autoconf, we dnl have to define it here, so that it can be used in po/Makefile. test -n "$localedir" || localedir='${datadir}/locale' AC_SUBST([localedir]) dnl Support for AM_XGETTEXT_OPTION. test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS= AC_SUBST([XGETTEXT_EXTRA_OPTIONS]) AC_CONFIG_COMMANDS([po-directories], [[ for ac_file in $CONFIG_FILES; do # Support "outfile[:infile[:infile...]]" case "$ac_file" in *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; esac # PO directories have a Makefile.in generated from Makefile.in.in. case "$ac_file" in */Makefile.in) # Adjust a relative srcdir. ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'` ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` # In autoconf-2.13 it is called $ac_given_srcdir. # In autoconf-2.50 it is called $srcdir. test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" case "$ac_given_srcdir" in .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; /*) top_srcdir="$ac_given_srcdir" ;; *) top_srcdir="$ac_dots$ac_given_srcdir" ;; esac # Treat a directory as a PO directory if and only if it has a # POTFILES.in file. This allows packages to have multiple PO # directories under different names or in different locations. if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then rm -f "$ac_dir/POTFILES" test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES" gt_tab=`printf '\t'` cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ${gt_tab}]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" POMAKEFILEDEPS="POTFILES.in" # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend # on $ac_dir but don't depend on user-specified configuration # parameters. if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then # The LINGUAS file contains the set of available languages. if test -n "$OBSOLETE_ALL_LINGUAS"; then test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" fi ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"` # Hide the ALL_LINGUAS assignment from automake < 1.5. eval 'ALL_LINGUAS''=$ALL_LINGUAS_' POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" else # The set of available languages was given in configure.in. # Hide the ALL_LINGUAS assignment from automake < 1.5. eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS' fi # Compute POFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po) # Compute UPDATEPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update) # Compute DUMMYPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop) # Compute GMOFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo) case "$ac_given_srcdir" in .) srcdirpre= ;; *) srcdirpre='$(srcdir)/' ;; esac POFILES= UPDATEPOFILES= DUMMYPOFILES= GMOFILES= for lang in $ALL_LINGUAS; do POFILES="$POFILES $srcdirpre$lang.po" UPDATEPOFILES="$UPDATEPOFILES $lang.po-update" DUMMYPOFILES="$DUMMYPOFILES $lang.nop" GMOFILES="$GMOFILES $srcdirpre$lang.gmo" done # CATALOGS depends on both $ac_dir and the user's LINGUAS # environment variable. INST_LINGUAS= if test -n "$ALL_LINGUAS"; then for presentlang in $ALL_LINGUAS; do useit=no if test "%UNSET%" != "$LINGUAS"; then desiredlanguages="$LINGUAS" else desiredlanguages="$ALL_LINGUAS" fi for desiredlang in $desiredlanguages; do # Use the presentlang catalog if desiredlang is # a. equal to presentlang, or # b. a variant of presentlang (because in this case, # presentlang can be used as a fallback for messages # which are not translated in the desiredlang catalog). case "$desiredlang" in "$presentlang"*) useit=yes;; esac done if test $useit = yes; then INST_LINGUAS="$INST_LINGUAS $presentlang" fi done fi CATALOGS= if test -n "$INST_LINGUAS"; then for lang in $INST_LINGUAS; do CATALOGS="$CATALOGS $lang.gmo" done fi test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile" sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile" for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do if test -f "$f"; then case "$f" in *.orig | *.bak | *~) ;; *) cat "$f" >> "$ac_dir/Makefile" ;; esac fi done fi ;; esac done]], [# Capture the value of obsolete ALL_LINGUAS because we need it to compute # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it # from automake < 1.5. eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"' # Capture the value of LINGUAS because we need it to compute CATALOGS. LINGUAS="${LINGUAS-%UNSET%}" ]) ]) dnl Postprocesses a Makefile in a directory containing PO files. AC_DEFUN([AM_POSTPROCESS_PO_MAKEFILE], [ # When this code is run, in config.status, two variables have already been # set: # - OBSOLETE_ALL_LINGUAS is the value of LINGUAS set in configure.in, # - LINGUAS is the value of the environment variable LINGUAS at configure # time. changequote(,)dnl # Adjust a relative srcdir. ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'` ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` # In autoconf-2.13 it is called $ac_given_srcdir. # In autoconf-2.50 it is called $srcdir. test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" case "$ac_given_srcdir" in .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; /*) top_srcdir="$ac_given_srcdir" ;; *) top_srcdir="$ac_dots$ac_given_srcdir" ;; esac # Find a way to echo strings without interpreting backslash. if test "X`(echo '\t') 2>/dev/null`" = 'X\t'; then gt_echo='echo' else if test "X`(printf '%s\n' '\t') 2>/dev/null`" = 'X\t'; then gt_echo='printf %s\n' else echo_func () { cat < "$ac_file.tmp" tab=`printf '\t'` if grep -l '@TCLCATALOGS@' "$ac_file" > /dev/null; then # Add dependencies that cannot be formulated as a simple suffix rule. for lang in $ALL_LINGUAS; do frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'` cat >> "$ac_file.tmp" < /dev/null; then # Add dependencies that cannot be formulated as a simple suffix rule. for lang in $ALL_LINGUAS; do frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'` cat >> "$ac_file.tmp" <> "$ac_file.tmp" <, 1996. AC_PREREQ([2.50]) # Search path for a program which passes the given test. dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR, dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]]) AC_DEFUN([AM_PATH_PROG_WITH_TEST], [ # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which # contains only /bin. Note that ksh looks also at the FPATH variable, # so we have to set that as well for the test. PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ || PATH_SEPARATOR=';' } fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "$2", so it can be a program name with args. set dummy $2; ac_word=[$]2 AC_MSG_CHECKING([for $ac_word]) AC_CACHE_VAL([ac_cv_path_$1], [case "[$]$1" in [[\\/]]* | ?:[[\\/]]*) ac_cv_path_$1="[$]$1" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in ifelse([$5], , $PATH, [$5]); do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then echo "$as_me: trying $ac_dir/$ac_word..." >&AS_MESSAGE_LOG_FD if [$3]; then ac_cv_path_$1="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" dnl If no 4th arg is given, leave the cache variable unset, dnl so AC_PATH_PROGS will keep looking. ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4" ])dnl ;; esac])dnl $1="$ac_cv_path_$1" if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then AC_MSG_RESULT([$][$1]) else AC_MSG_RESULT([no]) fi AC_SUBST([$1])dnl ]) # Copyright (C) 2002-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.16' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. m4_if([$1], [1.16.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) # _AM_AUTOCONF_VERSION(VERSION) # ----------------------------- # aclocal traces this macro to find the Autoconf version. # This is a private macro too. Using m4_define simplifies # the logic in aclocal, which can simply ignore this definition. m4_define([_AM_AUTOCONF_VERSION], []) # AM_SET_CURRENT_AUTOMAKE_VERSION # ------------------------------- # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.16.1])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- # Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets # $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to # '$srcdir', '$srcdir/..', or '$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and # therefore $ac_aux_dir as well) can be either absolute or relative, # depending on how configure is run. This is pretty annoying, since # it makes $ac_aux_dir quite unusable in subdirectories: in the top # source directory, any form will work fine, but in subdirectories a # relative path needs to be adjusted first. # # $ac_aux_dir/missing # fails when called from a subdirectory if $ac_aux_dir is relative # $top_srcdir/$ac_aux_dir/missing # fails if $ac_aux_dir is absolute, # fails when called from a subdirectory in a VPATH build with # a relative $ac_aux_dir # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually # harmless because $srcdir is '.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, # iff we strip the leading $srcdir from $ac_aux_dir. That would be: # am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` # and then we would define $MISSING as # MISSING="\${SHELL} $am_aux_dir/missing" # This will work as long as MISSING is not called from configure, because # unfortunately $(top_srcdir) has no meaning in configure. # However there are other variables, like CC, which are often used in # configure, and could therefore not use this "fixed" $ac_aux_dir. # # Another solution, used here, is to always expand $ac_aux_dir to an # absolute PATH. The drawback is that using absolute paths prevent a # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], [AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl # Expand $ac_aux_dir to an absolute path. am_aux_dir=`cd "$ac_aux_dir" && pwd` ]) # AM_COND_IF -*- Autoconf -*- # Copyright (C) 2008-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_COND_IF # _AM_COND_ELSE # _AM_COND_ENDIF # -------------- # These macros are only used for tracing. m4_define([_AM_COND_IF]) m4_define([_AM_COND_ELSE]) m4_define([_AM_COND_ENDIF]) # AM_COND_IF(COND, [IF-TRUE], [IF-FALSE]) # --------------------------------------- # If the shell condition COND is true, execute IF-TRUE, otherwise execute # IF-FALSE. Allow automake to learn about conditional instantiating macros # (the AC_CONFIG_FOOS). AC_DEFUN([AM_COND_IF], [m4_ifndef([_AM_COND_VALUE_$1], [m4_fatal([$0: no such condition "$1"])])dnl _AM_COND_IF([$1])dnl if test -z "$$1_TRUE"; then : m4_n([$2])[]dnl m4_ifval([$3], [_AM_COND_ELSE([$1])dnl else $3 ])dnl _AM_COND_ENDIF([$1])dnl fi[]dnl ]) # AM_CONDITIONAL -*- Autoconf -*- # Copyright (C) 1997-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], [AC_PREREQ([2.52])dnl m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl _AM_SUBST_NOTMAKE([$1_FALSE])dnl m4_define([_AM_COND_VALUE_$1], [$2])dnl if $2; then $1_TRUE= $1_FALSE='#' else $1_TRUE='#' $1_FALSE= fi AC_CONFIG_COMMANDS_PRE( [if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then AC_MSG_ERROR([[conditional "$1" was never defined. Usually this means the macro was only invoked conditionally.]]) fi])]) # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. dnl Redefine AC_PROG_CC to automatically invoke _AM_PROG_CC_C_O. m4_define([AC_PROG_CC], m4_defn([AC_PROG_CC]) [_AM_PROG_CC_C_O ]) # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) # AM_INIT_AUTOMAKE([OPTIONS]) # ----------------------------------------------- # The call with PACKAGE and VERSION arguments is the old style # call (pre autoconf-2.50), which is being phased out. PACKAGE # and VERSION should now be passed to AC_INIT and removed from # the call to AM_INIT_AUTOMAKE. # We support both call styles for the transition. After # the next Automake release, Autoconf can make the AC_INIT # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.65])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl # test to see if srcdir already configured if test -f $srcdir/config.status; then AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi AC_SUBST([CYGPATH_W]) # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], [AC_DIAGNOSE([obsolete], [$0: two- and three-arguments forms are deprecated.]) m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. m4_if( m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]), [ok:ok],, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, [AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package]) AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}]) AM_MISSING_PROG([AUTOCONF], [autoconf]) AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}]) AM_MISSING_PROG([AUTOHEADER], [autoheader]) AM_MISSING_PROG([MAKEINFO], [makeinfo]) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: # # AC_SUBST([mkdir_p], ['$(MKDIR_P)']) # We need awk for the "check" target (and possibly the TAP driver). The # system "awk" is bad on some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], [_AM_DEPENDENCIES([CC])], [m4_define([AC_PROG_CC], m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], [_AM_DEPENDENCIES([CXX])], [m4_define([AC_PROG_CXX], m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], [_AM_DEPENDENCIES([OBJC])], [m4_define([AC_PROG_OBJC], m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], [_AM_DEPENDENCIES([OBJCXX])], [m4_define([AC_PROG_OBJCXX], m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl ]) AC_REQUIRE([AM_SILENT_RULES])dnl dnl The testsuite driver may need to know about EXEEXT, so add the dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below. AC_CONFIG_COMMANDS_PRE(dnl [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl # POSIX will say in a future version that running "rm -f" with no argument # is OK; and we want to be able to make that assumption in our Makefile # recipes. So use an aggressive probe to check that the usage we want is # actually supported "in the wild" to an acceptable degree. # See automake bug#10828. # To make any issue more visible, cause the running configure to be aborted # by default if the 'rm' program in use doesn't match our expectations; the # user can still override this though. if rm -f && rm -fr && rm -rf; then : OK; else cat >&2 <<'END' Oops! Your 'rm' program seems unable to run without file operands specified on the command line, even when the '-f' option is present. This is contrary to the behaviour of most rm programs out there, and not conforming with the upcoming POSIX standard: Please tell bug-automake@gnu.org about your system, including the value of your $PATH and any error possibly output before this message. This can help us improve future automake versions. END if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then echo 'Configuration will proceed anyway, since you have set the' >&2 echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 echo >&2 else cat >&2 <<'END' Aborting the configuration process, to ensure you take notice of the issue. You can download and install GNU coreutils to get an 'rm' implementation that behaves properly: . If you want to complete the configuration process using your problematic 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM to "yes", and re-run configure. END AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) fi fi dnl The trailing newline in this macro's definition is deliberate, for dnl backward compatibility and to allow trailing 'dnl'-style comments dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. ]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further dnl mangled by Autoconf and run in a shell conditional statement. m4_define([_AC_COMPILER_EXEEXT], m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header # that is generated. The stamp files are numbered to have different names. # Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the # loop where config.status creates the headers, so we can generate # our stamp files there. AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers. _am_arg=$1 _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) # Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_SH # ------------------ # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi AC_SUBST([install_sh])]) # Copyright (C) 2003-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # Check whether the underlying file-system supports filenames # with a leading dot. For instance MS-DOS doesn't. AC_DEFUN([AM_SET_LEADING_DOT], [rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null AC_SUBST([am__leading_dot])]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- # Copyright (C) 1997-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN]) $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) # AM_MISSING_HAS_RUN # ------------------ # Define MISSING if not defined so far and test if it is modern enough. # If it is, set am_missing_run to use it, otherwise, to nothing. AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --is-lightweight"; then am_missing_run="$MISSING " else am_missing_run= AC_MSG_WARN(['missing' script is too old or missing]) fi ]) # Helper functions for option handling. -*- Autoconf -*- # Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_MANGLE_OPTION(NAME) # ----------------------- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) # _AM_SET_OPTION(NAME) # -------------------- # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], [m4_define(_AM_MANGLE_OPTION([$1]), [1])]) # _AM_SET_OPTIONS(OPTIONS) # ------------------------ # OPTIONS is a space-separated list of Automake options. AC_DEFUN([_AM_SET_OPTIONS], [m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) # _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) # ------------------------------------------- # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) # Copyright (C) 1999-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # --------------------------------------------------------------------------- # Adds support for distributing Python modules and packages. To # install modules, copy them to $(pythondir), using the python_PYTHON # automake variable. To install a package with the same name as the # automake package, install to $(pkgpythondir), or use the # pkgpython_PYTHON automake variable. # # The variables $(pyexecdir) and $(pkgpyexecdir) are provided as # locations to install python extension modules (shared libraries). # Another macro is required to find the appropriate flags to compile # extension modules. # # If your package is configured with a different prefix to python, # users will have to add the install directory to the PYTHONPATH # environment variable, or create a .pth file (see the python # documentation for details). # # If the MINIMUM-VERSION argument is passed, AM_PATH_PYTHON will # cause an error if the version of python installed on the system # doesn't meet the requirement. MINIMUM-VERSION should consist of # numbers and dots only. AC_DEFUN([AM_PATH_PYTHON], [ dnl Find a Python interpreter. Python versions prior to 2.0 are not dnl supported. (2.0 was released on October 16, 2000). m4_define_default([_AM_PYTHON_INTERPRETER_LIST], [python python2 python3 dnl python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 dnl python3.2 python3.1 python3.0 dnl python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 dnl python2.0]) AC_ARG_VAR([PYTHON], [the Python interpreter]) m4_if([$1],[],[ dnl No version check is needed. # Find any Python interpreter. if test -z "$PYTHON"; then AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :) fi am_display_PYTHON=python ], [ dnl A version check is needed. if test -n "$PYTHON"; then # If the user set $PYTHON, use it and don't search something else. AC_MSG_CHECKING([whether $PYTHON version is >= $1]) AM_PYTHON_CHECK_VERSION([$PYTHON], [$1], [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no]) AC_MSG_ERROR([Python interpreter is too old])]) am_display_PYTHON=$PYTHON else # Otherwise, try each interpreter until we find one that satisfies # VERSION. AC_CACHE_CHECK([for a Python interpreter with version >= $1], [am_cv_pathless_PYTHON],[ for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do test "$am_cv_pathless_PYTHON" = none && break AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break]) done]) # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. if test "$am_cv_pathless_PYTHON" = none; then PYTHON=: else AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON]) fi am_display_PYTHON=$am_cv_pathless_PYTHON fi ]) if test "$PYTHON" = :; then dnl Run any user-specified action, or abort. m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])]) else dnl Query Python for its version number. Getting [:3] seems to be dnl the best way to do this; it's what "site.py" does in the standard dnl library. AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version], [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`]) AC_SUBST([PYTHON_VERSION], [$am_cv_python_version]) dnl Use the values of $prefix and $exec_prefix for the corresponding dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made dnl distinct variables so they can be overridden if need be. However, dnl general consensus is that you shouldn't need this ability. AC_SUBST([PYTHON_PREFIX], ['${prefix}']) AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}']) dnl At times (like when building shared libraries) you may want dnl to know which OS platform Python thinks this is. AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform], [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`]) AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform]) # Just factor out some code duplication. am_python_setup_sysconfig="\ import sys # Prefer sysconfig over distutils.sysconfig, for better compatibility # with python 3.x. See automake bug#10227. try: import sysconfig except ImportError: can_use_sysconfig = 0 else: can_use_sysconfig = 1 # Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: # try: from platform import python_implementation if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7': can_use_sysconfig = 0 except ImportError: pass" dnl Set up 4 directories: dnl pythondir -- where to install python scripts. This is the dnl site-packages directory, not the python standard library dnl directory like in previous automake betas. This behavior dnl is more consistent with lispdir.m4 for example. dnl Query distutils for this directory. AC_CACHE_CHECK([for $am_display_PYTHON script directory], [am_cv_python_pythondir], [if test "x$prefix" = xNONE then am_py_prefix=$ac_default_prefix else am_py_prefix=$prefix fi am_cv_python_pythondir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') sys.stdout.write(sitedir)"` case $am_cv_python_pythondir in $am_py_prefix*) am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` ;; *) case $am_py_prefix in /usr|/System*) ;; *) am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac ]) AC_SUBST([pythondir], [$am_cv_python_pythondir]) dnl pkgpythondir -- $PACKAGE directory under pythondir. Was dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is dnl more consistent with the rest of automake. AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE]) dnl pyexecdir -- directory for installing python extension modules dnl (shared libraries) dnl Query distutils for this directory. AC_CACHE_CHECK([for $am_display_PYTHON extension module directory], [am_cv_python_pyexecdir], [if test "x$exec_prefix" = xNONE then am_py_exec_prefix=$am_py_prefix else am_py_exec_prefix=$exec_prefix fi am_cv_python_pyexecdir=`$PYTHON -c " $am_python_setup_sysconfig if can_use_sysconfig: sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) else: from distutils import sysconfig sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') sys.stdout.write(sitedir)"` case $am_cv_python_pyexecdir in $am_py_exec_prefix*) am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` ;; *) case $am_py_exec_prefix in /usr|/System*) ;; *) am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages ;; esac ;; esac ]) AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir]) dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE) AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE]) dnl Run any user-specified action. $2 fi ]) # AM_PYTHON_CHECK_VERSION(PROG, VERSION, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) # --------------------------------------------------------------------------- # Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION. # Run ACTION-IF-FALSE otherwise. # This test uses sys.hexversion instead of the string equivalent (first # word of sys.version), in order to cope with versions such as 2.2c1. # This supports Python 2.0 or higher. (2.0 was released on October 16, 2000). AC_DEFUN([AM_PYTHON_CHECK_VERSION], [prog="import sys # split strings by '.' and convert to numeric. Append some zeros # because we need at least 4 digits for the hex conversion. # map returns an iterator in Python 3.0 and a list in 2.x minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]] minverhex = 0 # xrange is not present in Python 3.0 and range returns an iterator for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] sys.exit(sys.hexversion < minverhex)" AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) # Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_RUN_LOG(COMMAND) # ------------------- # Run COMMAND, save the exit status in ac_status, and log it. # (This has been adapted from Autoconf's _AC_RUN_LOG macro.) AC_DEFUN([AM_RUN_LOG], [{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD (exit $ac_status); }]) # Check to make sure that the build environment is sane. -*- Autoconf -*- # Copyright (C) 1996-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[[\\\"\#\$\&\'\`$am_lf]]*) AC_MSG_ERROR([unsafe absolute working directory name]);; esac case $srcdir in *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);; esac # Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( am_has_slept=no for am_try in 1 2; do echo "timestamp, slept: $am_has_slept" > conftest.file set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$[*]" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi if test "$[*]" != "X $srcdir/configure conftest.file" \ && test "$[*]" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken alias in your environment]) fi if test "$[2]" = conftest.file || test $am_try -eq 2; then break fi # Just in case. sleep 1 am_has_slept=yes done test "$[2]" = conftest.file ) then # Ok. : else AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi AC_MSG_RESULT([yes]) # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= if grep 'slept: no' conftest.file >/dev/null 2>&1; then ( sleep 1 ) & am_sleep_pid=$! fi AC_CONFIG_COMMANDS_PRE( [AC_MSG_CHECKING([that generated files are newer than configure]) if test -n "$am_sleep_pid"; then # Hide warnings about reused PIDs. wait $am_sleep_pid 2>/dev/null fi AC_MSG_RESULT([done])]) rm -f conftest.file ]) # Copyright (C) 2009-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_SILENT_RULES([DEFAULT]) # -------------------------- # Enable less verbose build rules; with the default set to DEFAULT # ("yes" being less verbose, "no" or empty being verbose). AC_DEFUN([AM_SILENT_RULES], [AC_ARG_ENABLE([silent-rules], [dnl AS_HELP_STRING( [--enable-silent-rules], [less verbose build output (undo: "make V=1")]) AS_HELP_STRING( [--disable-silent-rules], [verbose build output (undo: "make V=0")])dnl ]) case $enable_silent_rules in @%:@ ((( yes) AM_DEFAULT_VERBOSITY=0;; no) AM_DEFAULT_VERBOSITY=1;; *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);; esac dnl dnl A few 'make' implementations (e.g., NonStop OS and NextStep) dnl do not support nested variable expansions. dnl See automake bug#9928 and bug#10237. am_make=${MAKE-make} AC_CACHE_CHECK([whether $am_make supports nested variables], [am_cv_make_support_nested_variables], [if AS_ECHO([['TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 am__doit: @$(TRUE) .PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then am_cv_make_support_nested_variables=yes else am_cv_make_support_nested_variables=no fi]) if test $am_cv_make_support_nested_variables = yes; then dnl Using '$V' instead of '$(V)' breaks IRIX make. AM_V='$(V)' AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' else AM_V=$AM_DEFAULT_VERBOSITY AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY fi AC_SUBST([AM_V])dnl AM_SUBST_NOTMAKE([AM_V])dnl AC_SUBST([AM_DEFAULT_V])dnl AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl AC_SUBST([AM_DEFAULT_VERBOSITY])dnl AM_BACKSLASH='\' AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) # Copyright (C) 2001-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_STRIP # --------------------- # One issue with vendor 'install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we # always use install-sh in "make install-strip", and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl # Installed binaries are usually stripped using 'strip' when the user # run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the 'STRIP' environment variable to overrule this program. dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) # Copyright (C) 2006-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. # This macro is traced by Automake. AC_DEFUN([_AM_SUBST_NOTMAKE]) # AM_SUBST_NOTMAKE(VARIABLE) # -------------------------- # Public sister of _AM_SUBST_NOTMAKE. AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- # Copyright (C) 2004-2018 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. # FORMAT should be one of 'v7', 'ustar', or 'pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory # $tardir. # tardir=directory && $(am__tar) > result.tar # # Substitute a variable $(am__untar) that extract such # a tarball read from stdin. # $(am__untar) < result.tar # AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AC_SUBST([AMTAR], ['$${TAR-tar}']) # We'll loop over all known methods to create a tar archive until one works. _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' m4_if([$1], [v7], [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], [m4_case([$1], [ustar], [# The POSIX 1988 'ustar' format is defined with fixed-size fields. # There is notably a 21 bits limit for the UID and the GID. In fact, # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 # and bug#13588). am_max_uid=2097151 # 2^21 - 1 am_max_gid=$am_max_uid # The $UID and $GID variables are not portable, so we need to resort # to the POSIX-mandated id(1) utility. Errors in the 'id' calls # below are definitely unexpected, so allow the users to see them # (that is, avoid stderr redirection). am_uid=`id -u || echo unknown` am_gid=`id -g || echo unknown` AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) if test $am_uid -le $am_max_uid; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) _am_tools=none fi AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) if test $am_gid -le $am_max_gid; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) _am_tools=none fi], [pax], [], [m4_fatal([Unknown tar format])]) AC_MSG_CHECKING([how to create a $1 tar archive]) # Go ahead even if we have the value already cached. We do so because we # need to set the values for the 'am__tar' and 'am__untar' variables. _am_tools=${am_cv_prog_tar_$1-$_am_tools} for _am_tool in $_am_tools; do case $_am_tool in gnutar) for _am_tar in tar gnutar gtar; do AM_RUN_LOG([$_am_tar --version]) && break done am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' am__untar="$_am_tar -xf -" ;; plaintar) # Must skip GNU tar: if it does not support --format= it doesn't create # ustar tarball either. (tar --version) >/dev/null 2>&1 && continue am__tar='tar chf - "$$tardir"' am__tar_='tar chf - "$tardir"' am__untar='tar xf -' ;; pax) am__tar='pax -L -x $1 -w "$$tardir"' am__tar_='pax -L -x $1 -w "$tardir"' am__untar='pax -r' ;; cpio) am__tar='find "$$tardir" -print | cpio -o -H $1 -L' am__tar_='find "$tardir" -print | cpio -o -H $1 -L' am__untar='cpio -i -H $1 -d' ;; none) am__tar=false am__tar_=false am__untar=false ;; esac # If the value was cached, stop now. We just wanted to have am__tar # and am__untar set. test -n "${am_cv_prog_tar_$1}" && break # tar/untar a dummy directory, and stop if the command works. rm -rf conftest.dir mkdir conftest.dir echo GrepMe > conftest.dir/file AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) rm -rf conftest.dir if test -s conftest.tar; then AM_RUN_LOG([$am__untar /dev/null 2>&1 && break fi done rm -rf conftest.dir AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) AC_MSG_RESULT([$am_cv_prog_tar_$1])]) AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR m4_include([m4/intltool.m4]) m4_include([m4/jh_path_xml_catalog.m4]) firewalld-1.1.1/Makefile.in0000644000000000000000000007561414217352322015544 0ustar00rootroot00000000000000# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ $(am__configure_deps) $(am__DIST_COMMON) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = doxygen.conf src/firewall/config/__init__.py CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ cscope distdir distdir-am dist dist-all distcheck am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags CSCOPE = cscope DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/doxygen.conf.in \ $(top_srcdir)/src/firewall/config/__init__.py.in COPYING \ README install-sh missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ if test -d "$(distdir)"; then \ find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ && rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi am__post_remove_distdir = $(am__remove_distdir) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" GZIP_ENV = --best DIST_ARCHIVES = $(distdir).tar.bz2 distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = config doc po shell-completion src DIST_TARGETS = dist-gzip dist-container EXTRA_DIST = \ COPYING \ README \ autogen.sh \ ${PACKAGE_NAME}.spec CLEANFILES = *~ *\# .\#* *.tar* DISTCLEANFILES = config.log intltool-* DISTCLEANDIRS = autom4te.cache ${PACKAGE_NAME}-* all: all-recursive .SUFFIXES: am--refresh: Makefile @: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck $(top_srcdir)/configure: $(am__configure_deps) $(am__cd) $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): $(am__aclocal_m4_deps) $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) $(am__aclocal_m4_deps): doxygen.conf: $(top_builddir)/config.status $(srcdir)/doxygen.conf.in cd $(top_builddir) && $(SHELL) ./config.status $@ src/firewall/config/__init__.py: $(top_builddir)/config.status $(top_srcdir)/src/firewall/config/__init__.py.in cd $(top_builddir) && $(SHELL) ./config.status $@ # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscope: cscope.files test ! -s cscope.files \ || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) clean-cscope: -rm -f cscope.files cscope.files: clean-cscope cscopelist cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -rm -f cscope.out cscope.in.out cscope.po.out cscope.files distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done -test -n "$(am__skip_mode_fix)" \ || find "$(distdir)" -type d ! -perm -755 \ -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz $(am__post_remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 $(am__post_remove_distdir) dist-lzip: distdir tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz $(am__post_remove_distdir) dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz $(am__post_remove_distdir) dist-tarZ: distdir @echo WARNING: "Support for distribution archives compressed with" \ "legacy program 'compress' is deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir @echo WARNING: "Support for shar distribution archives is" \ "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz $(am__post_remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) $(am__post_remove_distdir) dist dist-all: $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' $(am__post_remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lz*) \ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ *.tar.xz*) \ xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ && $(am__cd) $(distdir)/_build/sub \ && ../../configure \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ --srcdir=../.. --prefix="$$dc_install_base" \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) uninstall \ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 $(am__post_remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: @test -n '$(distuninstallcheck_dir)' || { \ echo 'ERROR: trying to run $@ with an empty' \ '$$(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ $(am__cd) '$(distuninstallcheck_dir)' || { \ echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ exit 1; \ }; \ test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ fi ; \ $(distuninstallcheck_listfiles) ; \ exit 1; } >&2 distcleancheck: distclean @if test '$(srcdir)' = . ; then \ echo "ERROR: distcleancheck can only run from a VPATH build" ; \ exit 1 ; \ fi @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left in build directory after distclean:" ; \ $(distcleancheck_listfiles) ; \ exit 1; } >&2 check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -f Makefile distclean-am: clean-am distclean-generic distclean-local \ distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(am__recursive_targets) install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ am--refresh check check-am clean clean-cscope clean-generic \ cscope cscopelist-am ctags ctags-am dist dist-all dist-bzip2 \ dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \ distcheck distclean distclean-generic distclean-local \ distclean-tags distcleancheck distdir distuninstallcheck dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs installdirs-am \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am .PRECIOUS: Makefile tag: @spec_ver=`awk '/Version:/ { print $$2}' ${PACKAGE_NAME}.spec`; \ if test "$$spec_ver" != "${PACKAGE_VERSION}"; then \ echo "Spec file and package versions differ: $$spec_ver != ${PACKAGE_VERSION}"; \ secs=10; \ echo -n "Using ./autogen.sh in $$secs seconds: "; \ for i in `seq $$secs -1 1`; do echo -n "."; sleep 1; done; echo; \ ./autogen.sh; \ echo; \ echo "Please run make again to apply version changes."; \ exit 1; \ fi @if ! git diff --quiet --exit-code; then \ clear; \ echo -n "========================================"; \ echo "========================================"; \ PAGER= git diff; \ echo -n "========================================"; \ echo "========================================"; \ echo "Do you want to commit these changes? (y/N)"; \ read answer; \ [ "$$answer" == "Y" -o "$$answer" == "y" ] || exit 1; \ git commit -a -m "$(PACKAGE_TAG)"; \ fi git tag -f $(PACKAGE_TAG) git push git push --tags dist: clean-docs update-docs dist-container: $(PODMAN) build --squash-all -t firewalld -f $(abs_top_srcdir)/Dockerfile $(abs_top_srcdir) $(PODMAN) tag firewalld firewalld:$(PACKAGE_VERSION) $(PODMAN) tag firewalld firewalld:latest $(PODMAN) tag firewalld:$(PACKAGE_VERSION) quay.io/firewalld/firewalld:$(PACKAGE_VERSION) $(PODMAN) tag firewalld:latest quay.io/firewalld/firewalld:latest $(PODMAN) push quay.io/firewalld/firewalld:$(PACKAGE_VERSION) $(PODMAN) push quay.io/firewalld/firewalld:latest $(PODMAN) save --format oci-archive --output firewalld-oci-$(PACKAGE_VERSION).tar firewalld:$(PACKAGE_VERSION) dist-check: @rm -f _dist_check_failed @(cat config/Makefile.am | sed -n '/^CONFIG_FILES/,/^$$/p' | head -n-1 | tail -n+2) > _config @(cd config; git ls-files icmptypes helpers ipsets services zones | sort | sed -e 's/^/\t/' | sed ':a;N;$$!ba;s/\n/ \\\n/g') > _provided_config @diff -u1B _config _provided_config > _missing_config; \ if [ $$? -ne 0 ]; then \ echo; \ echo "============================================================================="; \ echo " Fix config/Makefile.am:"; \ echo "============================================================================="; \ touch _dist_check_failed; \ cat _missing_config | tail -n +3; \ echo; \ fi @rm -f _config _provided_config _missing_config @(cat src/Makefile.am | sed -n '/^nobase_dist_python_DATA/,/^$$/p' | head -n-1 | tail -n+2) > _config @(cd src; git ls-files firewall | sort | sed -e 's/^/\t/' -e "s/.py.in/.py/" | sed ':a;N;$$!ba;s/\n/ \\\n/g') > _provided_config @diff -u1B _config _provided_config > _missing_config; \ if [ $$? -ne 0 ]; then \ echo; \ echo "============================================================================="; \ echo " Fix src/Makefile.am:"; \ echo "============================================================================="; \ touch _dist_check_failed; \ cat _missing_config | tail -n +3; \ echo; \ fi @rm -f _config _provided_config _missing_config @if [ -f "_dist_check_failed" ]; then \ rm -f _dist_check_failed; \ exit 1; \ fi check-container check-integration installcheck-integration: $(MAKE) -C src/tests $@ .PHONY: check-container check-integration installcheck-integration .PHONY: dist-container update-docs: $(MAKE) -C doc/xml clean-docs: $(MAKE) -C doc/xml clean archive: dist-check $(desktop_DATA) tag dist local: distclean @rm -rf ${PACKAGE_NAME}-$(PACKAGE_VERSION).tar.gz @rm -rf /tmp/${PACKAGE_NAME}-$(PACKAGE_VERSION) /tmp/${PACKAGE_NAME} @dir=$$PWD; cd /tmp; cp -a $$dir ${PACKAGE_NAME} @mv /tmp/${PACKAGE_NAME} /tmp/${PACKAGE_NAME}-$(PACKAGE_VERSION) @dir=$$PWD; cd /tmp; tar --gzip -cSpf $$dir/${PACKAGE_NAME}-$(PACKAGE_VERSION).tar.gz ${PACKAGE_NAME}-$(PACKAGE_VERSION) @rm -rf /tmp/${PACKAGE_NAME}-$(PACKAGE_VERSION) @echo "The archive is in ${PACKAGE_NAME}-$(PACKAGE_VERSION).tar.gz" test-rpm: dist-gzip @rpmbuild -ta $(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz test-srpm: dist-gzip @rpmbuild -ts $(PACKAGE_NAME)-$(PACKAGE_VERSION).tar.gz update-po: ls $(top_srcdir)/po/*.po | sed 's/.*\/po\///;s/.po//' > $(top_srcdir)/po/LINGUAS $(MAKE) -C po update-po ${PACKAGE_NAME}.pot cp po/${PACKAGE_NAME}.pot po/${PACKAGE_NAME}.weblate.pot # This merges translations from the upstream master branch. # It's only meant to be used from the stable branches. Translations # contributions are only done against master. merge-po: update-po git fetch -q https://github.com/firewalld/firewalld master; \ for po in $(top_srcdir)/po/*.po; do \ mv $${po} $${po}.old; \ git checkout -q FETCH_HEAD $${po}; \ msgcat --use-first -o $${po}.merged $${po} $${po}.old; \ mv $${po}.merged $${po}; \ git add $${po}; \ done clean-po: @for cat in `cat ${top_srcdir}/po/LINGUAS`; do \ msgattrib --translated --no-fuzzy --no-obsolete --force-po --no-location --clear-previous --strict $(top_srcdir)/po/$$cat.po -o $(top_srcdir)/po/$$cat.out; \ mv -f $(top_srcdir)/po/$$cat.out $(top_srcdir)/po/$$cat.po; \ done report: @for cat in `cat ${top_srcdir}/po/LINGUAS`; do \ echo -n "$$cat: "; \ $(MSGFMT) --statistics -o /dev/null $(top_srcdir)/po/$$cat.po; \ done distclean-local: -test -z "$(DISTCLEANDIRS)" || rm -rf $(DISTCLEANDIRS) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-1.1.1/doxygen.conf.in0000644000000000000000000022136214217342322016420 0ustar00rootroot00000000000000# Doxyfile 1.7.5 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. # # All text after a hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (" "). #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all # text before the first occurrence of this tag. Doxygen uses libiconv (or the # iconv built into libc) for the transcoding. See # http://www.gnu.org/software/libiconv for the list of possible encodings. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or sequence of words) that should # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. PROJECT_NAME = @PACKAGE@ # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or # if some version control system is used. PROJECT_NUMBER = @PACKAGE_VERSION@ # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer # a quick idea about the purpose of the project. Keep the description short. PROJECT_BRIEF = # With the PROJECT_LOGO tag one can specify an logo or icon that is # included in the documentation. The maximum height of the logo should not # exceed 55 pixels and the maximum width should not exceed 200 pixels. # Doxygen will copy the logo to the output directory. PROJECT_LOGO = # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. # If a relative path is entered, it will be relative to the location # where doxygen was started. If left blank the current directory will be used. OUTPUT_DIRECTORY = doc # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create # 4096 sub-directories (in 2 levels) under the output directory of each output # format and will distribute the generated files over these directories. # Enabling this option can be useful when feeding doxygen a huge amount of # source files, where putting all generated files in the same directory would # otherwise cause performance problems for the file system. CREATE_SUBDIRS = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # The default language is English, other supported languages are: # Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, # Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German, # Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English # messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, # Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrillic, Slovak, # Slovene, Spanish, Swedish, Ukrainian, and Vietnamese. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will # include brief member descriptions after the members that are listed in # the file and class documentation (similar to JavaDoc). # Set to NO to disable this. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend # the brief description of a member or function before the detailed description. # Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator # that is used to form the text in various listings. Each string # in this list, if found as the leading text of the brief description, will be # stripped from the text and the result after processing the whole list, is # used as the annotated text. Otherwise, the brief description is used as-is. # If left blank, the following values are used ("$name" is automatically # replaced with the name of the entity): "The $name class" "The $name widget" # "The $name file" "is" "provides" "specifies" "contains" # "represents" "a" "an" "the" ABBREVIATE_BRIEF = # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # Doxygen will generate a detailed section even if there is only a brief # description. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full # path before files name in the file list and in the header files. If set # to NO the shortest path that makes the file name unique will be used. FULL_PATH_NAMES = YES # If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag # can be used to strip a user-defined part of the path. Stripping is # only done if one of the specified strings matches the left-hand part of # the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the # path to strip. STRIP_FROM_PATH = # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of # the path mentioned in the documentation of a class, which tells # the reader which header file to include in order to use a class. # If left blank only the name of the header file containing the class # definition is used. Otherwise one should specify the include paths that # are normally passed to the compiler using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter # (but less readable) file names. This can be useful if your file system # doesn't support long names like on DOS, Mac, or CD-ROM. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen # will interpret the first line (until the first dot) of a JavaDoc-style # comment as the brief description. If set to NO, the JavaDoc # comments will behave just like regular Qt-style comments # (thus requiring an explicit @brief command for a brief description.) JAVADOC_AUTOBRIEF = NO # If the QT_AUTOBRIEF tag is set to YES then Doxygen will # interpret the first line (until the first dot) of a Qt-style # comment as the brief description. If set to NO, the comments # will behave just like regular Qt-style comments (thus requiring # an explicit \brief command for a brief description.) QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen # treat a multi-line C++ special comment block (i.e. a block of //! or /// # comments) as a brief description. This used to be the default behaviour. # The new default is to treat a multi-line C++ comment block as a detailed # description. Set this tag to YES if you prefer the old behaviour instead. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES (the default) then an undocumented # member inherits the documentation from any documented member that it # re-implements. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce # a new page for each member. If set to NO, the documentation of a member will # be part of the file/class/namespace that contains it. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. # Doxygen uses this value to replace tabs by spaces in code fragments. TAB_SIZE = 8 # This tag can be used to specify a number of aliases that acts # as commands in the documentation. An alias has the form "name=value". # For example adding "sideeffect=\par Side Effects:\n" will allow you to # put the command \sideeffect (or @sideeffect) in the documentation, which # will result in a user-defined paragraph with heading "Side Effects:". # You can put \n's in the value part of an alias to insert newlines. ALIASES = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C # sources only. Doxygen will then generate output that is more tailored for C. # For instance, some of the names that are used will be different. The list # of all members will be omitted, etc. OPTIMIZE_OUTPUT_FOR_C = NO # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java # sources only. Doxygen will then generate output that is more tailored for # Java. For instance, namespaces will be presented as packages, qualified # scopes will look different, etc. OPTIMIZE_OUTPUT_JAVA = NO # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources only. Doxygen will then generate output that is more tailored for # Fortran. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for # VHDL. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given extension. # Doxygen has a built-in mapping, but you can override or extend it using this # tag. The format is ext=language, where ext is a file extension, and language # is one of the parsers supported by doxygen: IDL, Java, Javascript, CSharp, C, # C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, C++. For instance to make # doxygen treat .inc files as Fortran files (default is PHP), and .f files as C # (default is Fortran), use: inc=Fortran f=C. Note that for custom extensions # you also need to set FILE_PATTERNS otherwise the files are not read by doxygen. EXTENSION_MAPPING = # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should # set this tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); v.s. # func(std::string) {}). This also makes the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. # Doxygen will parse them like normal C++ but will assume all classes use public # instead of private inheritance when no explicit protection keyword is present. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate getter # and setter methods for a property. Setting this option to YES (the default) # will make doxygen replace the get and set methods by a property in the # documentation. This will only work if the methods are indeed getting or # setting a simple type. If this is not the case, or you want to show the # methods anyway, you should set this option to NO. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES, then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. DISTRIBUTE_GROUP_DOC = NO # Set the SUBGROUPING tag to YES (the default) to allow class member groups of # the same type (for instance a group of public functions) to be put as a # subgroup of that type (e.g. under the Public Functions section). Set it to # NO to prevent subgrouping. Alternatively, this can be done per class using # the \nosubgrouping command. SUBGROUPING = YES # When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and # unions are shown inside the group in which they are included (e.g. using # @ingroup) instead of on a separate page (for HTML and Man pages) or # section (for LaTeX and RTF). INLINE_GROUPED_CLASSES = NO # When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and # unions with only public data fields will be shown inline in the documentation # of the scope in which they are defined (i.e. file, namespace, or group # documentation), provided this scope is documented. If set to NO (the default), # structs, classes, and unions are shown on a separate page (for HTML and Man # pages) or section (for LaTeX and RTF). INLINE_SIMPLE_STRUCTS = NO # When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum # is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically # be useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. TYPEDEF_HIDES_STRUCT = NO # The SYMBOL_CACHE_SIZE determines the size of the internal cache use to # determine which symbols to keep in memory and which to flush to disk. # When the cache is full, less often used symbols will be written to disk. # For small to medium size projects (<1000 input files) the default value is # probably good enough. For larger projects a too small cache size can cause # doxygen to be busy swapping symbols to and from disk most of the time # causing a significant performance penalty. # If the system has enough physical memory increasing the cache will improve the # performance by keeping more symbols in memory. Note that the value works on # a logarithmic scale so increasing the size by one will roughly double the # memory usage. The cache size is given by this formula: # 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0, # corresponding to a cache size of 2^16 = 65536 symbols SYMBOL_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in # documentation are documented, even if no documentation was available. # Private class members and static file members will be hidden unless # the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES EXTRACT_ALL = YES #NO # If the EXTRACT_PRIVATE tag is set to YES all private members of a class # will be included in the documentation. EXTRACT_PRIVATE = NO # If the EXTRACT_STATIC tag is set to YES all static members of a file # will be included in the documentation. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) # defined locally in source files will be included in the documentation. # If set to NO only classes defined in header files are included. EXTRACT_LOCAL_CLASSES = YES # This flag is only useful for Objective-C code. When set to YES local # methods, which are defined in the implementation section but not in # the interface are included in the documentation. # If set to NO (the default) only methods in the interface are included. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base # name of the file that contains the anonymous namespace. By default # anonymous namespaces are hidden. EXTRACT_ANON_NSPACES = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all # undocumented members of documented classes, files or namespaces. # If set to NO (the default) these members will be included in the # various overviews, but no documentation section is generated. # This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_MEMBERS = YES #NO # If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. # If set to NO (the default) these classes will be included in the various # overviews. This option has no effect if EXTRACT_ALL is enabled. HIDE_UNDOC_CLASSES = NO # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all # friend (class|struct|union) declarations. # If set to NO (the default) these declarations will be included in the # documentation. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any # documentation blocks found inside the body of a function. # If set to NO (the default) these blocks will be appended to the # function's detailed documentation block. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation # that is typed after a \internal command is included. If the tag is set # to NO (the default) then the documentation will be excluded. # Set it to YES to include the internal documentation. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate # file names in lower-case letters. If set to YES upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen # will show members with their full class and namespace scopes in the # documentation. If set to YES the scope will be hidden. HIDE_SCOPE_NAMES = NO # If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen # will put a list of the files that are included by a file in the documentation # of that file. SHOW_INCLUDE_FILES = YES # If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen # will list include files with double quotes in the documentation # rather than with sharp brackets. FORCE_LOCAL_INCLUDES = NO # If the INLINE_INFO tag is set to YES (the default) then a tag [inline] # is inserted in the documentation for inline members. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen # will sort the (detailed) documentation of file and class members # alphabetically by member name. If set to NO the members will appear in # declaration order. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the # brief documentation of file, namespace and class members alphabetically # by member name. If set to NO (the default) the members will appear in # declaration order. SORT_BRIEF_DOCS = NO # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen # will sort the (brief and detailed) documentation of class members so that # constructors and destructors are listed first. If set to NO (the default) # the constructors will appear in the respective orders defined by # SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. # This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO # and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO. SORT_MEMBERS_CTORS_1ST = NO # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the # hierarchy of group names into alphabetical order. If set to NO (the default) # the group names will appear in their defined order. SORT_GROUP_NAMES = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be # sorted by fully-qualified names, including namespaces. If set to # NO (the default), the class list will be sorted only by class name, # not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the # alphabetical list. SORT_BY_SCOPE_NAME = NO # If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to # do proper type resolution of all parameters of a function it will reject a # match between the prototype and the implementation of a member function even # if there is only one candidate or it is obvious which candidate to choose # by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen # will still accept a match between prototype and implementation in such cases. STRICT_PROTO_MATCHING = NO # The GENERATE_TODOLIST tag can be used to enable (YES) or # disable (NO) the todo list. This list is created by putting \todo # commands in the documentation. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable (YES) or # disable (NO) the test list. This list is created by putting \test # commands in the documentation. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable (YES) or # disable (NO) the bug list. This list is created by putting \bug # commands in the documentation. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or # disable (NO) the deprecated list. This list is created by putting # \deprecated commands in the documentation. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional # documentation sections, marked by \if sectionname ... \endif. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines # the initial value of a variable or macro consists of for it to appear in # the documentation. If the initializer consists of more lines than specified # here it will be hidden. Use a value of 0 to hide initializers completely. # The appearance of the initializer of individual variables and macros in the # documentation can be controlled using \showinitializer or \hideinitializer # command in the documentation regardless of this setting. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated # at the bottom of the documentation of classes and structs. If set to YES the # list will mention the files that were used to generate the documentation. SHOW_USED_FILES = YES # If the sources in your project are distributed over multiple directories # then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy # in the documentation. The default is NO. SHOW_DIRECTORIES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. # This will remove the Files entry from the Quick Index and from the # Folder Tree View (if specified). The default is YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the # Namespaces page. # This will remove the Namespaces entry from the Quick Index # and from the Folder Tree View (if specified). The default is YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command , where is the value of # the FILE_VERSION_FILTER tag, and is the name of an input file # provided by doxygen. Whatever the program writes to standard output # is used as the file version. See the manual for examples. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated # output files in an output format independent way. The create the layout file # that represents doxygen's defaults, run doxygen with the -l option. # You can optionally specify a file name after the option, if omitted # DoxygenLayout.xml will be used as the name of the layout file. LAYOUT_FILE = # The CITE_BIB_FILES tag can be used to specify one or more bib files # containing the references data. This must be a list of .bib files. The # .bib extension is automatically appended if omitted. Using this command # requires the bibtex tool to be installed. See also # http://en.wikipedia.org/wiki/BibTeX for more info. For LaTeX the style # of the bibliography can be controlled using LATEX_BIB_STYLE. CITE_BIB_FILES = #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated # by doxygen. Possible values are YES and NO. If left blank NO is used. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated by doxygen. Possible values are YES and NO. If left blank # NO is used. WARNINGS = YES # If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings # for undocumented members. If EXTRACT_ALL is set to YES then this flag will # automatically be disabled. WARN_IF_UNDOCUMENTED = YES # If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some # parameters in a documented function, or documenting parameters that # don't exist or using markup commands wrongly. WARN_IF_DOC_ERROR = YES # The WARN_NO_PARAMDOC option can be enabled to get warnings for # functions that are documented, but have no documentation for their parameters # or return value. If set to NO (the default) doxygen will only warn about # wrong or incomplete parameter documentation, but not about the absence of # documentation. WARN_NO_PARAMDOC = NO # The WARN_FORMAT tag determines the format of the warning messages that # doxygen can produce. The string should contain the $file, $line, and $text # tags, which will be replaced by the file and line number from which the # warning originated and the warning text. Optionally the format may contain # $version, which will be replaced by the version of the file (if it could # be obtained via FILE_VERSION_FILTER) WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning # and error messages should be written. If left blank the output is written # to stderr. WARN_LOGFILE = #--------------------------------------------------------------------------- # configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag can be used to specify the files and/or directories that contain # documented source files. You may enter file names like "myfile.cpp" or # directories like "/usr/src/myproject". Separate the files or directories # with spaces. INPUT = src/firewall # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is # also the default input encoding. Doxygen uses libiconv (or the iconv built # into libc) for the transcoding. See http://www.gnu.org/software/libiconv for # the list of possible encodings. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank the following patterns are tested: # *.c *.cc *.cxx *.cpp *.c++ *.d *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh # *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py # *.f90 *.f *.for *.vhd *.vhdl FILE_PATTERNS = *.py # The RECURSIVE tag can be used to turn specify whether or not subdirectories # should be searched for input files as well. Possible values are YES and NO. # If left blank NO is used. RECURSIVE = YES # The EXCLUDE tag can be used to specify files and/or directories that should # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. # Note that relative paths are relative to directory from which doxygen is run. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded # from the input. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. Note that the wildcards are matched # against the file with absolute path, so to exclude all test directories # for example use the pattern */test/* EXCLUDE_PATTERNS = Makfile* *.in # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or # directories that contain example code fragments that are included (see # the \include command). EXAMPLE_PATH = # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp # and *.h) to filter out the source-files in the directories. If left # blank all files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude # commands irrespective of the value of the RECURSIVE tag. # Possible values are YES and NO. If left blank NO is used. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or # directories that contain image that are included in the documentation (see # the \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command , where # is the value of the INPUT_FILTER tag, and is the name of an # input file. Doxygen will then use the output that the filter program writes # to standard output. # If FILTER_PATTERNS is specified, this tag will be # ignored. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. # Doxygen will compare the file name with each pattern and apply the # filter if there is a match. # The filters are a list of the form: # pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further # info on how filters are used. If FILTER_PATTERNS is empty or if # non of the patterns match the file name, INPUT_FILTER is applied. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER) will be used to filter the input files when producing source # files to browse (i.e. when SOURCE_BROWSER is set to YES). FILTER_SOURCE_FILES = YES INPUT_FILTER = doxypy.py #NO # The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file # pattern. A pattern will override the setting for FILTER_PATTERN (if any) # and it is also possible to disable source filtering for a specific pattern # using *.ext= (so without naming a filter). This option only has effect when # FILTER_SOURCE_FILES is enabled. FILTER_SOURCE_PATTERNS = #--------------------------------------------------------------------------- # configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will # be generated. Documented entities will be cross-referenced with these sources. # Note: To get rid of all source code in the generated output, make sure also # VERBATIM_HEADERS is set to NO. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body # of functions and classes directly in the documentation. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct # doxygen to hide any special comment blocks from generated source code # fragments. Normal C and C++ comments will always remain visible. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES # then for each documented function all documented # functions referencing it will be listed. REFERENCED_BY_RELATION = NO # If the REFERENCES_RELATION tag is set to YES # then for each documented function all documented entities # called/used by that function will be listed. REFERENCES_RELATION = NO # If the REFERENCES_LINK_SOURCE tag is set to YES (the default) # and SOURCE_BROWSER tag is set to YES, then the hyperlinks from # functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will # link to the source code. # Otherwise they will link to the documentation. REFERENCES_LINK_SOURCE = YES # If the USE_HTAGS tag is set to YES then the references to source code # will point to the HTML generated by the htags(1) tool instead of doxygen # built-in source browser. The htags tool is part of GNU's global source # tagging system (see http://www.gnu.org/software/global/global.html). You # will need version 4.8.6 or higher. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen # will generate a verbatim copy of the header file for each class for # which an include is specified. Set to NO to disable this. VERBATIM_HEADERS = YES #--------------------------------------------------------------------------- # configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index # of all compounds will be generated. Enable this if the project # contains a lot of classes, structs, unions or interfaces. ALPHABETICAL_INDEX = YES # If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then # the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns # in which this list will be split (can be a number in the range [1..20]) COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all # classes will be put under the same header in the alphabetical index. # The IGNORE_PREFIX tag can be used to specify one or more prefixes that # should be ignored while generating the index headers. IGNORE_PREFIX = #--------------------------------------------------------------------------- # configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES (the default) Doxygen will # generate HTML output. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `html' will be used as the default path. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for # each generated HTML page (for example: .htm,.php,.asp). If it is left blank # doxygen will generate files with .html extension. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a personal HTML header for # each generated HTML page. If it is left blank doxygen will generate a # standard header. Note that when using a custom header you are responsible # for the proper inclusion of any scripts and style sheets that doxygen # needs, which is dependent on the configuration options used. # It is adviced to generate a default header using "doxygen -w html # header.html footer.html stylesheet.css YourConfigFile" and then modify # that header. Note that the header is subject to change so you typically # have to redo this when upgrading to a newer version of doxygen or when # changing the value of configuration settings such as GENERATE_TREEVIEW! HTML_HEADER = # The HTML_FOOTER tag can be used to specify a personal HTML footer for # each generated HTML page. If it is left blank doxygen will generate a # standard footer. HTML_FOOTER = # If the HTML_TIMESTAMP tag is set to YES then the generated HTML documentation will contain the timesstamp. HTML_TIMESTAMP = NO # The HTML_STYLESHEET tag can be used to specify a user-defined cascading # style sheet that is used by each HTML page. It can be used to # fine-tune the look of the HTML output. If the tag is left blank doxygen # will generate a default style sheet. Note that doxygen will try to copy # the style sheet file to the HTML output directory, so don't put your own # stylesheet in the HTML output directory as well, or it will be erased! HTML_STYLESHEET = # The HTML_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the HTML output directory. Note # that these files will be copied to the base HTML output directory. Use the # $relpath$ marker in the HTML_HEADER and/or HTML_FOOTER files to load these # files. In the HTML_STYLESHEET file, use the file name only. Also note that # the files will be copied as-is; there are no commands or markers available. HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. # Doxygen will adjust the colors in the stylesheet and background images # according to this color. Hue is specified as an angle on a colorwheel, # see http://en.wikipedia.org/wiki/Hue for more information. # For instance the value 0 represents red, 60 is yellow, 120 is green, # 180 is cyan, 240 is blue, 300 purple, and 360 is red again. # The allowed range is 0 to 359. HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of # the colors in the HTML output. For a value of 0 the output will use # grayscales only. A value of 255 will produce the most vivid colors. HTML_COLORSTYLE_SAT = 100 # The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to # the luminance component of the colors in the HTML output. Values below # 100 gradually make the output lighter, whereas values above 100 make # the output darker. The value divided by 100 is the actual gamma applied, # so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2, # and 100 does not change the gamma. HTML_COLORSTYLE_GAMMA = 80 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML # page will contain the date and time when the page was generated. Setting # this to NO can help when comparing the output of multiple runs. HTML_TIMESTAMP = YES # If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, # files or namespaces will be aligned in HTML using tables. If set to # NO a bullet list will be used. HTML_ALIGN_MEMBERS = YES # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. For this to work a browser that supports # JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox # Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). HTML_DYNAMIC_SECTIONS = NO # If the GENERATE_DOCSET tag is set to YES, additional index files # will be generated that can be used as input for Apple's Xcode 3 # integrated development environment, introduced with OSX 10.5 (Leopard). # To create a documentation set, doxygen will generate a Makefile in the # HTML output directory. Running make will produce the docset in that # directory and running "make install" will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find # it at startup. # See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html # for more information. GENERATE_DOCSET = NO # When GENERATE_DOCSET tag is set to YES, this tag determines the name of the # feed. A documentation feed provides an umbrella under which multiple # documentation sets from a single provider (such as a company or product suite) # can be grouped. DOCSET_FEEDNAME = "Doxygen generated docs" # When GENERATE_DOCSET tag is set to YES, this tag specifies a string that # should uniquely identify the documentation set bundle. This should be a # reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen # will append .docset to the name. DOCSET_BUNDLE_ID = org.doxygen.Project # When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely identify # the documentation publisher. This should be a reverse domain-name style # string, e.g. com.mycompany.MyDocSet.documentation. DOCSET_PUBLISHER_ID = org.doxygen.Publisher # The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher. DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES, additional index files # will be generated that can be used as input for tools like the # Microsoft HTML help workshop to generate a compiled HTML help file (.chm) # of the generated HTML documentation. GENERATE_HTMLHELP = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can # be used to specify the file name of the resulting .chm file. You # can add a path in front of the file if the result should not be # written to the html output directory. CHM_FILE = # If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can # be used to specify the location (absolute path including file name) of # the HTML help compiler (hhc.exe). If non-empty doxygen will try to run # the HTML help compiler on the generated index.hhp. HHC_LOCATION = # If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag # controls if a separate .chi index file is generated (YES) or that # it should be included in the master .chm file (NO). GENERATE_CHI = NO # If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING # is used to encode HtmlHelp index (hhk), content (hhc) and project file # content. CHM_INDEX_ENCODING = # If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag # controls whether a binary table of contents is generated (YES) or a # normal table of contents (NO) in the .chm file. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members # to the contents of the HTML help documentation and to the tree view. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated # that can be used as input for Qt's qhelpgenerator to generate a # Qt Compressed Help (.qch) of the generated HTML documentation. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can # be used to specify the file name of the resulting .qch file. # The path specified is relative to the HTML output folder. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#namespace QHP_NAMESPACE = org.doxygen.Project # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating # Qt Help Project output. For more information please see # http://doc.trolltech.com/qthelpproject.html#virtual-folders QHP_VIRTUAL_FOLDER = doc # If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to # add. For more information please see # http://doc.trolltech.com/qthelpproject.html#custom-filters QHP_CUST_FILTER_NAME = # The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see # # Qt Help Project / Custom Filters. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's # filter section matches. # # Qt Help Project / Filter Attributes. QHP_SECT_FILTER_ATTRS = # If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can # be used to specify the location of Qt's qhelpgenerator. # If non-empty doxygen will try to run qhelpgenerator on the generated # .qhp file. QHG_LOCATION = # If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files # will be generated, which together with the HTML files, form an Eclipse help # plugin. To install this plugin and make it available under the help contents # menu in Eclipse, the contents of the directory containing the HTML and XML # files needs to be copied into the plugins directory of eclipse. The name of # the directory within the plugins directory should be the same as # the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before # the help appears. GENERATE_ECLIPSEHELP = NO # A unique identifier for the eclipse help plugin. When installing the plugin # the directory name containing the HTML and XML files should also have # this name. ECLIPSE_DOC_ID = org.doxygen.Project # The DISABLE_INDEX tag can be used to turn on/off the condensed index at # top of each HTML page. The value NO (the default) enables the index and # the value YES disables it. DISABLE_INDEX = NO # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values # (range [0,1..20]) that doxygen will group on one line in the generated HTML # documentation. Note that a value of 0 will completely suppress the enum # values from appearing in the overview section. ENUM_VALUES_PER_LINE = 4 # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. # If the tag value is set to YES, a side panel will be generated # containing a tree-like index structure (just like the one that # is generated for HTML Help). For this to work a browser that supports # JavaScript, DHTML, CSS and frames is required (i.e. any modern browser). # Windows users are probably better off using the HTML help feature. GENERATE_TREEVIEW = NO # By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories, # and Class Hierarchy pages using a tree view instead of an ordered list. USE_INLINE_TREES = NO # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be # used to set the initial width (in pixels) of the frame in which the tree # is shown. TREEVIEW_WIDTH = 250 # When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open # links to external symbols imported via tag files in a separate window. EXT_LINKS_IN_WINDOW = NO # Use this tag to change the font size of Latex formulas included # as images in the HTML documentation. The default is 10. Note that # when you change the font size after a successful doxygen run you need # to manually remove any form_*.png images from the HTML output directory # to force them to be regenerated. FORMULA_FONTSIZE = 10 # Use the FORMULA_TRANPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are # not supported properly for IE 6.0, but are supported on all modern browsers. # Note that when changing this option you need to delete any form_*.png files # in the HTML output before the changes have effect. FORMULA_TRANSPARENT = YES # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax # (see http://www.mathjax.org) which uses client side Javascript for the # rendering instead of using prerendered bitmaps. Use this if you do not # have LaTeX installed or if you want to formulas look prettier in the HTML # output. When enabled you also need to install MathJax separately and # configure the path to it using the MATHJAX_RELPATH option. USE_MATHJAX = NO # When MathJax is enabled you need to specify the location relative to the # HTML output directory using the MATHJAX_RELPATH option. The destination # directory should contain the MathJax.js script. For instance, if the mathjax # directory is located at the same level as the HTML output directory, then # MATHJAX_RELPATH should be ../mathjax. The default value points to the # mathjax.org site, so you can quickly see the result without installing # MathJax, but it is strongly recommended to install a local copy of MathJax # before deployment. MATHJAX_RELPATH = http://www.mathjax.org/mathjax # The MATHJAX_EXTENSIONS tag can be used to specify one or MathJax extension # names that should be enabled during MathJax rendering. MATHJAX_EXTENSIONS = # When the SEARCHENGINE tag is enabled doxygen will generate a search box # for the HTML output. The underlying search engine uses javascript # and DHTML and should work on any modern browser. Note that when using # HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets # (GENERATE_DOCSET) there is already a search function so this one should # typically be disabled. For large projects the javascript based search engine # can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution. SEARCHENGINE = YES # When the SERVER_BASED_SEARCH tag is enabled the search engine will be # implemented using a PHP enabled web server instead of at the web client # using Javascript. Doxygen will generate the search PHP script and index # file to put on the web server. The advantage of the server # based approach is that it scales better to large projects and allows # full text search. The disadvantages are that it is more difficult to setup # and does not have live searching capabilities. SERVER_BASED_SEARCH = NO #--------------------------------------------------------------------------- # configuration options related to the LaTeX output #--------------------------------------------------------------------------- # If the GENERATE_LATEX tag is set to YES (the default) Doxygen will # generate Latex output. GENERATE_LATEX = NO # The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `latex' will be used as the default path. LATEX_OUTPUT = latex # The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be # invoked. If left blank `latex' will be used as the default command name. # Note that when enabling USE_PDFLATEX this option is only used for # generating bitmaps for formulas in the HTML output, but not in the # Makefile that is written to the output directory. LATEX_CMD_NAME = latex # The MAKEINDEX_CMD_NAME tag can be used to specify the command name to # generate index for LaTeX. If left blank `makeindex' will be used as the # default command name. MAKEINDEX_CMD_NAME = makeindex # If the COMPACT_LATEX tag is set to YES Doxygen generates more compact # LaTeX documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_LATEX = NO # The PAPER_TYPE tag can be used to set the paper type that is used # by the printer. Possible values are: a4, letter, legal and # executive. If left blank a4wide will be used. PAPER_TYPE = a4 # The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX # packages that should be included in the LaTeX output. EXTRA_PACKAGES = # The LATEX_HEADER tag can be used to specify a personal LaTeX header for # the generated latex document. The header should contain everything until # the first chapter. If it is left blank doxygen will generate a # standard header. Notice: only use this tag if you know what you are doing! LATEX_HEADER = # The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for # the generated latex document. The footer should contain everything after # the last chapter. If it is left blank doxygen will generate a # standard footer. Notice: only use this tag if you know what you are doing! LATEX_FOOTER = # If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated # is prepared for conversion to pdf (using ps2pdf). The pdf file will # contain links (just like the HTML output) instead of page references # This makes the output suitable for online browsing using a pdf viewer. PDF_HYPERLINKS = YES # If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of # plain latex in the generated Makefile. Set this option to YES to get a # higher quality PDF documentation. USE_PDFLATEX = YES # If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. # command to the generated LaTeX files. This will instruct LaTeX to keep # running if errors occur, instead of asking the user for help. # This option is also used when generating formulas in HTML. LATEX_BATCHMODE = NO # If LATEX_HIDE_INDICES is set to YES then doxygen will not # include the index chapters (such as File Index, Compound Index, etc.) # in the output. LATEX_HIDE_INDICES = NO # If LATEX_SOURCE_CODE is set to YES then doxygen will include # source code with syntax highlighting in the LaTeX output. # Note that which sources are shown also depends on other settings # such as SOURCE_BROWSER. LATEX_SOURCE_CODE = NO # The LATEX_BIB_STYLE tag can be used to specify the style to use for the # bibliography, e.g. plainnat, or ieeetr. The default style is "plain". See # http://en.wikipedia.org/wiki/BibTeX for more info. LATEX_BIB_STYLE = plain #--------------------------------------------------------------------------- # configuration options related to the RTF output #--------------------------------------------------------------------------- # If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output # The RTF output is optimized for Word 97 and may not look very pretty with # other RTF readers or editors. GENERATE_RTF = NO # The RTF_OUTPUT tag is used to specify where the RTF docs will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `rtf' will be used as the default path. RTF_OUTPUT = rtf # If the COMPACT_RTF tag is set to YES Doxygen generates more compact # RTF documents. This may be useful for small projects and may help to # save some trees in general. COMPACT_RTF = NO # If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated # will contain hyperlink fields. The RTF file will # contain links (just like the HTML output) instead of page references. # This makes the output suitable for online browsing using WORD or other # programs which support those fields. # Note: wordpad (write) and others do not support links. RTF_HYPERLINKS = NO # Load stylesheet definitions from file. Syntax is similar to doxygen's # config file, i.e. a series of assignments. You only have to provide # replacements, missing definitions are set to their default value. RTF_STYLESHEET_FILE = # Set optional variables used in the generation of an rtf document. # Syntax is similar to doxygen's config file. RTF_EXTENSIONS_FILE = #--------------------------------------------------------------------------- # configuration options related to the man page output #--------------------------------------------------------------------------- # If the GENERATE_MAN tag is set to YES (the default) Doxygen will # generate man pages GENERATE_MAN = NO # The MAN_OUTPUT tag is used to specify where the man pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `man' will be used as the default path. MAN_OUTPUT = man # The MAN_EXTENSION tag determines the extension that is added to # the generated man pages (default is the subroutine's section .3) MAN_EXTENSION = .3 # If the MAN_LINKS tag is set to YES and Doxygen generates man output, # then it will generate one additional man file for each entity # documented in the real man page(s). These additional files # only source the real man page, but without them the man command # would be unable to find the correct page. The default is NO. MAN_LINKS = NO #--------------------------------------------------------------------------- # configuration options related to the XML output #--------------------------------------------------------------------------- # If the GENERATE_XML tag is set to YES Doxygen will # generate an XML file that captures the structure of # the code including all documentation. GENERATE_XML = NO # The XML_OUTPUT tag is used to specify where the XML pages will be put. # If a relative path is entered the value of OUTPUT_DIRECTORY will be # put in front of it. If left blank `xml' will be used as the default path. XML_OUTPUT = xml # The XML_SCHEMA tag can be used to specify an XML schema, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_SCHEMA = # The XML_DTD tag can be used to specify an XML DTD, # which can be used by a validating XML parser to check the # syntax of the XML files. XML_DTD = # If the XML_PROGRAMLISTING tag is set to YES Doxygen will # dump the program listings (including syntax highlighting # and cross-referencing information) to the XML output. Note that # enabling this will significantly increase the size of the XML output. XML_PROGRAMLISTING = YES #--------------------------------------------------------------------------- # configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- # If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will # generate an AutoGen Definitions (see autogen.sf.net) file # that captures the structure of the code including all # documentation. Note that this feature is still experimental # and incomplete at the moment. GENERATE_AUTOGEN_DEF = NO #--------------------------------------------------------------------------- # configuration options related to the Perl module output #--------------------------------------------------------------------------- # If the GENERATE_PERLMOD tag is set to YES Doxygen will # generate a Perl module file that captures the structure of # the code including all documentation. Note that this # feature is still experimental and incomplete at the # moment. GENERATE_PERLMOD = NO # If the PERLMOD_LATEX tag is set to YES Doxygen will generate # the necessary Makefile rules, Perl scripts and LaTeX code to be able # to generate PDF and DVI output from the Perl module output. PERLMOD_LATEX = NO # If the PERLMOD_PRETTY tag is set to YES the Perl module output will be # nicely formatted so it can be parsed by a human reader. # This is useful # if you want to understand what is going on. # On the other hand, if this # tag is set to NO the size of the Perl module output will be much smaller # and Perl will parse it just the same. PERLMOD_PRETTY = YES # The names of the make variables in the generated doxyrules.make file # are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. # This is useful so different doxyrules.make files included by the same # Makefile don't overwrite each other's variables. PERLMOD_MAKEVAR_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- # If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will # evaluate all C-preprocessor directives found in the sources and include # files. ENABLE_PREPROCESSING = YES # If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro # names in the source code. If set to NO (the default) only conditional # compilation will be performed. Macro expansion can be done in a controlled # way by setting EXPAND_ONLY_PREDEF to YES. MACRO_EXPANSION = NO # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES # then the macro expansion is limited to the macros specified with the # PREDEFINED and EXPAND_AS_DEFINED tags. EXPAND_ONLY_PREDEF = NO # If the SEARCH_INCLUDES tag is set to YES (the default) the includes files # pointed to by INCLUDE_PATH will be searched when a #include is found. SEARCH_INCLUDES = YES # The INCLUDE_PATH tag can be used to specify one or more directories that # contain include files that are not input files but should be processed by # the preprocessor. INCLUDE_PATH = # You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard # patterns (like *.h and *.hpp) to filter out the header-files in the # directories. If left blank, the patterns specified with FILE_PATTERNS will # be used. INCLUDE_FILE_PATTERNS = # The PREDEFINED tag can be used to specify one or more macro names that # are defined before the preprocessor is started (similar to the -D option of # gcc). The argument of the tag is a list of macros of the form: name # or name=definition (no spaces). If the definition and the = are # omitted =1 is assumed. To prevent a macro definition from being # undefined via #undef or recursively expanded use the := operator # instead of the = operator. PREDEFINED = # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then # this tag can be used to specify a list of macro names that should be expanded. # The macro definition that is found in the sources will be used. # Use the PREDEFINED tag if you want to use a different macro definition that # overrules the definition found in the source code. EXPAND_AS_DEFINED = # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then # doxygen's preprocessor will remove all references to function-like macros # that are alone on a line, have an all uppercase name, and do not end with a # semicolon, because these will confuse the parser if not removed. SKIP_FUNCTION_MACROS = YES #--------------------------------------------------------------------------- # Configuration::additions related to external references #--------------------------------------------------------------------------- # The TAGFILES option can be used to specify one or more tagfiles. # Optionally an initial location of the external documentation # can be added for each tagfile. The format of a tag file without # this location is as follows: # # TAGFILES = file1 file2 ... # Adding location for the tag files is done as follows: # # TAGFILES = file1=loc1 "file2 = loc2" ... # where "loc1" and "loc2" can be relative or absolute paths or # URLs. If a location is present for each tag, the installdox tool # does not have to be run to correct the links. # Note that each tag file must have a unique name # (where the name does NOT include the path) # If a tag file is not located in the directory in which doxygen # is run, you must also specify the path to the tagfile here. TAGFILES = # When a file name is specified after GENERATE_TAGFILE, doxygen will create # a tag file that is based on the input files it reads. GENERATE_TAGFILE = # If the ALLEXTERNALS tag is set to YES all external classes will be listed # in the class index. If set to NO only the inherited external classes # will be listed. ALLEXTERNALS = NO # If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed # in the modules index. If set to NO, only the current project's groups will # be listed. EXTERNAL_GROUPS = YES # The PERL_PATH should be the absolute path and name of the perl script # interpreter (i.e. the result of `which perl'). PERL_PATH = /usr/bin/perl #--------------------------------------------------------------------------- # Configuration options related to the dot tool #--------------------------------------------------------------------------- # If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will # generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base # or super classes. Setting the tag to NO turns the diagrams off. Note that # this option also works with HAVE_DOT disabled, but it is recommended to # install and use dot, since it yields more powerful graphs. CLASS_DIAGRAMS = YES # You can define message sequence charts within doxygen comments using the \msc # command. Doxygen will then run the mscgen tool (see # http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the # documentation. The MSCGEN_PATH tag allows you to specify the directory where # the mscgen tool resides. If left empty the tool is assumed to be found in the # default search path. MSCGEN_PATH = # If set to YES, the inheritance and collaboration graphs will hide # inheritance and usage relations if the target is undocumented # or is not a class. HIDE_UNDOC_RELATIONS = YES # If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is # available from the path. This tool is part of Graphviz, a graph visualization # toolkit from AT&T and Lucent Bell Labs. The other options in this section # have no effect if this option is set to NO (the default) HAVE_DOT = NO # The DOT_NUM_THREADS specifies the number of dot invocations doxygen is # allowed to run in parallel. When set to 0 (the default) doxygen will # base this on the number of processors available in the system. You can set it # explicitly to a value larger than 0 to get control over the balance # between CPU load and processing speed. DOT_NUM_THREADS = 0 # By default doxygen will use the Helvetica font for all dot files that # doxygen generates. When you want a differently looking font you can specify # the font name using DOT_FONTNAME. You need to make sure dot is able to find # the font, which can be done by putting it in a standard location or by setting # the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the # directory containing the font. DOT_FONTNAME = Helvetica # The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs. # The default size is 10pt. DOT_FONTSIZE = 10 # By default doxygen will tell dot to use the Helvetica font. # If you specify a different font using DOT_FONTNAME you can use DOT_FONTPATH to # set the path where dot can find it. DOT_FONTPATH = # If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect inheritance relations. Setting this tag to YES will force the # the CLASS_DIAGRAMS tag to NO. CLASS_GRAPH = YES # If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen # will generate a graph for each documented class showing the direct and # indirect implementation dependencies (inheritance, containment, and # class references variables) of the class with other documented classes. COLLABORATION_GRAPH = YES # If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen # will generate a graph for groups, showing the direct groups dependencies GROUP_GRAPHS = YES # If the UML_LOOK tag is set to YES doxygen will generate inheritance and # collaboration diagrams in a style similar to the OMG's Unified Modeling # Language. UML_LOOK = NO # If set to YES, the inheritance and collaboration graphs will show the # relations between templates and their instances. TEMPLATE_RELATIONS = NO # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT # tags are set to YES then doxygen will generate a graph for each documented # file showing the direct and indirect include dependencies of the file with # other documented files. INCLUDE_GRAPH = YES # If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and # HAVE_DOT tags are set to YES then doxygen will generate a graph for each # documented header file showing the documented files that directly or # indirectly include this file. INCLUDED_BY_GRAPH = YES # If the CALL_GRAPH and HAVE_DOT options are set to YES then # doxygen will generate a call dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable call graphs # for selected functions only using the \callgraph command. CALL_GRAPH = NO # If the CALLER_GRAPH and HAVE_DOT tags are set to YES then # doxygen will generate a caller dependency graph for every global function # or class method. Note that enabling this option will significantly increase # the time of a run. So in most cases it will be better to enable caller # graphs for selected functions only using the \callergraph command. CALLER_GRAPH = NO # If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen # will generate a graphical hierarchy of all classes instead of a textual one. GRAPHICAL_HIERARCHY = YES # If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES # then doxygen will show the dependencies a directory has on other directories # in a graphical way. The dependency relations are determined by the #include # relations between the files in the directories. DIRECTORY_GRAPH = YES # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images # generated by dot. Possible values are svg, png, jpg, or gif. # If left blank png will be used. If you choose svg you need to set # HTML_FILE_EXTENSION to xhtml in order to make the SVG files # visible in IE 9+ (other browsers do not have this requirement). DOT_IMAGE_FORMAT = png # If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to # enable generation of interactive SVG images that allow zooming and panning. # Note that this requires a modern browser other than Internet Explorer. # Tested and working are Firefox, Chrome, Safari, and Opera. For IE 9+ you # need to set HTML_FILE_EXTENSION to xhtml in order to make the SVG files # visible. Older versions of IE do not have SVG support. INTERACTIVE_SVG = NO # The tag DOT_PATH can be used to specify the path where the dot tool can be # found. If left blank, it is assumed the dot tool can be found in the path. DOT_PATH = # The DOTFILE_DIRS tag can be used to specify one or more directories that # contain dot files that are included in the documentation (see the # \dotfile command). DOTFILE_DIRS = # The MSCFILE_DIRS tag can be used to specify one or more directories that # contain msc files that are included in the documentation (see the # \mscfile command). MSCFILE_DIRS = # The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of # nodes that will be shown in the graph. If the number of nodes in a graph # becomes larger than this value, doxygen will truncate the graph, which is # visualized by representing a node as a red box. Note that doxygen if the # number of direct children of the root node in a graph is already larger than # DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note # that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. DOT_GRAPH_MAX_NODES = 50 # The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the # graphs generated by dot. A depth value of 3 means that only nodes reachable # from the root by following a path via at most 3 edges will be shown. Nodes # that lay further from the root node will be omitted. Note that setting this # option to 1 or 2 may greatly reduce the computation time needed for large # code bases. Also note that the size of a graph can be further restricted by # DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. MAX_DOT_GRAPH_DEPTH = 0 # Set the DOT_TRANSPARENT tag to YES to generate images with a transparent # background. This is disabled by default, because dot on Windows does not # seem to support this out of the box. Warning: Depending on the platform used, # enabling this option may lead to badly anti-aliased labels on the edges of # a graph (i.e. they become hard to read). DOT_TRANSPARENT = NO # Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output # files in one run (i.e. multiple -o and -T options on the command line). This # makes dot run faster, but since only newer versions of dot (>1.8.10) # support this, this feature is disabled by default. DOT_MULTI_TARGETS = NO # If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will # generate a legend page explaining the meaning of the various boxes and # arrows in the dot generated graphs. GENERATE_LEGEND = YES # If the DOT_CLEANUP tag is set to YES (the default) Doxygen will # remove the intermediate dot files that are used to generate # the various graphs. DOT_CLEANUP = YES firewalld-1.1.1/COPYING0000644000000000000000000004325414217342322014524 0ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. firewalld-1.1.1/README0000644000000000000000000001601414217345560014352 0ustar00rootroot00000000000000README for firewalld ==================== firewalld provides a dynamically managed firewall with support for network or firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and a separation of runtime and permanent configuration options. It also provides an interface for services or applications to add ip*tables and ebtables rules directly. Development ----------- To check out the source repository, you can use: git clone https://github.com/firewalld/firewalld.git This will create a local copy of the repository. Language Translations --------------------- Firewalld uses GNU gettext for localization support. Translations can be done using Fedora's Weblate instance [1]. Translations are periodically merged into the main firewalld repository. [1] https://translate.stg.fedoraproject.org/projects/firewalld/ Dependencies ------------ These are the runtime dependencies: linux >= 5.3 python3-dbus python3-gobject python3-nftables >= 0.9.4 Note: python2 is _not_ supported. Optional Dependencies --------------------- These dependencies may enhance firewalld's functionality, but they are not required. ebtables ipset iptables polkit python3-capng (libcap-ng-python3) Working With The Source Repository ---------------------------------- In addition to the runtime dependencies some others are needed to build from source: desktop-file-utils: /usr/bin/desktop-file-install gettext intltool glib2: /usr/bin/glib-compile-schemas glib2-devel: /usr/share/aclocal/gsettings.m4 systemd-units To be able to create man pages and documentation from docbook files: docbook-style-xsl libxslt Use the usual autoconf/automake incantation to generate makefiles ./autogen.sh ./configure You can use a specific python interpreter by passing the PYTHON variable. This is also used by the testsuite. ./configure PYTHON=/path/to/python3 Use make to create the documentation and to update the po files. Use make check to run the testsuite. Tests are run inside network namespaces and do not interfere with the host's running firewalld. They can also be run in parallel by passing flags to autotest. make check TESTSUITEFLAGS="-j4" The testsuite also uses keywords to allow running a subset of tests that exercise a specific area. For example: make check TESTSUITEFLAGS="-k rich -j4" 24: rich rules audit ok 25: rich rules priority ok 26: rich rules bad ok 53: rich rules audit ok 23: rich rules good ok 55: rich rules bad ok 74: remove forward-port after reload ok You can get a list of tests and keywords make -C src/tests check TESTSUITEFLAGS="-l" Or just the keywords make -C src/tests check TESTSUITEFLAGS="-l" \ |awk '/^[[:space:]]*[[:digit:]]+/{getline; print $0}' \ |tr ' ' '\n' |sort |uniq There are integration tests. Currently this includes NetworkManager. These may be _destructive_ to the host. Run them in a disposable VM or container. make check-integration There is also a check-container target that will run the testsuite inside various podman/docker containers. This is useful for coverage of multiple distributions. It also runs tests that may be destructive to the host such as integration tests. make check-container TESTSUITEFLAGS="-j4" OCI Container Image ------------------- As part of the `dist` build target an OCI container image is generated. This is distributed alongside the normal release tarball. It can be used to run firewalld from a container. The containerized firewalld will _not_ integrate with the host (e.g. podman, libvirt, NetworkManager). To manually load the container image into your environment: # podman load -i .../path/to/firewalld-oci-.tar To fetch the image from quay.io: # podman pull quay.io/firewalld/firewalld: where is optional. latest will be used if omitted. To start the daemon/container: # podman run -d --network host --privileged \ --name my-firewalld firewalld Firewalld's configuration will live inside the container. Therefore users may want to occasionally `podman commit` the image. Using firewalld's CLI should be done via podman exec after the daemon/container has been started: # podman exec my-firewalld firewall-cmd ... ### Container Integration with Host The same container image can be used to integrate with the host's running NetworkManager, podman, libvirt, etc. This requires the host to have a dbus policy for firewalld. A dbus policy can be obtained from the firewalld source code tree at location `config/FirewallD.conf`. # cp config/FirewallD.conf /usr/share/dbus-1/system.d/FirewallD.conf Once the dbus policy is in place the container could be started as such: # podman run -d -v /run/dbus/system_bus_socket:/run/dbus/system_bus_socket \ --network host --privileged \ --name my-firewalld firewalld \ firewalld --nofork --nopid The only addition are: volume mount, explicit CMD. The some approach can be use to store firewalld's configuration files on the host. # podman run -d -v /run/dbus/system_bus_socket:/run/dbus/system_bus_socket \ -v /etc/firewalld:/etc/firewalld \ --network host --privileged \ --name my-firewalld firewalld \ firewalld --nofork --nopid RPM package ----------- For Fedora and RHEL based distributions, there is a spec file in the source repo named firewalld.spec. This should be usable for Fedora versions >= 16 and RHEL >= 7. Links ----- Homepage: http://firewalld.org Report a bug: https://github.com/firewalld/firewalld/issues Git repo browser: https://github.com/firewalld/firewalld Git repo: https://github.com/firewalld/firewalld.git Documentation: http://firewalld.org/documentation/ Mailing lists ------------- For usage: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org/ For development: https://lists.fedorahosted.org/archives/list/firewalld-devel@lists.fedorahosted.org/ Directory Structure ------------------- config/ Configuration files config/icmptypes/ Predefined ICMP types config/services/ Predefined services config/zones/ Predefined zones config/ipsets/ Predefined ipsets doc/ Documentation doc/man/ Base directory for man pages doc/man/man1/ Man(1) pages doc/man/man5/ Man(5) pages po/ Translations shell-completion/ Base directory for auto completion scripts src/ Source tree src/firewall/ Import tree for the sevice and all applications src/icons/ Icons in the sizes: 16, 22, 24, 32, 48 and scalable src/tests/ Testsuite firewalld-1.1.1/install-sh0000755000000000000000000003601014000401074015453 0ustar00rootroot00000000000000#!/bin/sh # install - install a program, script, or datafile scriptversion=2018-03-11.20; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the # following copyright and license. # # Copyright (C) 1994 X Consortium # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to # deal in the Software without restriction, including without limitation the # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or # sell copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN # AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- # TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # # Except as contained in this notice, the name of the X Consortium shall not # be used in advertising or otherwise to promote the sale, use or other deal- # ings in this Software without prior written authorization from the X Consor- # tium. # # # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent # 'make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. tab=' ' nl=' ' IFS=" $tab$nl" # Set DOITPROG to "echo" to test this script. doit=${DOITPROG-} doit_exec=${doit:-exec} # Put in absolute file names if you don't have them in your path; # or use environment vars. chgrpprog=${CHGRPPROG-chgrp} chmodprog=${CHMODPROG-chmod} chownprog=${CHOWNPROG-chown} cmpprog=${CMPPROG-cmp} cpprog=${CPPROG-cp} mkdirprog=${MKDIRPROG-mkdir} mvprog=${MVPROG-mv} rmprog=${RMPROG-rm} stripprog=${STRIPPROG-strip} posix_mkdir= # Desired mode of installed file. mode=0755 chgrpcmd= chmodcmd=$chmodprog chowncmd= mvcmd=$mvprog rmcmd="$rmprog -f" stripcmd= src= dst= dir_arg= dst_arg= copy_on_change=false is_target_a_directory=possibly usage="\ Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE or: $0 [OPTION]... SRCFILES... DIRECTORY or: $0 [OPTION]... -t DIRECTORY SRCFILES... or: $0 [OPTION]... -d DIRECTORIES... In the 1st form, copy SRCFILE to DSTFILE. In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. In the 4th, create DIRECTORIES. Options: --help display this help and exit. --version display version info and exit. -c (ignored) -C install only if different (preserve the last data modification time) -d create directories instead of installing files. -g GROUP $chgrpprog installed files to GROUP. -m MODE $chmodprog installed files to MODE. -o USER $chownprog installed files to USER. -s $stripprog installed files. -t DIRECTORY install into DIRECTORY. -T report an error if DSTFILE is a directory. Environment variables override the default commands: CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG " while test $# -ne 0; do case $1 in -c) ;; -C) copy_on_change=true;; -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 case $mode in *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*) echo "$0: invalid mode: $mode" >&2 exit 1;; esac shift;; -o) chowncmd="$chownprog $2" shift;; -s) stripcmd=$stripprog;; -t) is_target_a_directory=always dst_arg=$2 # Protect names problematic for 'test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac shift;; -T) is_target_a_directory=never;; --version) echo "$0 $scriptversion"; exit $?;; --) shift break;; -*) echo "$0: invalid option: $1" >&2 exit 1;; *) break;; esac shift done # We allow the use of options -d and -T together, by making -d # take the precedence; this is for compatibility with GNU install. if test -n "$dir_arg"; then if test -n "$dst_arg"; then echo "$0: target directory not allowed when installing a directory." >&2 exit 1 fi fi if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. # Otherwise, the last argument is the destination. Remove it from $@. for arg do if test -n "$dst_arg"; then # $@ is not empty: it contains at least $arg. set fnord "$@" "$dst_arg" shift # fnord fi shift # arg dst_arg=$arg # Protect names problematic for 'test' and other utilities. case $dst_arg in -* | [=\(\)!]) dst_arg=./$dst_arg;; esac done fi if test $# -eq 0; then if test -z "$dir_arg"; then echo "$0: no input file specified." >&2 exit 1 fi # It's OK to call 'install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi if test -z "$dir_arg"; then if test $# -gt 1 || test "$is_target_a_directory" = always; then if test ! -d "$dst_arg"; then echo "$0: $dst_arg: Is not a directory." >&2 exit 1 fi fi fi if test -z "$dir_arg"; then do_exit='(exit $ret); exit $ret' trap "ret=129; $do_exit" 1 trap "ret=130; $do_exit" 2 trap "ret=141; $do_exit" 13 trap "ret=143; $do_exit" 15 # Set umask so as not to create temps with too-generous modes. # However, 'strip' requires both read and write access to temps. case $mode in # Optimize common cases. *644) cp_umask=133;; *755) cp_umask=22;; *[0-7]) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw='% 200' fi cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; *) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw=,u+rw fi cp_umask=$mode$u_plus_rw;; esac fi for src do # Protect names problematic for 'test' and other utilities. case $src in -* | [=\(\)!]) src=./$src;; esac if test -n "$dir_arg"; then dst=$src dstdir=$dst test -d "$dstdir" dstdir_status=$? else # Waiting for this to be detected by the "$cpprog $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if test ! -f "$src" && test ! -d "$src"; then echo "$0: $src does not exist." >&2 exit 1 fi if test -z "$dst_arg"; then echo "$0: no destination specified." >&2 exit 1 fi dst=$dst_arg # If destination is a directory, append the input filename. if test -d "$dst"; then if test "$is_target_a_directory" = never; then echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi dstdir=$dst dstbase=`basename "$src"` case $dst in */) dst=$dst$dstbase;; *) dst=$dst/$dstbase;; esac dstdir_status=0 else dstdir=`dirname "$dst"` test -d "$dstdir" dstdir_status=$? fi fi case $dstdir in */) dstdirslash=$dstdir;; *) dstdirslash=$dstdir/;; esac obsolete_mkdir_used=false if test $dstdir_status != 0; then case $posix_mkdir in '') # Create intermediate dirs using mode 755 as modified by the umask. # This is like FreeBSD 'install' as of 1997-10-28. umask=`umask` case $stripcmd.$umask in # Optimize common cases. *[2367][2367]) mkdir_umask=$umask;; .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; *[0-7]) mkdir_umask=`expr $umask + 22 \ - $umask % 100 % 40 + $umask % 20 \ - $umask % 10 % 4 + $umask % 2 `;; *) mkdir_umask=$umask,go-w;; esac # With -d, create the new directory with the user-specified mode. # Otherwise, rely on $mkdir_umask. if test -n "$dir_arg"; then mkdir_mode=-m$mode else mkdir_mode= fi posix_mkdir=false case $umask in *[123567][0-7][0-7]) # POSIX mkdir -p sets u+wx bits regardless of umask, which # is incompatible with FreeBSD 'install' when (umask & 300) != 0. ;; *) # Note that $RANDOM variable is not portable (e.g. dash); Use it # here however when possible just to lower collision chance. tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0 # Because "mkdir -p" follows existing symlinks and we likely work # directly in world-writeable /tmp, make sure that the '$tmpdir' # directory is successfully created first before we actually test # 'mkdir -p' feature. if (umask $mkdir_umask && $mkdirprog $mkdir_mode "$tmpdir" && exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 then if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or # other-writable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. test_tmpdir="$tmpdir/a" ls_ld_tmpdir=`ls -ld "$test_tmpdir"` case $ls_ld_tmpdir in d????-?r-*) different_mode=700;; d????-?--*) different_mode=755;; *) false;; esac && $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" } } then posix_mkdir=: fi rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" else # Remove any dirs left behind by ancient mkdir implementations. rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null fi trap '' 0;; esac;; esac if $posix_mkdir && ( umask $mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" ) then : else # The umask is ridiculous, or mkdir does not conform to POSIX, # or it failed possibly due to a race condition. Create the # directory the slow way, step by step, checking for races as we go. case $dstdir in /*) prefix='/';; [-=\(\)!]*) prefix='./';; *) prefix='';; esac oIFS=$IFS IFS=/ set -f set fnord $dstdir shift set +f IFS=$oIFS prefixes= for d do test X"$d" = X && continue prefix=$prefix$d if test -d "$prefix"; then prefixes= else if $posix_mkdir; then (umask=$mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break # Don't fail if two instances are running concurrently. test -d "$prefix" || exit 1 else case $prefix in *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; *) qprefix=$prefix;; esac prefixes="$prefixes '$qprefix'" fi fi prefix=$prefix/ done if test -n "$prefixes"; then # Don't fail if two instances are running concurrently. (umask $mkdir_umask && eval "\$doit_exec \$mkdirprog $prefixes") || test -d "$dstdir" || exit 1 obsolete_mkdir_used=true fi fi fi if test -n "$dir_arg"; then { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 else # Make a couple of temp file names in the proper directory. dsttmp=${dstdirslash}_inst.$$_ rmtmp=${dstdirslash}_rm.$$_ # Trap to clean up those temp files at exit. trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 # Copy the file name to the temp name. (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && # and set any options; do chmod last to preserve setuid bits. # # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $cpprog $src $dsttmp" command. # { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && # If -C, don't bother to copy if it wouldn't change the file. if $copy_on_change && old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && set -f && set X $old && old=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 && set +f && test "$old" = "$new" && $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 then rm -f "$dsttmp" else # Rename the file to the real destination. $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || # The rename failed, perhaps because mv can't rename something else # to itself, or perhaps because mv is so ancient that it does not # support -f. { # Now remove or move aside any old file at destination location. # We try this two ways since rm can't unlink itself on some # systems and the destination file might be busy for other # reasons. In this case, the final cleanup might fail but the new # file should still install successfully. { test ! -f "$dst" || $doit $rmcmd -f "$dst" 2>/dev/null || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } } || { echo "$0: cannot unlink or rename $dst" >&2 (exit 1); exit 1 } } && # Now rename the file to the real destination. $doit $mvcmd "$dsttmp" "$dst" } fi || exit 1 trap '' 0 fi done # Local variables: # eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: firewalld-1.1.1/missing0000755000000000000000000001533614000401074015056 0ustar00rootroot00000000000000#! /bin/sh # Common wrapper for a few potentially missing GNU programs. scriptversion=2018-03-07.03; # UTC # Copyright (C) 1996-2018 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then echo 1>&2 "Try '$0 --help' for more information" exit 1 fi case $1 in --is-lightweight) # Used by our autoconf macros to check whether the available missing # script is modern enough. exit 0 ;; --run) # Back-compat with the calling convention used by older automake. shift ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due to PROGRAM being missing or too old. Options: -h, --help display this help and exit -v, --version output version information and exit Supported PROGRAM values: aclocal autoconf autoheader autom4te automake makeinfo bison yacc flex lex help2man Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and 'g' are ignored when checking the name. Send bug reports to ." exit $? ;; -v|--v|--ve|--ver|--vers|--versi|--versio|--version) echo "missing $scriptversion (GNU Automake)" exit $? ;; -*) echo 1>&2 "$0: unknown '$1' option" echo 1>&2 "Try '$0 --help' for more information" exit 1 ;; esac # Run the given program, remember its exit status. "$@"; st=$? # If it succeeded, we are done. test $st -eq 0 && exit 0 # Also exit now if we it failed (or wasn't found), and '--version' was # passed; such an option is passed most likely to detect whether the # program is present and works. case $2 in --version|--help) exit $st;; esac # Exit code 63 means version mismatch. This often happens when the user # tries to use an ancient version of a tool on a file that requires a # minimum version. if test $st -eq 63; then msg="probably too old" elif test $st -eq 127; then # Program was missing. msg="missing on your system" else # Program was found and executed, but failed. Give up. exit $st fi perl_URL=https://www.perl.org/ flex_URL=https://github.com/westes/flex gnu_software_URL=https://www.gnu.org/software program_details () { case $1 in aclocal|automake) echo "The '$1' program is part of the GNU Automake package:" echo "<$gnu_software_URL/automake>" echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" echo "<$gnu_software_URL/autoconf>" echo "<$gnu_software_URL/m4/>" echo "<$perl_URL>" ;; autoconf|autom4te|autoheader) echo "The '$1' program is part of the GNU Autoconf package:" echo "<$gnu_software_URL/autoconf/>" echo "It also requires GNU m4 and Perl in order to run:" echo "<$gnu_software_URL/m4/>" echo "<$perl_URL>" ;; esac } give_advice () { # Normalize program name to check for. normalized_program=`echo "$1" | sed ' s/^gnu-//; t s/^gnu//; t s/^g//; t'` printf '%s\n' "'$1' is $msg." configure_deps="'configure.ac' or m4 files included by 'configure.ac'" case $normalized_program in autoconf*) echo "You should only need it if you modified 'configure.ac'," echo "or m4 files included by it." program_details 'autoconf' ;; autoheader*) echo "You should only need it if you modified 'acconfig.h' or" echo "$configure_deps." program_details 'autoheader' ;; automake*) echo "You should only need it if you modified 'Makefile.am' or" echo "$configure_deps." program_details 'automake' ;; aclocal*) echo "You should only need it if you modified 'acinclude.m4' or" echo "$configure_deps." program_details 'aclocal' ;; autom4te*) echo "You might have modified some maintainer files that require" echo "the 'autom4te' program to be rebuilt." program_details 'autom4te' ;; bison*|yacc*) echo "You should only need it if you modified a '.y' file." echo "You may want to install the GNU Bison package:" echo "<$gnu_software_URL/bison/>" ;; lex*|flex*) echo "You should only need it if you modified a '.l' file." echo "You may want to install the Fast Lexical Analyzer package:" echo "<$flex_URL>" ;; help2man*) echo "You should only need it if you modified a dependency" \ "of a man page." echo "You may want to install the GNU Help2man package:" echo "<$gnu_software_URL/help2man/>" ;; makeinfo*) echo "You should only need it if you modified a '.texi' file, or" echo "any other file indirectly affecting the aspect of the manual." echo "You might want to install the Texinfo package:" echo "<$gnu_software_URL/texinfo/>" echo "The spurious makeinfo call might also be the consequence of" echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" echo "want to install GNU make:" echo "<$gnu_software_URL/make/>" ;; *) echo "You might have modified some files without having the proper" echo "tools for further handling them. Check the 'README' file, it" echo "often tells you about the needed prerequisites for installing" echo "this package. You may also peek at any GNU archive site, in" echo "case some other package contains this missing '$1' program." ;; esac } give_advice "$1" | sed -e '1s/^/WARNING: /' \ -e '2,$s/^/ /' >&2 # Propagate the correct exit status (expected to be 127 for a program # not found, 63 for a program that failed due to version mismatch). exit $st # Local variables: # eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC0" # time-stamp-end: "; # UTC" # End: firewalld-1.1.1/autogen.sh0000755000000000000000000000050614217342322015463 0ustar00rootroot00000000000000#! /bin/sh srcdir=`dirname $0` test -z "$srcdir" && srcdir=. ORIGDIR=`pwd` cd $srcdir rm -rf $srcdir/autom* rm -f $srcdir/config.* # create po/LINGUAS ls po/*.po | sed -e 's/.po//' | sed -e 's/po\///' > po/LINGUAS intltoolize --force --automake autoreconf --force -v --install --symlink || exit 1 cd $ORIGDIR || exit $? firewalld-1.1.1/firewalld.spec0000644000000000000000000002141614217351640016315 0ustar00rootroot00000000000000Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Name: firewalld Version: 1.1.1 Release: 1%{?dist} URL: http://firewalld.org License: GPLv2+ Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildArch: noarch BuildRequires: autoconf BuildRequires: automake BuildRequires: desktop-file-utils BuildRequires: gettext BuildRequires: intltool # glib2-devel is needed for gsettings.m4 BuildRequires: glib2, glib2-devel BuildRequires: systemd-units BuildRequires: docbook-style-xsl BuildRequires: libxslt BuildRequires: iptables, ebtables, ipset BuildRequires: python3-devel Requires: iptables, ebtables, ipset Requires(post): systemd Requires(preun): systemd Requires(postun): systemd Requires: firewalld-filesystem = %{version}-%{release} Requires: python3-firewall = %{version}-%{release} Recommends: libcap-ng-python3 %description firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. %package -n python3-firewall Summary: Python3 bindings for firewalld Requires: python3-dbus Requires: python3-nftables %if (0%{?fedora} >= 23 || 0%{?rhel} >= 8) Requires: python3-gobject-base %else Requires: python3-gobject %endif %description -n python3-firewall Python3 bindings for firewalld. %package -n firewalld-filesystem Summary: Firewalld directory layout and rpm macros %description -n firewalld-filesystem This package provides directories and rpm macros which are required by other packages that add firewalld configuration files. %package -n firewalld-test Summary: Firewalld testsuite %description -n firewalld-test This package provides the firewalld testsuite. %package -n firewall-applet Summary: Firewall panel applet Requires: %{name} = %{version}-%{release} Requires: firewall-config = %{version}-%{release} Requires: hicolor-icon-theme Requires: python3-qt5 Requires: python3-gobject Requires: libnotify Requires: NetworkManager-libnm Requires: dbus-x11 %description -n firewall-applet The firewall panel applet provides a status information of firewalld and also the firewall settings. %package -n firewall-config Summary: Firewall configuration application Requires: %{name} = %{version}-%{release} Requires: hicolor-icon-theme Requires: gtk3 Requires: python3-gobject Requires: NetworkManager-libnm Requires: dbus-x11 Recommends: polkit %description -n firewall-config The firewall configuration application provides an configuration interface for firewalld. %prep %autosetup ./autogen.sh %build %configure --enable-sysconfig --enable-rpmmacros PYTHON=%{__python3} make %{?_smp_mflags} %install make install DESTDIR=%{buildroot} desktop-file-install --delete-original \ --dir %{buildroot}%{_sysconfdir}/xdg/autostart \ %{buildroot}%{_sysconfdir}/xdg/autostart/firewall-applet.desktop desktop-file-install --delete-original \ --dir %{buildroot}%{_datadir}/applications \ %{buildroot}%{_datadir}/applications/firewall-config.desktop %find_lang %{name} --all-name %post %systemd_post firewalld.service %preun %systemd_preun firewalld.service %postun %systemd_postun_with_restart firewalld.service %post -n firewall-applet /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || : %postun -n firewall-applet if [ $1 -eq 0 ] ; then /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : fi %posttrans -n firewall-applet /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %post -n firewall-config /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || : %postun -n firewall-config if [ $1 -eq 0 ] ; then /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : fi %posttrans -n firewall-config /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || : %files -f %{name}.lang %doc COPYING README %{_sbindir}/firewalld %{_bindir}/firewall-cmd %{_bindir}/firewall-offline-cmd %dir %{_datadir}/bash-completion/completions %{_datadir}/bash-completion/completions/firewall-cmd %dir %{_datadir}/zsh/site-functions %{_datadir}/zsh/site-functions/_firewalld %{_prefix}/lib/firewalld/icmptypes/*.xml %{_prefix}/lib/firewalld/ipsets/README %{_prefix}/lib/firewalld/policies/*.xml %{_prefix}/lib/firewalld/services/*.xml %{_prefix}/lib/firewalld/zones/*.xml %{_prefix}/lib/firewalld/helpers/*.xml %attr(0750,root,root) %dir %{_sysconfdir}/firewalld %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf %config(noreplace) %{_sysconfdir}/firewalld/lockdown-whitelist.xml %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/helpers %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/icmptypes %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/ipsets %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/policies %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/services %attr(0750,root,root) %dir %{_sysconfdir}/firewalld/zones %defattr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/firewalld #%attr(0755,root,root) %{_initrddir}/firewalld %{_unitdir}/firewalld.service %config(noreplace) %{_datadir}/dbus-1/system.d/FirewallD.conf %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy.choice %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy.choice %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy %{_mandir}/man1/firewall*cmd*.1* %{_mandir}/man1/firewalld*.1* %{_mandir}/man5/firewall*.5* %{_sysconfdir}/modprobe.d/firewalld-sysctls.conf %config(noreplace) %{_sysconfdir}/logrotate.d/firewalld %files -n python3-firewall %attr(0755,root,root) %dir %{python3_sitelib}/firewall %attr(0755,root,root) %dir %{python3_sitelib}/firewall/__pycache__ %attr(0755,root,root) %dir %{python3_sitelib}/firewall/config %attr(0755,root,root) %dir %{python3_sitelib}/firewall/config/__pycache__ %attr(0755,root,root) %dir %{python3_sitelib}/firewall/core %attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/__pycache__ %attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/io %attr(0755,root,root) %dir %{python3_sitelib}/firewall/core/io/__pycache__ %attr(0755,root,root) %dir %{python3_sitelib}/firewall/server %attr(0755,root,root) %dir %{python3_sitelib}/firewall/server/__pycache__ %{python3_sitelib}/firewall/__pycache__/*.py* %{python3_sitelib}/firewall/*.py* %{python3_sitelib}/firewall/config/*.py* %{python3_sitelib}/firewall/config/__pycache__/*.py* %{python3_sitelib}/firewall/core/*.py* %{python3_sitelib}/firewall/core/__pycache__/*.py* %{python3_sitelib}/firewall/core/io/*.py* %{python3_sitelib}/firewall/core/io/__pycache__/*.py* %{python3_sitelib}/firewall/server/*.py* %{python3_sitelib}/firewall/server/__pycache__/*.py* %files -n firewalld-filesystem %dir %{_prefix}/lib/firewalld %dir %{_prefix}/lib/firewalld/helpers %dir %{_prefix}/lib/firewalld/icmptypes %dir %{_prefix}/lib/firewalld/ipsets %dir %{_prefix}/lib/firewalld/policies %dir %{_prefix}/lib/firewalld/services %dir %{_prefix}/lib/firewalld/zones %{_rpmconfigdir}/macros.d/macros.firewalld %files -n firewalld-test %dir %{_datadir}/firewalld/testsuite %{_datadir}/firewalld/testsuite/README %{_datadir}/firewalld/testsuite/testsuite %dir %{_datadir}/firewalld/testsuite/integration %{_datadir}/firewalld/testsuite/integration/testsuite %dir %{_datadir}/firewalld/testsuite/python %{_datadir}/firewalld/testsuite/python/firewalld_config.py %{_datadir}/firewalld/testsuite/python/firewalld_direct.py %{_datadir}/firewalld/testsuite/python/firewalld_rich.py %{_datadir}/firewalld/testsuite/python/firewalld_test.py %files -n firewall-applet %attr(0755,root,root) %dir %{_sysconfdir}/firewall %{_bindir}/firewall-applet %defattr(0644,root,root) %config(noreplace) %{_sysconfdir}/xdg/autostart/firewall-applet.desktop %config(noreplace) %{_sysconfdir}/firewall/applet.conf %{_datadir}/icons/hicolor/*/apps/firewall-applet*.* %{_mandir}/man1/firewall-applet*.1* %files -n firewall-config %{_bindir}/firewall-config %defattr(0644,root,root) %{_datadir}/firewalld/firewall-config.glade %{_datadir}/firewalld/gtk3_chooserbutton.py* %{_datadir}/firewalld/gtk3_niceexpander.py* %{_datadir}/applications/firewall-config.desktop %{_datadir}/metainfo/firewall-config.appdata.xml %{_datadir}/icons/hicolor/*/apps/firewall-config*.* %{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml %{_mandir}/man1/firewall-config*.1* %changelog * Fri Mar 25 2022 Eric Garver - 1.1.1-1 - release v1.1.1 * Fri Feb 25 2022 Eric Garver - 1.1.0-1 - release v1.1.0 firewalld-1.1.1/config/0000755000000000000000000000000014217353174014735 5ustar00rootroot00000000000000firewalld-1.1.1/config/helpers/0000755000000000000000000000000014217353174016377 5ustar00rootroot00000000000000firewalld-1.1.1/config/helpers/amanda.xml0000644000000000000000000000017514217342322020336 0ustar00rootroot00000000000000 firewalld-1.1.1/config/helpers/ftp.xml0000644000000000000000000000016714217342322017707 0ustar00rootroot00000000000000 firewalld-1.1.1/config/helpers/h323.xml0000644000000000000000000000012514217342322017567 0ustar00rootroot00000000000000 firewalld-1.1.1/config/helpers/irc.xml0000644000000000000000000000020614217342322017665 0ustar00rootroot00000000000000 firewalld-1.1.1/config/helpers/netbios-ns.xml0000644000000000000000000000021514217342322021171 0ustar00rootroot00000000000000 firewalld-1.1.1/config/helpers/pptp.xml0000644000000000000000000000021014217342322020066 0ustar00rootroot00000000000000 firewalld-1.1.1/config/helpers/proto-gre.xml0000644000000000000000000000013214217342322021024 0ustar00rootroot00000000000000 firewalld-1.1.1/config/helpers/Q.931.xml0000644000000000000000000000017214217342322017625 0ustar00rootroot00000000000000 firewalld-1.1.1/config/helpers/RAS.xml0000644000000000000000000000017214217342322017537 0ustar00rootroot00000000000000 firewalld-1.1.1/config/helpers/sane.xml0000644000000000000000000000017214217342322020040 0ustar00rootroot00000000000000 firewalld-1.1.1/config/helpers/sip.xml0000644000000000000000000000023614217342322017706 0ustar00rootroot00000000000000 firewalld-1.1.1/config/helpers/snmp.xml0000644000000000000000000000020714217342322020066 0ustar00rootroot00000000000000 firewalld-1.1.1/config/helpers/tftp.xml0000644000000000000000000000017014217342322020065 0ustar00rootroot00000000000000 firewalld-1.1.1/config/icmptypes/0000755000000000000000000000000014217353174016752 5ustar00rootroot00000000000000firewalld-1.1.1/config/icmptypes/address-unreachable.xml0000644000000000000000000000060114217342322023356 0ustar00rootroot00000000000000 Address Unreachable This error message is generated by a router, or by the IPv6 layer in the originating node, in response to a packet that cannot be delivered to its destination address for reasons other than congestion. firewalld-1.1.1/config/icmptypes/bad-header.xml0000644000000000000000000000040214217342322021435 0ustar00rootroot00000000000000 Bad Header This error message is created if there has been an error in the header of a packet. firewalld-1.1.1/config/icmptypes/beyond-scope.xml0000644000000000000000000000044614217342322022060 0ustar00rootroot00000000000000 Beyond Scope This error message is sent if transmitting a package whould cross a zone boundary of the scope of the source address. firewalld-1.1.1/config/icmptypes/communication-prohibited.xml0000644000000000000000000000042714217342322024464 0ustar00rootroot00000000000000 Communication Prohibited This error message is sent if communication with destination administratively prohibited. firewalld-1.1.1/config/icmptypes/destination-unreachable.xml0000644000000000000000000000033614217342322024257 0ustar00rootroot00000000000000 Destination Unreachable This error message is generated by a host or gateway if the destination is not reachable. firewalld-1.1.1/config/icmptypes/echo-reply.xml0000644000000000000000000000025514217342322021536 0ustar00rootroot00000000000000 Echo Reply (pong) This message is the answer to an Echo Request. firewalld-1.1.1/config/icmptypes/echo-request.xml0000644000000000000000000000032214217342322022066 0ustar00rootroot00000000000000 Echo Request (ping) This message is used to test if a host is reachable mostly with the ping utility. firewalld-1.1.1/config/icmptypes/failed-policy.xml0000644000000000000000000000040514217342322022205 0ustar00rootroot00000000000000 Failed Policy This error message is generated if the source address failed ingress/egress policy. firewalld-1.1.1/config/icmptypes/fragmentation-needed.xml0000644000000000000000000000043014217342322023542 0ustar00rootroot00000000000000 Fragmentation Needed This error message is sent if fragmentation is required, and Don not Fragment (DF) flag is set. firewalld-1.1.1/config/icmptypes/host-precedence-violation.xml0000644000000000000000000000041214217342322024534 0ustar00rootroot00000000000000 Host Precedence Violation This error message is sent if the communication administratively prohibited. firewalld-1.1.1/config/icmptypes/host-prohibited.xml0000644000000000000000000000040114217342322022564 0ustar00rootroot00000000000000 Host Prohibited This error message is sent if access from a host administratively prohibited. firewalld-1.1.1/config/icmptypes/host-redirect.xml0000644000000000000000000000036214217342322022242 0ustar00rootroot00000000000000 Host Redirect This message is sent if the datagram is redirected for the host. firewalld-1.1.1/config/icmptypes/host-unknown.xml0000644000000000000000000000035714217342322022144 0ustar00rootroot00000000000000 Host Unknown This error message is sent if the destination host is unknown. firewalld-1.1.1/config/icmptypes/host-unreachable.xml0000644000000000000000000000036714217342322022717 0ustar00rootroot00000000000000 Host Unreachable This error message is sent if the destination host is unreachable. firewalld-1.1.1/config/icmptypes/ip-header-bad.xml0000644000000000000000000000034514217342322022051 0ustar00rootroot00000000000000 Ip Header Bad This error message is sent if the IP header is bad. firewalld-1.1.1/config/icmptypes/neighbour-advertisement.xml0000644000000000000000000000054314217342322024321 0ustar00rootroot00000000000000 Neighbour Advertisement (Neighbor Advertisement) This informational message is sent in response to a neighbour-solicitation message in order to (unreliably) propagate new information quickly. firewalld-1.1.1/config/icmptypes/neighbour-solicitation.xml0000644000000000000000000000071114217342322024145 0ustar00rootroot00000000000000 Neighbour Solicitation (Neighbor Solicitation) This informational message is sent by a node to determine the link-layer address of a neighbor, or to verify that a neighbor is still reachable via a cached link-layer address. Neighbor Solicitations are also used for Duplicate Address Detection. firewalld-1.1.1/config/icmptypes/network-prohibited.xml0000644000000000000000000000037214217342322023307 0ustar00rootroot00000000000000 Network Prohibited This message is sent if the network is administratively prohibited. firewalld-1.1.1/config/icmptypes/network-redirect.xml0000644000000000000000000000037014217342322022755 0ustar00rootroot00000000000000 Network Redirect This message is sent if the datagram is redirected for the network. firewalld-1.1.1/config/icmptypes/network-unknown.xml0000644000000000000000000000035714217342322022660 0ustar00rootroot00000000000000 Network Unknown This message is sent if the destination network is unknown. firewalld-1.1.1/config/icmptypes/network-unreachable.xml0000644000000000000000000000036714217342322023433 0ustar00rootroot00000000000000 Network Unreachable This message is sent if the destination network is unreachable. firewalld-1.1.1/config/icmptypes/no-route.xml0000644000000000000000000000035714217342322021242 0ustar00rootroot00000000000000 No Route This error message is set if there is no route to the destination. firewalld-1.1.1/config/icmptypes/packet-too-big.xml0000644000000000000000000000051014217342322022266 0ustar00rootroot00000000000000 Packet Too Big This error message is sent by a router in response to a packet that it cannot forward because the packet is larger than the MTU of the outgoing link. firewalld-1.1.1/config/icmptypes/parameter-problem.xml0000644000000000000000000000034114217342322023101 0ustar00rootroot00000000000000 Parameter Problem This error message is generated if the IP header is bad, either by a missing option or bad length. firewalld-1.1.1/config/icmptypes/port-unreachable.xml0000644000000000000000000000035114217342322022717 0ustar00rootroot00000000000000 Port Unreachable This error message is sent if the port unreachable. firewalld-1.1.1/config/icmptypes/precedence-cutoff.xml0000644000000000000000000000040014217342322023040 0ustar00rootroot00000000000000 Precedence Cutoff This message is sent if the precedence is lower than the required minimum. firewalld-1.1.1/config/icmptypes/protocol-unreachable.xml0000644000000000000000000000037114217342322023576 0ustar00rootroot00000000000000 Protocol Unreachable This message is sent if the destination protocol is unreachable. firewalld-1.1.1/config/icmptypes/redirect.xml0000644000000000000000000000027114217342322021266 0ustar00rootroot00000000000000 Redirect This error message informs a host to send packets on another route. firewalld-1.1.1/config/icmptypes/reject-route.xml0000644000000000000000000000036414217342322022100 0ustar00rootroot00000000000000 Reject Route This error message is sent if the route to destination is rejected. firewalld-1.1.1/config/icmptypes/required-option-missing.xml0000644000000000000000000000036114217342322024262 0ustar00rootroot00000000000000 Required Option Missing This message is sent if a required option is missing. firewalld-1.1.1/config/icmptypes/router-advertisement.xml0000644000000000000000000000034314217342322023655 0ustar00rootroot00000000000000 Router Advertisement This message is used by routers to periodically announce the IP address of a multicast interface. firewalld-1.1.1/config/icmptypes/router-solicitation.xml0000644000000000000000000000033714217342322023507 0ustar00rootroot00000000000000 Router Solicitation This message is used by a host attached to a multicast link to request a Router Advertisement. firewalld-1.1.1/config/icmptypes/source-quench.xml0000644000000000000000000000037014217342322022246 0ustar00rootroot00000000000000 Source Quench This error message is generated to tell a host to reduce the pace at which it is sending packets. firewalld-1.1.1/config/icmptypes/source-route-failed.xml0000644000000000000000000000035414217342322023345 0ustar00rootroot00000000000000 Source Route Failed This message is sent if the source route has failed. firewalld-1.1.1/config/icmptypes/time-exceeded.xml0000644000000000000000000000037514217342322022174 0ustar00rootroot00000000000000 Time Exceeded This error message is generated if the time-to-live was exceeded either of a packet or of the reassembling of a fragmented packet. firewalld-1.1.1/config/icmptypes/timestamp-reply.xml0000644000000000000000000000035114217342322022620 0ustar00rootroot00000000000000 Timestamp Reply This message is used to reply to a timestamp message. firewalld-1.1.1/config/icmptypes/timestamp-request.xml0000644000000000000000000000034414217342322023157 0ustar00rootroot00000000000000 Timestamp Request This message is used for time synchronization. firewalld-1.1.1/config/icmptypes/tos-host-redirect.xml0000644000000000000000000000040214217342322023040 0ustar00rootroot00000000000000 TOS Host Redirect This message is the datagram is redirected for the type of service and host. firewalld-1.1.1/config/icmptypes/tos-host-unreachable.xml0000644000000000000000000000040114217342322023507 0ustar00rootroot00000000000000 TOS Host Unreachable This message is sent if the host is unreachable for the type of service. firewalld-1.1.1/config/icmptypes/tos-network-redirect.xml0000644000000000000000000000042014217342322023554 0ustar00rootroot00000000000000 TOS Network Redirect This message is sent if the datagram is redirected for the type of service and network. firewalld-1.1.1/config/icmptypes/tos-network-unreachable.xml0000644000000000000000000000041514217342322024230 0ustar00rootroot00000000000000 TOS Network Unreachable This error message is sent if the network is unreachable for the type of service. firewalld-1.1.1/config/icmptypes/ttl-zero-during-reassembly.xml0000644000000000000000000000044514217342322024702 0ustar00rootroot00000000000000 TTL Zero During Reassembly This error message is sent if a host fails to reassemble a fragmented datagram within its time limit. firewalld-1.1.1/config/icmptypes/ttl-zero-during-transit.xml0000644000000000000000000000040014217342322024207 0ustar00rootroot00000000000000 TTL Zero During Transit This error message is sent if the time to live exceeded in transit. firewalld-1.1.1/config/icmptypes/unknown-header-type.xml0000644000000000000000000000040314217342322023366 0ustar00rootroot00000000000000 Unknown Header Type This error message is sent if an unrecognized Next Header type encountered. firewalld-1.1.1/config/icmptypes/unknown-option.xml0000644000000000000000000000037114217342322022473 0ustar00rootroot00000000000000 Unknown Option This error message is sent if an unrecognized IPv6 option encountered. firewalld-1.1.1/config/ipsets/0000755000000000000000000000000014217353174016244 5ustar00rootroot00000000000000firewalld-1.1.1/config/ipsets/README0000644000000000000000000000003514217342322017113 0ustar00rootroot00000000000000Location for built-in ipsets firewalld-1.1.1/config/policies/0000755000000000000000000000000014217353174016544 5ustar00rootroot00000000000000firewalld-1.1.1/config/policies/allow-host-ipv6.xml0000644000000000000000000000121114217342322022225 0ustar00rootroot00000000000000 Allow host IPv6 Allows basic IPv6 functionality for the host running firewalld. firewalld-1.1.1/config/services/0000755000000000000000000000000014217353174016560 5ustar00rootroot00000000000000firewalld-1.1.1/config/services/afp.xml0000644000000000000000000000054014217342322020040 0ustar00rootroot00000000000000 AFP The Apple Filing Protocol (AFP), formerly AppleTalk Filing Protocol, is a proprietary network protocol, and part of the Apple File Service (AFS), that offers file services for macOS and the classic Mac OS. firewalld-1.1.1/config/services/amanda-client.xml0000644000000000000000000000061714217342322021774 0ustar00rootroot00000000000000 Amanda Backup Client The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful. firewalld-1.1.1/config/services/amanda-k5-client.xml0000644000000000000000000000065314217342322022311 0ustar00rootroot00000000000000 Amanda Backup Client (kerberized) The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful. This service specifically allows krb5 authentication firewalld-1.1.1/config/services/amqp.xml0000644000000000000000000000042114217342322020226 0ustar00rootroot00000000000000 amqp The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware. firewalld-1.1.1/config/services/amqps.xml0000644000000000000000000000043314217342322020414 0ustar00rootroot00000000000000 amqps The Advanced Message Queuing Protocol (AMQP) over SSL is an open standard application layer protocol for message-oriented middleware. firewalld-1.1.1/config/services/apcupsd.xml0000644000000000000000000000043514217342322020734 0ustar00rootroot00000000000000 apcupsd The American Power Conversion (APC) uninterruptible power supply (UPS) daemon protocol allows to monitor and control APC UPS devices. firewalld-1.1.1/config/services/audit.xml0000644000000000000000000000045514217342322020405 0ustar00rootroot00000000000000 Audit The Linux Audit subsystem is used to log security events. Enable this option, if you plan to aggregate audit events to/from a remote server/client. firewalld-1.1.1/config/services/bacula-client.xml0000644000000000000000000000050014217342322021771 0ustar00rootroot00000000000000 Bacula Client This option allows a Bacula server to connect to the local machine to schedule backups. You need the bacula-client package installed for this option to be useful. firewalld-1.1.1/config/services/bacula.xml0000644000000000000000000000053214217342322020522 0ustar00rootroot00000000000000 Bacula Bacula is a network backup solution. Enable this option, if you plan to provide Bacula backup, file and storage services. firewalld-1.1.1/config/services/bb.xml0000644000000000000000000000065514217342322017664 0ustar00rootroot00000000000000 Big Brother Big Brother is a plain text protocol for sending and receiving client data, reports, and queries to a BB-compatible monitoring server or proxy. The standard IANA port for a listening Big Brother service is 1984, because of course it is. firewalld-1.1.1/config/services/bgp.xml0000644000000000000000000000052314217342322020043 0ustar00rootroot00000000000000 BGP service listen Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet firewalld-1.1.1/config/services/bitcoin-rpc.xml0000644000000000000000000000042314217342322021503 0ustar00rootroot00000000000000 Bitcoin RPC Enable this option if you need access to the Bitcoin RPC interface. This is not required when connecting on localhost. firewalld-1.1.1/config/services/bitcoin-testnet-rpc.xml0000644000000000000000000000046314217342322023173 0ustar00rootroot00000000000000 Bitcoin testnet RPC Enable this option if you need access to the Bitcoin RPC interface running on the testnet. This is not required when connecting on localhost. firewalld-1.1.1/config/services/bitcoin-testnet.xml0000644000000000000000000000043114217342322022404 0ustar00rootroot00000000000000 Bitcoin testnet The default port used by Bitcoin testnet. Enable this option if you plan to be a Bitcoin full node on the test network. firewalld-1.1.1/config/services/bitcoin.xml0000644000000000000000000000036414217342322020725 0ustar00rootroot00000000000000 Bitcoin The default port used by Bitcoin. Enable this option if you plan to be a full Bitcoin node. firewalld-1.1.1/config/services/bittorrent-lsd.xml0000644000000000000000000000063214217342322022250 0ustar00rootroot00000000000000 BitTorrent Local Peer Discovery (LSD) Local Peer Discovery is a protocol designed to support the discovery of BitTorrent peers on a local area network. Enable this service if you run a BitTorrent client. firewalld-1.1.1/config/services/lightning-network.xml0000644000000000000000000000041514217342322022745 0ustar00rootroot00000000000000 Lightning Network The default port used by Lightning Network. Enable this option if you plan to be a Lightning Network node. firewalld-1.1.1/config/services/ceph-mon.xml0000644000000000000000000000044614217342322021005 0ustar00rootroot00000000000000 ceph-mon Ceph is a distributed object store and file system. Enable this option to support Ceph's Monitor Daemon. firewalld-1.1.1/config/services/ceph.xml0000644000000000000000000000051114217342322020207 0ustar00rootroot00000000000000 ceph Ceph is a distributed object store and file system. Enable this option to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS), or Manager Daemons (MGR). firewalld-1.1.1/config/services/cfengine.xml0000644000000000000000000000025014217342322021046 0ustar00rootroot00000000000000 CFEngine CFEngine server firewalld-1.1.1/config/services/cockpit.xml0000644000000000000000000000032314217342322020725 0ustar00rootroot00000000000000 Cockpit Cockpit lets you access and configure your server remotely. firewalld-1.1.1/config/services/collectd.xml0000644000000000000000000000045014217342322021063 0ustar00rootroot00000000000000 Collectd Collectd is a monitoring system that allows metrics to be sent over the network. This rule allows incoming collectd traffic from remote boxes. firewalld-1.1.1/config/services/condor-collector.xml0000644000000000000000000000040414217342322022541 0ustar00rootroot00000000000000 HT Condor Collector The HT Condor Collector is needed to organize the condor worker nodes. firewalld-1.1.1/config/services/ctdb.xml0000644000000000000000000000045014217342322020206 0ustar00rootroot00000000000000 CTDB CTDB is a cluster implementation of the TDB database used by Samba and other projects to store temporary data. firewalld-1.1.1/config/services/dhcpv6-client.xml0000644000000000000000000000046114217342322021742 0ustar00rootroot00000000000000 DHCPv6 Client This option allows a DHCP for IPv6 (DHCPv6) client to obtain addresses and other IPv6 settings from DHCPv6 server. firewalld-1.1.1/config/services/dhcpv6.xml0000644000000000000000000000035214217342322020465 0ustar00rootroot00000000000000 DHCPv6 This allows a DHCPv6 server to accept messages from DHCPv6 clients and relay agents. firewalld-1.1.1/config/services/dhcp.xml0000644000000000000000000000034314217342322020211 0ustar00rootroot00000000000000 DHCP This allows a DHCP server to accept messages from DHCP clients and relay agents. firewalld-1.1.1/config/services/distcc.xml0000644000000000000000000000031514217342322020543 0ustar00rootroot00000000000000 distcc Distcc is a protocol used for distributed compilation. firewalld-1.1.1/config/services/dns-over-tls.xml0000644000000000000000000000047614217342322021637 0ustar00rootroot00000000000000 DNS over TLS DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol firewalld-1.1.1/config/services/dns.xml0000644000000000000000000000053214217342322020057 0ustar00rootroot00000000000000 DNS The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind). firewalld-1.1.1/config/services/docker-registry.xml0000644000000000000000000000056614217342322022417 0ustar00rootroot00000000000000 Docker Registry Docker Registry is the protocol used to serve Docker images. If you plan to make your Docker Registry server publicly available, enable this option. This option is not required for developing Docker images locally. firewalld-1.1.1/config/services/docker-swarm.xml0000644000000000000000000000060714217342322021674 0ustar00rootroot00000000000000 Docker integrated swarm mode Natively managed cluster of Docker Engines (>=1.12.0), where you deploy services. firewalld-1.1.1/config/services/dropbox-lansync.xml0000644000000000000000000000034414217342322022416 0ustar00rootroot00000000000000 dropboxlansync Dropbox LAN sync firewalld-1.1.1/config/services/elasticsearch.xml0000644000000000000000000000052214217342322022104 0ustar00rootroot00000000000000 Elasticsearch Elasticsearch is a distributed, open source search and analytics engine, designed for horizontal scalability, reliability, and easy management. firewalld-1.1.1/config/services/etcd-client.xml0000644000000000000000000000046014217342322021466 0ustar00rootroot00000000000000 etcd Client etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the client side port. firewalld-1.1.1/config/services/etcd-server.xml0000644000000000000000000000046014217342322021516 0ustar00rootroot00000000000000 etcd Server etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the server side port. firewalld-1.1.1/config/services/finger.xml0000644000000000000000000000034014217342322020542 0ustar00rootroot00000000000000 finger Finger is a protocol for obtaining information about users on remote hosts. firewalld-1.1.1/config/services/foreman.xml0000644000000000000000000000063014217342322020721 0ustar00rootroot00000000000000 foreman Foreman is a complete lifecycle management tool for physical and virtual servers. firewalld-1.1.1/config/services/foreman-proxy.xml0000644000000000000000000000041614217342322022102 0ustar00rootroot00000000000000 foreman-proxy The Smart Proxy is a project which provides a restful API to various sub-systems. firewalld-1.1.1/config/services/freeipa-4.xml0000644000000000000000000000130514217342322021046 0ustar00rootroot00000000000000 FreeIPA 4 server FreeIPA is an integrated identity and authentication solution with Kerberos, LDAP, PKI, and web UI. Enable this option if you plan to provide a FreeIPA server. Enable the 'dns' service if this FreeIPA server provides DNS services, 'ntp' service if this FreeIPA server provides NTP services, and 'freeipa-trust' for cross-forest trusts with Active Directory. firewalld-1.1.1/config/services/freeipa-ldaps.xml0000644000000000000000000000075114217342322022012 0ustar00rootroot00000000000000 FreeIPA with LDAPS (deprecated) This service is deprecated. Please use freeipa-4 service instead. firewalld-1.1.1/config/services/freeipa-ldap.xml0000644000000000000000000000075014217342322021626 0ustar00rootroot00000000000000 FreeIPA with LDAP (deprecated) This service is deprecated. Please use freeipa-4 service instead. firewalld-1.1.1/config/services/freeipa-replication.xml0000644000000000000000000000036214217342322023216 0ustar00rootroot00000000000000 FreeIPA replication (deprecated) This service is deprecated. Please use freeipa-4 service instead. firewalld-1.1.1/config/services/freeipa-trust.xml0000644000000000000000000000122114217342322022061 0ustar00rootroot00000000000000 FreeIPA trust setup FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option of you plan to deploy cross-forest trusts with FreeIPA and Active Directory firewalld-1.1.1/config/services/ftp.xml0000644000000000000000000000055114217342322020065 0ustar00rootroot00000000000000 FTP FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful. firewalld-1.1.1/config/services/galera.xml0000644000000000000000000000044414217342322020530 0ustar00rootroot00000000000000 Galera MariaDB-Galera Database Server firewalld-1.1.1/config/services/ganglia-client.xml0000644000000000000000000000027014217342322022150 0ustar00rootroot00000000000000 ganglia-client Ganglia monitoring daemon firewalld-1.1.1/config/services/ganglia-master.xml0000644000000000000000000000026014217342322022164 0ustar00rootroot00000000000000 ganglia-master Ganglia collector firewalld-1.1.1/config/services/git.xml0000644000000000000000000000032414217342322020055 0ustar00rootroot00000000000000 git The git daemon for supporting git:// access to git repositories. firewalld-1.1.1/config/services/grafana.xml0000644000000000000000000000033214217342322020670 0ustar00rootroot00000000000000 grafana Grafana is an open platform for beautiful analytics and monitoring firewalld-1.1.1/config/services/gre.xml0000644000000000000000000000016714217342322020054 0ustar00rootroot00000000000000 firewalld-1.1.1/config/services/high-availability.xml0000644000000000000000000000114014217342322022656 0ustar00rootroot00000000000000 Red Hat High Availability This allows you to use the Red Hat High Availability (previously named Red Hat Cluster Suite). Ports are opened for corosync, pcsd, pacemaker_remote, dlm and corosync-qnetd. firewalld-1.1.1/config/services/http3.xml0000644000000000000000000000052014217342322020332 0ustar00rootroot00000000000000 WWW (HTTP/3) HTTP/3 is a protocol used to serve Web pages that uses QUIC as the transport protocol. If you plan to make your HTTP/3 compatible Web server publicly available, enable this option. firewalld-1.1.1/config/services/https.xml0000644000000000000000000000070014217342322020432 0ustar00rootroot00000000000000 Secure WWW (HTTPS) HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful. firewalld-1.1.1/config/services/http.xml0000644000000000000000000000054114217342322020252 0ustar00rootroot00000000000000 WWW (HTTP) HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages. firewalld-1.1.1/config/services/imaps.xml0000644000000000000000000000056414217342322020411 0ustar00rootroot00000000000000 IMAP over SSL The Internet Message Access Protocol over SSL (IMAPs) allows a local client to access email on a remote server in a secure way. If you plan to provide a IMAP over SSL service (e.g. with dovecot), enable this option. firewalld-1.1.1/config/services/imap.xml0000644000000000000000000000050714217342322020223 0ustar00rootroot00000000000000 IMAP The Internet Message Access Protocol(IMAP) allows a local client to access email on a remote server. If you plan to provide a IMAP service (e.g. with dovecot), enable this option. firewalld-1.1.1/config/services/ipp-client.xml0000644000000000000000000000070614217342322021342 0ustar00rootroot00000000000000 Network Printing Client (IPP) The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over udp) provides the ability to get information about a printer (e.g. capability and status) and to control printer jobs. If you plan to use a remote network printer via cups, do not disable this option. firewalld-1.1.1/config/services/ipp.xml0000644000000000000000000000065314217342322020067 0ustar00rootroot00000000000000 Network Printing Server (IPP) The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over tcp) provides the ability to share printers over the network. Enable this option if you plan to share printers via cups over the network. firewalld-1.1.1/config/services/ipsec.xml0000644000000000000000000000157614217342322020407 0ustar00rootroot00000000000000 IPsec Internet Protocol Security (IPsec) is the standarized IETF VPN architecture defined in RFC 4301. IPsec is negotiated using the IKEv1 (RFC 2409) or IKEv2 (RFC 7296) protocol, which in itself uses encryption and authentication. IPsec provides Internet Protocol (IP) packet encryption and authentication. Both IKE and IPsec can be encapsulated in UDP (RFC 3948) or TCP (RFC 8229 to make it easier to traverse NAT. Enabling this service will enable IKE, IPsec and their encapsulation protocols and ports. Note that IKE and IPsec can also be configured to use non-default ports, but this is not common practise. firewalld-1.1.1/config/services/ircs.xml0000644000000000000000000000037714217342322020242 0ustar00rootroot00000000000000 IRC TLS/SSL An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol. firewalld-1.1.1/config/services/irc.xml0000644000000000000000000000036714217342322020056 0ustar00rootroot00000000000000 IRC An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol. firewalld-1.1.1/config/services/iscsi-target.xml0000644000000000000000000000041014217342322021664 0ustar00rootroot00000000000000 iSCSI target Internet SCSI target is a storage resource located on an iSCSI server. firewalld-1.1.1/config/services/isns.xml0000644000000000000000000000054614217342322020254 0ustar00rootroot00000000000000 iSNS The Internet Storage Name Service (iSNS) is a protocol that allows automated discovery, management and configuration of iSCSI and Fibre Channel devices on a TCP/IP network. firewalld-1.1.1/config/services/jellyfin.xml0000644000000000000000000000070314217342322021107 0ustar00rootroot00000000000000 Jellyfin Jellyfin is a Free Software Media System that puts you in control of managing and streaming your media. firewalld-1.1.1/config/services/jenkins.xml0000644000000000000000000000032514217342322020734 0ustar00rootroot00000000000000 jenkins Jenkins is an open source automation server written in Java. firewalld-1.1.1/config/services/kadmin.xml0000644000000000000000000000026614217342322020542 0ustar00rootroot00000000000000 kadmin Kerberos Administration Protocol firewalld-1.1.1/config/services/kdeconnect.xml0000644000000000000000000000042014217342322021404 0ustar00rootroot00000000000000 KDE Connect KDE Connect is an application to connect your phone to your computer. firewalld-1.1.1/config/services/kerberos.xml0000644000000000000000000000035114217342322021106 0ustar00rootroot00000000000000 Kerberos Kerberos network authentication protocol server firewalld-1.1.1/config/services/kibana.xml0000644000000000000000000000060014217342322020514 0ustar00rootroot00000000000000 Kibana Kibana is an open source data visualization platform that allows you to interact with your data through stunning, powerful graphics that can be combined into custom dashboards that help you share insights from your data far and wide. firewalld-1.1.1/config/services/klogin.xml0000644000000000000000000000037114217342322020557 0ustar00rootroot00000000000000 klogin The kerberized rlogin server accepts BSD-style rlogin sessions, but uses Kerberos 5 authentication. firewalld-1.1.1/config/services/kpasswd.xml0000644000000000000000000000033514217342322020750 0ustar00rootroot00000000000000 Kpasswd Kerberos password (Kpasswd) server firewalld-1.1.1/config/services/kprop.xml0000644000000000000000000000026614217342322020432 0ustar00rootroot00000000000000 kprop Kerberos KDC Propagation Protocol firewalld-1.1.1/config/services/kshell.xml0000644000000000000000000000036214217342322020556 0ustar00rootroot00000000000000 kshell Kerberized rshell server accepts rshell commands authenticated and encrypted with Kerberos 5 firewalld-1.1.1/config/services/kube-api.xml0000644000000000000000000000036314217342322020772 0ustar00rootroot00000000000000 Kubernetes Kubelet API The kubelet API is used to communicate between kube-scheduler and the node. firewalld-1.1.1/config/services/kube-apiserver.xml0000644000000000000000000000046414217342322022223 0ustar00rootroot00000000000000 Kubernetes Api Server The Kubernetes API server validates and configures data for the api objects which include pods, services, replicationcontrollers, and others. firewalld-1.1.1/config/services/kube-control-plane.xml0000644000000000000000000000107214217342322022774 0ustar00rootroot00000000000000 Kubernetes Control-plane Node The Kubernetes Control-plane Node runs all the services of the Kubernetes Control Plane. This includes kube-apiserver, etcd, kube-schedule, kube-controller-manager, cloud-controller-manager, and others firewalld-1.1.1/config/services/kube-controller-manager.xml0000644000000000000000000000043014217342322024007 0ustar00rootroot00000000000000 Kubernetes Controller Manager The Kubernetes controller manager is a daemon that embeds the core control loops shipped with Kubernetes. firewalld-1.1.1/config/services/kube-scheduler.xml0000644000000000000000000000047714217342322022205 0ustar00rootroot00000000000000 Kubernetes Scheduler The Kubernetes scheduler is a policy-rich, topology-aware, workload-specific function that significantly impacts availability, performance, and capacity. firewalld-1.1.1/config/services/kubelet-worker.xml0000644000000000000000000000043114217342322022233 0ustar00rootroot00000000000000 Kubernetes Kubelet The kubelet is the primary “node agent†that runs on each Kubernetes node. firewalld-1.1.1/config/services/ldaps.xml0000644000000000000000000000035014217342322020374 0ustar00rootroot00000000000000 LDAPS Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) server firewalld-1.1.1/config/services/ldap.xml0000644000000000000000000000030714217342322020213 0ustar00rootroot00000000000000 LDAP Lightweight Directory Access Protocol (LDAP) server firewalld-1.1.1/config/services/libvirt-tls.xml0000644000000000000000000000060114217342322021543 0ustar00rootroot00000000000000 Virtual Machine Management (TLS) Enable this option if you want to allow remote virtual machine management with TLS encryption, x509 certificates and optional SASL authentication. The libvirtd service is needed for this option to be useful. firewalld-1.1.1/config/services/libvirt.xml0000644000000000000000000000060514217342322020747 0ustar00rootroot00000000000000 Virtual Machine Management Enable this option if you want to allow remote virtual machine management with SASL authentication and encryption (digest-md5 passwords or GSSAPI/Kerberos). The libvirtd service is needed for this option to be useful. firewalld-1.1.1/config/services/llmnr-tcp.xml0000644000000000000000000000044514217342322021206 0ustar00rootroot00000000000000 LLMNR (TCP) Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link. firewalld-1.1.1/config/services/llmnr-udp.xml0000644000000000000000000000053214217342322021205 0ustar00rootroot00000000000000 LLMNR (UDP) Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link. firewalld-1.1.1/config/services/llmnr.xml0000644000000000000000000000047414217342322020424 0ustar00rootroot00000000000000 LLMNR Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link. firewalld-1.1.1/config/services/managesieve.xml0000644000000000000000000000053514217342322021562 0ustar00rootroot00000000000000 ManageSieve The ManageSieve Protocol allows a local client to manage eMail sieve scripts on a remote server. If you plan to provide a ManageSieve service (e.g. with dovecot pigeonhole), enable this option. firewalld-1.1.1/config/services/matrix.xml0000644000000000000000000000066014217342322020601 0ustar00rootroot00000000000000 Matrix Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Port 443 is the 'client' port, whereas port 8448 is the Federation port. Federation is the process by which users on different servers can participate in the same room. firewalld-1.1.1/config/services/mdns.xml0000644000000000000000000000065014217342322020235 0ustar00rootroot00000000000000 Multicast DNS (mDNS) mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option. firewalld-1.1.1/config/services/memcache.xml0000644000000000000000000000036514217342322021041 0ustar00rootroot00000000000000 memcache memcache is a high-performance object caching system. firewalld-1.1.1/config/services/minidlna.xml0000644000000000000000000000051614217342322021070 0ustar00rootroot00000000000000 MiniDLNA MiniDLNA is a simple media server software with the aim to be fully compliant with DLNA/UPNP-AV clients. Enable this service if you run minidlna service. firewalld-1.1.1/config/services/mongodb.xml0000644000000000000000000000035514217342322020723 0ustar00rootroot00000000000000 mongodb MongoDB is a free and open-source cross-platform document-oriented database program. firewalld-1.1.1/config/services/mosh.xml0000644000000000000000000000073114217342322020242 0ustar00rootroot00000000000000 Mobile shell that supports roaming and intelligent local echo. Mosh is a remote terminal application that supports intermittent network connectivity, roaming to different IP address without dropping the connection, intelligent local echo and line editing to reduct the effects of "network lag" on high-latency connections. firewalld-1.1.1/config/services/mountd.xml0000644000000000000000000000032314217342322020577 0ustar00rootroot00000000000000 mountd NFS Mount Lock Daemon firewalld-1.1.1/config/services/mqtt.xml0000644000000000000000000000043714217342322020264 0ustar00rootroot00000000000000 mqtt The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol is unencrypted. firewalld-1.1.1/config/services/mqtt-tls.xml0000644000000000000000000000045014217342322021057 0ustar00rootroot00000000000000 mqtt-tls The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol uses TLS encryption. firewalld-1.1.1/config/services/mssql.xml0000644000000000000000000000025214217342322020431 0ustar00rootroot00000000000000 mssql Microsoft SQL Server firewalld-1.1.1/config/services/ms-wbt.xml0000644000000000000000000000026414217342322020506 0ustar00rootroot00000000000000 ms-wbt Microsoft Windows-based Terminal Server firewalld-1.1.1/config/services/murmur.xml0000644000000000000000000000036214217342322020623 0ustar00rootroot00000000000000 Murmur Murmur is the server of the Mumble VoIP chat system. firewalld-1.1.1/config/services/mysql.xml0000644000000000000000000000025314217342322020440 0ustar00rootroot00000000000000 MySQL MySQL Database Server firewalld-1.1.1/config/services/nbd.xml0000644000000000000000000000037214217342322020040 0ustar00rootroot00000000000000 NBD Network Block Device (NBD) is a high-performance protocol for exporting disk images between machines. firewalld-1.1.1/config/services/netbios-ns.xml0000644000000000000000000000040614217342322021354 0ustar00rootroot00000000000000 NetBIOS NS This allows you to find Windows (Samba) servers that share files and printers. firewalld-1.1.1/config/services/nfs.xml0000644000000000000000000000050414217342322020060 0ustar00rootroot00000000000000 NFS4 The NFS4 protocol is used to share files via TCP networking. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful. firewalld-1.1.1/config/services/nfs3.xml0000644000000000000000000000052614217342322020147 0ustar00rootroot00000000000000 NFS3 The NFS3 protocol is used to share files. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful. firewalld-1.1.1/config/services/nmea-0183.xml0000644000000000000000000000044514217342322020607 0ustar00rootroot00000000000000 nmea-0183 NMEA-0183 Navigational Data server for use with Global Navigation Satellite System (GNSS) devices. firewalld-1.1.1/config/services/nrpe.xml0000644000000000000000000000036714217342322020245 0ustar00rootroot00000000000000 NRPE NRPE allows you to execute Nagios plugins on a remote host in as transparent a manner as possible. firewalld-1.1.1/config/services/ntp.xml0000644000000000000000000000060514217342322020075 0ustar00rootroot00000000000000 Network Time Protocol (NTP) Server The Network Time Protocol (NTP) allows to synchronize computers to a time server. Enable this option, if you are providing a NTP server. You need the ntp or chrony package installed for this option to be useful. firewalld-1.1.1/config/services/nut.xml0000644000000000000000000000056014217342322020102 0ustar00rootroot00000000000000 NUT Network UPS Tools (NUT) is a protocol that allows to monitor and control power devices like uninterruptible power supplies. firewalld-1.1.1/config/services/openvpn.xml0000644000000000000000000000051714217342322020763 0ustar00rootroot00000000000000 OpenVPN OpenVPN is a virtual private network (VPN) solution. It is used to create encrypted point-to-point tunnels between computers. If you plan to provide a VPN service, enable this option. firewalld-1.1.1/config/services/ovirt-imageio.xml0000644000000000000000000000040414217342322022044 0ustar00rootroot00000000000000 oVirt Image I/O oVirt Image I/O simplifies the workflow of introducing new oVirt images into the oVirt environment. firewalld-1.1.1/config/services/ovirt-storageconsole.xml0000644000000000000000000000052714217342322023467 0ustar00rootroot00000000000000 oVirt Storage-Console oVirt Storage Console is a web-based storage management platform specially designed to efficiently manage oVirt's storage-defined storage. firewalld-1.1.1/config/services/ovirt-vmconsole.xml0000644000000000000000000000035314217342322022442 0ustar00rootroot00000000000000 oVirt VM Console oVirt VM Consoles enables secure access to virtual machine serial console. firewalld-1.1.1/config/services/pmcd.xml0000644000000000000000000000066114217342322020221 0ustar00rootroot00000000000000 Performance metrics collector (pmcd) This option allows PCP (Performance Co-Pilot) monitoring. If you need to allow remote hosts to connect directly to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful. firewalld-1.1.1/config/services/pmproxy.xml0000644000000000000000000000073214217342322021013 0ustar00rootroot00000000000000 Performance metrics proxy (pmproxy) This option allows indirect PCP (Performance Co-Pilot) monitoring via a proxy. If you need to allow remote hosts to connect through your machine to monitor aspects of performance of one or more proxied hosts, enable this option. You need the pcp package installed for this option to be useful. firewalld-1.1.1/config/services/pmwebapis.xml0000644000000000000000000000104014217342322021255 0ustar00rootroot00000000000000 Secure performance metrics web API (pmwebapis) This option allows web clients to use PCP (Performance Co-Pilot) monitoring services over a secure connection. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, and you consider that information to be sensitive, enable this option. You need the pcp package installed for this option to be useful. firewalld-1.1.1/config/services/pmwebapi.xml0000644000000000000000000000071414217342322021101 0ustar00rootroot00000000000000 Performance metrics web API (pmwebapi) This option allows web clients to use PCP (Performance Co-Pilot) monitoring services. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful. firewalld-1.1.1/config/services/plex.xml0000644000000000000000000000154514217342322020250 0ustar00rootroot00000000000000 PLEX Plex Media Server (PMS) is the back-end media server component of Plex. It organizes content from personal media libraries and streams it to the network. firewalld-1.1.1/config/services/pop3s.xml0000644000000000000000000000054514217342322020343 0ustar00rootroot00000000000000 POP-3 over SSL The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot). firewalld-1.1.1/config/services/pop3.xml0000644000000000000000000000053414217342322020156 0ustar00rootroot00000000000000 POP-3 The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot). firewalld-1.1.1/config/services/postgresql.xml0000644000000000000000000000026514217342322021501 0ustar00rootroot00000000000000 PostgreSQL PostgreSQL Database Server firewalld-1.1.1/config/services/privoxy.xml0000644000000000000000000000077514217342322021024 0ustar00rootroot00000000000000 Privoxy - A Privacy Enhancing Proxy Server Privoxy is a web proxy for enhancing privacy by filtering web page content, managing cookies, controlling access, removing ads, banners, pop-ups and other obnoxious Internet junk. It does not cache web content. Enable this if you run Privoxy and would like to configure your web browser to browse the Internet via Privoxy. firewalld-1.1.1/config/services/prometheus.xml0000644000000000000000000000032514217342322021466 0ustar00rootroot00000000000000 prometheus The Prometheus monitoring system and time series database. firewalld-1.1.1/config/services/proxy-dhcp.xml0000644000000000000000000000040514217342322021367 0ustar00rootroot00000000000000 Proxy DHCP PXE redirection service (Proxy DHCP) responds to PXE clients and provides redirection to PXE boot servers. firewalld-1.1.1/config/services/ptp.xml0000644000000000000000000000065014217342322020077 0ustar00rootroot00000000000000 Precision Time Protocol (PTP) Master The Precision Time Protocol (PTP) allows to synchronize computers to a time master. Enable this option, if you are providing a PTP master. You need the linuxptp package installed for this option to be useful. firewalld-1.1.1/config/services/pulseaudio.xml0000644000000000000000000000063614217342322021452 0ustar00rootroot00000000000000 PulseAudio A PulseAudio server provides an ability to stream audio over network. You want to enable this service in case you are using module-native-protocol-tcp in the PulseAudio configuration. If you are using module-zeroconf-publish you want also enable mdns service. firewalld-1.1.1/config/services/puppetmaster.xml0000644000000000000000000000045114217342322022024 0ustar00rootroot00000000000000 Puppet Master Puppet is a network tool for managing many disparate systems. Puppet Master is a server which Puppet Agents pull their configurations from. firewalld-1.1.1/config/services/quassel.xml0000644000000000000000000000042114217342322020745 0ustar00rootroot00000000000000 Quassel IRC Quassel is a distributed IRC client, meaning that one or more clients can attach to and detach from the central core. firewalld-1.1.1/config/services/radius.xml0000644000000000000000000000101014217342322020552 0ustar00rootroot00000000000000 RADIUS The Remote Authentication Dial In User Service (RADIUS) is a protocol for user authentication over networks. It is mostly used for modem, DSL or wireless user authentication. If you plan to provide a RADIUS service (e.g. with freeradius), enable this option. firewalld-1.1.1/config/services/rdp.xml0000644000000000000000000000026714217342322020065 0ustar00rootroot00000000000000 rdp Microsoft's Remote Desktop Protocol firewalld-1.1.1/config/services/redis-sentinel.xml0000644000000000000000000000032414217342322022217 0ustar00rootroot00000000000000 redis-sentinel Redis Sentinel provides high availability for Redis. firewalld-1.1.1/config/services/redis.xml0000644000000000000000000000041414217342322020400 0ustar00rootroot00000000000000 redis Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. firewalld-1.1.1/config/services/RH-Satellite-6.xml0000644000000000000000000000105414217342322021673 0ustar00rootroot00000000000000 Red Hat Satellite 6 Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments. firewalld-1.1.1/config/services/RH-Satellite-6-capsule.xml0000644000000000000000000000057514217342322023334 0ustar00rootroot00000000000000 Red Hat Satellite 6 Capsule Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments. firewalld-1.1.1/config/services/rpc-bind.xml0000644000000000000000000000032614217342322020772 0ustar00rootroot00000000000000 rpc-bind Remote Procedure Call Bind firewalld-1.1.1/config/services/rquotad.xml0000644000000000000000000000032514217342322020752 0ustar00rootroot00000000000000 rquotad Remote Quota Server Daemon firewalld-1.1.1/config/services/rsh.xml0000644000000000000000000000046614217342322020075 0ustar00rootroot00000000000000 rsh Rsh is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling rsh is not recommended. firewalld-1.1.1/config/services/rsyncd.xml0000644000000000000000000000046714217342322020604 0ustar00rootroot00000000000000 Rsync in daemon mode Rsync in daemon mode works as a central server, in order to house centralized files and keep them synchronized. firewalld-1.1.1/config/services/rtsp.xml0000644000000000000000000000053614217342322020267 0ustar00rootroot00000000000000 RTSP The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers. firewalld-1.1.1/config/services/salt-master.xml0000644000000000000000000000051114217342322021524 0ustar00rootroot00000000000000 Salt Master Salt is a protocol used for infrastructure management via a dynamic communication bus. These ports are required on the salt master node. firewalld-1.1.1/config/services/samba-client.xml0000644000000000000000000000052314217342322021632 0ustar00rootroot00000000000000 Samba Client This option allows you to access Windows file and printer sharing networks. You need the samba-client package installed for this option to be useful. firewalld-1.1.1/config/services/samba-dc.xml0000644000000000000000000000141614217342322020744 0ustar00rootroot00000000000000 Samba DC This option allows you to use this computer as a Samba Active Directory Domain Controller. You need the samba-dc package installed for this option to be useful. firewalld-1.1.1/config/services/samba.xml0000644000000000000000000000057614217342322020366 0ustar00rootroot00000000000000 Samba This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful. firewalld-1.1.1/config/services/sane.xml0000644000000000000000000000050414217342322020220 0ustar00rootroot00000000000000 SANE network daemon (saned) The SANE (Scanner Access Now Easy) daemon allows remote clients to access image acquisition devices available on the local host. firewalld-1.1.1/config/services/sips.xml0000644000000000000000000000043314217342322020251 0ustar00rootroot00000000000000 SIP-TLS (SIPS) SIP-TLS is a modified SIP (Session Initiation Protocol) using TLS for secure signaling. firewalld-1.1.1/config/services/sip.xml0000644000000000000000000000076014217342322020071 0ustar00rootroot00000000000000 SIP The Session Initiation Protocol (SIP) is a communications protocol for signaling and controlling multimedia communication sessions. The most common applications of SIP are in Internet telephony for voice and video calls, as well as instant messaging, over Internet Protocol (IP) networks. firewalld-1.1.1/config/services/slp.xml0000644000000000000000000000045314217342322020073 0ustar00rootroot00000000000000 SLP The Service Location Protocol (SLP) is used for discovering services in a local network without prior configuration. firewalld-1.1.1/config/services/smtp-submission.xml0000644000000000000000000000034714217342322022453 0ustar00rootroot00000000000000 Mail (SMTP-Submission) SMTP-Submission allows remote users to submit mail over port 587. firewalld-1.1.1/config/services/smtps.xml0000644000000000000000000000110114217342322020432 0ustar00rootroot00000000000000 Mail (SMTP over SSL) This option allows incoming SMTPs mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail in a secure way, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam. firewalld-1.1.1/config/services/smtp.xml0000644000000000000000000000104614217342322020257 0ustar00rootroot00000000000000 Mail (SMTP) This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam. firewalld-1.1.1/config/services/snmptrap.xml0000644000000000000000000000046414217342322021143 0ustar00rootroot00000000000000 SNMPTRAP SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message. firewalld-1.1.1/config/services/snmp.xml0000644000000000000000000000052614217342322020253 0ustar00rootroot00000000000000 SNMP Simple Network Management Protocol is an "Internet-standard protocol for managing devices on IP networks". Enable this service if you run SNMP agent (server). firewalld-1.1.1/config/services/spideroak-lansync.xml0000644000000000000000000000062514217342322022724 0ustar00rootroot00000000000000 SpiderOak ONE LAN-Sync SpiderOak ONE is online backup and file hosting service that allows users to access, synchronize and share data using a cloud-based server. Enable this option if you use LAN-Sync option of SpiderOak. firewalld-1.1.1/config/services/spotify-sync.xml0000644000000000000000000000042314217342322021741 0ustar00rootroot00000000000000 Spotify Client Sync The Spotify Client allows you to sync local music files with your phone. firewalld-1.1.1/config/services/squid.xml0000644000000000000000000000025514217342322020422 0ustar00rootroot00000000000000 squid Squid HTTP proxy server firewalld-1.1.1/config/services/ssdp.xml0000644000000000000000000000064514217342322020251 0ustar00rootroot00000000000000 Simple Service Discovery Protocol (SSDP) The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet protocol suite for advertisement and discovery of network services and presence information. firewalld-1.1.1/config/services/ssh.xml0000644000000000000000000000071714217342322020075 0ustar00rootroot00000000000000 SSH Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful. firewalld-1.1.1/config/services/steam-streaming.xml0000644000000000000000000000116714217342322022400 0ustar00rootroot00000000000000 Steam In-Home Streaming Steam in-home streaming allows you to play a game on one computer when the game process is actually running on another computer elsewhere in your home. Through Steam, game audio and video is captured on the remote computer and sent to the player's computer. The game input (keyboard, mouse or gamepad) is sent from the player's computer to the game process on the remote computer. firewalld-1.1.1/config/services/svdrp.xml0000644000000000000000000000043714217342322020435 0ustar00rootroot00000000000000 SVDRP The Simple Video Disk Recorder Protocol (SVDRP) allows to control video disk recorder functionality. firewalld-1.1.1/config/services/svn.xml0000644000000000000000000000034714217342322020105 0ustar00rootroot00000000000000 Subversion The custom, unencrypted protocol used the Subversion Version Control System. firewalld-1.1.1/config/services/syncthing.xml0000644000000000000000000000053514217342322021304 0ustar00rootroot00000000000000 Syncthing Syncthing is a Peer-to-Peer file synchronization service. Enable this option, if you plan to run the Synthing service. firewalld-1.1.1/config/services/syncthing-gui.xml0000644000000000000000000000045114217342322022063 0ustar00rootroot00000000000000 Syncthing GUI Enable this option in addition to the Syncthing option to allow traffic to the Syncthing web interface. (Be sure to secure it accordingly). firewalld-1.1.1/config/services/synergy.xml0000644000000000000000000000076014217342322020776 0ustar00rootroot00000000000000 Synergy Synergy lets you easily share your mouse and keyboard between multiple computers, where each computer has its own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen. firewalld-1.1.1/config/services/syslog-tls.xml0000644000000000000000000000067414217342322021422 0ustar00rootroot00000000000000 syslog-tls Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server. Syslog-tls uses TLS encryption to protect the messages during transport. firewalld-1.1.1/config/services/syslog.xml0000644000000000000000000000051114217342322020610 0ustar00rootroot00000000000000 syslog Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server. firewalld-1.1.1/config/services/telnet.xml0000644000000000000000000000061114217342322020564 0ustar00rootroot00000000000000 Telnet Telnet is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling telnet is not recommended. You need the telnet-server package installed for this option to be useful. firewalld-1.1.1/config/services/tentacle.xml0000644000000000000000000000037414217342322021076 0ustar00rootroot00000000000000 tentacle Tentacle is a protocol for monitoring computer networks. Pandora FMS is one server implementation. firewalld-1.1.1/config/services/tftp.xml0000644000000000000000000000065014217342322020251 0ustar00rootroot00000000000000 TFTP The Trivial File Transfer Protocol (TFTP) is a protocol used to transfer files to and from a remote machine in a simple way. It is normally used only for booting diskless workstations and also to transfer data in the Preboot eXecution Environment (PXE). firewalld-1.1.1/config/services/tile38.xml0000644000000000000000000000033514217342322020404 0ustar00rootroot00000000000000 tile38 Tile38 is a geospatial database, spatial index, and realtime geofence. firewalld-1.1.1/config/services/tinc.xml0000644000000000000000000000052014217342322020225 0ustar00rootroot00000000000000 tinc VPN tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. firewalld-1.1.1/config/services/tor-socks.xml0000644000000000000000000000140314217342322021215 0ustar00rootroot00000000000000 Tor - SOCKS Proxy Tor enables online anonymity and censorship resistance by directing Internet traffic through a network of relays. It conceals user's location from anyone conducting network surveillance and traffic analysis. A user wishing to use Tor for anonymity can configure a program such as a web browser to direct traffic to a Tor client using its SOCKS proxy port. Enable this if you run Tor and would like to configure your web browser or other programs to channel their traffic through the Tor SOCKS proxy port. It is recommended that you make this service available only for your computer or your internal networks. firewalld-1.1.1/config/services/transmission-client.xml0000644000000000000000000000036414217342322023303 0ustar00rootroot00000000000000 Transmission Transmission is a lightweight BitTorrent client. firewalld-1.1.1/config/services/upnp-client.xml0000644000000000000000000000041014217342322021524 0ustar00rootroot00000000000000 UPnP Client Universal Plug and Play client for auto-configuration of network routers (use only in trusted zones). firewalld-1.1.1/config/services/vdsm.xml0000644000000000000000000000112114217342322020237 0ustar00rootroot00000000000000 oVirt's Virtual Desktop and Server Manager The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. firewalld-1.1.1/config/services/vnc-server.xml0000644000000000000000000000073314217342322021370 0ustar00rootroot00000000000000 Virtual Network Computing Server (VNC) A VNC server provides an external accessible X session. Enable this option if you plan to provide a VNC server with direct access. The access will be possible for displays :0 to :3. If you plan to provide access with SSH, do not open this option and use the via option of the VNC viewer. firewalld-1.1.1/config/services/wbem-http.xml0000644000000000000000000000054014217342322021201 0ustar00rootroot00000000000000 wbem-http Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments. This is the unencrypted protocol variant. firewalld-1.1.1/config/services/wbem-https.xml0000644000000000000000000000046614217342322021373 0ustar00rootroot00000000000000 wbem-https Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments firewalld-1.1.1/config/services/wireguard.xml0000644000000000000000000000043514217342322021266 0ustar00rootroot00000000000000 WireGuard WireGuard is the simple, fast and modern VPN. The port needs to be open if a peer has this host explicitly configured as endpoint. firewalld-1.1.1/config/services/ws-discovery-client.xml0000644000000000000000000000054314217342322023207 0ustar00rootroot00000000000000 WS-Discovery Client Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network. Use only in trusted zones. firewalld-1.1.1/config/services/ws-discovery-tcp.xml0000644000000000000000000000050014217342322022510 0ustar00rootroot00000000000000 WS-Discovery (TCP) Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network. firewalld-1.1.1/config/services/ws-discovery-udp.xml0000644000000000000000000000056714217342322022527 0ustar00rootroot00000000000000 WS-Discovery (UDP) Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network. firewalld-1.1.1/config/services/ws-discovery.xml0000644000000000000000000000054514217342322021735 0ustar00rootroot00000000000000 WS-Discovery Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network. firewalld-1.1.1/config/services/wsman.xml0000644000000000000000000000047414217342322020425 0ustar00rootroot00000000000000 wsman Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol is unencrypted firewalld-1.1.1/config/services/wsmans.xml0000644000000000000000000000050314217342322020601 0ustar00rootroot00000000000000 wsmans Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol uses TLS encryption. firewalld-1.1.1/config/services/xdmcp.xml0000644000000000000000000000051114217342322020403 0ustar00rootroot00000000000000 XDMCP The X Display Manager Control Protocol (XDMCP) allows to remotely log in to an X desktop environment from any X Window System compatible client. firewalld-1.1.1/config/services/xmpp-bosh.xml0000644000000000000000000000077514217342322021221 0ustar00rootroot00000000000000 XMPP (Jabber) web client Extensible Messaging and Presence Protocol (XMPP) web client protocol allows web based chat clients such as JWChat to connect to the XMPP (Jabber) server. This is also known as the Bidirectional-streams Over Synchronous HTTP (BOSH) protocol. Enable this if you run an XMPP (Jabber) server and you wish web clients to connect to your server. firewalld-1.1.1/config/services/xmpp-client.xml0000644000000000000000000000075014217342322021535 0ustar00rootroot00000000000000 XMPP (Jabber) client Extensible Messaging and Presence Protocol (XMPP) client connection protocol allows XMPP (Jabber) clients such as Empathy, Pidgin, Kopete and Jitsi to connect to an XMPP (Jabber) server. Enable this if you run an XMPP (Jabber) server and you wish clients to be able to connect to the server and communicate with each other. firewalld-1.1.1/config/services/xmpp-local.xml0000644000000000000000000000041014217342322021342 0ustar00rootroot00000000000000 XMPP Link-Local Messaging Serverless XMPP-like communication over local networks based on zero-configuration networking. firewalld-1.1.1/config/services/xmpp-server.xml0000644000000000000000000000104114217342322021557 0ustar00rootroot00000000000000 XMPP (Jabber) server Extensible Messaging and Presence Protocol (XMPP) server connection protocols allows multiple XMPP (Jabber) servers to work in a federated fashion. Users on one server will be able to see the presence of and communicate with users on another servers. Enable this if you run an XMPP (Jabber) server and you wish users on your server to communicate with users on other XMPP servers. firewalld-1.1.1/config/services/zabbix-agent.xml0000644000000000000000000000047214217342322021651 0ustar00rootroot00000000000000 Zabbix Agent Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics. firewalld-1.1.1/config/services/zabbix-server.xml0000644000000000000000000000047314217342322022062 0ustar00rootroot00000000000000 Zabbix Server Zabbix is a mature and effortless enterprise-class open source monitoring solution for network monitoring and application monitoring of millions of metrics. firewalld-1.1.1/config/services/zerotier.xml0000644000000000000000000000036214217342322021137 0ustar00rootroot00000000000000 ZeroTier ZeroTier creates secure networks between on-premise, cloud, desktop, and mobile devices. firewalld-1.1.1/config/zones/0000755000000000000000000000000014217353174016073 5ustar00rootroot00000000000000firewalld-1.1.1/config/zones/block.xml0000644000000000000000000000047014217342322017701 0ustar00rootroot00000000000000 Block Unsolicited incoming network packets are rejected. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed. firewalld-1.1.1/config/zones/dmz.xml0000644000000000000000000000046214217342322017402 0ustar00rootroot00000000000000 DMZ For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted. firewalld-1.1.1/config/zones/drop.xml0000644000000000000000000000046014217342322017552 0ustar00rootroot00000000000000 Drop Unsolicited incoming network packets are dropped. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed. firewalld-1.1.1/config/zones/external.xml0000644000000000000000000000047514217342322020436 0ustar00rootroot00000000000000 External For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. firewalld-1.1.1/config/zones/home.xml0000644000000000000000000000057614217342322017546 0ustar00rootroot00000000000000 Home For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. firewalld-1.1.1/config/zones/internal.xml0000644000000000000000000000061514217342322020424 0ustar00rootroot00000000000000 Internal For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted. firewalld-1.1.1/config/zones/public.xml0000644000000000000000000000051014217342322020060 0ustar00rootroot00000000000000 Public For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. firewalld-1.1.1/config/zones/trusted.xml0000644000000000000000000000025714217342322020304 0ustar00rootroot00000000000000 Trusted All network connections are accepted. firewalld-1.1.1/config/zones/work.xml0000644000000000000000000000050414217342322017567 0ustar00rootroot00000000000000 Work For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. firewalld-1.1.1/config/Makefile.am0000644000000000000000000003303314217345463016775 0ustar00rootroot00000000000000sconfdir = $(sysconfdir)/firewalld prefixlibdir = ${prefix}/lib/firewalld dist_sconf_DATA = firewalld.conf lockdown-whitelist.xml desktop_FILES = firewall-config.desktop.in desktopdir = $(datadir)/applications desktop_DATA = $(desktop_FILES:.in=) appdata_FILES = firewall-config.appdata.xml.in appdatadir = $(datadir)/metainfo/ appdata_DATA = $(appdata_FILES:.in=) applet_desktop_FILES = firewall-applet.desktop.in applet_desktopdir = $(sysconfdir)/xdg/autostart applet_desktop_DATA = $(applet_desktop_FILES:.in=) confdir = $(sysconfdir)/firewall dist_conf_DATA = applet.conf polkit1_action_FILES = org.fedoraproject.FirewallD1.server.policy.in \ org.fedoraproject.FirewallD1.desktop.policy.in polkit1_actiondir = $(datadir)/polkit-1/actions polkit1_action_DATA = $(polkit1_action_FILES:.in=) dbus_policydir = $(datadir)/dbus-1/system.d dist_dbus_policy_DATA = FirewallD.conf gsettings_in_file = org.fedoraproject.FirewallConfig.gschema.xml.in gsettings_SCHEMAS = $(gsettings_in_file:.xml.in=.xml) BUILT_SOURCES = \ $(desktop_DATA) \ $(appdata_DATA) \ $(applet_desktop_DATA) \ $(polkit1_action_DATA) \ $(gsettings_SCHEMAS) \ firewalld-sysctls.conf \ firewalld.logrotate \ firewalld.service @INTLTOOL_DESKTOP_RULE@ @INTLTOOL_POLICY_RULE@ @INTLTOOL_XML_NOMERGE_RULE@ @GSETTINGS_RULES@ all: $(desktop_DATA) $(appdata_DATA) $(applet_desktop_DATA) $(polkit1_action_DATA) $(gsettings_SCHEMAS) CLEANFILES = *~ *\# .\#* firewalld.service firewalld-sysctls.conf firewalld.logrotate DISTCLEANFILES = \ $(desktop_DATA) \ $(appdata_DATA) \ $(applet_desktop_DATA) \ $(polkit1_action_DATA) \ $(gsettings_SCHEMAS) CONFIG_FILES = \ helpers/amanda.xml \ helpers/ftp.xml \ helpers/h323.xml \ helpers/irc.xml \ helpers/netbios-ns.xml \ helpers/pptp.xml \ helpers/proto-gre.xml \ helpers/Q.931.xml \ helpers/RAS.xml \ helpers/sane.xml \ helpers/sip.xml \ helpers/snmp.xml \ helpers/tftp.xml \ icmptypes/address-unreachable.xml \ icmptypes/bad-header.xml \ icmptypes/beyond-scope.xml \ icmptypes/communication-prohibited.xml \ icmptypes/destination-unreachable.xml \ icmptypes/echo-reply.xml \ icmptypes/echo-request.xml \ icmptypes/failed-policy.xml \ icmptypes/fragmentation-needed.xml \ icmptypes/host-precedence-violation.xml \ icmptypes/host-prohibited.xml \ icmptypes/host-redirect.xml \ icmptypes/host-unknown.xml \ icmptypes/host-unreachable.xml \ icmptypes/ip-header-bad.xml \ icmptypes/neighbour-advertisement.xml \ icmptypes/neighbour-solicitation.xml \ icmptypes/network-prohibited.xml \ icmptypes/network-redirect.xml \ icmptypes/network-unknown.xml \ icmptypes/network-unreachable.xml \ icmptypes/no-route.xml \ icmptypes/packet-too-big.xml \ icmptypes/parameter-problem.xml \ icmptypes/port-unreachable.xml \ icmptypes/precedence-cutoff.xml \ icmptypes/protocol-unreachable.xml \ icmptypes/redirect.xml \ icmptypes/reject-route.xml \ icmptypes/required-option-missing.xml \ icmptypes/router-advertisement.xml \ icmptypes/router-solicitation.xml \ icmptypes/source-quench.xml \ icmptypes/source-route-failed.xml \ icmptypes/time-exceeded.xml \ icmptypes/timestamp-reply.xml \ icmptypes/timestamp-request.xml \ icmptypes/tos-host-redirect.xml \ icmptypes/tos-host-unreachable.xml \ icmptypes/tos-network-redirect.xml \ icmptypes/tos-network-unreachable.xml \ icmptypes/ttl-zero-during-reassembly.xml \ icmptypes/ttl-zero-during-transit.xml \ icmptypes/unknown-header-type.xml \ icmptypes/unknown-option.xml \ ipsets/README \ policies/allow-host-ipv6.xml \ services/afp.xml \ services/amanda-client.xml \ services/amanda-k5-client.xml \ services/amqp.xml \ services/amqps.xml \ services/apcupsd.xml \ services/audit.xml \ services/bacula-client.xml \ services/bacula.xml \ services/bb.xml \ services/bgp.xml \ services/bitcoin-rpc.xml \ services/bitcoin-testnet-rpc.xml \ services/bitcoin-testnet.xml \ services/bitcoin.xml \ services/bittorrent-lsd.xml \ services/lightning-network.xml \ services/ceph-mon.xml \ services/ceph.xml \ services/cfengine.xml \ services/cockpit.xml \ services/collectd.xml \ services/condor-collector.xml \ services/ctdb.xml \ services/dhcpv6-client.xml \ services/dhcpv6.xml \ services/dhcp.xml \ services/distcc.xml \ services/dns-over-tls.xml \ services/dns.xml \ services/docker-registry.xml \ services/docker-swarm.xml \ services/dropbox-lansync.xml \ services/elasticsearch.xml \ services/etcd-client.xml \ services/etcd-server.xml \ services/finger.xml \ services/foreman.xml \ services/foreman-proxy.xml \ services/freeipa-4.xml \ services/freeipa-ldaps.xml \ services/freeipa-ldap.xml \ services/freeipa-replication.xml \ services/freeipa-trust.xml \ services/ftp.xml \ services/galera.xml \ services/ganglia-client.xml \ services/ganglia-master.xml \ services/git.xml \ services/grafana.xml \ services/gre.xml \ services/high-availability.xml \ services/http3.xml \ services/https.xml \ services/http.xml \ services/imaps.xml \ services/imap.xml \ services/ipp-client.xml \ services/ipp.xml \ services/ipsec.xml \ services/ircs.xml \ services/irc.xml \ services/iscsi-target.xml \ services/isns.xml \ services/jellyfin.xml \ services/jenkins.xml \ services/kadmin.xml \ services/kdeconnect.xml \ services/kerberos.xml \ services/kibana.xml \ services/klogin.xml \ services/kpasswd.xml \ services/kprop.xml \ services/kshell.xml \ services/kube-api.xml \ services/kube-apiserver.xml \ services/kube-control-plane.xml \ services/kube-controller-manager.xml \ services/kube-scheduler.xml \ services/kubelet-worker.xml \ services/ldaps.xml \ services/ldap.xml \ services/libvirt-tls.xml \ services/libvirt.xml \ services/llmnr-tcp.xml \ services/llmnr-udp.xml \ services/llmnr.xml \ services/managesieve.xml \ services/matrix.xml \ services/mdns.xml \ services/memcache.xml \ services/minidlna.xml \ services/mongodb.xml \ services/mosh.xml \ services/mountd.xml \ services/mqtt.xml \ services/mqtt-tls.xml \ services/mssql.xml \ services/ms-wbt.xml \ services/murmur.xml \ services/mysql.xml \ services/nbd.xml \ services/netbios-ns.xml \ services/nfs.xml \ services/nfs3.xml \ services/nmea-0183.xml \ services/nrpe.xml \ services/ntp.xml \ services/nut.xml \ services/openvpn.xml \ services/ovirt-imageio.xml \ services/ovirt-storageconsole.xml \ services/ovirt-vmconsole.xml \ services/pmcd.xml \ services/pmproxy.xml \ services/pmwebapis.xml \ services/pmwebapi.xml \ services/plex.xml \ services/pop3s.xml \ services/pop3.xml \ services/postgresql.xml \ services/privoxy.xml \ services/prometheus.xml \ services/proxy-dhcp.xml \ services/ptp.xml \ services/pulseaudio.xml \ services/puppetmaster.xml \ services/quassel.xml \ services/radius.xml \ services/rdp.xml \ services/redis-sentinel.xml \ services/redis.xml \ services/RH-Satellite-6.xml \ services/RH-Satellite-6-capsule.xml \ services/rpc-bind.xml \ services/rquotad.xml \ services/rsh.xml \ services/rsyncd.xml \ services/rtsp.xml \ services/salt-master.xml \ services/samba-client.xml \ services/samba-dc.xml \ services/samba.xml \ services/sane.xml \ services/sips.xml \ services/sip.xml \ services/slp.xml \ services/smtp-submission.xml \ services/smtps.xml \ services/smtp.xml \ services/snmptrap.xml \ services/snmp.xml \ services/spideroak-lansync.xml \ services/spotify-sync.xml \ services/squid.xml \ services/ssdp.xml \ services/ssh.xml \ services/steam-streaming.xml \ services/svdrp.xml \ services/svn.xml \ services/syncthing.xml \ services/syncthing-gui.xml \ services/synergy.xml \ services/syslog-tls.xml \ services/syslog.xml \ services/telnet.xml \ services/tentacle.xml \ services/tftp.xml \ services/tile38.xml \ services/tinc.xml \ services/tor-socks.xml \ services/transmission-client.xml \ services/upnp-client.xml \ services/vdsm.xml \ services/vnc-server.xml \ services/wbem-http.xml \ services/wbem-https.xml \ services/wireguard.xml \ services/ws-discovery-client.xml \ services/ws-discovery-tcp.xml \ services/ws-discovery-udp.xml \ services/ws-discovery.xml \ services/wsman.xml \ services/wsmans.xml \ services/xdmcp.xml \ services/xmpp-bosh.xml \ services/xmpp-client.xml \ services/xmpp-local.xml \ services/xmpp-server.xml \ services/zabbix-agent.xml \ services/zabbix-server.xml \ services/zerotier.xml \ zones/block.xml \ zones/dmz.xml \ zones/drop.xml \ zones/external.xml \ zones/home.xml \ zones/internal.xml \ zones/public.xml \ zones/trusted.xml \ zones/work.xml EXTRA_DIST = \ $(desktop_FILES) \ $(appdata_FILES) \ $(applet_desktop_FILES) \ $(polkit1_action_FILES) \ $(gsettings_in_file) \ $(CONFIG_FILES) \ lockdown-whitelist.xml.in \ firewalld.init \ firewalld.logrotate.in \ firewalld-sysctls.conf.in \ firewalld.service.in \ firewalld.sysconfig \ macros.firewalld INSTALL_TARGETS = install-config UNINSTALL_TARGETS = uninstall-config INSTALL_TARGETS += install-modprobe.d UNINSTALL_TARGETS += uninstall-modprobe.d INSTALL_TARGETS += install-logrotate.d UNINSTALL_TARGETS += uninstall-logrotate.d if USE_SYSTEMD INSTALL_TARGETS += install-service UNINSTALL_TARGETS += uninstall-service else INSTALL_TARGETS += install-init UNINSTALL_TARGETS += uninstall-init endif if INSTALL_SYSCONFIG INSTALL_TARGETS += install-sysconfig UNINSTALL_TARGETS += uninstall-sysconfig endif if INSTALL_RPMMACROS INSTALL_TARGETS += install-rpmmacros UNINSTALL_TARGETS += uninstall-rpmmacros endif edit = sed \ -e 's|@bindir[@]|$(bindir)|g' \ -e 's|@sbindir[@]|$(sbindir)|g' \ -e 's|@sysconfdir[@]|$(sysconfdir)|g' \ -e 's|@localstatedir[@]|$(localstatedir)|g' \ -e 's|@MODPROBE[@]|$(MODPROBE)|g' \ -e 's|@SYSCTL[@]|$(SYSCTL)|g' firewalld.service: firewalld.service.in $(edit) $< >$@ firewalld-sysctls.conf: firewalld-sysctls.conf.in $(edit) $< >$@ firewalld.logrotate: firewalld.logrotate.in $(edit) $< >$@ install-sysconfig: $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysconfig $(INSTALL_DATA) $(srcdir)/firewalld.sysconfig $(DESTDIR)$(sysconfdir)/sysconfig/firewalld uninstall-sysconfig: rm -f $(DESTDIR)$(sysconfdir)/sysconfig/firewalld rmdir $(DESTDIR)$(sysconfdir)/sysconfig || : install-rpmmacros: $(MKDIR_P) $(DESTDIR)$(prefix)/lib/rpm/macros.d $(INSTALL_DATA) $(srcdir)/macros.firewalld $(DESTDIR)$(prefix)/lib/rpm/macros.d uninstall-rpmmacros: rm -f $(DESTDIR)$(prefix)/lib/rpm/macros.d/macros.firewalld rmdir $(DESTDIR)$(prefix)/lib/rpm/macros.d || : install-init: install-sysconfig $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d $(INSTALL_SCRIPT) $(srcdir)/firewalld.init $(DESTDIR)$(sysconfdir)/rc.d/init.d/firewalld uninstall-init: uninstall-sysconfig rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/firewalld rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || : install-service: install-sysconfig $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNITDIR) $(INSTALL_DATA) firewalld.service $(DESTDIR)$(SYSTEMD_UNITDIR)/firewalld.service uninstall-service: uninstall-sysconfig rm -f $(DESTDIR)$(SYSTEMD_UNITDIR)/firewalld.service rmdir $(DESTDIR)$(SYSTEMD_UNITDIR) || : install-modprobe.d: $(MKDIR_P) $(DESTDIR)$(sysconfdir)/modprobe.d $(INSTALL_DATA) firewalld-sysctls.conf $(DESTDIR)$(sysconfdir)/modprobe.d/firewalld-sysctls.conf uninstall-modprobe.d: rm -f $(DESTDIR)$(sysconfdir)/modprobe.d/firewalld-sysctls.conf rmdir $(DESTDIR)$(sysconfdir)/modprobe.d || : install-logrotate.d: $(MKDIR_P) $(DESTDIR)$(sysconfdir)/logrotate.d $(INSTALL_DATA) firewalld.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/firewalld uninstall-logrotate.d: rm -f $(DESTDIR)$(sysconfdir)/logrotate.d/firewalld rmdir $(DESTDIR)$(sysconfdir)/logrotate.d || : install-config: $(MKDIR_P) $(DESTDIR)$(sconfdir) $(MKDIR_P) $(DESTDIR)$(sconfdir)/icmptypes $(MKDIR_P) $(DESTDIR)$(sconfdir)/ipsets $(MKDIR_P) $(DESTDIR)$(sconfdir)/policies $(MKDIR_P) $(DESTDIR)$(sconfdir)/services $(MKDIR_P) $(DESTDIR)$(sconfdir)/zones $(MKDIR_P) $(DESTDIR)$(sconfdir)/helpers $(MKDIR_P) $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/icmptypes $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/ipsets $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/policies $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/services $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/zones $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/helpers $(DESTDIR)$(prefixlibdir) uninstall-config: rmdir $(DESTDIR)$(sconfdir)/icmptypes rmdir $(DESTDIR)$(sconfdir)/ipsets rmdir $(DESTDIR)$(sconfdir)/policies rmdir $(DESTDIR)$(sconfdir)/services rmdir $(DESTDIR)$(sconfdir)/zones rm -f $(DESTDIR)$(prefixlibdir)/icmptypes/* rmdir $(DESTDIR)$(prefixlibdir)/icmptypes rm -f $(DESTDIR)$(prefixlibdir)/ipsets/* rmdir $(DESTDIR)$(prefixlibdir)/ipsets rm -f $(DESTDIR)$(prefixlibdir)/policies/* rmdir $(DESTDIR)$(prefixlibdir)/policies rm -f $(DESTDIR)$(prefixlibdir)/services/* rmdir $(DESTDIR)$(prefixlibdir)/services rm -f $(DESTDIR)$(prefixlibdir)/zones/* rmdir $(DESTDIR)$(prefixlibdir)/zones rm -f $(DESTDIR)$(prefixlibdir)/helpers/* rmdir $(DESTDIR)$(prefixlibdir)/helpers install-data-local: $(INSTALL_TARGETS) uninstall-local: $(UNINSTALL_TARGETS) install-data-hook: cd $(DESTDIR)$(polkit1_actiondir) && \ mv org.fedoraproject.FirewallD1.server.policy org.fedoraproject.FirewallD1.server.policy.choice && \ mv org.fedoraproject.FirewallD1.desktop.policy org.fedoraproject.FirewallD1.desktop.policy.choice && \ rm -f org.fedoraproject.FirewallD1.policy && \ $(LN_S) org.fedoraproject.FirewallD1.server.policy.choice org.fedoraproject.FirewallD1.policy # make sure CONFIG_FILES are also in POTFILES check-local: @for file in $(filter-out helpers/% %/README,$(CONFIG_FILES)); do \ if ! grep "$${file}" ${top_srcdir}/po/POTFILES.in > /dev/null; then \ echo "$${file} should be in ${abs_top_srcdir}/po/POTFILES.in"; \ exit 1; \ fi; \ done firewalld-1.1.1/config/applet.conf0000644000000000000000000000016114217342322017060 0ustar00rootroot00000000000000[General] notifications=false show-inactive=false blink=false blink-count=5 shields-up=block shields-down=public firewalld-1.1.1/config/FirewallD.conf0000644000000000000000000000207414217342322017451 0ustar00rootroot00000000000000 firewalld-1.1.1/config/firewalld.conf0000644000000000000000000000466414217342322017560 0ustar00rootroot00000000000000# firewalld config file # default zone # The default zone used if an empty zone string is used. # Default: public DefaultZone=public # Clean up on exit # If set to no or false the firewall configuration will not get cleaned up # on exit or stop of firewalld. # Default: yes CleanupOnExit=yes # Clean up kernel modules on exit # If set to yes or true the firewall related kernel modules will be # unloaded on exit or stop of firewalld. This might attempt to unload # modules not originally loaded by firewalld. # Default: no CleanupModulesOnExit=no # Lockdown # If set to enabled, firewall changes with the D-Bus interface will be limited # to applications that are listed in the lockdown whitelist. # The lockdown whitelist file is lockdown-whitelist.xml # Default: no Lockdown=no # IPv6_rpfilter # Performs a reverse path filter test on a packet for IPv6. If a reply to the # packet would be sent via the same interface that the packet arrived on, the # packet will match and be accepted, otherwise dropped. # The rp_filter for IPv4 is controlled using sysctl. # Note: This feature has a performance impact. See man page FIREWALLD.CONF(5) # for details. # Default: yes IPv6_rpfilter=yes # IndividualCalls # Do not use combined -restore calls, but individual calls. This increases the # time that is needed to apply changes and to start the daemon, but is good for # debugging. # Default: no IndividualCalls=no # LogDenied # Add logging rules right before reject and drop rules in the INPUT, FORWARD # and OUTPUT chains for the default rules and also final reject and drop rules # in zones. Possible values are: all, unicast, broadcast, multicast and off. # Default: off LogDenied=off # FirewallBackend # Selects the firewall backend implementation. # Choices are: # - nftables (default) # - iptables (iptables, ip6tables, ebtables and ipset) # Note: The iptables backend is deprecated. It will be removed in a future # release. FirewallBackend=nftables # FlushAllOnReload # Flush all runtime rules on a reload. In previous releases some runtime # configuration was retained during a reload, namely; interface to zone # assignment, and direct rules. This was confusing to users. To get the old # behavior set this to "no". # Default: yes FlushAllOnReload=yes # RFC3964_IPv4 # As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that # correspond to IPv4 addresses that should not be routed over the public # internet. # Defaults to "yes". RFC3964_IPv4=yes firewalld-1.1.1/config/lockdown-whitelist.xml0000644000000000000000000000041414217353157021311 0ustar00rootroot00000000000000 firewalld-1.1.1/config/Makefile.in0000644000000000000000000010615714217352322017006 0ustar00rootroot00000000000000# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : @USE_SYSTEMD_TRUE@am__append_1 = install-service @USE_SYSTEMD_TRUE@am__append_2 = uninstall-service @USE_SYSTEMD_FALSE@am__append_3 = install-init @USE_SYSTEMD_FALSE@am__append_4 = uninstall-init @INSTALL_SYSCONFIG_TRUE@am__append_5 = install-sysconfig @INSTALL_SYSCONFIG_TRUE@am__append_6 = uninstall-sysconfig @INSTALL_RPMMACROS_TRUE@am__append_7 = install-rpmmacros @INSTALL_RPMMACROS_TRUE@am__append_8 = uninstall-rpmmacros subdir = config ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(dist_conf_DATA) \ $(dist_dbus_policy_DATA) $(dist_sconf_DATA) $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = lockdown-whitelist.xml CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(appdatadir)" \ "$(DESTDIR)$(applet_desktopdir)" "$(DESTDIR)$(desktopdir)" \ "$(DESTDIR)$(confdir)" "$(DESTDIR)$(dbus_policydir)" \ "$(DESTDIR)$(sconfdir)" "$(DESTDIR)$(polkit1_actiondir)" DATA = $(appdata_DATA) $(applet_desktop_DATA) $(desktop_DATA) \ $(dist_conf_DATA) $(dist_dbus_policy_DATA) $(dist_sconf_DATA) \ $(polkit1_action_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in \ $(srcdir)/lockdown-whitelist.xml.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ sconfdir = $(sysconfdir)/firewalld prefixlibdir = ${prefix}/lib/firewalld dist_sconf_DATA = firewalld.conf lockdown-whitelist.xml desktop_FILES = firewall-config.desktop.in desktopdir = $(datadir)/applications desktop_DATA = $(desktop_FILES:.in=) appdata_FILES = firewall-config.appdata.xml.in appdatadir = $(datadir)/metainfo/ appdata_DATA = $(appdata_FILES:.in=) applet_desktop_FILES = firewall-applet.desktop.in applet_desktopdir = $(sysconfdir)/xdg/autostart applet_desktop_DATA = $(applet_desktop_FILES:.in=) confdir = $(sysconfdir)/firewall dist_conf_DATA = applet.conf polkit1_action_FILES = org.fedoraproject.FirewallD1.server.policy.in \ org.fedoraproject.FirewallD1.desktop.policy.in polkit1_actiondir = $(datadir)/polkit-1/actions polkit1_action_DATA = $(polkit1_action_FILES:.in=) dbus_policydir = $(datadir)/dbus-1/system.d dist_dbus_policy_DATA = FirewallD.conf gsettings_in_file = org.fedoraproject.FirewallConfig.gschema.xml.in gsettings_SCHEMAS = $(gsettings_in_file:.xml.in=.xml) BUILT_SOURCES = \ $(desktop_DATA) \ $(appdata_DATA) \ $(applet_desktop_DATA) \ $(polkit1_action_DATA) \ $(gsettings_SCHEMAS) \ firewalld-sysctls.conf \ firewalld.logrotate \ firewalld.service CLEANFILES = *~ *\# .\#* firewalld.service firewalld-sysctls.conf firewalld.logrotate DISTCLEANFILES = \ $(desktop_DATA) \ $(appdata_DATA) \ $(applet_desktop_DATA) \ $(polkit1_action_DATA) \ $(gsettings_SCHEMAS) CONFIG_FILES = \ helpers/amanda.xml \ helpers/ftp.xml \ helpers/h323.xml \ helpers/irc.xml \ helpers/netbios-ns.xml \ helpers/pptp.xml \ helpers/proto-gre.xml \ helpers/Q.931.xml \ helpers/RAS.xml \ helpers/sane.xml \ helpers/sip.xml \ helpers/snmp.xml \ helpers/tftp.xml \ icmptypes/address-unreachable.xml \ icmptypes/bad-header.xml \ icmptypes/beyond-scope.xml \ icmptypes/communication-prohibited.xml \ icmptypes/destination-unreachable.xml \ icmptypes/echo-reply.xml \ icmptypes/echo-request.xml \ icmptypes/failed-policy.xml \ icmptypes/fragmentation-needed.xml \ icmptypes/host-precedence-violation.xml \ icmptypes/host-prohibited.xml \ icmptypes/host-redirect.xml \ icmptypes/host-unknown.xml \ icmptypes/host-unreachable.xml \ icmptypes/ip-header-bad.xml \ icmptypes/neighbour-advertisement.xml \ icmptypes/neighbour-solicitation.xml \ icmptypes/network-prohibited.xml \ icmptypes/network-redirect.xml \ icmptypes/network-unknown.xml \ icmptypes/network-unreachable.xml \ icmptypes/no-route.xml \ icmptypes/packet-too-big.xml \ icmptypes/parameter-problem.xml \ icmptypes/port-unreachable.xml \ icmptypes/precedence-cutoff.xml \ icmptypes/protocol-unreachable.xml \ icmptypes/redirect.xml \ icmptypes/reject-route.xml \ icmptypes/required-option-missing.xml \ icmptypes/router-advertisement.xml \ icmptypes/router-solicitation.xml \ icmptypes/source-quench.xml \ icmptypes/source-route-failed.xml \ icmptypes/time-exceeded.xml \ icmptypes/timestamp-reply.xml \ icmptypes/timestamp-request.xml \ icmptypes/tos-host-redirect.xml \ icmptypes/tos-host-unreachable.xml \ icmptypes/tos-network-redirect.xml \ icmptypes/tos-network-unreachable.xml \ icmptypes/ttl-zero-during-reassembly.xml \ icmptypes/ttl-zero-during-transit.xml \ icmptypes/unknown-header-type.xml \ icmptypes/unknown-option.xml \ ipsets/README \ policies/allow-host-ipv6.xml \ services/afp.xml \ services/amanda-client.xml \ services/amanda-k5-client.xml \ services/amqp.xml \ services/amqps.xml \ services/apcupsd.xml \ services/audit.xml \ services/bacula-client.xml \ services/bacula.xml \ services/bb.xml \ services/bgp.xml \ services/bitcoin-rpc.xml \ services/bitcoin-testnet-rpc.xml \ services/bitcoin-testnet.xml \ services/bitcoin.xml \ services/bittorrent-lsd.xml \ services/lightning-network.xml \ services/ceph-mon.xml \ services/ceph.xml \ services/cfengine.xml \ services/cockpit.xml \ services/collectd.xml \ services/condor-collector.xml \ services/ctdb.xml \ services/dhcpv6-client.xml \ services/dhcpv6.xml \ services/dhcp.xml \ services/distcc.xml \ services/dns-over-tls.xml \ services/dns.xml \ services/docker-registry.xml \ services/docker-swarm.xml \ services/dropbox-lansync.xml \ services/elasticsearch.xml \ services/etcd-client.xml \ services/etcd-server.xml \ services/finger.xml \ services/foreman.xml \ services/foreman-proxy.xml \ services/freeipa-4.xml \ services/freeipa-ldaps.xml \ services/freeipa-ldap.xml \ services/freeipa-replication.xml \ services/freeipa-trust.xml \ services/ftp.xml \ services/galera.xml \ services/ganglia-client.xml \ services/ganglia-master.xml \ services/git.xml \ services/grafana.xml \ services/gre.xml \ services/high-availability.xml \ services/http3.xml \ services/https.xml \ services/http.xml \ services/imaps.xml \ services/imap.xml \ services/ipp-client.xml \ services/ipp.xml \ services/ipsec.xml \ services/ircs.xml \ services/irc.xml \ services/iscsi-target.xml \ services/isns.xml \ services/jellyfin.xml \ services/jenkins.xml \ services/kadmin.xml \ services/kdeconnect.xml \ services/kerberos.xml \ services/kibana.xml \ services/klogin.xml \ services/kpasswd.xml \ services/kprop.xml \ services/kshell.xml \ services/kube-api.xml \ services/kube-apiserver.xml \ services/kube-control-plane.xml \ services/kube-controller-manager.xml \ services/kube-scheduler.xml \ services/kubelet-worker.xml \ services/ldaps.xml \ services/ldap.xml \ services/libvirt-tls.xml \ services/libvirt.xml \ services/llmnr-tcp.xml \ services/llmnr-udp.xml \ services/llmnr.xml \ services/managesieve.xml \ services/matrix.xml \ services/mdns.xml \ services/memcache.xml \ services/minidlna.xml \ services/mongodb.xml \ services/mosh.xml \ services/mountd.xml \ services/mqtt.xml \ services/mqtt-tls.xml \ services/mssql.xml \ services/ms-wbt.xml \ services/murmur.xml \ services/mysql.xml \ services/nbd.xml \ services/netbios-ns.xml \ services/nfs.xml \ services/nfs3.xml \ services/nmea-0183.xml \ services/nrpe.xml \ services/ntp.xml \ services/nut.xml \ services/openvpn.xml \ services/ovirt-imageio.xml \ services/ovirt-storageconsole.xml \ services/ovirt-vmconsole.xml \ services/pmcd.xml \ services/pmproxy.xml \ services/pmwebapis.xml \ services/pmwebapi.xml \ services/plex.xml \ services/pop3s.xml \ services/pop3.xml \ services/postgresql.xml \ services/privoxy.xml \ services/prometheus.xml \ services/proxy-dhcp.xml \ services/ptp.xml \ services/pulseaudio.xml \ services/puppetmaster.xml \ services/quassel.xml \ services/radius.xml \ services/rdp.xml \ services/redis-sentinel.xml \ services/redis.xml \ services/RH-Satellite-6.xml \ services/RH-Satellite-6-capsule.xml \ services/rpc-bind.xml \ services/rquotad.xml \ services/rsh.xml \ services/rsyncd.xml \ services/rtsp.xml \ services/salt-master.xml \ services/samba-client.xml \ services/samba-dc.xml \ services/samba.xml \ services/sane.xml \ services/sips.xml \ services/sip.xml \ services/slp.xml \ services/smtp-submission.xml \ services/smtps.xml \ services/smtp.xml \ services/snmptrap.xml \ services/snmp.xml \ services/spideroak-lansync.xml \ services/spotify-sync.xml \ services/squid.xml \ services/ssdp.xml \ services/ssh.xml \ services/steam-streaming.xml \ services/svdrp.xml \ services/svn.xml \ services/syncthing.xml \ services/syncthing-gui.xml \ services/synergy.xml \ services/syslog-tls.xml \ services/syslog.xml \ services/telnet.xml \ services/tentacle.xml \ services/tftp.xml \ services/tile38.xml \ services/tinc.xml \ services/tor-socks.xml \ services/transmission-client.xml \ services/upnp-client.xml \ services/vdsm.xml \ services/vnc-server.xml \ services/wbem-http.xml \ services/wbem-https.xml \ services/wireguard.xml \ services/ws-discovery-client.xml \ services/ws-discovery-tcp.xml \ services/ws-discovery-udp.xml \ services/ws-discovery.xml \ services/wsman.xml \ services/wsmans.xml \ services/xdmcp.xml \ services/xmpp-bosh.xml \ services/xmpp-client.xml \ services/xmpp-local.xml \ services/xmpp-server.xml \ services/zabbix-agent.xml \ services/zabbix-server.xml \ services/zerotier.xml \ zones/block.xml \ zones/dmz.xml \ zones/drop.xml \ zones/external.xml \ zones/home.xml \ zones/internal.xml \ zones/public.xml \ zones/trusted.xml \ zones/work.xml EXTRA_DIST = \ $(desktop_FILES) \ $(appdata_FILES) \ $(applet_desktop_FILES) \ $(polkit1_action_FILES) \ $(gsettings_in_file) \ $(CONFIG_FILES) \ lockdown-whitelist.xml.in \ firewalld.init \ firewalld.logrotate.in \ firewalld-sysctls.conf.in \ firewalld.service.in \ firewalld.sysconfig \ macros.firewalld INSTALL_TARGETS = install-config install-modprobe.d \ install-logrotate.d $(am__append_1) $(am__append_3) \ $(am__append_5) $(am__append_7) UNINSTALL_TARGETS = uninstall-config uninstall-modprobe.d \ uninstall-logrotate.d $(am__append_2) $(am__append_4) \ $(am__append_6) $(am__append_8) edit = sed \ -e 's|@bindir[@]|$(bindir)|g' \ -e 's|@sbindir[@]|$(sbindir)|g' \ -e 's|@sysconfdir[@]|$(sysconfdir)|g' \ -e 's|@localstatedir[@]|$(localstatedir)|g' \ -e 's|@MODPROBE[@]|$(MODPROBE)|g' \ -e 's|@SYSCTL[@]|$(SYSCTL)|g' all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign config/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign config/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): lockdown-whitelist.xml: $(top_builddir)/config.status $(srcdir)/lockdown-whitelist.xml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-appdataDATA: $(appdata_DATA) @$(NORMAL_INSTALL) @list='$(appdata_DATA)'; test -n "$(appdatadir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(appdatadir)'"; \ $(MKDIR_P) "$(DESTDIR)$(appdatadir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(appdatadir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(appdatadir)" || exit $$?; \ done uninstall-appdataDATA: @$(NORMAL_UNINSTALL) @list='$(appdata_DATA)'; test -n "$(appdatadir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(appdatadir)'; $(am__uninstall_files_from_dir) install-applet_desktopDATA: $(applet_desktop_DATA) @$(NORMAL_INSTALL) @list='$(applet_desktop_DATA)'; test -n "$(applet_desktopdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(applet_desktopdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(applet_desktopdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(applet_desktopdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(applet_desktopdir)" || exit $$?; \ done uninstall-applet_desktopDATA: @$(NORMAL_UNINSTALL) @list='$(applet_desktop_DATA)'; test -n "$(applet_desktopdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(applet_desktopdir)'; $(am__uninstall_files_from_dir) install-desktopDATA: $(desktop_DATA) @$(NORMAL_INSTALL) @list='$(desktop_DATA)'; test -n "$(desktopdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(desktopdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(desktopdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(desktopdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(desktopdir)" || exit $$?; \ done uninstall-desktopDATA: @$(NORMAL_UNINSTALL) @list='$(desktop_DATA)'; test -n "$(desktopdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(desktopdir)'; $(am__uninstall_files_from_dir) install-dist_confDATA: $(dist_conf_DATA) @$(NORMAL_INSTALL) @list='$(dist_conf_DATA)'; test -n "$(confdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(confdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(confdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(confdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(confdir)" || exit $$?; \ done uninstall-dist_confDATA: @$(NORMAL_UNINSTALL) @list='$(dist_conf_DATA)'; test -n "$(confdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(confdir)'; $(am__uninstall_files_from_dir) install-dist_dbus_policyDATA: $(dist_dbus_policy_DATA) @$(NORMAL_INSTALL) @list='$(dist_dbus_policy_DATA)'; test -n "$(dbus_policydir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(dbus_policydir)'"; \ $(MKDIR_P) "$(DESTDIR)$(dbus_policydir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dbus_policydir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(dbus_policydir)" || exit $$?; \ done uninstall-dist_dbus_policyDATA: @$(NORMAL_UNINSTALL) @list='$(dist_dbus_policy_DATA)'; test -n "$(dbus_policydir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(dbus_policydir)'; $(am__uninstall_files_from_dir) install-dist_sconfDATA: $(dist_sconf_DATA) @$(NORMAL_INSTALL) @list='$(dist_sconf_DATA)'; test -n "$(sconfdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(sconfdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(sconfdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sconfdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(sconfdir)" || exit $$?; \ done uninstall-dist_sconfDATA: @$(NORMAL_UNINSTALL) @list='$(dist_sconf_DATA)'; test -n "$(sconfdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(sconfdir)'; $(am__uninstall_files_from_dir) install-polkit1_actionDATA: $(polkit1_action_DATA) @$(NORMAL_INSTALL) @list='$(polkit1_action_DATA)'; test -n "$(polkit1_actiondir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(polkit1_actiondir)'"; \ $(MKDIR_P) "$(DESTDIR)$(polkit1_actiondir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(polkit1_actiondir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(polkit1_actiondir)" || exit $$?; \ done uninstall-polkit1_actionDATA: @$(NORMAL_UNINSTALL) @list='$(polkit1_action_DATA)'; test -n "$(polkit1_actiondir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(polkit1_actiondir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-local check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am all-am: Makefile $(DATA) installdirs: for dir in "$(DESTDIR)$(appdatadir)" "$(DESTDIR)$(applet_desktopdir)" "$(DESTDIR)$(desktopdir)" "$(DESTDIR)$(confdir)" "$(DESTDIR)$(dbus_policydir)" "$(DESTDIR)$(sconfdir)" "$(DESTDIR)$(polkit1_actiondir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-am clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-appdataDATA install-applet_desktopDATA \ install-data-local install-desktopDATA install-dist_confDATA \ install-dist_dbus_policyDATA install-dist_sconfDATA \ install-polkit1_actionDATA @$(NORMAL_INSTALL) $(MAKE) $(AM_MAKEFLAGS) install-data-hook install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-appdataDATA uninstall-applet_desktopDATA \ uninstall-desktopDATA uninstall-dist_confDATA \ uninstall-dist_dbus_policyDATA uninstall-dist_sconfDATA \ uninstall-local uninstall-polkit1_actionDATA .MAKE: all check check-am install install-am install-data-am \ install-strip .PHONY: all all-am check check-am check-local clean clean-generic \ cscopelist-am ctags-am distclean distclean-generic distdir dvi \ dvi-am html html-am info info-am install install-am \ install-appdataDATA install-applet_desktopDATA install-data \ install-data-am install-data-hook install-data-local \ install-desktopDATA install-dist_confDATA \ install-dist_dbus_policyDATA install-dist_sconfDATA \ install-dvi install-dvi-am install-exec install-exec-am \ install-html install-html-am install-info install-info-am \ install-man install-pdf install-pdf-am \ install-polkit1_actionDATA install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-appdataDATA \ uninstall-applet_desktopDATA uninstall-desktopDATA \ uninstall-dist_confDATA uninstall-dist_dbus_policyDATA \ uninstall-dist_sconfDATA uninstall-local \ uninstall-polkit1_actionDATA .PRECIOUS: Makefile @INTLTOOL_DESKTOP_RULE@ @INTLTOOL_POLICY_RULE@ @INTLTOOL_XML_NOMERGE_RULE@ @GSETTINGS_RULES@ all: $(desktop_DATA) $(appdata_DATA) $(applet_desktop_DATA) $(polkit1_action_DATA) $(gsettings_SCHEMAS) firewalld.service: firewalld.service.in $(edit) $< >$@ firewalld-sysctls.conf: firewalld-sysctls.conf.in $(edit) $< >$@ firewalld.logrotate: firewalld.logrotate.in $(edit) $< >$@ install-sysconfig: $(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysconfig $(INSTALL_DATA) $(srcdir)/firewalld.sysconfig $(DESTDIR)$(sysconfdir)/sysconfig/firewalld uninstall-sysconfig: rm -f $(DESTDIR)$(sysconfdir)/sysconfig/firewalld rmdir $(DESTDIR)$(sysconfdir)/sysconfig || : install-rpmmacros: $(MKDIR_P) $(DESTDIR)$(prefix)/lib/rpm/macros.d $(INSTALL_DATA) $(srcdir)/macros.firewalld $(DESTDIR)$(prefix)/lib/rpm/macros.d uninstall-rpmmacros: rm -f $(DESTDIR)$(prefix)/lib/rpm/macros.d/macros.firewalld rmdir $(DESTDIR)$(prefix)/lib/rpm/macros.d || : install-init: install-sysconfig $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d $(INSTALL_SCRIPT) $(srcdir)/firewalld.init $(DESTDIR)$(sysconfdir)/rc.d/init.d/firewalld uninstall-init: uninstall-sysconfig rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/firewalld rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || : install-service: install-sysconfig $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNITDIR) $(INSTALL_DATA) firewalld.service $(DESTDIR)$(SYSTEMD_UNITDIR)/firewalld.service uninstall-service: uninstall-sysconfig rm -f $(DESTDIR)$(SYSTEMD_UNITDIR)/firewalld.service rmdir $(DESTDIR)$(SYSTEMD_UNITDIR) || : install-modprobe.d: $(MKDIR_P) $(DESTDIR)$(sysconfdir)/modprobe.d $(INSTALL_DATA) firewalld-sysctls.conf $(DESTDIR)$(sysconfdir)/modprobe.d/firewalld-sysctls.conf uninstall-modprobe.d: rm -f $(DESTDIR)$(sysconfdir)/modprobe.d/firewalld-sysctls.conf rmdir $(DESTDIR)$(sysconfdir)/modprobe.d || : install-logrotate.d: $(MKDIR_P) $(DESTDIR)$(sysconfdir)/logrotate.d $(INSTALL_DATA) firewalld.logrotate $(DESTDIR)$(sysconfdir)/logrotate.d/firewalld uninstall-logrotate.d: rm -f $(DESTDIR)$(sysconfdir)/logrotate.d/firewalld rmdir $(DESTDIR)$(sysconfdir)/logrotate.d || : install-config: $(MKDIR_P) $(DESTDIR)$(sconfdir) $(MKDIR_P) $(DESTDIR)$(sconfdir)/icmptypes $(MKDIR_P) $(DESTDIR)$(sconfdir)/ipsets $(MKDIR_P) $(DESTDIR)$(sconfdir)/policies $(MKDIR_P) $(DESTDIR)$(sconfdir)/services $(MKDIR_P) $(DESTDIR)$(sconfdir)/zones $(MKDIR_P) $(DESTDIR)$(sconfdir)/helpers $(MKDIR_P) $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/icmptypes $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/ipsets $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/policies $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/services $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/zones $(DESTDIR)$(prefixlibdir) cp -r $(srcdir)/helpers $(DESTDIR)$(prefixlibdir) uninstall-config: rmdir $(DESTDIR)$(sconfdir)/icmptypes rmdir $(DESTDIR)$(sconfdir)/ipsets rmdir $(DESTDIR)$(sconfdir)/policies rmdir $(DESTDIR)$(sconfdir)/services rmdir $(DESTDIR)$(sconfdir)/zones rm -f $(DESTDIR)$(prefixlibdir)/icmptypes/* rmdir $(DESTDIR)$(prefixlibdir)/icmptypes rm -f $(DESTDIR)$(prefixlibdir)/ipsets/* rmdir $(DESTDIR)$(prefixlibdir)/ipsets rm -f $(DESTDIR)$(prefixlibdir)/policies/* rmdir $(DESTDIR)$(prefixlibdir)/policies rm -f $(DESTDIR)$(prefixlibdir)/services/* rmdir $(DESTDIR)$(prefixlibdir)/services rm -f $(DESTDIR)$(prefixlibdir)/zones/* rmdir $(DESTDIR)$(prefixlibdir)/zones rm -f $(DESTDIR)$(prefixlibdir)/helpers/* rmdir $(DESTDIR)$(prefixlibdir)/helpers install-data-local: $(INSTALL_TARGETS) uninstall-local: $(UNINSTALL_TARGETS) install-data-hook: cd $(DESTDIR)$(polkit1_actiondir) && \ mv org.fedoraproject.FirewallD1.server.policy org.fedoraproject.FirewallD1.server.policy.choice && \ mv org.fedoraproject.FirewallD1.desktop.policy org.fedoraproject.FirewallD1.desktop.policy.choice && \ rm -f org.fedoraproject.FirewallD1.policy && \ $(LN_S) org.fedoraproject.FirewallD1.server.policy.choice org.fedoraproject.FirewallD1.policy # make sure CONFIG_FILES are also in POTFILES check-local: @for file in $(filter-out helpers/% %/README,$(CONFIG_FILES)); do \ if ! grep "$${file}" ${top_srcdir}/po/POTFILES.in > /dev/null; then \ echo "$${file} should be in ${abs_top_srcdir}/po/POTFILES.in"; \ exit 1; \ fi; \ done # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-1.1.1/config/lockdown-whitelist.xml.in0000644000000000000000000000040414217342322021705 0ustar00rootroot00000000000000 firewalld-1.1.1/config/firewall-config.desktop.in0000644000000000000000000000052314217342322021776 0ustar00rootroot00000000000000[Desktop Entry] _Name=Firewall _Comment=Firewall Configuration Icon=firewall-config Categories=System;Settings;Security; # Translators: These are searchable keywords for the firewall configuration tool _Keywords=firewall;network;security;iptables;netfilter; Exec=/usr/bin/firewall-config Type=Application StartupNotify=true Terminal=false firewalld-1.1.1/config/firewall-config.appdata.xml.in0000644000000000000000000000241014217342322022533 0ustar00rootroot00000000000000 firewall-config.desktop CC0-1.0 GPL-2.0+

Firewall Configuration provides a graphical tool for administering firewall.

Allows to inspect and set:

  • Runtime and permanent firewall configuration
  • Predefined zones (levels of trust for network connections)
  • Predefined services (port/protocol, netfilter helper module)
  • Port forwarding, masquerading, ICMP blocking
  • Complex firewall rules a.k.a. Rich Language
  • Iptables rules a.k.a. Direct Interface
 https://raw.githubusercontent.com/firewalld/firewalld/master/doc/firewall-config.png http://firewalld.org https://github.com/firewalld/firewalld/issues https://fedora.zanata.org/project/view/firewalld twoerner_at_redhat.com firewalld-1.1.1/config/firewall-applet.desktop.in0000644000000000000000000000031214217342322022012 0ustar00rootroot00000000000000[Desktop Entry] _Name=Firewall Applet _Comment=Firewall Applet Icon=firewall-applet Categories=System;Settings;Security; Exec=/usr/bin/firewall-applet Type=Application StartupNotify=true Terminal=false firewalld-1.1.1/config/org.fedoraproject.FirewallD1.server.policy.in0000644000000000000000000000766514217342322025445 0ustar00rootroot00000000000000 FirewallD http://firewalld.org Firewall System policy prevents inspecting and changing firewall auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.info org.fedoraproject.FirewallD1.config org.fedoraproject.FirewallD1.config.info org.fedoraproject.FirewallD1.direct org.fedoraproject.FirewallD1.direct.info org.fedoraproject.FirewallD1.policies org.fedoraproject.FirewallD1.policies.info General firewall information System policy prevents getting general firewall information yes yes yes Firewall configuration System policy prevents changing the firewall configuration auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.config.info Firewall configuration System policy prevents inspecting the firewall configuration auth_admin_keep auth_admin_keep auth_admin_keep Firewall direct interface System policy prevents using the firewall direct interface auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.direct.info Firewall direct interface System policy prevents inspecting the firewall direct interface auth_admin_keep auth_admin_keep auth_admin_keep Firewall policies interface System policy prevents using the firewall policies interface auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.policies.info Firewall policies interface System policy prevents inspecting the firewall policies interface auth_admin_keep auth_admin_keep auth_admin_keep firewalld-1.1.1/config/org.fedoraproject.FirewallD1.desktop.policy.in0000644000000000000000000000751114217342322025576 0ustar00rootroot00000000000000 FirewallD http://firewalld.org Firewall System policy prevents inspecting and changing firewall auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.info org.fedoraproject.FirewallD1.config org.fedoraproject.FirewallD1.config.info org.fedoraproject.FirewallD1.direct org.fedoraproject.FirewallD1.direct.info org.fedoraproject.FirewallD1.policies org.fedoraproject.FirewallD1.policies.info General firewall information System policy prevents getting general firewall information yes yes yes Firewall configuration System policy prevents changing the firewall configuration auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.config.info Firewall configuration System policy prevents inspecting the firewall configuration yes yes yes Firewall direct interface System policy prevents using the firewall direct interface auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.direct.info Firewall direct interface System policy prevents inspecting the firewall direct interface yes yes yes Firewall policies interface System policy prevents using the firewall policies interface auth_admin_keep auth_admin_keep auth_admin_keep org.fedoraproject.FirewallD1.policies.info Firewall policies interface System policy prevents inspecting the firewall policies interface yes yes yes firewalld-1.1.1/config/org.fedoraproject.FirewallConfig.gschema.xml.in0000644000000000000000000000177114217342322026000 0ustar00rootroot00000000000000 true Shows IPSets tab if true false Shows ICMP types tab if true false Shows direct chains and rules tab if true false Shows lockdown whitelist tab if true false Shows Helpers tab if true true Shows active zone bindings if true firewalld-1.1.1/config/firewalld.init0000755000000000000000000000425114217342322017571 0ustar00rootroot00000000000000#!/bin/sh # # firewalld Startup script for the firewall daemon # # chkconfig: - 08 92 # description: The firewall deamon manages the firewall and handles dynamic # firewall changes. # # config: /etc/firewalld # pidfile: /var/run/firewalld.pid # ### BEGIN INIT INFO # Provides: firewalld # Required-Start: $syslog $local_fs messagebus # Required-Stop: # Should-Start: # Should-Stop: # Default-Start: # Default-Stop: # Short-Description: # Description: ### END INIT INFO # Source function library. . /etc/init.d/functions exec="/usr/sbin/firewalld" prog="firewalld" #config="/etc/firewalld/firewalld.conf" [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog lockfile=/var/lock/subsys/$prog user_check() { if [ $UID -ne 0 ] ; then echo "User has insufficient privilege." exit 4 fi } start() { user_check [ -x $exec ] || exit 5 # [ -f $config ] || exit 6 echo -n $"Starting $prog: " daemon $exec $FIREWALLD_ARGS retval=$? echo [ $retval -eq 0 ] && touch $lockfile } stop() { user_check echo -n $"Stopping $prog: " killproc $prog retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile } restart() { stop start } reload() { user_check echo -n $"Reloading firewall: " firewall-cmd --reload retval=$? [ $retval -eq 0 ] && success || failure echo } force_reload() { restart } rh_status() { user_check # run checks to determine if the service is running or use generic status status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } usage() { echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 restart ;; usage) usage exit 0 ;; *) usage exit 2 esac exit $? firewalld-1.1.1/config/firewalld.logrotate.in0000644000000000000000000000015014217342322021222 0ustar00rootroot00000000000000@localstatedir@/log/firewalld { weekly missingok rotate 4 copytruncate minsize 1M } firewalld-1.1.1/config/firewalld-sysctls.conf.in0000644000000000000000000000022614217342322021655 0ustar00rootroot00000000000000install nf_conntrack @MODPROBE@ --ignore-install nf_conntrack $CMDLINE_OPTS && @SYSCTL@ --quiet --pattern 'net[.]netfilter[.]nf_conntrack.*' --system firewalld-1.1.1/config/firewalld.service.in0000644000000000000000000000124214217342322020665 0ustar00rootroot00000000000000[Unit] Description=firewalld - dynamic firewall daemon Before=network-pre.target Wants=network-pre.target After=dbus.service After=polkit.service Conflicts=iptables.service ip6tables.service ebtables.service ipset.service nftables.service Documentation=man:firewalld(1) [Service] EnvironmentFile=-/etc/sysconfig/firewalld ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS ExecReload=/bin/kill -HUP $MAINPID # supress to log debug and error output also to /var/log/messages StandardOutput=null StandardError=null Type=dbus BusName=org.fedoraproject.FirewallD1 KillMode=mixed [Install] WantedBy=multi-user.target Alias=dbus-org.fedoraproject.FirewallD1.service firewalld-1.1.1/config/firewalld.sysconfig0000644000000000000000000000011114217342322020616 0ustar00rootroot00000000000000# firewalld command line args # possible values: --debug FIREWALLD_ARGS= firewalld-1.1.1/config/macros.firewalld0000644000000000000000000000035714217342322020112 0ustar00rootroot00000000000000# RPM macros for packages installing firewalld services/zones # put this into %post otherwise firewalld won't load new service/zone file %firewalld_reload() \ test -x %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || : \ %{nil} firewalld-1.1.1/doc/0000755000000000000000000000000014217353174014235 5ustar00rootroot00000000000000firewalld-1.1.1/doc/Makefile.am0000644000000000000000000000002214217342322016254 0ustar00rootroot00000000000000SUBDIRS = xml man firewalld-1.1.1/doc/Makefile.in0000644000000000000000000004546414217352322016311 0ustar00rootroot00000000000000# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = doc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ distdir distdir-am am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = xml man all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign doc/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(am__recursive_targets) install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ check-am clean clean-generic cscopelist-am ctags ctags-am \ distclean distclean-generic distclean-tags distdir dvi dvi-am \ html html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags tags-am uninstall uninstall-am .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-1.1.1/doc/xml/0000755000000000000000000000000014217353174015035 5ustar00rootroot00000000000000firewalld-1.1.1/doc/xml/Makefile.am0000644000000000000000000000541314217342322017065 0ustar00rootroot00000000000000XSLTPROC = xsltproc if ENABLE_DOCS EXTRA_DIST = $(HTMLS:../html/%.html=%.xml) \ authors.xml notes.xml seealso.xml errorcodes.xml \ transform-man.xsl.in transform-html.xsl.in \ firewalld.xml.in firewall-cmd.xml.in \ policy_zone_syntax.xml policy_zone_descriptions.xml man_MANS = $(man1_MANS) $(man5_MANS) HTMLS = $(man1_MANS:../man/man1/%.1=../html/%.html) $(man5_MANS:../man/man5/%.5=../html/%.html) man1_MANS = \ ../man/man1/firewall-applet.1 \ ../man/man1/firewall-cmd.1 \ ../man/man1/firewall-config.1 \ ../man/man1/firewalld.1 \ ../man/man1/firewall-offline-cmd.1 man5_MANS = \ ../man/man5/firewalld.conf.5 \ ../man/man5/firewalld.dbus.5 \ ../man/man5/firewalld.direct.5 \ ../man/man5/firewalld.helper.5 \ ../man/man5/firewalld.icmptype.5 \ ../man/man5/firewalld.ipset.5 \ ../man/man5/firewalld.lockdown-whitelist.5 \ ../man/man5/firewalld.richlanguage.5 \ ../man/man5/firewalld.service.5 \ ../man/man5/firewalld.zone.5 \ ../man/man5/firewalld.zones.5 \ ../man/man5/firewalld.policy.5 \ ../man/man5/firewalld.policies.5 endif CLEAN_FILES = *~ errorcodes.xml DISTCLEANFILES = $(man_MANS) $(HTMLS) transform-*.xsl \ firewalld.xml firewall-cmd.xml #SGML_CATALOG_FILES #XSLTPROC_FLAGS = --catalogs --nonet --xinclude XSLTPROC_FLAGS = --nonet --xinclude XSLTPROC_MAN_FLAGS = $(XSLTPROC_FLAGS) transform-man.xsl XSLTPROC_HTML_FLAGS = $(XSLTPROC_FLAGS) transform-html.xsl install: all: $(man_MANS) $(HTMLS) clean: -test -z "$(CLEAN_FILES)" || rm -f $(CLEAN_FILES) ../man/man1/firewall-cmd.1: errorcodes.xml ../html/firewall-cmd.html: errorcodes.xml ../man/man1/%.1: %.xml authors.xml notes.xml seealso.xml transform-man.xsl policy_zone_syntax.xml policy_zone_descriptions.xml $(XSLTPROC) -o $@ $(XSLTPROC_MAN_FLAGS) $< ../man/man5/%.5: %.xml authors.xml notes.xml seealso.xml transform-man.xsl policy_zone_syntax.xml policy_zone_descriptions.xml $(XSLTPROC) -o $@ $(XSLTPROC_MAN_FLAGS) $< ../html/%.html: %.xml authors.xml notes.xml seealso.xml transform-html.xsl policy_zone_syntax.xml policy_zone_descriptions.xml mkdir -p $(dir $@) # avoid xsltproc directory create race $(XSLTPROC) -o $@ $(XSLTPROC_HTML_FLAGS) $< errorcodes.xml: ../../src/firewall/errors.py @echo Creating $@ @grep '=\s*[0-9]\+$$' ../../src/firewall/errors.py | \ sed -e 's/^/\\/g' \ -e 's/ *= */\<\/entry\>\/g' \ -e 's/$$/\<\/entry\>\<\/row\>/g' > $@ edit = sed \ -e 's|\@PREFIX\@|$(prefix)|' \ -e 's|\@SYSCONFDIR\@|$(sysconfdir)|' \ -e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' \ -e 's|\@IFCFGDIR\@|$(IFCFGDIR)|' \ -e 's|@SRCDIR@|$(srcdir)|' transform-man.xsl: transform-man.xsl.in $(edit) $< >$@ transform-html.xsl: transform-html.xsl.in $(edit) $< >$@ firewall-cmd.xml: firewall-cmd.xml.in $(edit) $< >$@ firewalld.xml: firewalld.xml.in $(edit) $< >$@ firewalld-1.1.1/doc/xml/Makefile.in0000644000000000000000000005113714217352322017103 0ustar00rootroot00000000000000# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = doc/xml ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } man1dir = $(mandir)/man1 am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" man5dir = $(mandir)/man5 NROFF = nroff MANS = $(man1_MANS) $(man5_MANS) $(man_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = xsltproc ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @ENABLE_DOCS_TRUE@EXTRA_DIST = $(HTMLS:../html/%.html=%.xml) \ @ENABLE_DOCS_TRUE@ authors.xml notes.xml seealso.xml errorcodes.xml \ @ENABLE_DOCS_TRUE@ transform-man.xsl.in transform-html.xsl.in \ @ENABLE_DOCS_TRUE@ firewalld.xml.in firewall-cmd.xml.in \ @ENABLE_DOCS_TRUE@ policy_zone_syntax.xml policy_zone_descriptions.xml @ENABLE_DOCS_TRUE@man_MANS = $(man1_MANS) $(man5_MANS) @ENABLE_DOCS_TRUE@HTMLS = $(man1_MANS:../man/man1/%.1=../html/%.html) $(man5_MANS:../man/man5/%.5=../html/%.html) @ENABLE_DOCS_TRUE@man1_MANS = \ @ENABLE_DOCS_TRUE@ ../man/man1/firewall-applet.1 \ @ENABLE_DOCS_TRUE@ ../man/man1/firewall-cmd.1 \ @ENABLE_DOCS_TRUE@ ../man/man1/firewall-config.1 \ @ENABLE_DOCS_TRUE@ ../man/man1/firewalld.1 \ @ENABLE_DOCS_TRUE@ ../man/man1/firewall-offline-cmd.1 @ENABLE_DOCS_TRUE@man5_MANS = \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.conf.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.dbus.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.direct.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.helper.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.icmptype.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.ipset.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.lockdown-whitelist.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.richlanguage.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.service.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.zone.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.zones.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.policy.5 \ @ENABLE_DOCS_TRUE@ ../man/man5/firewalld.policies.5 CLEAN_FILES = *~ errorcodes.xml DISTCLEANFILES = $(man_MANS) $(HTMLS) transform-*.xsl \ firewalld.xml firewall-cmd.xml #SGML_CATALOG_FILES #XSLTPROC_FLAGS = --catalogs --nonet --xinclude XSLTPROC_FLAGS = --nonet --xinclude XSLTPROC_MAN_FLAGS = $(XSLTPROC_FLAGS) transform-man.xsl XSLTPROC_HTML_FLAGS = $(XSLTPROC_FLAGS) transform-html.xsl edit = sed \ -e 's|\@PREFIX\@|$(prefix)|' \ -e 's|\@SYSCONFDIR\@|$(sysconfdir)|' \ -e 's|\@PACKAGE_STRING\@|$(PACKAGE_STRING)|' \ -e 's|\@IFCFGDIR\@|$(IFCFGDIR)|' \ -e 's|@SRCDIR@|$(srcdir)|' all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/xml/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign doc/xml/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-man1: $(man1_MANS) $(man_MANS) @$(NORMAL_INSTALL) @list1='$(man1_MANS)'; \ list2='$(man_MANS)'; \ test -n "$(man1dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.1[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ done; } uninstall-man1: @$(NORMAL_UNINSTALL) @list='$(man1_MANS)'; test -n "$(man1dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.1[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) install-man5: $(man5_MANS) $(man_MANS) @$(NORMAL_INSTALL) @list1='$(man5_MANS)'; \ list2='$(man_MANS)'; \ test -n "$(man5dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.5[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list='$(man5_MANS)'; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(MANS) installdirs: for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man1 install-man5 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-man: uninstall-man1 uninstall-man5 .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ ctags-am distclean distclean-generic distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man1 install-man5 \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-man uninstall-man1 uninstall-man5 .PRECIOUS: Makefile install: all: $(man_MANS) $(HTMLS) clean: -test -z "$(CLEAN_FILES)" || rm -f $(CLEAN_FILES) ../man/man1/firewall-cmd.1: errorcodes.xml ../html/firewall-cmd.html: errorcodes.xml ../man/man1/%.1: %.xml authors.xml notes.xml seealso.xml transform-man.xsl policy_zone_syntax.xml policy_zone_descriptions.xml $(XSLTPROC) -o $@ $(XSLTPROC_MAN_FLAGS) $< ../man/man5/%.5: %.xml authors.xml notes.xml seealso.xml transform-man.xsl policy_zone_syntax.xml policy_zone_descriptions.xml $(XSLTPROC) -o $@ $(XSLTPROC_MAN_FLAGS) $< ../html/%.html: %.xml authors.xml notes.xml seealso.xml transform-html.xsl policy_zone_syntax.xml policy_zone_descriptions.xml mkdir -p $(dir $@) # avoid xsltproc directory create race $(XSLTPROC) -o $@ $(XSLTPROC_HTML_FLAGS) $< errorcodes.xml: ../../src/firewall/errors.py @echo Creating $@ @grep '=\s*[0-9]\+$$' ../../src/firewall/errors.py | \ sed -e 's/^/\\/g' \ -e 's/ *= */\<\/entry\>\/g' \ -e 's/$$/\<\/entry\>\<\/row\>/g' > $@ transform-man.xsl: transform-man.xsl.in $(edit) $< >$@ transform-html.xsl: transform-html.xsl.in $(edit) $< >$@ firewall-cmd.xml: firewall-cmd.xml.in $(edit) $< >$@ firewalld.xml: firewalld.xml.in $(edit) $< >$@ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-1.1.1/doc/xml/firewall-applet.xml0000644000000000000000000001433114217342322020642 0ustar00rootroot00000000000000 ]> firewall-applet firewalld &authors; firewall-applet 1 firewall-applet firewalld applet firewall-applet OPTIONS Description firewall-applet is a tray applet for firewalld. Options firewall-applet does not support any special options. The following options are supported: Prints a short help text and exists. QSettings firewall-applet has additional settings to adapt the look and feel. QSettings is used and stores them in ~/.config/firewall/applet.conf. The file is automatically reloaded if it has been changed and the new settings will immediately be effective. There is also the global config file /etc/firewall/applet.conf, which contains the default values. The settings in this file will be overloaded by settings in the user settings file. Here is an example applet.conf file: [General] notifications=true show-inactive=true The following settings are supported: The applet shows notifications if enabled. This setting can be enabled also in the applet with the "Enable Notifications" checkbox in the right mouse menu. This setting defaults to . If notifications are shown for these actions if enabled: Connection to firewalld established Connection to firewalld lost Firewall has been reloaded Default zone has been changed Panic mode has been enabled or disabled Activation, deactivation or change of zones bound to interfaces Activation, deactivation or change of zones bound to sources addresses Show applet also if firewalld is not running. If firewalld has been stopped or is not running the applet will be hidden and not visible in the applet tray. Enable this setting to see the applet all the time for example to be sure that the firewall is active. This setting defaults to . The shields-up zone name to be used if shields-up is enabled. This setting defaults to ''. The shields-down zone name to be used if shields-up has been deactivated again. This setting defaults to ''. If enabled, the applet icon blinks in these cases: Connection to firewalld lost Panic mode has been enabled or disabled This setting defaults to . The number of blinks if is enabled. This setting defaults to . &seealso; ¬es; firewalld-1.1.1/doc/xml/firewall-cmd.xml0000644000000000000000000036372314217345611020140 0ustar00rootroot00000000000000 ]> firewall-cmd firewalld &authors; firewall-cmd 1 firewall-cmd firewalld command line client firewall-cmd OPTIONS Description firewall-cmd is the command line client of the firewalld daemon. It provides an interface to manage the runtime and permanent configurations. The runtime configuration in firewalld is separated from the permanent configuration. This means that things can get changed in the runtime or permanent configuration. Options Sequence options are the options that can be specified multiple times, the exit code is 0 if there is at least one item that succeeded. The ALREADY_ENABLED (11), NOT_ENABLED (12) and also ZONE_ALREADY_SET (16) errors are treated as succeeded. If there are issues while parsing the items, then these are treated as warnings and will not change the result as long as there is a succeeded one. Without any succeeded item, the exit code will depend on the error codes. If there is exactly one error code, then this is used. If there are more than one then UNKNOWN_ERROR (254) will be used. The following options are supported: General Options Prints a short help text and exits. Print the version string of firewalld. This option is not combinable with other options. Do not print status messages. Status Options Check whether the firewalld daemon is active (i.e. running). Returns an exit code 0 if it is active, RUNNING_BUT_FAILED if failure occurred on startup, NOT_RUNNING otherwise. See . This will also print the state to STDOUT. Reload firewall rules and keep state information. Current permanent configuration will become new runtime configuration, i.e. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration. Note: If FlushAllOnReload=no, runtime changes applied via the direct interface are not affected and will therefore stay in place until firewalld daemon is restarted completely. For FlushAllOnReload, see firewalld.conf5. Reload firewall completely, even netfilter kernel modules. This will most likely terminate active connections, because state information is lost. This option should only be used in case of severe firewall problems. For example if there are state information problems that no connection can be established with correct firewall rules. Note: If FlushAllOnReload=no, runtime changes applied via the direct interface are not affected and will therefore stay in place until firewalld daemon is restarted completely. For FlushAllOnReload, see firewalld.conf5. Save active runtime configuration and overwrite permanent configuration with it. The way this is supposed to work is that when configuring firewalld you do runtime changes only and once you're happy with the configuration and you tested that it works the way you want, you save the configuration to disk. Run checks on the permanent configuration. This includes XML validity and semantics. Log Denied Options Print the log denied setting. =value Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type. The possible values are: all, unicast, broadcast, multicast and off. The default setting is off, which disables the logging. This is a runtime and permanent change and will also reload the firewall to be able to add the logging rules. Permanent Options The permanent option can be used to set options permanently. These changes are not effective immediately, only after service restart/reload or system reboot. Without the option, a change will only be part of the runtime configuration. If you want to make a change in runtime and permanent configuration, use the same call with and without the option. The option can be optionally added to all options further down where it is supported. Zone Options Print default zone for connections and interfaces. =zone Set default zone for connections and interfaces where no zone has been selected. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone. This is a runtime and permanent change. Print currently active zones altogether with interfaces and sources used in these zones. Active zones are zones, that have a binding to an interface or source. The output format is: zone1 interfaces: interface1 interface2 .. sources: source1 .. zone2 interfaces: interface3 .. zone3 sources: source2 .. If there are no interfaces or sources bound to the zone, the corresponding line will be omitted. Print predefined zones as a space separated list. Print predefined services as a space separated list. Print predefined icmptypes as a space separated list. =interface Print the name of the zone the interface is bound to or no zone. =source/mask|MAC|ipset:ipset Print the name of the zone the source is bound to or no zone. Print information about the zone zone. The output format is: zone interfaces: interface1 .. sources: source1 .. services: service1 .. ports: port1 .. protocols: protocol1 .. forward-ports: forward-port1 .. source-ports: source-port1 .. icmp-blocks: icmp-type1 .. rich rules: rich-rule1 .. List everything added for or enabled in all zones. The output format is: zone1 interfaces: interface1 .. sources: source1 .. services: service1 .. ports: port1 .. protocols: protocol1 .. forward-ports: forward-port1 .. icmp-blocks: icmp-type1 .. rich rules: rich-rule1 .. .. =zone Add a new permanent and empty zone. Zone names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =zone Add a new permanent zone from a prepared zone file with an optional name override. =zone Delete an existing permanent zone. =zone Load zone default settings or report NO_DEFAULTS error. Print path of the zone configuration file. Policy Options Print predefined policies as a space separated list. =policy Print information about the policy policy. List everything added for or enabled in all policies. =policy Add a new permanent policy. Policy names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =policy Add a new permanent policy from a prepared policy file with an optional name override. =policy Print path of the policy configuration file. =policy Delete an existing permanent policy. =policy Load the shipped defaults for a policy. Only applies to policies shipped with firewalld. Does not apply to user defined policies. Options to Adapt and Query Zones and Policies Options in this section affect only one particular zone or policy. If used with =zone or =policy option, they affect the specified zone or policy. If both options are omitted, they affect the default zone (see ). =zone =policy List everything added or enabled. =zone =policy Get the target. =zone =policy =zone Set the target. For zones target is one of: default, ACCEPT, DROP, REJECT For policies target is one of: CONTINUE, ACCEPT, DROP, REJECT default is similar to REJECT, but it implicitly allows ICMP packets. =zone =policy =description Set description. =zone =policy Print description. =zone =policy =description Set short description. =zone =policy Print short description. =zone =policy List services added as a space separated list. =zone =policy =service =timeval Add a service. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The service is one of the firewalld provided services. To get a list of the supported services, use firewall-cmd --get-services. The option is not combinable with the option. Note: Some services define connection tracking helpers. Helpers that may operate in client mode (e.g. tftp) must be added to an outbound policy instead of a zone to take effect for clients. Otherwise the helper will not be applied to the outbound traffic. The related traffic, as defined by the connection tracking helper, on the return path (ingress) will be allowed by the stateful firewall rules. An example of an outbound policy for connection tracking helpers: # firewall-cmd --permanent --new-policy clientConntrack # firewall-cmd --permanent --policy clientConntrack --add-ingress-zone HOST # firewall-cmd --permanent --policy clientConntrack --add-egress-zone ANY # firewall-cmd --permanent --policy clientConntrack --add-service tftp =zone =policy =service Remove a service. This option can be specified multiple times. =zone =policy =service Return whether service has been added. Returns 0 if true, 1 otherwise. =zone =policy List ports added as a space separated list. A port is of the form portid-portid/protocol, it can be either a port and protocol pair or a port range with a protocol. =zone =policy =portid-portid/protocol =timeval Add the port. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The option is not combinable with the option. =zone =policy =portid-portid/protocol Remove the port. This option can be specified multiple times. =zone =policy =portid-portid/protocol Return whether the port has been added. Returns 0 if true, 1 otherwise. =zone =policy List protocols added as a space separated list. =zone =policy =protocol =timeval Add the protocol. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. The option is not combinable with the option. =zone =policy =protocol Remove the protocol. This option can be specified multiple times. =zone =policy =protocol Return whether the protocol has been added. Returns 0 if true, 1 otherwise. =zone =policy List source ports added as a space separated list. A port is of the form portid-portid/protocol. =zone =policy =portid-portid/protocol =timeval Add the source port. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The option is not combinable with the option. =zone =policy =portid-portid/protocol Remove the source port. This option can be specified multiple times. =zone =policy =portid-portid/protocol Return whether the source port has been added. Returns 0 if true, 1 otherwise. =zone =policy List Internet Control Message Protocol (ICMP) type blocks added as a space separated list. =zone =policy =icmptype =timeval Add an ICMP block for icmptype. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The icmptype is the one of the icmp types firewalld supports. To get a listing of supported icmp types: firewall-cmd --get-icmptypes The option is not combinable with the option. =zone =policy =icmptype Remove the ICMP block for icmptype. This option can be specified multiple times. =zone =policy =icmptype Return whether an ICMP block for icmptype has been added. Returns 0 if true, 1 otherwise. =zone =policy List IPv4 forward ports added as a space separated list. For IPv6 forward ports, please use the rich language. =zone =policy =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask =timeval Add the IPv4 forward port. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The port can either be a single port number portid or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The destination address is a simple IP address. The option is not combinable with the option. For IPv6 forward ports, please use the rich language. Note: IP forwarding will be implicitly enabled if is specified. =zone =policy =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Remove the IPv4 forward port. This option can be specified multiple times. For IPv6 forward ports, please use the rich language. =zone =policy =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Return whether the IPv4 forward port has been added. Returns 0 if true, 1 otherwise. For IPv6 forward ports, please use the rich language. =zone =policy =timeval Enable IPv4 masquerade. If a timeout is supplied, masquerading will be active for the specified amount of time. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. Masquerading is useful if the machine is a router and machines connected over an interface in another zone should be able to use the first connection. The option is not combinable with the option. For IPv6 masquerading, please use the rich language. Note: IP forwarding will be implicitly enabled. =zone =policy Disable IPv4 masquerade. If the masquerading was enabled with a timeout, it will be disabled also. For IPv6 masquerading, please use the rich language. =zone =policy Return whether IPv4 masquerading has been enabled. Returns 0 if true, 1 otherwise. For IPv6 masquerading, please use the rich language. =zone =policy List rich language rules added as a newline separated list. =zone =policy ='rule' =timeval Add rich language rule 'rule'. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. For the rich language rule syntax, please have a look at firewalld.richlanguage5. The option is not combinable with the option. =zone =policy ='rule' Remove rich language rule 'rule'. This option can be specified multiple times. For the rich language rule syntax, please have a look at firewalld.richlanguage5. =zone =policy ='rule' Return whether a rich language rule 'rule' has been added. Returns 0 if true, 1 otherwise. For the rich language rule syntax, please have a look at firewalld.richlanguage5. Options to Adapt and Query Zones Options in this section affect only one particular zone. If used with =zone option, they affect the specified zone. If the option is omitted, they affect default zone (see ). =zone Enable ICMP block inversion. =zone Disable ICMP block inversion. =zone Return whether ICMP block inversion is enabled. Returns 0 if true, 1 otherwise. =zone Enable intra zone forwarding. =zone Disable intra zone forwarding. =zone Return whether intra zone forwarding is enabled. Returns 0 if true, 1 otherwise. Options to Adapt and Query Policies Options in this section affect only one particular policy. It's required to specify =policy with these options. =policy Get the priority. =policy priority Set the priority. The priority determines the relative ordering of policies. This is an integer value between -32768 and 32767 where -1 is the default value for new policies and 0 is reserved for internal use. If a priority is < 0, then the policy's rules will execute before all rules in all zones. If a priority is > 0, then the policy's rules will execute after all rules in all zones. =policy List ingress zones added as a space separated list. =policy =zone Add an ingress zone. This option can be specified multiple times. The ingress zone is one of the firewalld provided zones or one of the pseudo-zones: HOST, ANY. HOST is used for traffic originating from the host machine, i.e. the host running firewalld. ANY is used for traffic originating from any zone. This can be thought of as a wild card for zones. However it does not include traffic originating from the host machine - use HOST for that. =policy =zone Remove an ingress zone. This option can be specified multiple times. =policy =zone Return whether zone has been added. Returns 0 if true, 1 otherwise. =policy List egress zones added as a space separated list. =policy =zone Add an egress zone. This option can be specified multiple times. The egress zone is one of the firewalld provided zones or one of the pseudo-zones: HOST, ANY. For clarification on HOST and ANY see option . =policy =zone Remove an egress zone. This option can be specified multiple times. =policy =zone Return whether zone has been added. Returns 0 if true, 1 otherwise. Options to Handle Bindings of Interfaces Binding an interface to a zone means that this zone settings are used to restrict traffic via the interface. Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). For a list of predefined zones use firewall-cmd --get-zones. An interface name is a string up to 16 characters long, that may not contain , , and . =zone List interfaces that are bound to zone zone as a space separated list. If zone is omitted, default zone will be used. =zone =interface Bind interface interface to zone zone. If zone is omitted, default zone will be used. If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface. If this fails, the zone binding is created in firewalld and the limitations below apply. For interfaces that are not under control of NetworkManager, firewalld tries to change the ZONE setting in the ifcfg file, if the file exists. As a end user you don't need this in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to option from ifcfg-interface file) if NM_CONTROLLED=no is not set. You should do it only if there's no /etc/sysconfig/network-scripts/ifcfg-interface file. If there is such file and you add interface to zone with this option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined. Please also have a look at the firewalld1 man page in the Concepts section. For permanent association of interface with a zone, see also 'How to set or change a zone for a connection?' in firewalld.zones5. =zone =interface If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface. If this fails, the zone binding is created in firewalld and the limitations below apply. For interfaces that are not under control of NetworkManager, firewalld tries to change the ZONE setting in the ifcfg file, if the file exists. Change zone the interface interface is bound to to zone zone. It's basically followed by . If the interface has not been bound to a zone before, it behaves like . If zone is omitted, default zone will be used. =zone =interface Query whether interface interface is bound to zone zone. Returns 0 if true, 1 otherwise. =interface If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface. If this fails, the zone binding is created in firewalld and the limitations below apply. For the addion or change of interfaces that are not under control of NetworkManager: firewalld tries to change the ZONE setting in the ifcfg file, if an ifcfg file exists that is using the interface. Only for the removal of interfaces that are not under control of NetworkManager: firewalld is not trying to change the ZONE setting in the ifcfg file. This is needed to make sure that an ifdown of the interface will not result in a reset of the zone setting to the default zone. Only the zone binding is then removed in firewalld then. Remove binding of interface interface from zone it was previously added to. Options to Handle Bindings of Sources Binding a source to a zone means that this zone settings will be used to restrict traffic from this source. A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6 or a MAC address or an ipset with the ipset: prefix. For IPv4, the mask can be a network mask or a plain number. For IPv6 the mask is a plain number. The use of host names is not supported. Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). For a list of predefined zones use firewall-cmd --get-zones. =zone List sources that are bound to zone zone as a space separated list. If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Bind the source to zone zone. If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Change zone the source is bound to to zone zone. It's basically followed by . If the source has not been bound to a zone before, it behaves like . If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Query whether the source is bound to the zone zone. Returns 0 if true, 1 otherwise. =source/mask|MAC|ipset:ipset Remove binding of the source from zone it was previously added to. IPSet Options Print the supported ipset types. =ipset =type =inet|inet6 =key=value Add a new permanent and empty ipset with specifying the type and optional the family and options like timeout, hashsize and maxelem. For more information please have a look at ipset8 man page. ipset names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =ipset Add a new permanent ipset from a prepared ipset file with an optional name override. =ipset Delete an existing permanent ipset. =ipset Load ipset default settings or report NO_DEFAULTS error. Print information about the ipset ipset. The output format is: ipset type: type options: option1[=value1] .. entries: entry1 .. Print predefined ipsets as a space separated list. =ipset =description Set new description to ipset =ipset Print description for ipset =ipset =description Set short description to ipset =ipset Print short description for ipset =ipset =entry Add a new entry to the ipset. Adding an entry to an ipset with option timeout is permitted, but these entries are not tracked by firewalld. =ipset =entry Remove an entry from the ipset. =ipset =entry Return whether the entry has been added to an ipset. Returns 0 if true, 1 otherwise. Querying an ipset with a timeout will yield an error. Entries are not tracked for ipsets with a timeout. =ipset List all entries of the ipset. =ipset =filename Add a new entries to the ipset from the file. For all entries that are listed in the file but already in the ipset, a warning will be printed. The file should contain an entry per line. Lines starting with an hash or semicolon are ignored. Also empty lines. =ipset =filename Remove existing entries from the ipset from the file. For all entries that are listed in the file but not in the ipset, a warning will be printed. The file should contain an entry per line. Lines starting with an hash or semicolon are ignored. Also empty lines. Print path of the ipset configuration file. Service Options Options in this section affect only one particular service. Print information about the service service. The output format is: service ports: port1 .. protocols: protocol1 .. source-ports: source-port1 .. helpers: helper1 .. destination: ipv1:address1 .. The following options are only usable in the permanent configuration. =service Add a new permanent and empty service. Service names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =service Add a new permanent service from a prepared service file with an optional name override. =service Delete an existing permanent service. =service Load service default settings or report NO_DEFAULTS error. Print path of the service configuration file. =service =description Set new description to service =service Print description for service =service =description Set short description to service =service Print short description for service =service =portid-portid/protocol Add a new port to the permanent service. =service =portid-portid/protocol Remove a port from the permanent service. =service =portid-portid/protocol Return whether the port has been added to the permanent service. =service List ports added to the permanent service. =service =protocol Add a new protocol to the permanent service. =service =protocol Remove a protocol from the permanent service. =service =protocol Return whether the protocol has been added to the permanent service. =service List protocols added to the permanent service. =service =portid-portid/protocol Add a new source port to the permanent service. =service =portid-portid/protocol Remove a source port from the permanent service. =service =portid-portid/protocol Return whether the source port has been added to the permanent service. =service List source ports added to the permanent service. =service =helper Add a new helper to the permanent service. =service =helper Remove a helper from the permanent service. =service =helper Return whether the helper has been added to the permanent service. =service List helpers added to the permanent service. =service =ipv:address/mask Set destination for ipv to address[/mask] in the permanent service. =service =ipv Remove the destination for ipv from the permanent service. =service =ipv:address/mask Return whether the destination ipv to address[/mask] has been set in the permanent service. =service List destinations added to the permanent service. =service =service Add a new include to the permanent service. =service =service Remove a include from the permanent service. =service =service Return whether the include has been added to the permanent service. =service List includes added to the permanent service. Helper Options Options in this section affect only one particular helper. Print information about the helper helper. The output format is: helper family: family module: module ports: port1 .. The following options are only usable in the permanent configuration. =helper =nf_conntrack_module =ipv4|ipv6 Add a new permanent helper with module and optionally family defined. Helper names must be alphanumeric and may additionally include characters: '-'. =filename =helper Add a new permanent helper from a prepared helper file with an optional name override. =helper Delete an existing permanent helper. =helper Load helper default settings or report NO_DEFAULTS error. Print path of the helper configuration file. Print predefined helpers as a space separated list. =helper =description Set new description to helper =helper Print description for helper =helper =description Set short description to helper =helper Print short description for helper =helper =portid-portid/protocol Add a new port to the permanent helper. =helper =portid-portid/protocol Remove a port from the permanent helper. =helper =portid-portid/protocol Return whether the port has been added to the permanent helper. =helper List ports added to the permanent helper. =helper =description Set module description for helper =helper Print module description for helper =helper =description Set family description for helper =helper Print family description of helper Internet Control Message Protocol (ICMP) type Options Options in this section affect only one particular icmptype. Print information about the icmptype icmptype. The output format is: icmptype destination: ipv1 .. The following options are only usable in the permanent configuration. =icmptype Add a new permanent and empty icmptype. ICMP type names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =icmptype Add a new permanent icmptype from a prepared icmptype file with an optional name override. =icmptype Delete an existing permanent icmptype. =icmptype Load icmptype default settings or report NO_DEFAULTS error. =icmptype =description Set new description to icmptype =icmptype Print description for icmptype =icmptype =description Set short description to icmptype =icmptype Print short description for icmptype =icmptype =ipv Enable destination for ipv in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype =ipv Disable destination for ipv in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype =ipv Return whether destination for ipv is enabled in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype List destinations in permanent icmptype. Print path of the icmptype configuration file. Direct Options DEPRECATED The direct interface has been deprecated. It will be removed in a future release. It is superseded by policies, see firewalld.policies5. The direct options give a more direct access to the firewall. These options require user to know basic iptables concepts, i.e. table (filter/mangle/nat/...), chain (INPUT/OUTPUT/FORWARD/...), commands (-A/-D/-I/...), parameters (-p/-s/-d/-j/...) and targets (ACCEPT/DROP/REJECT/...). Direct options should be used only as a last resort when it's not possible to use for example =service or ='rule'. Warning: Direct rules behavior is different depending on the value of FirewallBackend. See CAVEATS in firewalld.direct5. The first argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it will be for IPv4 (iptables8), with ipv6 for IPv6 (ip6tables8) and with eb for ethernet bridges (ebtables8). Get all chains added to all tables. This option concerns only chains previously added with . { ipv4 | ipv6 | eb } table Get all chains added to table table as a space separated list. This option concerns only chains previously added with . { ipv4 | ipv6 | eb } table chain Add a new chain with name chain to table table. Make sure there's no other chain with this name already. There already exist basic chains to use with direct options, for example INPUT_direct chain (see iptables-save | grep direct output for all of them). These chains are jumped into before chains for zones, i.e. every rule put into INPUT_direct will be checked before rules in zones. { ipv4 | ipv6 | eb } table chain Remove chain with name chain from table table. Only chains previously added with can be removed this way. { ipv4 | ipv6 | eb } table chain Return whether a chain with name chain exists in table table. Returns 0 if true, 1 otherwise. This option concerns only chains previously added with . Get all rules added to all chains in all tables as a newline separated list of the priority and arguments. This option concerns only rules previously added with . { ipv4 | ipv6 | eb } table chain Get all rules added to chain chain in table table as a newline separated list of the priority and arguments. This option concerns only rules previously added with . { ipv4 | ipv6 | eb } table chain priority args Add a rule with the arguments args to chain chain in table table with priority priority. The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. { ipv4 | ipv6 | eb } table chain priority args Remove a rule with priority and the arguments args from chain chain in table table. Only rules previously added with can be removed this way. { ipv4 | ipv6 | eb } table chain Remove all rules in the chain with name chain exists in table table. This option concerns only rules previously added with in this chain. { ipv4 | ipv6 | eb } table chain priority args Return whether a rule with priority and the arguments args exists in chain chain in table table. Returns 0 if true, 1 otherwise. This option concerns only rules previously added with . { ipv4 | ipv6 | eb } args Pass a command through to the firewall. args can be all iptables, ip6tables and ebtables command line arguments. This command is untracked, which means that firewalld is not able to provide information about this command later on, also not a listing of the untracked passthoughs. Get all passthrough rules as a newline separated list of the ipv value and arguments. { ipv4 | ipv6 | eb } Get all passthrough rules for the ipv value as a newline separated list of the priority and arguments. { ipv4 | ipv6 | eb } args Add a passthrough rule with the arguments args for the ipv value. { ipv4 | ipv6 | eb } args Remove a passthrough rule with the arguments args for the ipv value. { ipv4 | ipv6 | eb } args Return whether a passthrough rule with the arguments args exists for the ipv value. Returns 0 if true, 1 otherwise. Lockdown Options Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt) or are authenticated using PolicyKit. With this feature administrators can lock the firewall configuration so that only applications on lockdown whitelist are able to request firewall changes. The lockdown access check limits D-Bus methods that are changing firewall rules. Query, list and get methods are not limited. The lockdown feature is a very light version of user and application policies for firewalld and is turned off by default. Enable lockdown. Be careful - if firewall-cmd is not on lockdown whitelist when you enable lockdown you won't be able to disable it again with firewall-cmd, you would need to edit firewalld.conf. This is a runtime and permanent change. Disable lockdown. This is a runtime and permanent change. Query whether lockdown is enabled. Returns 0 if lockdown is enabled, 1 otherwise. Lockdown Whitelist Options The lockdown whitelist can contain commands, contexts, users and user ids. If a command entry on the whitelist ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the absolute command inclusive arguments must match. Command paths for users are not always the same and depends on the users PATH. Some distributions symlink /bin to /usr/bin in which case it depends on the order they appear in the PATH environment variable. The context is the security (SELinux) context of a running application or service. To get the context of a running application use ps -e --context. Warning: If the context is unconfined, then this will open access for more than the desired application. The lockdown whitelist entries are checked in the following order: 1. context 2. uid 3. user 4. command List all command lines that are on the whitelist. =command Add the command to the whitelist. =command Remove the command from the whitelist. =command Query whether the command is on the whitelist. Returns 0 if true, 1 otherwise. List all contexts that are on the whitelist. =context Add the context context to the whitelist. =context Remove the context from the whitelist. =context Query whether the context is on the whitelist. Returns 0 if true, 1 otherwise. List all user ids that are on the whitelist. =uid Add the user id uid to the whitelist. =uid Remove the user id uid from the whitelist. =uid Query whether the user id uid is on the whitelist. Returns 0 if true, 1 otherwise. List all user names that are on the whitelist. =user Add the user name user to the whitelist. =user Remove the user name user from the whitelist. =user Query whether the user name user is on the whitelist. Returns 0 if true, 1 otherwise. Panic Options Enable panic mode. All incoming and outgoing packets are dropped, active connections will expire. Enable this only if there are serious problems with your network environment. For example if the machine is getting hacked in. This is a runtime only change. Disable panic mode. After disabling panic mode established connections might work again, if panic mode was enabled for a short period of time. This is a runtime only change. Returns 0 if panic mode is enabled, 1 otherwise. Examples For more examples see Example 1 Enable http service in default zone. This is runtime only change, i.e. effective until restart. firewall-cmd --add-service=http Example 2 Enable port 443/tcp immediately and permanently in default zone. To make the change effective immediately and also after restart we need two commands. The first command makes the change in runtime configuration, i.e. makes it effective immediately, until restart. The second command makes the change in permanent configuration, i.e. makes it effective after restart. firewall-cmd --add-port=443/tcp firewall-cmd --permanent --add-port=443/tcp Exit Codes On success 0 is returned. On failure the output is red colored and exit code is either 2 in case of wrong command-line option usage or one of the following error codes in other cases: String Code &errorcodes; Note that return codes of --query-* options are special: Successful queries return 0, unsuccessful ones return 1 unless an error occurred in which case the table above applies. &seealso; ¬es; firewalld-1.1.1/doc/xml/firewall-config.xml0000644000000000000000000000471714217342322020631 0ustar00rootroot00000000000000 ]> firewall-config firewalld &authors; firewall-config 1 firewall-config firewalld GUI configuration tool firewall-config OPTIONS Description firewall-config is a GUI configuration tool for firewalld. Options firewall-config does not support any special options. The only options that can be used are the general options that Gtk uses for Gtk application initialization. For more information on these options, please have a look at the runtime documentation for Gtk. The following options are supported: Prints a short help text and exits. &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.xml0000644000000000000000000002701714217345612017535 0ustar00rootroot00000000000000 ]> firewalld firewalld &authors; firewalld 1 firewalld Dynamic Firewall Manager firewalld OPTIONS Description firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and has a separation of runtime and permanent configuration options. It also supports an interface for services or applications to add firewall rules directly. Options These are the command line options of firewalld: Prints a short help text and exists. Path to firewalld default configuration. This usually defaults to /usr/lib/firewalld. =level Set the debug level for firewalld to level. The range of the debug level is 1 (lowest level) to 10 (highest level). The debug output will be written to the firewalld log file /var/log/firewalld. Print garbage collector leak information. The collector runs every 10 seconds and if there are leaks, it prints information about the leaks. Turn off daemon forking. Force firewalld to run as a foreground process instead of as a daemon in the background. Disable writing pid file. By default the program will write a pid file. If the program is invoked with this option it will not check for an existing server process. Path to firewalld system (user) configuration. This usually defaults to /etc/firewalld. Concepts firewalld has a D-Bus interface for firewall configuration of services and applications. It also has a command line client for the user. Services or applications already using D-Bus can request changes to the firewall with the D-Bus interface directly. For more information on the firewalld D-Bus interface, please have a look at firewalld.dbus5. firewalld provides support for zones, predefined services and ICMP types and has a separation of runtime and permanent configuration options. Permanent configuration is loaded from XML files in /usr/lib/firewalld () or /etc/firewalld () (see ). If NetworkManager is not in use and firewalld gets started after the network is already up, the connections and manually created interfaces are not bound to the zone specified in the ifcfg file. The interfaces will automatically be handled by the default zone. firewalld will also not get notified about network device renames. All this also applies to interfaces that are not controlled by NetworkManager if NM_CONTROLLED=no is set. You can add these interfaces to a zone with firewall-cmd [--permanent] --zone=zone --add-interface=interface. If there is a /etc/sysconfig/network-scripts/ifcfg-interface file, firewalld tries to change the ZONE=zone setting in this file. If firewalld gets reloaded, it will restore the interface bindings that were in place before reloading to keep interface bindings stable in the case of NetworkManager uncontrolled interfaces. This mechanism is not possible in the case of a firewalld service restart. It is essential to keep the ZONE= setting in the ifcfg file consistent to the binding in firewalld in the case of NetworkManager uncontrolled interfaces. Zones A network or firewall zone defines the trust level of the interface used for a connection. There are several pre-defined zones provided by firewalld. Zone configuration options and generic information about zones are described in firewalld.zone5 Services A service can be a list of local ports, protocols and destinations and additionally also a list of firewall helper modules automatically loaded if a service is enabled. Service configuration options and generic information about services are described in firewalld.service5. The use of predefined services makes it easier for the user to enable and disable access to a service. ICMP types The Internet Control Message Protocol (ICMP) is used to exchange information and also error messages in the Internet Protocol (IP). ICMP types can be used in firewalld to limit the exchange of these messages. For more information, please have a look at firewalld.icmptype5. Runtime configuration Runtime configuration is the actual active configuration and is not permanent. After reload/restart of the service or a system reboot, runtime settings will be gone if they haven't been also in permanent configuration. Permanent configuration The permanent configuration is stored in config files and will be loaded and become new runtime configuration with every machine boot or service reload/restart. Direct interface DEPRECATED The direct interface has been deprecated. It will be removed in a future release. It is superseded by policies, see firewalld.policies5. The direct interface is mainly used by services or applications to add specific firewall rules. It requires basic knowledge of ip(6)tables concepts (tables, chains, commands, parameters, targets). Directories firewalld supports two configuration directories: Default/Fallback configuration in <filename class="directory">/usr/lib/firewalld</filename> (<option>--default-config</option>) This directory contains the default and fallback configuration provided by firewalld for icmptypes, services and zones. The files provided with the firewalld package should not get changed and the changes are gone with an update of the firewalld package. Additional , and can be provided with packages or by creating files. System configuration settings in <filename class="directory">/etc/firewalld</filename> (<option>--system-config</option>) The system or user configuration stored here is either created by the system administrator or by customization with the configuration interface of firewalld or by hand. The files will overload the default configuration files. To manually change settings of pre-defined icmptypes, zones or services, copy the file from the default configuration directory to the corresponding directory in the system configuration directory and change it accordingly. For more information on icmptypes, please have a look at the firewalld.icmptype5 man page, for services at firewalld.service5 and for zones at firewalld.zone5. SIGNALS Currently only SIGHUP is supported. SIGHUP Reloads the complete firewall configuration. You can also use firewall-cmd --reload. All runtime configuration settings will be restored. Permanent configuration will change according to options defined in the configuration files. &seealso; ¬es; firewalld-1.1.1/doc/xml/firewall-offline-cmd.xml0000644000000000000000000032057414217345545021563 0ustar00rootroot00000000000000 ]> firewall-offline-cmd firewalld &authors; firewall-offline-cmd 1 firewall-offline-cmd firewalld offline command line client firewall-offline-cmd OPTIONS Description firewall-offline-cmd is an offline command line client of the firewalld daemon. It should be used only if the firewalld service is not running. For example to migrate from system-config-firewall/lokkit or in the install environment to configure firewall settings with kickstart. Some lokkit options can not be automatically converted for firewalld, they will result in an error or warning message. This tool tries to convert as much as possible, but there are limitations for example with custom rules, modules and masquerading. Check the firewall configuration after using this tool. Options If no options are given, configuration from /etc/sysconfig/system-config-firewall will be migrated. Sequence options are the options that can be specified multiple times, the exit code is 0 if there is at least one item that succeeded. The ALREADY_ENABLED (11), NOT_ENABLED (12) and also ZONE_ALREADY_SET (16) errors are treated as succeeded. If there are issues while parsing the items, then these are treated as warnings and will not change the result as long as there is a succeeded one. Without any succeeded item, the exit code will depend on the error codes. If there is exactly one error code, then this is used. If there are more than one then UNKNOWN_ERROR (254) will be used. The following options are supported: General Options Prints a short help text and exists. Prints the version string of firewalld and exits. Do not print status messages. Path to firewalld default configuration. This usually defaults to /usr/lib/firewalld. Path to firewalld system (user) configuration. This usually defaults to /etc/firewalld. Status Options Enable the firewall. This option is a default option and will activate the firewall if not already enabled as long as the option is not given. Disable the firewall by disabling the firewalld service. Run checks on the permanent (default and system) configuration. This includes XML validity and semantics. This is may be used with to check the validity of handwritten configuration files before copying them to the standard location. Lokkit Compatibility Options These options are nearly identical to the options of lokkit. Migrate system-config-firewall configuration from the given file. No further =module This option will result in a warning message and will be ignored. Handling of netfilter helpers has been merged into services completely. Adding or removing netfilter helpers outside of services is therefore not needed anymore. For more information on handling netfilter helpers in services, please have a look at firewalld.zone5. This option will result in a warning message and will be ignored. Handling of netfilter helpers has been merged into services completely. Adding or removing netfilter helpers outside of services is therefore not needed anymore. For more information on handling netfilter helpers in services, please have a look at firewalld.zone5. =service Remove a service from the default zone. This option can be specified multiple times. The service is one of the firewalld provided services. To get a list of the supported services, use firewall-cmd --get-services. service =service Add a service to the default zone. This option can be specified multiple times. The service is one of the firewalld provided services. To get a list of the supported services, use firewall-cmd --get-services. portid-portid:protocol =portid-portid:protocol Add the port to the default zone. This option can be specified multiple times. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. interface =interface This option will result in a warning message. Mark an interface as trusted. This option can be specified multiple times. The interface will be bound to the trusted zone. If the interface is used in a NetworkManager managed connection or if there is an ifcfg file for this interface, the zone will be changed to the zone defined in the configuration as soon as it gets activated. To change the zone of a connection use nm-connection-editor and set the zone to trusted, for an ifcfg file, use an editor and add "ZONE=trusted". If the zone is not defined in the ifcfg file, the firewalld default zone will be used. interface =interface This option will result in a warning message. Masquerading will be enabled in the default zone. The interface argument will be ignored. This is for IPv4 only. =type:table:filename This option will result in a warning message and will be ignored. Custom rule files are not supported by firewalld. =if=interface:port=port:proto=protocol:toport=destination port::toaddr=destination address This option will result in a warning message. Add the IPv4 forward port in the default zone. This option can be specified multiple times. The port can either be a single port number portid or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The destination address is an IP address. =icmptype This option will result in a warning message. Add an ICMP block for icmptype in the default zone. This option can be specified multiple times. The icmptype is the one of the icmp types firewalld supports. To get a listing of supported icmp types: firewall-cmd --get-icmptypes Log Denied Options Print the log denied setting. =value Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type. The possible values are: all, unicast, broadcast, multicast and off. The default setting is off, which disables the logging. This is a runtime and permanent change and will also reload the firewall to be able to add the logging rules. Zone Options Print default zone for connections and interfaces. =zone Set default zone for connections and interfaces where no zone has been selected. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone. Print predefined zones as a space separated list. Print predefined services as a space separated list. Print predefined icmptypes as a space separated list. =interface Print the name of the zone the interface is bound to or no zone. =source/mask|MAC|ipset:ipset Print the name of the zone the source is bound to or no zone. Print information about the zone zone. The output format is: zone interfaces: interface1 .. sources: source1 .. services: service1 .. ports: port1 .. protocols: protocol1 .. forward-ports: forward-port1 .. source-ports: source-port1 .. icmp-blocks: icmp-type1 .. rich rules: rich-rule1 .. List everything added for or enabled in all zones. The output format is: zone1 interfaces: interface1 .. sources: source1 .. services: service1 .. ports: port1 .. protocols: protocol1 .. forward-ports: forward-port1 .. source-ports: source-port1 .. icmp-blocks: icmp-type1 .. rich rules: rich-rule1 .. .. =zone Add a new permanent zone. Zone names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =zone Add a new permanent zone from a prepared zone file with an optional name override. Print path of the zone configuration file. =zone Delete an existing permanent zone. Policy Options Print predefined policies as a space separated list. =policy Print information about the policy policy. List everything added for or enabled in all policies. =policy Add a new permanent policy. Policy names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =policy Add a new permanent policy from a prepared policy file with an optional name override. =policy Print path of the policy configuration file. =policy Delete an existing permanent policy. =policy Load the shipped defaults for a policy. Only applies to policies shipped with firewalld. Does not apply to user defined policies. Options to Adapt and Query Zones and Policies Options in this section affect only one particular zone or policy. If used with =zone or =policy option, they affect the specified zone or policy. If both options are omitted, they affect default zone (see ). =zone =policy List everything added or enabled. =zone =policy Get the target. =zone =policy =zone Set the target. For zones target is one of: default, ACCEPT, DROP, REJECT For policies target is one of: CONTINUE, ACCEPT, DROP, REJECT default is similar to REJECT, but it implicitly allows ICMP packets. =zone =policy =description Set description. =zone =policy Print description. =zone =policy =description Set short description. =zone =policy Print short description. =zone =policy List services added as a space separated list. =zone =policy =service Add a service. This option can be specified multiple times. The service is one of the firewalld provided services. To get a list of the supported services, use firewall-cmd --get-services. Note: Some services define connection tracking helpers. Helpers that may operate in client mode (e.g. tftp) must be added to an outbound policy instead of a zone to take effect for clients. Otherwise the helper will not be applied to the outbound traffic. The related traffic, as defined by the connection tracking helper, on the return path (ingress) will be allowed by the stateful firewall rules. An example of an outbound policy for connection tracking helpers: # firewall-cmd --new-policy clientConntrack # firewall-cmd --policy clientConntrack --add-ingress-zone HOST # firewall-cmd --policy clientConntrack --add-egress-zone ANY # firewall-cmd --policy clientConntrack --add-service tftp =zone =service Remove a service from zone. This option can be specified multiple times. If zone is omitted, default zone will be used. =policy =service Remove a service from policy. This option can be specified multiple times. =zone =policy =service Return whether service has been added. Returns 0 if true, 1 otherwise. =zone =policy List ports added as a space separated list. A port is of the form portid-portid/protocol, it can be either a port and protocol pair or a port range with a protocol. =zone =policy =portid-portid/protocol Add the port. This option can be specified multiple times. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. =zone =policy =portid-portid/protocol Remove the port. This option can be specified multiple times. =zone =policy =portid-portid/protocol Return whether the port has been added. Returns 0 if true, 1 otherwise. =zone =policy List protocols added as a space separated list. =zone =policy =protocol Add the protocol. This option can be specified multiple times. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. =zone =policy =protocol Remove the protocol. This option can be specified multiple times. =zone =policy =protocol Return whether the protocol has been added. Returns 0 if true, 1 otherwise. =zone =policy List Internet Control Message Protocol (ICMP) type blocks added as a space separated list. =zone =policy =icmptype Add an ICMP block for icmptype. This option can be specified multiple times. The icmptype is the one of the icmp types firewalld supports. To get a listing of supported icmp types: firewall-cmd --get-icmptypes =zone =policy =icmptype Remove the ICMP block for icmptype. This option can be specified multiple times. =zone =policy =icmptype Return whether an ICMP block for icmptype has been added. Returns 0 if true, 1 otherwise. =zone =policy List IPv4 forward ports added as a space separated list. For IPv6 forward ports, please use the rich language. =zone =policy =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Add the IPv4 forward port. This option can be specified multiple times. The port can either be a single port number portid or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The destination address is a simple IP address. For IPv6 forward ports, please use the rich language. Note: IP forwarding will be implicitly enabled if is specified. =zone =policy =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Remove the IPv4 forward port. This option can be specified multiple times. For IPv6 forward ports, please use the rich language. =zone =policy =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Return whether the IPv4 forward port has been added. Returns 0 if true, 1 otherwise. For IPv6 forward ports, please use the rich language. =zone =policy List source ports added as a space separated list. A port is of the form portid-portid/protocol. =zone =policy =portid-portid/protocol Add the source port. This option can be specified multiple times. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. =zone =policy =portid-portid/protocol Remove the source port. This option can be specified multiple times. =zone =policy =portid-portid/protocol Return whether the source port has been added. Returns 0 if true, 1 otherwise. =zone =policy Enable IPv4 masquerade. Masquerading is useful if the machine is a router and machines connected over an interface in another zone should be able to use the first connection. For IPv6 masquerading, please use the rich language. Note: IP forwarding will be implicitly enabled. =zone =policy Disable IPv4 masquerade. For IPv6 masquerading, please use the rich language. =zone =policy Return whether IPv4 masquerading has been enabled. Returns 0 if true, 1 otherwise. For IPv6 masquerading, please use the rich language. =zone =policy List rich language rules added as a newline separated list. =zone =policy ='rule' Add rich language rule 'rule'. This option can be specified multiple times. For the rich language rule syntax, please have a look at firewalld.richlanguage5. =zone =policy ='rule' Remove rich language rule 'rule'. This option can be specified multiple times. For the rich language rule syntax, please have a look at firewalld.richlanguage5. =zone =policy ='rule' Return whether a rich language rule 'rule' has been added. Returns 0 if true, 1 otherwise. For the rich language rule syntax, please have a look at firewalld.richlanguage5. Options to Adapt and Query Zones Options in this section affect only one particular zone. If used with =zone option, they affect the specified zone. If the option is omitted, they affect the default zone (see ). =zone Enable ICMP block inversion. =zone Disable ICMP block inversion. =zone Return whether ICMP block inversion is enabled. Returns 0 if true, 1 otherwise. =zone Enable intra zone forwarding. =zone Disable intra zone forwarding. =zone Return whether intra zone forwarding is enabled. Returns 0 if true, 1 otherwise. Options to Adapt and Query Policies Options in this section affect only one particular policy. It's required to specify =policy with these options. =policy Get the priority. =policy priority Set the priority. The priority determines the relative ordering of policies. This is an integer value between -32768 and 32767 where -1 is the default value for new policies and 0 is reserved for internal use. If a priority is < 0, then the policy's rules will execute before all rules in all zones. If a priority is > 0, then the policy's rules will execute after all rules in all zones. =policy List ingress zones added as a space separated list. =policy =zone Add an ingress zone. This option can be specified multiple times. The ingress zone is one of the firewalld provided zones or one of the pseudo-zones: HOST, ANY. HOST is used for traffic originating from the host machine, i.e. the host running firewalld. ANY is used for traffic originating from any zone. This can be thought of as a wild card for zones. However it does not include traffic originating from the host machine - use HOST for that. =policy =zone Remove an ingress zone. This option can be specified multiple times. =policy =zone Return whether zone has been added. Returns 0 if true, 1 otherwise. =policy List egress zones added as a space separated list. =policy =zone Add an egress zone. This option can be specified multiple times. The egress zone is one of the firewalld provided zones or one of the pseudo-zones: HOST, ANY. For clarification on HOST and ANY see option . =policy =zone Remove an egress zone. This option can be specified multiple times. =policy =zone Return whether zone has been added. Returns 0 if true, 1 otherwise. Options to Handle Bindings of Interfaces Binding an interface to a zone means that this zone settings are used to restrict traffic via the interface. Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). For a list of predefined zones use firewall-cmd --get-zones. An interface name is a string up to 16 characters long, that may not contain , , and . =zone List interfaces that are bound to zone zone as a space separated list. If zone is omitted, default zone will be used. =zone =interface Bind interface interface to zone zone. If zone is omitted, default zone will be used. =zone =interface Change zone the interface interface is bound to to zone zone. If zone is omitted, default zone will be used. If old and new zone are the same, the call will be ignored without an error. If the interface has not been bound to a zone before, it will behave like . =zone =interface Query whether interface interface is bound to zone zone. Returns 0 if true, 1 otherwise. =zone =interface Remove binding of interface interface from zone zone. If zone is omitted, default zone will be used. Options to Handle Bindings of Sources Binding a source to a zone means that this zone settings will be used to restrict traffic from this source. A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6 or a MAC address or an ipset with the ipset: prefix. For IPv4, the mask can be a network mask or a plain number. For IPv6 the mask is a plain number. The use of host names is not supported. Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). For a list of predefined zones use firewall-cmd --get-zones. =zone List sources that are bound to zone zone as a space separated list. If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Bind the source to zone zone. If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Change zone the source is bound to to zone zone. If zone is omitted, default zone will be used. If old and new zone are the same, the call will be ignored without an error. If the source has not been bound to a zone before, it will behave like . =zone =source/mask|MAC|ipset:ipset Query whether the source is bound to the zone zone. Returns 0 if true, 1 otherwise. =zone =source/mask|MAC|ipset:ipset Remove binding of the source from zone zone. If zone is omitted, default zone will be used. IPSet Options =ipset =ipset type =ipset option=value Add a new permanent ipset with specifying the type and optional options. ipset names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =ipset Add a new permanent ipset from a prepared ipset file with an optional name override. =ipset Delete an existing permanent ipset. Print information about the ipset ipset. The output format is: ipset type: type options: option1[=value1] .. entries: entry1 .. Print predefined ipsets as a space separated list. =ipset =entry Add a new entry to the ipset. =ipset =entry Remove an entry from the ipset. =ipset =entry Return whether the entry has been added to an ipset. Returns 0 if true, 1 otherwise. =ipset List all entries of the ipset. =ipset =filename Add a new entries to the ipset from the file. For all entries that are listed in the file but already in the ipset, a warning will be printed. The file should contain an entry per line. Lines starting with an hash or semicolon are ignored. Also empty lines. =ipset =filename Remove existing entries from the ipset from the file. For all entries that are listed in the file but not in the ipset, a warning will be printed. The file should contain an entry per line. Lines starting with an hash or semicolon are ignored. Also empty lines. =ipset =description Set new description to ipset =ipset Print description for ipset =ipset =description Set new short description to ipset =ipset Print short description for ipset Print path of the ipset configuration file. Service Options Print information about the service service. The output format is: service ports: port1 .. protocols: protocol1 .. source-ports: source-port1 .. helpers: helper1 .. destination: ipv1:address1 .. =service Add a new permanent service. Service names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =service Add a new permanent service from a prepared service file with an optional name override. =service Delete an existing permanent service. Print path of the service configuration file. =service =description Set new description to service =service Print description for service =service =description Set short description to service =service Print short description for service =service =portid-portid/protocol Add a new port to the permanent service. =service =portid-portid/protocol Remove a port from the permanent service. =service =portid-portid/protocol Return whether the port has been added to the permanent service. =service List ports added to the permanent service. =service =protocol Add a new protocol to the permanent service. =service =protocol Remove a protocol from the permanent service. =service =protocol Return whether the protocol has been added to the permanent service. =service List protocols added to the permanent service. =service =portid-portid/protocol Add a new source port to the permanent service. =service =portid-portid/protocol Remove a source port from the permanent service. =service =portid-portid/protocol Return whether the source port has been added to the permanent service. =service List source ports added to the permanent service. =service =helper Add a new helper to the permanent service. =service =helper Remove a helper from the permanent service. =service =helper Return whether the helper has been added to the permanent service. =service List helpers added to the permanent service. =service =ipv:address/mask Set destination for ipv to address[/mask] in the permanent service. =service =ipv Remove the destination for ipv from the permanent service. =service =ipv:address/mask Return whether the destination ipv to address[/mask] has been set in the permanent service. =service List destinations added to the permanent service. =service =service Add a new include to the permanent service. =service =service Remove a include from the permanent service. =service =service Return whether the include has been added to the permanent service. =service List includes added to the permanent service. Helper Options Options in this section affect only one particular helper. Print information about the helper helper. The output format is: helper family: family module: module ports: port1 .. The following options are only usable in the permanent configuration. =helper =nf_conntrack_module =ipv4|ipv6 Add a new permanent helper with module and optionally family defined. Helper names must be alphanumeric and may additionally include characters: '-'. =filename =helper Add a new permanent helper from a prepared helper file with an optional name override. =helper Delete an existing permanent helper. =helper Load helper default settings or report NO_DEFAULTS error. Print path of the helper configuration file. Print predefined helpers as a space separated list. =helper =description Set new description to helper =helper Print description for helper =helper =description Set short description to helper =helper Print short description for helper =helper =portid-portid/protocol Add a new port to the permanent helper. =helper =portid-portid/protocol Remove a port from the permanent helper. =helper =portid-portid/protocol Return whether the port has been added to the permanent helper. =helper List ports added to the permanent helper. =helper =description Set module description for helper =helper Print module description for helper =helper =description Set family description for helper =helper Print family description of helper Internet Control Message Protocol (ICMP) type Options Print information about the icmptype icmptype. The output format is: icmptype destination: ipv1 .. =icmptype Add a new permanent icmptype. ICMP type names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =icmptype Add a new permanent icmptype from a prepared icmptype file with an optional name override. =icmptype Delete an existing permanent icmptype. =icmptype =description Set new description to icmptype =icmptype Print description for icmptype =icmptype =description Set short description to icmptype =icmptype Print short description for icmptype =icmptype =ipv Enable destination for ipv in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype =ipv Disable destination for ipv in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype =ipv Return whether destination for ipv is enabled in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype List destinations in permanent icmptype. Print path of the icmptype configuration file. Direct Options DEPRECATED The direct interface has been deprecated. It will be removed in a future release. It is superseded by policies, see firewalld.policies5. The direct options give a more direct access to the firewall. These options require user to know basic iptables concepts, i.e. table (filter/mangle/nat/...), chain (INPUT/OUTPUT/FORWARD/...), commands (-A/-D/-I/...), parameters (-p/-s/-d/-j/...) and targets (ACCEPT/DROP/REJECT/...). Direct options should be used only as a last resort when it's not possible to use for example =service or ='rule'. Warning: Direct rules behavior is different depending on the value of FirewallBackend. See CAVEATS in firewalld.direct5. The first argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it will be for IPv4 (iptables8), with ipv6 for IPv6 (ip6tables8) and with eb for ethernet bridges (ebtables8). Get all chains added to all tables. This option concerns only chains previously added with . { ipv4 | ipv6 | eb } table Get all chains added to table table as a space separated list. This option concerns only chains previously added with . { ipv4 | ipv6 | eb } table chain Add a new chain with name chain to table table. There already exist basic chains to use with direct options, for example INPUT_direct chain (see iptables-save | grep direct output for all of them). These chains are jumped into before chains for zones, i.e. every rule put into INPUT_direct will be checked before rules in zones. { ipv4 | ipv6 | eb } table chain Remove the chain with name chain from table table. { ipv4 | ipv6 | eb } table chain Return whether a chain with name chain exists in table table. Returns 0 if true, 1 otherwise. This option concerns only chains previously added with . Get all rules added to all chains in all tables as a newline separated list of the priority and arguments. { ipv4 | ipv6 | eb } table chain Get all rules added to chain chain in table table as a newline separated list of the priority and arguments. { ipv4 | ipv6 | eb } table chain priority args Add a rule with the arguments args to chain chain in table table with priority priority. The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. { ipv4 | ipv6 | eb } table chain priority args Remove a rule with priority and the arguments args from chain chain in table table. { ipv4 | ipv6 | eb } table chain Remove all rules in the chain with name chain exists in table table. This option concerns only rules previously added with in this chain. { ipv4 | ipv6 | eb } table chain priority args Return whether a rule with priority and the arguments args exists in chain chain in table table. Returns 0 if true, 1 otherwise. Get all permanent passthrough as a newline separated list of the ipv value and arguments. { ipv4 | ipv6 | eb } Get all permanent passthrough rules for the ipv value as a newline separated list of the priority and arguments. { ipv4 | ipv6 | eb } args Add a permanent passthrough rule with the arguments args for the ipv value. { ipv4 | ipv6 | eb } args Remove a permanent passthrough rule with the arguments args for the ipv value. { ipv4 | ipv6 | eb } args Return whether a permanent passthrough rule with the arguments args exists for the ipv value. Returns 0 if true, 1 otherwise. Lockdown Options Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt) or are authenticated using PolicyKit. With this feature administrators can lock the firewall configuration so that only applications on lockdown whitelist are able to request firewall changes. The lockdown access check limits D-Bus methods that are changing firewall rules. Query, list and get methods are not limited. The lockdown feature is a very light version of user and application policies for firewalld and is turned off by default. Enable lockdown. Be careful - if firewall-cmd is not on lockdown whitelist when you enable lockdown you won't be able to disable it again with firewall-cmd, you would need to edit firewalld.conf. Disable lockdown. Query whether lockdown is enabled. Returns 0 if lockdown is enabled, 1 otherwise. Lockdown Whitelist Options The lockdown whitelist can contain commands, contexts, users and user ids. If a command entry on the whitelist ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the absolute command inclusive arguments must match. Commands for user root and others is not always the same. Example: As root /bin/firewall-cmd is used, as a normal user /usr/bin/firewall-cmd is be used on Fedora. The context is the security (SELinux) context of a running application or service. To get the context of a running application use ps -e --context. Warning: If the context is unconfined, then this will open access for more than the desired application. The lockdown whitelist entries are checked in the following order: 1. context 2. uid 3. user 4. command List all command lines that are on the whitelist. =command Add the command to the whitelist. =command Remove the command from the whitelist. =command Query whether the command is on the whitelist. Returns 0 if true, 1 otherwise. List all contexts that are on the whitelist. =context Add the context context to the whitelist. =context Remove the context from the whitelist. =context Query whether the context is on the whitelist. Returns 0 if true, 1 otherwise. List all user ids that are on the whitelist. =uid Add the user id uid to the whitelist. =uid Remove the user id uid from the whitelist. =uid Query whether the user id uid is on the whitelist. Returns 0 if true, 1 otherwise. List all user names that are on the whitelist. =user Add the user name user to the whitelist. =user Remove the user name user from the whitelist. =user Query whether the user name user is on the whitelist. Returns 0 if true, 1 otherwise. Policy Options Change Polkit actions to 'server' (more restricted) Change Polkit actions to 'desktop' (less restricted) &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.conf.xml0000644000000000000000000001764614217342322020463 0ustar00rootroot00000000000000 ]> firewalld.conf firewalld &authors; firewalld.conf 5 firewalld.conf firewalld configuration file /firewalld/firewalld.conf Description firewalld.conf is loaded by firewalld during the initialization process. The file contains the basic configuration options for firewalld. Options These are the options that can be set in the config file: This sets the default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool. The default zone is public. Deprecated. This option is ignored and no longer used. Marks are no longer used internally. Setting this option to yes or true unloads all firewall-related kernel modules when firewalld is stopped. The default value is no or false. If firewalld stops, it cleans up all firewall rules. Setting this option to no or false leaves the current firewall rules untouched. The default value is yes or true. If this option is enabled, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown whitelist (see firewalld.lockdown-whitelist5). The default value is no or false. If this option is enabled (it is by default), reverse path filter test on a packet for IPv6 is performed. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped. For IPv4 the rp_filter is controlled using sysctl. Note: This feature has a performance impact. In most cases the impact is not enough to cause a noticeable difference. It requires route lookups and its execution occurs before the established connections fast path. As such it can have a significant performance impact if there is a lot of traffic. It's enabled by default for security, but can be disabled if performance is a concern. If this option is disabled (it is by default), combined -restore calls are used and not individual calls to apply changes to the firewall. The use of individiual calls increases the time that is needed to apply changes and to start the daemon, but is good for debugging as error messages are more specific. Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type. The possible values are: all, unicast, broadcast, multicast and off. The default setting is off, which disables the logging. Deprecated. This option is ignored and no longer used. Selects the firewall backend implementation. Possible values are; nftables (default), or iptables. This applies to all firewalld primitives. The only exception is direct and passthrough rules which always use the traditional iptables, ip6tables, and ebtables backends. Note: The iptables backend is deprecated. It will be removed in a future release. Flush all runtime rules on a reload. In previous releases some runtime configuration was retained during a reload, namely; interface to zone assignment, and direct rules. This was confusing to users. To get the old behavior set this to "no". Defaults to "yes". As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that correspond to IPv4 addresses that should not be routed over the public internet. Defaults to "yes". Deprecated. This option is ignored and no longer used. &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.dbus.xml0000644000000000000000000125360614217345545020504 0ustar00rootroot00000000000000 ]> firewalld.dbus firewalld &authors; firewalld.dbus 5 firewalld.dbus firewalld D-Bus interface description Object Paths This is the basic firewalld object path structure. The used interfaces are explained below in . /org/fedoraproject/FirewallD1 Interfaces org.fedoraproject.FirewallD1 org.fedoraproject.FirewallD1.direct (deprecated) org.fedoraproject.FirewallD1.ipset org.fedoraproject.FirewallD1.policies org.fedoraproject.FirewallD1.zone org.freedesktop.DBus.Introspectable org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config Interfaces org.fedoraproject.FirewallD1.config org.fedoraproject.FirewallD1.config.direct (deprecated) org.fedoraproject.FirewallD1.config.policies org.freedesktop.DBus.Introspectable org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config/zone/i Interfaces org.fedoraproject.FirewallD1.config.zone org.freedesktop.DBus.Introspectable org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config/service/i Interfaces: org.fedoraproject.FirewallD1.config.service org.freedesktop.DBus.Introspectable org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config/ipset/i Interfaces org.fedoraproject.FirewallD1.config.ipset org.freedesktop.DBus.Introspectable org.freedesktop.DBus.Properties /org/fedoraproject/FirewallD1/config/icmptype/i Interfaces org.fedoraproject.FirewallD1.config.icmptype org.freedesktop.DBus.Introspectable org.freedesktop.DBus.Properties Interfaces org.fedoraproject.FirewallD1 This interface contains general runtime operations, like: reloading, panic mode, default zone handling, getting services and icmp types and their settings. Methods authorizeAll() → Nothing Initiate authorization for the complete firewalld D-Bus interface. This method it mostly useful for configuration applications. completeReload() → Nothing Reload firewall completely, even netfilter kernel modules. This will most likely terminate active connections, because state information is lost. This option should only be used in case of severe firewall problems. For example if there are state information problems that no connection can be established with correct firewall rules. disablePanicMode() → Nothing Disable panic mode. After disabling panic mode established connections might work again, if panic mode was enabled for a short period of time. Possible errors: NOT_ENABLED, COMMAND_FAILED enablePanicMode() → Nothing Enable panic mode. All incoming and outgoing packets are dropped, active connections will expire. Enable this only if there are serious problems with your network environment. Possible errors: ALREADY_ENABLED, COMMAND_FAILED getAutomaticHelpers() → s Deprecated. This always returns "no". getDefaultZone() → s Return default zone. getHelperSettings(s: helper) → (sssssa(ss)) Return runtime settings of given helper. For getting permanent settings see org.fedoraproject.FirewallD1.config.helper.Methods.getSettings. Settings are in format: version, name, description, family, module and array of ports. version (s): see version attribute of helper tag in firewalld.helper5. name (s): see short tag in firewalld.helper5. description (s): see description tag in firewalld.helper5. family (s): see family tag in firewalld.helper5. module (s): see module tag in firewalld.helper5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.helper5. Possible errors: INVALID_HELPER getHelpers() → as Return array of helper names (s) in runtime configuration. For permanent configuration see org.fedoraproject.FirewallD1.config.Methods.listHelpers. getIcmpTypeSettings(s: icmptype) → (sssas) Return runtime settings of given icmptype. For getting permanent settings see org.fedoraproject.FirewallD1.config.icmptype.Methods.getSettings. Settings are in format: version, name, description, array of destinations. version (s): see version attribute of icmptype tag in firewalld.icmptype5. name (s): see short tag in firewalld.icmptype5. description (s): see description tag in firewalld.icmptype5. destinations (as): array, either empty or containing strings 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype5. Possible errors: INVALID_ICMPTYPE getLogDenied() → s Retruns the LogDenied value. If LogDenied is enabled, then logging rules are added right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones. Possible values are: all, unicast, broadcast, multicast and off. The default value is off getServiceSettings(s: service) → (sssa(ss)asa{ss}asa(ss)) This function is deprecated, use org.fedoraproject.FirewallD1.Methods.getServiceSettings2 instead. getServiceSettings2(s: service) → s{sv} Return runtime settings of given service. For getting permanent settings see org.fedoraproject.FirewallD1.config.service.Methods.getSettings2. Settings are a dictionary indexed by keywords. For the type of each value see below. If the value is empty it may be ommitted. version (s): see version attribute of service tag in firewalld.service5. name (s): see short tag in firewalld.service5. description (s): see description tag in firewalld.service5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service5. module names (as): array of kernel netfilter helpers, see module tag in firewalld.service5. destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. protocols (as): array of protocols, see protocol tag in firewalld.service5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. includes (as): array of service includes, see include tag in firewalld.service5. helpers (as): array of service helpers, see helper tag in firewalld.service5. Possible errors: INVALID_SERVICE getZoneSettings(s: zone) → (sssbsasa(ss)asba(ssss)asasasasa(ss)b) This function is deprecated, use org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2 instead. listIcmpTypes() → as Return array of names (s) of icmp types in runtime configuration. For permanent configuration see org.fedoraproject.FirewallD1.config.Methods.listIcmpTypes. listServices() → as Return array of service names (s) in runtime configuration. For permanent configuration see org.fedoraproject.FirewallD1.config.Methods.listServices. queryPanicMode() → b Return true if panic mode is enabled, false otherwise. In panic mode all incoming and outgoing packets are dropped. reload() → Nothing Reload firewall rules and keep state information. Current permanent configuration will become new runtime configuration, i.e. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration. runtimeToPermanent() → Nothing Make runtime settings permanent. Replaces permanent settings with runtime settings for zones, services, icmptypes, direct (deprecated) and policies (lockdown whitelist). Possible errors: RT_TO_PERM_FAILED checkPermanentConfig() → Nothing Run checks on the permanent configuration. This is most useful if changes were made manually to configuration files. Possible errors: any setDefaultZone(s: zone) → Nothing Set default zone for connections and interfaces where no zone has been selected to zone. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone. This is a runtime and permanent change. Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED setLogDenied(s: value) → Nothing Set LogDenied value to value. If LogDenied is enabled, then logging rules are added right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones. Possible values are: all, unicast, broadcast, multicast and off. The default value is off This is a runtime and permanent change. Possible errors: ALREADY_SET, INVALID_VALUE Signals DefaultZoneChanged(s: zone) Emitted when default zone has been changed to zone. LogDeniedChanged(s: value) Emitted when LogDenied value has been changed. PanicModeDisabled() Emitted when panic mode has been deactivated. PanicModeEnabled() Emitted when panic mode has been activated. Reloaded() Emitted when firewalld has been reloaded. Also emitted for a complete reload. Properties BRIDGE - b - (ro) Indicates whether the firewall has ethernet bridge support. IPSet - b - (ro) Indicates whether the firewall has IPSet support. IPSetTypes - as - (ro) The supported IPSet types by ipset and firewalld. IPv4 - b - (ro) Indicates whether the firewall has IPv4 support. IPv4ICMPTypes - as - (ro) The list of supported IPv4 ICMP types. IPv6 - b - (ro) Indicates whether the firewall has IPv6 support. IPv6_rpfilter - b - (ro) Indicates whether the reverse path filter test on a packet for IPv6 is enabled. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped. IPv6ICMPTypes - as - (ro) The list of supported IPv6 ICMP types. nf_conntrach_helper_setting - b - (ro) Deprecated. Always False. nf_conntrack_helpers - a{sas} - (ro) Deprecated. Always returns an empty dictionary. nf_nat_helpers - a{sas} - (ro) Deprecated. Always returns an empty dictionary. interface_version - s - (ro) firewalld D-Bus interface version string. state - s - (ro) firewalld state. This can be either INIT, FAILED, or RUNNING. In INIT state, firewalld is starting up and initializing. In FAILED state, firewalld completely started but experienced a failure. version - s - (ro) firewalld version string. org.fedoraproject.FirewallD1.ipset Operations in this interface allows one to get, add, remove and query runtime ipset settings. For permanent configuration see org.fedoraproject.FirewallD1.config.ipset interface. Methods addEntry(s: ipset, s: entry) → as Add a new entry to ipset. The entry must match the type of the ipset. If the ipset is using the timeout option, it is not possible to see the entries, as they are timing out automatically in the kernel. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.addEntry. Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT getEntries(s: ipset) → Nothing Get all entries added to the ipset. If the ipset is using the timeout option, it is not possible to see the entries, as they are timing out automatically in the kernel. Return value is a array of entry. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.getEntries. Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT getSettings(s: ipset) → (ssssa{ss}as) Return runtime settings of given ipset. For getting permanent settings see org.fedoraproject.FirewallD1.config.ipset.Methods.getSettings. Settings are in format: version, name, description, type, dictionary of options and array of entries. version (s): see version attribute of ipset tag in firewalld.ipset5. name (s): see short tag in firewalld.ipset5. description (s): see description tag in firewalld.ipset5. type (s): see type attribute of ipset tag in firewalld.ipset5. options (a{ss}): dictionary of {option : value} . See options tag in firewalld.ipset5. entries (as): array of entries, see entry tag in firewalld.ipset5. Possible errors: INVALID_IPSET getIPSets() → as Return array of ipset names (s) in runtime configuration. For permanent configuration see org.fedoraproject.FirewallD1.config.Methods.listIPSets. queryEntry(s: ipset, s: entry) → b Return whether entry has been added to ipset. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.queryEntry. Possible errors: INVALID_IPSET queryIPSet(s: ipset) → b Return whether ipset is defined in runtime configuration. removeEntry(s: ipset, s: entry) → as Removes an entry from ipset. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.removeEntry. Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT setEntries(as: entries) → Nothing Permanently set list of entries to entries. For permanent operation see org.fedoraproject.FirewallD1.config.ipset.Methods.setEntries. See entry tag in firewalld.ipset5. Signals EntryAdded(s: ipset, s: entry) Emitted when entry has been added to ipset. EntryRemoved(s: ipset, s: entry) Emitted when entry has been removed from ipset. org.fedoraproject.FirewallD1.direct DEPRECATED The direct interface has been deprecated. It will be removed in a future release. It is superseded by policies, see firewalld.policies5. This interface enables more direct access to the firewall. It enables runtime manipulation with chains and rules. For permanent configuration see org.fedoraproject.FirewallD1.config.direct interface. Methods addChain(s: ipv, s: table, s: chain) → Nothing Add a new chain to table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Make sure there's no other chain with this name already. There already exist basic chains to use with direct methods, for example INPUT_direct chain. These chains are jumped into before chains for zones, i.e. every rule put into INPUT_direct will be checked before rules in zones. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.addChain. Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED, COMMAND_FAILED addPassthrough(s: ipv, as: args) → Nothing Add a tracked passthrough rule with the arguments args for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Valid commands in args are only -A/--append, -I/--insert and -N/--new-chain. This method is (unlike passthrough method) tracked, i.e. firewalld remembers it. It's useful with org.fedoraproject.FirewallD1.Methods.runtimeToPermanent For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.addPassthrough. Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing Add a rule with the arguments args to chain in table with priority for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.addRule. Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED, COMMAND_FAILED getAllChains() → a(sss) Get all chains added to all tables in format: ipv, table, chain. This concerns only chains previously added with addChain. Return value is a array of (ipv, table, chain). For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getAllChains. ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). table (s): one of filter, mangle, nat, raw, security chain (s): name of a chain. getAllPassthroughs() → a(sas) Get all tracked passthrough rules added in all ipv types in format: ipv, rule. This concerns only rules previously added with addPassthrough. Return value is a array of (ipv, array of arguments). For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getAllPassthroughs. ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. getAllRules() → a(sssias) Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule. This concerns only rules previously added with addRule. Return value is a array of (ipv, table, chain, priority, array of arguments). For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getAllRules. ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). table (s): one of filter, mangle, nat, raw, security chain (s): name of a chain. priority (i): used to order rules. arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. getChains(s: ipv, s: table) → as Return an array of chains (s) added to table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only chains previously added with addChain. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getChains. Possible errors: INVALID_IPV, INVALID_TABLE getPassthroughs(s: ipv) → aas Get tracked passthrough rules added in either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addPassthrough. Return value is a array of (array of arguments). For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getPassthroughs. arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. getRules(s: ipv, s: table, s: chain) → a(ias) Get all rules added to chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addRule. Return value is a array of (priority, array of arguments). For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.getRules. priority (i): used to order rules. arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. Possible errors: INVALID_IPV, INVALID_TABLE passthrough(s: ipv, as: args) → s Pass a command through to the firewall. ipv can be either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). args can be all iptables, ip6tables and ebtables command line arguments. args can be all iptables, ip6tables and ebtables command line arguments. This command is untracked, which means that firewalld is not able to provide information about this command later on. Possible errors: COMMAND_FAILED queryChain(s: ipv, s: table, s: chain) → b Return whether a chain exists in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only chains previously added with addChain. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.queryChain. Possible errors: INVALID_IPV, INVALID_TABLE queryPassthrough(s: ipv, as: args) → b Return whether a tracked passthrough rule with the arguments args exists for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addPassthrough. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.queryPassthrough. Possible errors: INVALID_IPV queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b Return whether a rule with priority and the arguments args exists in chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addRule. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.queryRule. Possible errors: INVALID_IPV, INVALID_TABLE removeAllPassthroughs() → Nothing Remove all passthrough rules previously added with addPassthrough. removeChain(s: ipv, s: table, s: chain) → Nothing Remove a chain from table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Only chains previously added with addChain can be removed this way. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.removeChain. Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED, COMMAND_FAILED removePassthrough(s: ipv, as: args) → Nothing Remove a tracked passthrough rule with arguments args for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Only rules previously added with addPassthrough can be removed this way. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.removePassthrough. Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing Remove a rule with priority and arguments args from chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Only rules previously added with addRule can be removed this way. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.removeRule. Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED, COMMAND_FAILED removeRules(s: ipv, s: table, s: chain) → Nothing Remove all rules from chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addRule. For permanent operation see org.fedoraproject.FirewallD1.config.direct.Methods.removeRules. Possible errors: INVALID_IPV, INVALID_TABLE Signals ChainAdded(s: ipv, s: table, s: chain) Emitted when chain has been added into table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). ChainRemoved(s: ipv, s: table, s: chain) Emitted when chain has been removed from table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). PassthroughAdded(s: ipv, as: args) Emitted when a tracked passthruogh rule with args has been added for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). PassthroughRemoved(s: ipv, as: args) Emitted when a tracked passthrough rule with args has been removed for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args) Emitted when a rule with args has been added to chain in table with priority for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args) Emitted when a rule with args has been removed from chain in table with priority for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). org.fedoraproject.FirewallD1.policies Enables firewalld to be able to lock down configuration changes from local applications. Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt). With these operations administrator can lock the firewall configuration so that either none or only applications that are in the whitelist are able to request firewall changes. For permanent configuration see org.fedoraproject.FirewallD1.config.policies interface. Methods addLockdownWhitelistCommand(s: command) → Nothing Add command to whitelist. See command option in firewalld.lockdown-whitelist5. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistCommand. Possible errors: ALREADY_ENABLED, INVALID_COMMAND addLockdownWhitelistContext(s: context) → Nothing Add context to whitelist. See selinux option in firewalld.lockdown-whitelist5. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistContext. Possible errors: ALREADY_ENABLED, INVALID_COMMAND addLockdownWhitelistUid(i: uid) → Nothing Add user id uid to whitelist. See user option in firewalld.lockdown-whitelist5. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUid. Possible errors: ALREADY_ENABLED, INVALID_COMMAND addLockdownWhitelistUser(s: user) → Nothing Add user name to whitelist. See user option in firewalld.lockdown-whitelist5. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.addLockdownWhitelistUser. Possible errors: ALREADY_ENABLED, INVALID_COMMAND disableLockdown() → Nothing Disable lockdown. This is a runtime and permanent change. Possible errors: NOT_ENABLED enableLockdown() → Nothing Enable lockdown. Be careful - if the calling application/user is not on lockdown whitelist when you enable lockdown you won't be able to disable it again with the application, you would need to edit firewalld.conf. This is a runtime and permanent change. Possible errors: ALREADY_ENABLED getLockdownWhitelistCommands() → as List all command lines (s) that are on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistCommands. getLockdownWhitelistContexts() → as List all contexts (s) that are on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistContexts. getLockdownWhitelistUids() → ai List all user ids (i) that are on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUids. getLockdownWhitelistUsers() → as List all users (s) that are on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.getLockdownWhitelistUsers. queryLockdown() → b Query whether lockdown is enabled. queryLockdownWhitelistCommand(s: command) → b Query whether command is on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistCommand. queryLockdownWhitelistContext(s: context) → b Query whether context is on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistContext. queryLockdownWhitelistUid(i: uid) → b Query whether user id uid is on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUid. queryLockdownWhitelistUser(s: user) → b Query whether user is on whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.queryLockdownWhitelistUser. removeLockdownWhitelistCommand(s: command) → Nothing Remove command from whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistCommand. Possible errors: NOT_ENABLED removeLockdownWhitelistContext(s: context) → Nothing Remove context from whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistContext. Possible errors: NOT_ENABLED removeLockdownWhitelistUid(i: uid) → Nothing Remove user id uid from whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUid. Possible errors: NOT_ENABLED removeLockdownWhitelistUser(s: user) → Nothing Remove user from whitelist. For permanent operation see org.fedoraproject.FirewallD1.config.policies.Methods.removeLockdownWhitelistUser. Possible errors: NOT_ENABLED Signals LockdownDisabled() Emitted when lockdown has been disabled. LockdownEnabled() Emitted when lockdown has been enabled. LockdownWhitelistCommandAdded(s: command) Emitted when command has been added to whitelist. LockdownWhitelistCommandRemoved(s: command) Emitted when command has been removed from whitelist. LockdownWhitelistContextAdded(s: context) Emitted when context has been added to whitelist. LockdownWhitelistContextRemoved(s: context) Emitted when context has been removed from whitelist. LockdownWhitelistUidAdded(i: uid) Emitted when user id uid has been added to whitelist. LockdownWhitelistUidRemoved(i: uid) Emitted when user id uid has been removed from whitelist. LockdownWhitelistUserAdded(s: user) Emitted when user has been added to whitelist. LockdownWhitelistUserRemoved(s: user) Emitted when user has been removed from whitelist. org.fedoraproject.FirewallD1.zone Operations in this interface allows one to get, add, remove and query runtime zone's settings. For permanent settings see org.fedoraproject.FirewallD1.config.zone interface. Methods getZoneSettings2(s: zone) → a{sv} Return runtime settings of given zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2. Settings are a dictionary indexed by keywords. For the type of each value see below. If the value is empty it may be omitted. version (s): see version attribute of zone tag in firewalld.zone5. name (s): see short tag in firewalld.zone5. description (s): see description tag in firewalld.zone5. target (s): see target attribute of zone tag in firewalld.zone5. services (as): array of service names, see service tag in firewalld.zone5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone5. icmp_blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone5. masquerade (b): see masquerade tag in firewalld.zone5. forward_ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone5. interfaces (as): array of interfaces. See interface tag in firewalld.zone5. sources (as): array of source addresses. See source tag in firewalld.zone5. rules_str (as): array of rich-language rules. See rule tag in firewalld.zone5. protocols (as): array of protocols, see protocol tag in firewalld.zone5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone5. icmp_block_inversion (b): see icmp-block-inversion tag in firewalld.zone5. forward (b): see forward tag in firewalld.zone5. Possible errors: INVALID_ZONE setZoneSettings2(s: zone, a{sv}: settings, i: timeout) Set runtime settings of given zone. For setting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.update2. Settings are a dictionary indexed by keywords. For the type of each value see below. To zero a value pass an empty string or list. services (as): array of service names, see service tag in firewalld.zone5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone5. icmp_blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone5. masquerade (b): see masquerade tag in firewalld.zone5. forward_ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone5. interfaces (as): array of interfaces. See interface tag in firewalld.zone5. sources (as): array of source addresses. See source tag in firewalld.zone5. rules_str (as): array of rich-language rules. See rule tag in firewalld.zone5. protocols (as): array of protocols, see protocol tag in firewalld.zone5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone5. icmp_block_inversion (b): see icmp-block-inversion tag in firewalld.zone5. forward (b): see forward tag in firewalld.zone5. Possible errors: INVALID_ZONE addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) → s Add the IPv4 forward port into zone. If zone is empty, use default zone. The port can either be a single port number portid or a port range portid-portid. The protocol can either be tcp or udp. The destination address is a simple IP address. If timeout is non-zero, the operation will be active only for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addForwardPort. Returns name of zone to which the forward port was added. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, ALREADY_ENABLED, INVALID_COMMAND addIcmpBlock(s: zone, s: icmp, i: timeout) → s Add an ICMP block icmp into zone. The icmp is the one of the icmp types firewalld supports. To get a listing of supported icmp types use org.fedoraproject.FirewallD1.Methods.listIcmpTypes If zone is empty, use default zone. If timeout is non-zero, the operation will be active only for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlock. Returns name of zone to which the ICMP block was added. Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, ALREADY_ENABLED, INVALID_COMMAND addIcmpBlockInversion(s: zone) → s Add ICMP block inversion to zone. If zone is empty, use default zone. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addIcmpBlockInversion. Returns name of zone to which the ICMP block inversion was added. Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND addInterface(s: zone, s: interface) → s Bind interface with zone. From now on all traffic going through the interface will respect the zone's settings. If zone is empty, use default zone. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addInterface. Returns name of zone to which the interface was bound. Possible errors: INVALID_ZONE, INVALID_INTERFACE, ALREADY_ENABLED, INVALID_COMMAND addMasquerade(s: zone, i: timeout) → s Enable masquerade in zone. If zone is empty, use default zone. If timeout is non-zero, masquerading will be active for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addMasquerade. Returns name of zone in which the masquerade was enabled. Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND addPort(s: zone, s: port, s: protocol, i: timeout) → s Add port into zone. If zone is empty, use default zone. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp or udp. If timeout is non-zero, the operation will be active only for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addPort. Returns name of zone to which the port was added. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND addProtocol(s: zone, s: protocol, i: timeout) → s Add protocol into zone. If zone is empty, use default zone. The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. If timeout is non-zero, the operation will be active only for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addProtocol. Returns name of zone to which the protocol was added. Possible errors: INVALID_ZONE, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND addRichRule(s: zone, s: rule, i: timeout) → s Add rich language rule into zone. For the rich language rule syntax, please have a look at firewalld.direct5. If zone is empty, use default zone. If timeout is non-zero, the operation will be active only for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addRichRule. Returns name of zone to which the rich language rule was added. Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED, INVALID_COMMAND addService(s: zone, s: service, i: timeout) → s Add service into zone. If zone is empty, use default zone. If timeout is non-zero, the operation will be active only for the amount of seconds. To get a list of supported services, use org.fedoraproject.FirewallD1.Methods.listServices. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addService. Returns name of zone to which the service was added. Possible errors: INVALID_ZONE, INVALID_SERVICE, ALREADY_ENABLED, INVALID_COMMAND addSource(s: zone, s: source) → s Bind source with zone. From now on all traffic going from this source will respect the zone's settings. A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6. For IPv4, the mask can be a network mask or a plain number. For IPv6 the mask is a plain number. Use of host names is not supported. If zone is empty, use default zone. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addSource. Returns name of zone to which the source was bound. Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED, INVALID_COMMAND addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s Add source port into zone. If zone is empty, use default zone. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp or udp. If timeout is non-zero, the operation will be active only for the amount of seconds. For permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.addSourcePort. Returns name of zone to which the port was added. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND changeZone(s: zone, s: interface) → s This function is deprecated, use org.fedoraproject.FirewallD1.zone.Methods.changeZoneOfInterface instead. changeZoneOfInterface(s: zone, s: interface) → s Change a zone an interface is bound to to zone. It's basically removeInterface(interface) followed by addInterface(zone, interface). If interface has not been bound to a zone before, it behaves like addInterface. If zone is empty, use default zone. Returns name of zone to which the interface was bound. Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT changeZoneOfSource(s: zone, s: source) → s Change a zone an source is bound to to zone. It's basically removeSource(source) followed by addSource(zone, source). If source has not been bound to a zone before, it behaves like addSource. If zone is empty, use default zone. Returns name of zone to which the source was bound. Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT getActiveZones() → a{sa{sas}} Return dictionary of currently active zones altogether with interfaces and sources used in these zones. Active zones are zones, that have a binding to an interface or source. Return value is a dictionary where keys are zone names (s) and values are again dictionaries where keys are either 'interfaces' or 'sources' and values are arrays of interface names (s) or sources (s). getForwardPorts(s: zone) → aas Return array of IPv4 forward ports previously added into zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getForwardPorts. Return value is array of 4-tuples, where each 4-tuple consists of (port, protocol, to-port, to-addr). to-addr might be empty in case of local forwarding. Possible errors: INVALID_ZONE getIcmpBlocks(s: zone) → as Return array of ICMP type (s) blocks previously added into zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlocks. Possible errors: INVALID_ZONE getIcmpBlockInversion(s: zone) → b Return whether ICMP block inversion was previously added to zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getIcmpBlockInversion. Possible errors: INVALID_ZONE getInterfaces(s: zone) → as Return array of interfaces (s) previously bound with zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getInterfaces. Possible errors: INVALID_ZONE getPorts(s: zone) → aas Return array of ports (2-tuple of port and protocol) previously enabled in zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getPorts. Possible errors: INVALID_ZONE getProtocols(s: zone) → as Return array of protocols (s) previously enabled in zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getProtocols. Possible errors: INVALID_ZONE getRichRules(s: zone) → as Return array of rich language rules (s) previously added into zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getRichRules. Possible errors: INVALID_ZONE getServices(s: zone) → as Return array of services (s) previously enabled in zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getServices. Possible errors: INVALID_ZONE getSourcePorts(s: zone) → aas Return array of source ports (2-tuple of port and protocol) previously enabled in zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getSourcePorts. Possible errors: INVALID_ZONE getSources(s: zone) → as Return array of sources (s) previously bound with zone. If zone is empty, use default zone. For getting permanent settings see org.fedoraproject.FirewallD1.config.zone.Methods.getSources. Possible errors: INVALID_ZONE getZoneOfInterface(s: interface) → s Return name (s) of zone the interface is bound to or empty string. getZoneOfSource(s: source) → s Return name (s) of zone the source is bound to or empty string. getZones() → as Return array of names (s) of predefined zones known to current runtime environment. For list of zones known to permanent environment see org.fedoraproject.FirewallD1.config.Methods.listZones. The lists (of zones known to runtime and permanent environment) will contain same zones in most cases, but might differ for example if org.fedoraproject.FirewallD1.config.Methods.addZone has been called recently, but firewalld has not been reloaded since then. isImmutable(s: zone) → b Deprecated. queryForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → b Return whether the IPv4 forward port (port, protocol, toport, toaddr) has been added into zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryForwardPort. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD queryIcmpBlock(s: zone, s: icmp) → b Return whether an ICMP block for icmp has been added into zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlock. Possible errors: INVALID_ZONE, INVALID_ICMPTYPE queryIcmpBlockInversion(s: zone) → b Return whether ICMP block inversion has been added to zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryIcmpBlockInversion. Possible errors: INVALID_ZONE, INVALID_ICMPTYPE queryInterface(s: zone, s: interface) → b Query whether interface has been bound to zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryInterface. Possible errors: INVALID_ZONE, INVALID_INTERFACE queryMasquerade(s: zone) → b Return whether masquerading has been enabled in zone If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryMasquerade. Possible errors: INVALID_ZONE queryPort(s: zone, s: port, s: protocol) → b Return whether port/protocol has been added in zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryPort. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL queryProtocol(s: zone, s: protocol) → b Return whether protocol has been added in zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryProtocol. Possible errors: INVALID_ZONE, INVALID_PROTOCOL queryRichRule(s: zone, s: rule) → b Return whether rich rule rule has been added in zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryRichRule. Possible errors: INVALID_ZONE, INVALID_RULE queryService(s: zone, s: service) → b Return whether service has been added for zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.queryService. Possible errors: INVALID_ZONE, INVALID_SERVICE querySource(s: zone, s: source) → b Query whether sourcehas been bound to zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.querySource. Possible errors: INVALID_ZONE, INVALID_ADDR querySourcePort(s: zone, s: port, s: protocol) → b Return whether port/protocol has been added in zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.querySourcePort. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL removeForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → s Remove IPv4 forward port ((port, protocol, toport, toaddr)) from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeForwardPort. Returns name of zone from which the forward port was removed. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED, INVALID_COMMAND removeIcmpBlock(s: zone, s: icmp) → s Remove ICMP block icmp from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlock. Returns name of zone from which the ICMP block was removed. Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED, INVALID_COMMAND removeIcmpBlockInversion(s: zone) → s Remove ICMP block inversion from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeIcmpBlockInversion. Returns name of zone from which the ICMP block inversion was removed. Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND removeInterface(s: zone, s: interface) → s Remove binding of interface from zone. If zone is empty, the interface will be removed from zone it belongs to. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeInterface. Returns name of zone from which the interface was removed. Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED, INVALID_COMMAND removeMasquerade(s: zone) → s Disable masquerade for zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeMasquerade. Returns name of zone for which the masquerade was disabled. Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND removePort(s: zone, s: port, s: protocol) → s Remove port/protocol from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removePort. Returns name of zone from which the port was removed. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND removeProtocol(s: zone, s: protocol) → s Remove protocol from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeProtocol. Returns name of zone from which the protocol was removed. Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND removeRichRule(s: zone, s: rule) → s Remove rich language rule from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeRichRule. Returns name of zone from which the rich language rule was removed. Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED, INVALID_COMMAND removeService(s: zone, s: service) → s Remove service from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeService. Returns name of zone from which the service was removed. Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED, INVALID_COMMAND removeSource(s: zone, s: source) → s Remove binding of source from zone. If zone is empty, the source will be removed from zone it belongs to. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeSource. Returns name of zone from which the source was removed. Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED, INVALID_COMMAND removeSourcePort(s: zone, s: port, s: protocol) → s Remove port/protocol from zone. If zone is empty, use default zone. For permanent operation see org.fedoraproject.FirewallD1.config.zone.Methods.removeSourcePort. Returns name of zone from which the source port was removed. Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND Signals ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) Emitted when forward port has been added to zone with timeout. ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s: toaddr) Emitted when forward port has been removed from zone. IcmpBlockAdded(s: zone, s: icmp, i: timeout) Emitted when ICMP block for icmp has been added to zone with timeout. IcmpBlockInversionAdded(s: zone) Emitted when ICMP block inversion has been added to zone. IcmpBlockInversionRemoved(s: zone) Emitted when ICMP block inversion has been removed from zone. IcmpBlockRemoved(s: zone, s: icmp) Emitted when ICMP block for icmp has been removed from zone. InterfaceAdded(s: zone, s: interface) Emitted when interface has been added to zone. InterfaceRemoved(s: zone, s: interface) Emitted when interface has been removed from zone. MasqueradeAdded(s: zone, i: timeout) Emitted when masquerade has been enabled for zone. MasqueradeRemoved(s: zone) Emitted when masquerade has been disabled for zone. PortAdded(s: zone, s: port, s: protocol, i: timeout) Emitted when port/protocol has been added to zone with timeout. PortRemoved(s: zone, s: port, s: protocol) Emitted when port/protocol has been removed from zone. ProtocolAdded(s: zone, s: protocol, i: timeout) Emitted when protocol has been added to zone with timeout. ProtocolRemoved(s: zone, s: protocol) Emitted when protocol has been removed from zone. RichRuleAdded(s: zone, s: rule, i: timeout) Emitted when rich language rule has been added to zone with timeout. RichRuleRemoved(s: zone, s: rule) Emitted when rich language rule has been removed from zone. ServiceAdded(s: zone, s: service, i: timeout) Emitted when service has been added to zone with timeout. ServiceRemoved(s: zone, s: service) Emitted when service has been removed from zone. SourceAdded(s: zone, s: source) Emitted when source has been added to zone. SourcePortAdded(s: zone, s: port, s: protocol, i: timeout) Emitted when source-port/protocol has been added to zone with timeout. SourcePortRemoved(s: zone, s: port, s: protocol) Emitted when source-port/protocol has been removed from zone. SourceRemoved(s: zone, s: source) Emitted when source has been removed from zone. ZoneChanged(s: zone, s: interface) Deprecated ZoneOfInterfaceChanged(s: zone, s: interface) Emitted when a zone an interface is part of has been changed to zone. ZoneOfSourceChanged(s: zone, s: source) Emitted when a zone an source is part of has been changed to zone. ZoneUpdated2(s: zone, a{sv}: settings) Emitted when a zone's settings are updated via org.fedoraproject.FirewallD1.zone.Methods.setZoneSettings2 org.fedoraproject.FirewallD1.policy Operations in this interface allows one to get, add, remove and query runtime policy settings. For permanent settings see org.fedoraproject.FirewallD1.config.policy interface. Methods getActivePolicies() → a{sa{sas}} Return dictionary of currently active policies altogether with ingress zones and egress zones used in these policies. Active policies are policies, that have a binding to an active ingress zone and an active egress zone. Return value is a dictionary where keys are policy names (s) and values are again dictionaries where keys are either 'ingress_zones' or 'egress_zones' and values are arrays of zone names (s). getPolicies() → as Return array of names (s) of predefined policies known to current runtime environment. For list of policies known to permanent environment see org.fedoraproject.FirewallD1.config.Methods.listPolicies. The lists (of policies known to runtime and permanent environment) will contain same policies in most cases, but might differ for example if org.fedoraproject.FirewallD1.config.Methods.addPolicy has been called recently, but firewalld has not been reloaded since then. getPolicySettings(s: policy) → a{sv} Return runtime settings of given policy. For getting permanent settings see org.fedoraproject.FirewallD1.config.policy.Methods.getSettings. Settings are a dictionary indexed by keywords. For possible keywords see org.fedoraproject.FirewallD1.config.Methods.addPolicy. If the value is empty it may be omitted. Possible errors: INVALID_POLICY setPolicySettings(s: policy, a{sv}: settings, i: timeout) Set runtime settings of given policy. For setting permanent settings see org.fedoraproject.FirewallD1.config.policy.Methods.update. Settings are a dictionary indexed by keywords. For possible keywords see org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero a value pass an empty string or list. Some keywords are not available to modify in the runtime: description, name, priority, target, version. Possible errors: INVALID_POLICY Signals ForwardPortAdded(s: policy, a{sv}: settings) Emitted when a policy's settings are updated via org.fedoraproject.FirewallD1.policy.Methods.setPolicySettings org.fedoraproject.FirewallD1.config Allows one to permanently add, remove and query zones, services and icmp types. Methods addIPSet(s: ipset, (ssssa{ss}as): settings) → o Add ipset with given settings into permanent configuration. Settings are in format: version, name, description, type, dictionary of options and array of entries. version (s): see version attribute of ipset tag in firewalld.ipset5. name (s): see short tag in firewalld.ipset5. description (s): see description tag in firewalld.ipset5. type (s): see type attribute of ipset tag in firewalld.ipset5. options (a{ss}): dictionary of {option : value} . See options tag in firewalld.ipset5. entries (as): array of entries, see entry tag in firewalld.ipset5. Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE addIcmpType(s: icmptype, (sssas): settings) → o Add icmptype with given settings into permanent configuration. Settings are in format: version, name, description, array of destinations. Returns object path of the new icmp type. version (s): see version attribute of icmptype tag in firewalld.icmptype5. name (s): see short tag in firewalld.icmptype5. description (s): see description tag in firewalld.icmptype5. destinations (as): array, either empty or containing strings 'ipv4' or 'ipv6', see destination tag in firewalld.icmptype5. Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o This function is deprecated, use org.fedoraproject.FirewallD1.config.Methods.addService2 instead. addService2s: service, a{sv}: settings) → o Add service with given settings into permanent configuration. Settings are a dictionary indexed by keywords. For the type of each value see below. To zero a value pass an empty string or list. version (s): see version attribute of service tag in firewalld.service5. name (s): see short tag in firewalld.service5. description (s): see description tag in firewalld.service5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service5. module names (as): array of kernel netfilter helpers, see module tag in firewalld.service5. destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. protocols (as): array of protocols, see protocol tag in firewalld.service5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. includes (as): array of service includes, see include tag in firewalld.service5. helpers (as): array of service helpers, see helper tag in firewalld.service5. Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → o This function is deprecated, use org.fedoraproject.FirewallD1.config.Methods.addZone2 instead. addZone2(s: zone, a{sv}: settings) → o Add zone with given settings into permanent configuration. Settings are a dictionary indexed by keywords. For the type of each value see below. To zero a value pass an empty string or list. version (s): see version attribute of zone tag in firewalld.zone5. name (s): see short tag in firewalld.zone5. description (s): see description tag in firewalld.zone5. target (s): see target attribute of zone tag in firewalld.zone5. services (as): array of service names, see service tag in firewalld.zone5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone5. icmp_blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone5. masquerade (b): see masquerade tag in firewalld.zone5. forward_ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone5. interfaces (as): array of interfaces. See interface tag in firewalld.zone5. sources (as): array of source addresses. See source tag in firewalld.zone5. rules_str (as): array of rich-language rules. See rule tag in firewalld.zone5. protocols (as): array of protocols, see protocol tag in firewalld.zone5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone5. icmp_block_inversion (b): see icmp-block-inversion tag in firewalld.zone5. forward (b): see forward tag in firewalld.zone5. Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE addPolicy(s: policy, a{sv}: settings) → o Add policy with given settings into permanent configuration. Settings are a dictionary indexed by keywords. For the type of each value see below. If a keyword is omitted the default value will be used. description (s): see description tag in firewalld.policy5. egress_zones as: array of zone names. See egress-zone tag in firewalld.policy5. forward_ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.policy5. icmp_blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.policy5. ingress_zones as: array of zone names. See ingress-zone tag in firewalld.policy5. masquerade (b): see masquerade tag in firewalld.policy5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.policy5. priority (i): see priority tag in firewalld.policy5. protocols (as): array of protocols, see protocol tag in firewalld.policy5. rich_rules (as): array of rich-language rules. See rule tag in firewalld.policy5. services (as): array of service names, see service tag in firewalld.policy5. short (s): see short tag in firewalld.policy5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.policy5. target (s): see target attribute of policy tag in firewalld.policy5. version (s): see version attribute of policy tag in firewalld.policy5. Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE getHelperByName(s: helper) → o Return object path (permanent configuration) of helper with given name. Possible errors: INVALID_HELPER getHelperNames() → as Return list of helper names (permanent configuration). getIPSetByName(s: ipset) → o Return object path (permanent configuration) of ipset with given name. Possible errors: INVALID_IPSET getIPSetNames() → as Return list of ipset names (permanent configuration). getIcmpTypeByName(s: icmptype) → o Return object path (permanent configuration) of icmptype with given name. Possible errors: INVALID_ICMPTYPE getIcmpTypeNames() → as Return list of icmptype names (permanent configuration). getServiceByName(s: service) → o Return object path (permanent configuration) of service with given name. Possible errors: INVALID_SERVICE getServiceNames() → as Return list of service names (permanent configuration). getZoneByName(s: zone) → o Return object path (permanent configuration) of zone with given name. Possible errors: INVALID_ZONE getZoneNames() → as Return list of zone names (permanent configuration) of. getZoneOfInterface(s: iface) → s Return name of zone the iface is bound to or empty string. getZoneOfSource(s: source) → s Return name of zone the source is bound to or empty string. getPolicyByName(s: policy) → o Return object path (permanent configuration) of policy with given name. Possible errors: INVALID_POLICY getPolicyNames() → as Return list of policy names (permanent configuration). listHelpers() → ao Return array of object paths (o) of helper in permanent configuration. For runtime configuration see org.fedoraproject.FirewallD1.Methods.getHelpers. listIPSets() → ao Return array of object paths (o) of ipset in permanent configuration. For runtime configuration see org.fedoraproject.FirewallD1.ipset.Methods.getIPSets. listIcmpTypes() → ao Return array of object paths (o) of icmp types in permanent configuration. For runtime configuration see org.fedoraproject.FirewallD1.Methods.listIcmpTypes. listServices() → ao Return array of objects paths (o) of services in permanent configuration. For runtime configuration see org.fedoraproject.FirewallD1.Methods.listServices. listZones() → ao List object paths of zones known to permanent environment. For list of zones known to runtime environment see org.fedoraproject.FirewallD1.zone.Methods.getZones. The lists (of zones known to runtime and permanent environment) will contain same zones in most cases, but might differ for example if org.fedoraproject.FirewallD1.config.Methods.addZone has been called recently, but firewalld has not been reloaded since then. listPolicies() → ao List object paths of policies known to permanent environment. For list of policies known to runtime environment see org.fedoraproject.FirewallD1.policy.Methods.getPolicies. The lists (of policies known to runtime and permanent environment) will contain same policies in most cases, but might differ for example if org.fedoraproject.FirewallD1.config.Methods.addPolicy has been called recently, but firewalld has not been reloaded since then. Signals HelperAdded(s: helper) Emitted when helper has been added. IPSetAdded(s: ipset) Emitted when ipset has been added. IcmpTypeAdded(s: icmptype) Emitted when icmptype has been added. ServiceAdded(s: service) Emitted when service has been added. ZoneAdded(s: zone) Emitted when zone has been added. Properties AllowZoneDrifting - s - (rw) Deprecated. Getting this value always returns "no". Setting this value is ignored. AutomaticHelpers - s - (rw) Deprecated. Getting this value always returns "no". Setting this value is ignored. CleanupModulesOnExit - s - (rw) Setting this option to yes or true unloads all firewall-related kernel modules when firewalld is stopped. CleanupOnExit - s - (rw) If firewalld stops, it cleans up all firewall rules. Setting this option to no or false leaves the current firewall rules untouched. DefaultZone - s - (ro) Default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool. FirewallBackend - s - (rw) Selects the firewalld backend for all rules except the direct interface. Valid options are; nftables, iptables. Default in nftables. Note: The iptables backend is deprecated. It will be removed in a future release. FlushAllOnReload - s - (rw) Flush all runtime rules on a reload. Valid options are; yes, no. IPv6_rpfilter - s - (rw) Indicates whether the reverse path filter test on a packet for IPv6 is enabled. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped. IndividualCalls - s - (ro) Indicates whether individual calls combined -restore calls are used. If enabled, this increases the time that is needed to apply changes and to start the daemon, but is good for debugging. Lockdown - s - (rw) If this property is enabled, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown whitelist. LogDenied - s - (rw) If LogDenied is enabled, then logging rules are added right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones. Possible values are: all, unicast, broadcast, multicast and off. MinimalMark - i - (rw) Deprecated. This option is ignored and no longer used. Marks are no longer used internally. RFC3964_IPv4 - s - (rw) As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that correspond to IPv4 addresses that should not be routed over the public internet. Valid options are; yes, no. org.fedoraproject.FirewallD1.config.direct DEPRECATED The direct interface has been deprecated. It will be removed in a future release. It is superseded by policies, see firewalld.policies5. Interface for permanent direct configuration, see also firewalld.direct5. For runtime direct configuration see org.fedoraproject.FirewallD1.direct interface. Methods addChain(s: ipv, s: table, s: chain) → Nothing Add a new chain to table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Make sure there's no other chain with this name already. There already exist basic chains to use with direct methods, for example INPUT_direct chain. These chains are jumped into before chains for zones, i.e. every rule put into INPUT_direct will be checked before rules in zones. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.addChain. Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED addPassthrough(s: ipv, as: args) → Nothing Add a passthrough rule with the arguments args for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.addPassthrough. Possible errors: INVALID_IPV, ALREADY_ENABLED addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing Add a rule with the arguments args to chain in table with priority for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.addRule. Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED getAllChains() → a(sss) Get all chains added to all tables in format: ipv, table, chain. This concerns only chains previously added with addChain. Return value is a array of (ipv, table, chain). For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getAllChains. ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). table (s): one of filter, mangle, nat, raw, security chain (s): name of a chain. getAllPassthroughs() → a(sas) Get all passthrough rules added in all ipv types in format: ipv, rule. This concerns only rules previously added with addPassthrough. Return value is a array of (ipv, array of arguments). For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getAllPassthroughs. ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. getAllRules() → a(sssias) Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule. This concerns only rules previously added with addRule. Return value is a array of (ipv, table, chain, priority, array of arguments). For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getAllRules. ipv (s): either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). table (s): one of filter, mangle, nat, raw, security chain (s): name of a chain. priority (i): used to order rules. arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. getChains(s: ipv, s: table) → as Return an array of chains (s) added to table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only chains previously added with addChain. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getChains. Possible errors: INVALID_IPV, INVALID_TABLE getPassthroughs(s: ipv) → aas Get tracked passthrough rules added in either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addPassthrough. Return value is a array of (array of arguments). For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getPassthroughs. arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. getRules(s: ipv, s: table, s: chain) → a(ias) Get all rules added to chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addRule. Return value is a array of (priority, array of arguments). For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.getRules. priority (i): used to order rules. arguments (as): array of commands, parameters and other iptables/ip6tables/ebtables command line options. Possible errors: INVALID_IPV, INVALID_TABLE getSettings() → (a(sss)a(sssias)a(sas)) Get settings of permanent direct configuration in format: array of chains, array of rules, array of passthroughs. chains (a(sss)): array of (ipv, table, chain), see 'chain' in firewalld.direct5.. rules (a(sssias)): array of (ipv, table, chain, priority, array of arguments), see 'rule' in firewalld.direct5.. passthroughs (a(sas)): array of (ipv, array of arguments), see passthrough in firewalld.direct5.. queryChain(s: ipv, s: table, s: chain) → b Return whether a chain exists in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only chains previously added with addChain. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.queryChain. Possible errors: INVALID_IPV, INVALID_TABLE queryPassthrough(s: ipv, as: args) → b Return whether a tracked passthrough rule with the arguments args exists for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addPassthrough. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.queryPassthrough. Possible errors: INVALID_IPV queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b Return whether a rule with priority and the arguments args exists in chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addRule. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.queryRule. Possible errors: INVALID_IPV, INVALID_TABLE removeChain(s: ipv, s: table, s: chain) → Nothing Remove a chain from table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Only chains previously added with addChain can be removed this way. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.removeChain. Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED removePassthrough(s: ipv, as: args) → Nothing Remove a passthrough rule with arguments args for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Only rules previously added with addPassthrough can be removed this way. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.removePassthrough. Possible errors: INVALID_IPV, NOT_ENABLED removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing Remove a rule with priority and arguments args from chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). Only rules previously added with addRule can be removed this way. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.removeRule. Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED removeRules(s: ipv, s: table, s: chain) → Nothing Remove all rules from chain in table for ipv being either ipv4 (iptables) or ipv6 (ip6tables) or eb (ebtables). This concerns only rules previously added with addRule. For runtime operation see org.fedoraproject.FirewallD1.direct.Methods.removeRules. Possible errors: INVALID_IPV, INVALID_TABLE update((a(sss)a(sssias)a(sas)): settings) → Nothing Update permanent direct configuration with given settings. Settings are in format: array of chains, array of rules, array of passthroughs. chains (a(sss)): array of (ipv, table, chain), see 'chain' in firewalld.direct5.. rules (a(sssias)): array of (ipv, table, chain, priority, array of arguments), see 'rule' in firewalld.direct5.. passthroughs (a(sas)): array of (ipv, array of arguments), see passthrough in firewalld.direct5.. Possible errors: INVALID_TYPE Signals Updated() Emitted when configuration has been updated. org.fedoraproject.FirewallD1.config.policies Interface for permanent lockdown-whitelist configuration, see also firewalld.lockdown-whitelist5. For runtime configuration see org.fedoraproject.FirewallD1.policies interface. Methods addLockdownWhitelistCommand(s: command) → Nothing Add command to whitelist. See command option in firewalld.lockdown-whitelist5. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistCommand. Possible errors: ALREADY_ENABLED, INVALID_TYPE addLockdownWhitelistContext(s: context) → Nothing Add context to whitelist. See selinux option in firewalld.lockdown-whitelist5. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistContext. Possible errors: ALREADY_ENABLED, INVALID_TYPE addLockdownWhitelistUid(i: uid) → Nothing Add user id uid to whitelist. See user option in firewalld.lockdown-whitelist5. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUid. Possible errors: ALREADY_ENABLED, INVALID_TYPE addLockdownWhitelistUser(s: user) → Nothing Add user name to whitelist. See user option in firewalld.lockdown-whitelist5. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.addLockdownWhitelistUser. Possible errors: ALREADY_ENABLED, INVALID_TYPE getLockdownWhitelist() → (asasasai) Get settings of permanent lockdown-whitelist configuration in format: commands, selinux contexts, users, uids commands (as): see command option in firewalld.lockdown-whitelist5. selinux contexts (as): see selinux option in firewalld.lockdown-whitelist5. users (as): see name attribute of user option in firewalld.lockdown-whitelist5. uids (ai): see id attribute of user option in firewalld.lockdown-whitelist5. getLockdownWhitelistCommands() → as List all command lines (s) that are on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistCommands. getLockdownWhitelistContexts() → as List all contexts (s) that are on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistContexts. getLockdownWhitelistUids() → ai List all user ids (i) that are on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUids. getLockdownWhitelistUsers() → as List all users (s) that are on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.getLockdownWhitelistUsers. queryLockdownWhitelistCommand(s: command) → b Query whether command is on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistCommand. queryLockdownWhitelistContext(s: context) → b Query whether context is on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistContext. queryLockdownWhitelistUid(i: uid) → b Query whether user id uid is on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUid. queryLockdownWhitelistUser(s: user) → b Query whether user is on whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.queryLockdownWhitelistUser. removeLockdownWhitelistCommand(s: command) → Nothing Remove command from whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistCommand. Possible errors: NOT_ENABLED removeLockdownWhitelistContext(s: context) → Nothing Remove context from whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistContext. Possible errors: NOT_ENABLED removeLockdownWhitelistUid(i: uid) → Nothing Remove user id uid from whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUid. Possible errors: NOT_ENABLED removeLockdownWhitelistUser(s: user) → Nothing Remove user from whitelist. For runtime operation see org.fedoraproject.FirewallD1.policies.Methods.removeLockdownWhitelistUser. Possible errors: NOT_ENABLED setLockdownWhitelist((asasasai): settings) → Nothing Set permanent lockdown-whitelist configuration to settings. Settings are in format: commands, selinux contexts, users, uids commands (as): see command option in firewalld.lockdown-whitelist5. selinux contexts (as): see selinux option in firewalld.lockdown-whitelist5. users (as): see name attribute of user option in firewalld.lockdown-whitelist5. uids (ai): see id attribute of user option in firewalld.lockdown-whitelist5. Possible errors: INVALID_TYPE Signals LockdownWhitelistUpdated() Emitted when permanent lockdown-whitelist configuration has been updated. org.fedoraproject.FirewallD1.config.ipset Interface for permanent ipset configuration, see also firewalld.ipset5. Methods addEntry(s: entry) → Nothing Permanently add entry to list of entries of ipset. See entry tag in firewalld.ipset5. For runtime operation see org.fedoraproject.FirewallD1.ipset.Methods.addEntry. Possible errors: ALREADY_ENABLED addOption(s: key, s: value) → Nothing Permanently add (key, value) to the ipset. See option tag in firewalld.ipset5. Possible errors: ALREADY_ENABLED getDescription() → s Get description of ipset. See description tag in firewalld.ipset5. getEntries() → as Get list of entries added to ipset. See entry tag in firewalld.ipset5. For runtime operation see org.fedoraproject.FirewallD1.ipset.Methods.getEntries. Possible errors: IPSET_WITH_TIMEOUT getOptions() → a{ss} Get dictionary of options set for ipset. See option tag in firewalld.ipset5. getSettings() → (ssssa{ss}as) Return permament settings of the ipset. For getting runtime settings see org.fedoraproject.FirewallD1.ipset.Methods.getIPSetSettings. Settings are in format: version, name, description, type, dictionary of options and array of entries. version (s): see version attribute of ipset tag in firewalld.ipset5. name (s): see short tag in firewalld.ipset5. description (s): see description tag in firewalld.ipset5. type (s): see type attribute of ipset tag in firewalld.ipset5. options (a{ss}): dictionary of {option : value} . See options tag in firewalld.ipset5. entries (as): array of entries, see entry tag in firewalld.ipset5. getShort() → s Get name of ipset. See short tag in firewalld.ipset5. getType() → s Get type of ipset. See type attribute of ipset tag in firewalld.ipset5. getVersion() → s Get version of ipset. See version attribute of ipset tag in firewalld.ipset5. loadDefaults() → Nothing Load default settings for built-in ipset. Possible errors: NO_DEFAULTS queryEntry(s: entry) → b Return whether entry has been added to ipset. For runtime operation see org.fedoraproject.FirewallD1.ipset.Methods.queryEntry. queryOption(s: key, s: value) → b Return whether (key, value) has been added to options of the ipset. remove() → Nothing Remove not built-in ipset. Possible errors: BUILTIN_IPSET removeEntry(s: entry) → Nothing Permanently remove entry from ipset. See entry tag in firewalld.ipset5. For runtime operation see org.fedoraproject.FirewallD1.ipset.Methods.removeEntry. Possible errors: NOT_ENABLED removeOption(s: key) → Nothing Permanently remove key from the ipset. See option tag in firewalld.ipset5. Possible errors: NOT_ENABLED rename(s: name) → Nothing Rename not built-in ipset to name. Possible errors: BUILTIN_IPSET setDescription(s: description) → Nothing Permanently set description of ipset to description. See description tag in firewalld.ipset5. setEntries(as: entries) → Nothing Permanently set list of entries to entries. See entry tag in firewalld.ipset5. setOptions(a{ss}: options) → Nothing Permanently set dict of options to options. See option tag in firewalld.ipset5. setShort(s: short) → Nothing Permanently set name of ipset to short. See short tag in firewalld.ipset5. setType(s: ipset_type) → Nothing Permanently set type of ipset to ipset_type. See type attribute of ipset tag in firewalld.ipset5. setVersion(s: version) → Nothing Permanently set version of ipset to version. See version attribute of ipset tag in firewalld.ipset5. update((ssssa{ss}as): settings) → Nothing Update settings of ipset to settings. Settings are in format: version, name, description, type, dictionary of options and array of entries. version (s): see version attribute of ipset tag in firewalld.ipset5. name (s): see short tag in firewalld.ipset5. description (s): see description tag in firewalld.ipset5. type (s): see type attribute of ipset tag in firewalld.ipset5. options (a{ss}): dictionary of {option : value} . See options tag in firewalld.ipset5. entries (as): array of entries, see entry tag in firewalld.ipset5. Possible errors: INVALID_TYPE Signals Removed(s: name) Emitted when ipset with name has been removed. Renamed(s: name) Emitted when ipset has been renamed to name. Updated(s: name) Emitted when ipset with name has been updated. Properties builtin - b - (ro) True if ipset is build-in, false else. default - b - (ro) True if build-in ipset has default settings. False if it has been modified. Always False for not build-in ipsets. filename - s - (ro) Name (including .xml extension) of file where the configuration is stored. name - s - (ro) Name of ipset. path - s - (ro) Path to directory where the ipset configuration is stored. Should be either /usr/lib/firewalld/ipsets or /etc/firewalld/ipsets. org.fedoraproject.FirewallD1.config.zone Interface for permanent zone configuration, see also firewalld.zone5. Methods addForwardPort(s: port, s: protocol, s: toport, s: toaddr) → Nothing Permanently add (port, protocol, toport, toaddr) to list of forward ports of zone. See forward-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addForwardPort. Possible errors: ALREADY_ENABLED addIcmpBlock(s: icmptype) → Nothing Permanently add icmptype to list of icmp types blocked in zone. See icmp-block tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlock. Possible errors: ALREADY_ENABLED addIcmpBlock(s: icmptype) → Nothing Permanently add icmp block inversion to zone. See icmp-block-inversion tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addIcmpBlockInversion. Possible errors: ALREADY_ENABLED addInterface(s: interface) → Nothing Permanently add interface to list of interfaces bound to zone. See interface tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addInterface. Possible errors: ALREADY_ENABLED addMasquerade() → Nothing Permanently enable masquerading in zone. See masquerade tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addMasquerade. Possible errors: ALREADY_ENABLED addPort(s: port, s: protocol) → Nothing Permanently add (port, protocol) to list of ports of zone. See port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addPort. Possible errors: ALREADY_ENABLED addProtocol(s: protocol) → Nothing Permanently add protocol into zone. The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addProtocol. Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED addRichRule(s: rule) → Nothing Permanently add rule to list of rich-language rules in zone. See rule tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addRichRule. Possible errors: ALREADY_ENABLED addService(s: service) → Nothing Permanently add service to list of services used in zone. See service tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addService. Possible errors: ALREADY_ENABLED addSource(s: source) → Nothing Permanently add source to list of source addresses bound to zone. See source tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addSource. Possible errors: ALREADY_ENABLED addSourcePort(s: port, s: protocol) → Nothing Permanently add (port, protocol) to list of source ports of zone. See source-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.addSourcePort. Possible errors: ALREADY_ENABLED getDescription() → s Get description of zone. See description tag in firewalld.zone5. getForwardPorts() → a(ssss) Get list of (port, protocol, toport, toaddr) defined in zone. See forward-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getForwardPorts. getIcmpBlockInversion() → b Get icmp block inversion flag of zone. See icmp-block-inversion tag in firewalld.zone5. getIcmpBlocks() → as Get list of icmp type names blocked in zone. See icmp-block tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getIcmpBlocks. getInterfaces() → as Get list of interfaces bound to zone. See interface tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getInterfaces. getMasquerade() → b Return whether masquerade is enabled in zone. This is the same as queryMasquerade() method. See masquerade tag in firewalld.zone5. getPorts() → a(ss) Get list of (port, protocol) defined in zone. See port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getPorts. getProtocols() → as Return array of protocols (s) previously enabled in zone. For getting runtime settings see org.fedoraproject.FirewallD1.zone.Methods.getProtocols. getRichRules() → as Get list of rich-language rules in zone. See rule tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getRichRules. getServices() → as Get list of service names used in zone. See service tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getServices. getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss)b) This function is deprecated, use org.fedoraproject.FirewallD1.config.zone.Methods.getSettings2 instead. getSettings2() → a{sv} Return permanent settings of given zone. For getting runtime settings see org.fedoraproject.FirewallD1.zone.Methods.getZoneSettings2. Settings are a dictionary indexed by keywords. For the type of each value see below. If the value is empty it may be omitted. version (s): see version attribute of zone tag in firewalld.zone5. name (s): see short tag in firewalld.zone5. description (s): see description tag in firewalld.zone5. target (s): see target attribute of zone tag in firewalld.zone5. services (as): array of service names, see service tag in firewalld.zone5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone5. icmp_blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone5. masquerade (b): see masquerade tag in firewalld.zone5. forward_ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone5. interfaces (as): array of interfaces. See interface tag in firewalld.zone5. sources (as): array of source addresses. See source tag in firewalld.zone5. rules_str (as): array of rich-language rules. See rule tag in firewalld.zone5. protocols (as): array of protocols, see protocol tag in firewalld.zone5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone5. icmp_block_inversion (b): see icmp-block-inversion tag in firewalld.zone5. forward (b): see forward tag in firewalld.zone5. getShort() → s Get name of zone. See short tag in firewalld.zone5. getSourcePorts() → a(ss) Get list of (port, protocol) defined in zone. See source-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getSourcePorts. getSources() → as Get list of source addresses bound to zone. See source tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.getSources. getTarget() → s Get target of zone. See target attribute of zone tag in firewalld.zone5. getVersion() → s Get version of zone. See version attribute of zone tag in firewalld.zone5. loadDefaults() → Nothing Load default settings for built-in zone. Possible errors: NO_DEFAULTS queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b Return whether (port, protocol, toport, toaddr) is in list of forward ports of zone. See forward-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryForwardPort. queryIcmpBlock(s: icmptype) → b Return whether icmptype is in list of icmp types blocked in zone. See icmp-block tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlock. queryIcmpBlockInversion() → b Return whether icmp block inversion is in enabled in zone. See icmp-block-inversion tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryIcmpBlockInversion. queryInterface(s: interface) → b Return whether interface is in list of interfaces bound to zone. See interface tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryInterface. queryMasquerade() → b Return whether masquerade is enabled in zone. This is the same as getMasquerade() method. See masquerade tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryMasquerade. queryPort(s: port, s: protocol) → b Return whether (port, protocol) is in list of ports of zone. See port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryPort. queryProtocol(s: protocol) → b Return whether protocol has been added in zone. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryProtocol. Possible errors: INVALID_PROTOCOL queryRichRule(s: rule) → b Return whether rule is in list of rich-language rules in zone. See rule tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryRichRule. queryService(s: service) → b Return whether service is in list of services used in zone. See service tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.queryService. querySource(s: source) → b Return whether source is in list of source addresses bound to zone. See source tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.querySource. querySourcePort(s: port, s: protocol) → b Return whether (port, protocol) is in list of source ports of zone. See source-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.querySourcePort. remove() → Nothing Remove not built-in zone. Possible errors: BUILTIN_ZONE removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) → Nothing Permanently remove (port, protocol, toport, toaddr) from list of forward ports of zone. See forward-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeForwardPort. Possible errors: NOT_ENABLED removeIcmpBlock(s: icmptype) → Nothing Permanently remove icmptype from list of icmp types blocked in zone. See icmp-block tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlock. Possible errors: NOT_ENABLED removeIcmpBlockInversion() → Nothing Permanently remove icmp block inversion from the zone. See icmp-block-inversion tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeIcmpBlockInversion. Possible errors: NOT_ENABLED removeInterface(s: interface) → Nothing Permanently remove interface from list of interfaces bound to zone. See interface tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeInterface. Possible errors: NOT_ENABLED removeMasquerade() → Nothing Permanently disable masquerading in zone. See masquerade tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeMasquerade. Possible errors: NOT_ENABLED removePort(s: port, s: protocol) → Nothing Permanently remove (port, protocol) from list of ports of zone. See port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removePort. Possible errors: NOT_ENABLED removeProtocol(s: protocol) → Nothing Permanently remove protocol from zone. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeProtocol. Possible errors: INVALID_PROTOCOL, NOT_ENABLED removeRichRule(s: rule) → Nothing Permanently remove rule from list of rich-language rules in zone. See rule tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeRichRule. Possible errors: NOT_ENABLED removeService(s: service) → Nothing Permanently remove service from list of services used in zone. See service tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeService. Possible errors: NOT_ENABLED removeSource(s: source) → Nothing Permanently remove source from list of source addresses bound to zone. See source tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeSource. Possible errors: NOT_ENABLED removeSourcePort(s: port, s: protocol) → Nothing Permanently remove (port, protocol) from list of source ports of zone. See source-port tag in firewalld.zone5. For runtime operation see org.fedoraproject.FirewallD1.zone.Methods.removeSourcePort. Possible errors: NOT_ENABLED rename(s: name) → Nothing Rename not built-in zone to name. Possible errors: BUILTIN_ZONE setDescription(s: description) → Nothing Permanently set description of zone to description. See description tag in firewalld.zone5. setForwardPorts(a(ssss): ports) → Nothing Permanently set forward ports of zone to list of (port, protocol, toport, toaddr). See forward-port tag in firewalld.zone5. setIcmpBlockInversion(b: flag) → Nothing Permanently set icmp block inversion flag of zone to flag. See icmp-block-inversion tag in firewalld.zone5. setIcmpBlocks(as: icmptypes) → Nothing Permanently set list of icmp types blocked in zone to icmptypes. See icmp-block tag in firewalld.zone5. setInterfaces(as: interfaces) → Nothing Permanently set list of interfaces bound to zone to interfaces. See interface tag in firewalld.zone5. setMasquerade(b: masquerade) → Nothing Permanently set masquerading in zone to masquerade. See masquerade tag in firewalld.zone5. setPorts(a(ss): ports) → Nothing Permanently set ports of zone to list of (port, protocol). See port tag in firewalld.zone5. setProtocols(as: protocols) → Nothing Permanently set list of protocols used in zone to protocols. See protocol tag in firewalld.zone5. setRichRules(as: rules) → Nothing Permanently set list of rich-language rules to rules. See rule tag in firewalld.zone5. setServices(as: services) → Nothing Permanently set list of services used in zone to services. See service tag in firewalld.zone5. setShort(s: short) → Nothing Permanently set name of zone to short. See short tag in firewalld.zone5. setSourcePorts(a(ss): ports) → Nothing Permanently set source-ports of zone to list of (port, protocol). See source-port tag in firewalld.zone5. setSources(as: sources) → Nothing Permanently set list of source addresses bound to zone to sources. See source tag in firewalld.zone5. setTarget(s: target) → Nothing Permanently set target of zone to target. See target attribute of zone tag in firewalld.zone5. setVersion(s: version) → Nothing Permanently set version of zone to version. See version attribute of zone tag in firewalld.zone5. update((sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → Nothing This function is deprecated, use org.fedoraproject.FirewallD1.config.zone.Methods.update2 instead. update2(a{sv}: settings) → Nothing Update settings of zone to settings. Settings are a dictionary indexed by keywords. For the type of each value see below. To zero a value pass an empty string or list. version (s): see version attribute of zone tag in firewalld.zone5. name (s): see short tag in firewalld.zone5. description (s): see description tag in firewalld.zone5. target (s): see target attribute of zone tag in firewalld.zone5. services (as): array of service names, see service tag in firewalld.zone5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.zone5. icmp_blocks (as): array of icmp-blocks. See icmp-block tag in firewalld.zone5. masquerade (b): see masquerade tag in firewalld.zone5. forward_ports (a(ssss)): array of (port, protocol, to-port, to-addr). See forward-port tag in firewalld.zone5. interfaces (as): array of interfaces. See interface tag in firewalld.zone5. sources (as): array of source addresses. See source tag in firewalld.zone5. rules_str (as): array of rich-language rules. See rule tag in firewalld.zone5. protocols (as): array of protocols, see protocol tag in firewalld.zone5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.zone5. icmp_block_inversion (b): see icmp-block-inversion tag in firewalld.zone5. forward (b): see forward tag in firewalld.zone5. Possible errors: INVALID_TYPE Signals Removed(s: name) Emitted when zone with name has been removed. Renamed(s: name) Emitted when zone has been renamed to name. Updated(s: name) Emitted when zone with name has been updated. Properties builtin - b - (ro) True if zone is build-in, false else. default - b - (ro) True if build-in zone has default settings. False if it has been modified. Always False for not build-in zones. filename - s - (ro) Name (including .xml extension) of file where the configuration is stored. name - s - (ro) Name of zone. path - s - (ro) Path to directory where the zone configuration is stored. Should be either /usr/lib/firewalld/zones or /etc/firewalld/zones. org.fedoraproject.FirewallD1.config.policy Interface for permanent policy configuration, see also firewalld.policy5. Methods getSettings() → a{sv} Return permanent settings of given policy. For getting runtime settings see org.fedoraproject.FirewallD1.policy.Methods.getPolicySettings. Settings are a dictionary indexed by keywords. For possible keywords see org.fedoraproject.FirewallD1.config.Methods.addPolicy. loadDefaults() → Nothing Load default settings for built-in policy. Possible errors: NO_DEFAULTS remove() → Nothing Remove not built-in policy. Possible errors: BUILTIN_POLICY rename(s: name) → Nothing Rename not built-in policy to name. Possible errors: BUILTIN_POLICY update(a{sv}: settings) → Nothing Update settings of policy to settings. Settings are a dictionary indexed by keywords. For possible keywords see org.fedoraproject.FirewallD1.config.Methods.addPolicy. To zero a value pass an empty string or list. Possible errors: INVALID_TYPE Signals Removed(s: name) Emitted when policy with name has been removed. Renamed(s: name) Emitted when policy has been renamed to name. Updated(s: name) Emitted when policy with name has been updated. Properties builtin - b - (ro) True if policy is build-in, false else. default - b - (ro) True if build-in policy has default settings. False if it has been modified. Always False for not build-in policies. filename - s - (ro) Name (including .xml extension) of file where the configuration is stored. name - s - (ro) Name of policy. path - s - (ro) Path to directory where the policy configuration is stored. Should be either /usr/lib/firewalld/policies or /etc/firewalld/policies. org.fedoraproject.FirewallD1.config.service Interface for permanent service configuration, see also firewalld.service5. Methods addModule(s: module) → Nothing This method is deprecated. Please use "helpers" in the update2() method. addPort(s: port, s: protocol) → Nothing Permanently add (port, protocol) to list of ports in service. See port tag in firewalld.service5. Possible errors: ALREADY_ENABLED addProtocol(s: protocol) → Nothing Permanently add protocol into zone. The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. See protocol tag in firewalld.service5. Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED addSourcePort(s: port, s: protocol) → Nothing Permanently add (port, protocol) to list of source ports in service. See source-port tag in firewalld.service5. Possible errors: ALREADY_ENABLED getDescription() → s Get description of service. See description tag in firewalld.service5. getDestination(s: family) → s Get destination for IP family being either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. Possible errors: ALREADY_ENABLED getDestinations() → a{ss} Get list of destinations. Return value is a dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. getModules() → as This method is deprecated. Please use "helpers" in the getSettings2() method. getPorts() → a(ss) Get list of (port, protocol) defined in service. See port tag in firewalld.service5. getProtocols() → as Return array of protocols (s) defined in service. See protocol tag in firewalld.service5. getSettings() → (sssa(ss)asa{ss}asa(ss)) This function is deprecated, use org.fedoraproject.FirewallD1.config.service.Methods.getSettings2 instead. getSettings2(s: service) → s{sv} Return runtime settings of given service. For getting runtime settings see org.fedoraproject.FirewallD1.Methods.getServiceSettings2. Settings are a dictionary indexed by keywords. For the type of each value see below. If the value is empty it may be ommitted. version (s): see version attribute of service tag in firewalld.service5. name (s): see short tag in firewalld.service5. description (s): see description tag in firewalld.service5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service5. module names (as): array of kernel netfilter helpers, see module tag in firewalld.service5. destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. protocols (as): array of protocols, see protocol tag in firewalld.service5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. includes (as): array of service includes, see include tag in firewalld.service5. helpers (as): array of service helpers, see helper tag in firewalld.service5. getShort() → s Get name of service. See short tag in firewalld.service5. getSourcePorts() → a(ss) Get list of (port, protocol) defined in service. See source-port tag in firewalld.service5. getVersion() → s Get version of service. See version attribute of service tag in firewalld.service5. loadDefaults() → Nothing Load default settings for built-in service. Possible errors: NO_DEFAULTS queryDestination(s: family, s: address) → b Return whether a destination is in dictionary of destinations of this service. destination is in format: (IP family, IP address) where IP family can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. queryModule(s: module) → b This method is deprecated. Please use "helpers" in the getSettings2() method. queryPort(s: port, s: protocol) → b Return whether (port, protocol) is in list of ports in service. See port tag in firewalld.service5. queryProtocol(s: protocol) → b Return whether protocol is in list of protocols in service. See protocol tag in firewalld.service5. querySourcePort(s: port, s: protocol) → b Return whether (port, protocol) is in list of source ports in service. See source-port tag in firewalld.service5. remove() → Nothing Remove not built-in service. Possible errors: BUILTIN_SERVICE removeDestination(s: family) → Nothing Permanently remove a destination with family ('ipv4' or 'ipv6') from service. See destination tag in firewalld.service5. Possible errors: NOT_ENABLED removeModule(s: module) → Nothing This method is deprecated. Please use "helpers" in the update2() method. removePort(s: port, s: protocol) → Nothing Permanently remove (port, protocol) from list of ports in service. See port tag in firewalld.service5. Possible errors: NOT_ENABLED removeProtocol(s: protocol) → Nothing Permanently remove protocol from list of protocols in service. See protocol tag in firewalld.service5. Possible errors: NOT_ENABLED removeSourcePort(s: port, s: protocol) → Nothing Permanently remove (port, protocol) from list of source ports in service. See source-port tag in firewalld.service5. Possible errors: NOT_ENABLED rename(s: name) → Nothing Rename not built-in service to name. Possible errors: BUILTIN_SERVICE setDescription(s: description) → Nothing Permanently set description of service to description. See description tag in firewalld.service5. setDestination(s: family, s: address) → Nothing Permanently set a destination address. destination is in format: (IP family, IP address) where IP family can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. Possible errors: ALREADY_ENABLED setDestinations(a{ss}: destinations) → Nothing Permanently set destinations of service to destinations, which is a dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. setModules(as: modules) → Nothing This method is deprecated. Please use "helpers" in the update2() method. setPorts(a(ss): ports) → Nothing Permanently set ports of service to list of (port, protocol). See port tag in firewalld.service5. setProtocols(as: protocols) → Nothing Permanently set protocols of service to list of protocols. See protocol tag in firewalld.service5. setShort(s: short) → Nothing Permanently set name of service to short. See short tag in firewalld.service5. setSourcePorts(a(ss): ports) → Nothing Permanently set source-ports of service to list of (port, protocol). See source-port tag in firewalld.service5. setVersion(s: version) → Nothing Permanently set version of service to version. See version attribute of service tag in firewalld.service5. update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing This function is deprecated, use org.fedoraproject.FirewallD1.config.service.Methods.update2 instead. update2a{sv}: settings) → Nothing Update settings of service to settings. Settings are a dictionary indexed by keywords. For the type of each value see below. To zero a value pass an empty string or list. version (s): see version attribute of service tag in firewalld.service5. name (s): see short tag in firewalld.service5. description (s): see description tag in firewalld.service5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.service5. module names (as): array of kernel netfilter helpers, see module tag in firewalld.service5. destinations (a{ss}): dictionary of {IP family : IP address} where 'IP family' key can be either 'ipv4' or 'ipv6'. See destination tag in firewalld.service5. protocols (as): array of protocols, see protocol tag in firewalld.service5. source_ports (a(ss)): array of port and protocol pairs. See source-port tag in firewalld.service5. includes (as): array of service includes, see include tag in firewalld.service5. helpers (as): array of service helpers, see helper tag in firewalld.service5. Possible errors: INVALID_TYPE Signals Removed(s: name) Emitted when service with name has been removed. Renamed(s: name) Emitted when service has been renamed to name. Updated(s: name) Emitted when service with name has been updated. Properties builtin - b - (ro) True if service is build-in, false else. default - b - (ro) True if build-in service has default settings. False if it has been modified. Always False for not build-in services. filename - s - (ro) Name (including .xml extension) of file where the configuration is stored. name - s - (ro) Name of service. path - s - (ro) Path to directory where the configuration is stored. Should be either /usr/lib/firewalld/services or /etc/firewalld/services. org.fedoraproject.FirewallD1.config.helper Interface for permanent helper configuration, see also firewalld.helper5. Methods addPort(s: port, s: protocol) → Nothing Permanently add (port, protocol) to list of ports in helper. See port tag in firewalld.helper5. Possible errors: ALREADY_ENABLED getDescription() → s Get description of helper. See description tag in firewalld.helper5. getFamily() → s Get family being 'ipv4', 'ipv6' or empty for both. See family tag in firewalld.helper5. getModule() → s Get modules (netfilter kernel helpers) used in helper. See module tag in firewalld.helper5. getPorts() → a(ss) Get list of (port, protocol) defined in helper. See port tag in firewalld.helper5. getSettings() → (sssssa(ss)) Return permanent settings of a helper. For getting runtime settings see org.fedoraproject.FirewallD1.Methods.getHelperSettings. Settings are in format: version, name, description, family, module, array of ports (port, protocol). version (s): see version attribute of helper tag in firewalld.helper5. name (s): see short tag in firewalld.helper5. description (s): see description tag in firewalld.helper5. family (s): see family tag in firewalld.helper5. module (s): see module tag in firewalld.helper5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.helper5. getShort() → s Get name of helper. See short tag in firewalld.helper5. getVersion() → s Get version of helper. See version attribute of helper tag in firewalld.helper5. loadDefaults() → Nothing Load default settings for built-in helper. Possible errors: NO_DEFAULTS queryFamily(s: module) → b Return whether family is set for helper. See family tag in firewalld.helper5. queryModule(s: module) → b Return whether module (netfilter kernel helpers) is used in helper. See module tag in firewalld.helper5. queryPort(s: port, s: protocol) → b Return whether (port, protocol) is in list of ports in helper. See port tag in firewalld.helper5. remove() → Nothing Remove not built-in helper. Possible errors: BUILTIN_HELPER removePort(s: port, s: protocol) → Nothing Permanently remove (port, protocol) from list of ports in helper. See port tag in firewalld.helper5. Possible errors: NOT_ENABLED rename(s: name) → Nothing Rename not built-in helper to name. Possible errors: BUILTIN_HELPER setDescription(s: description) → Nothing Permanently set description of helper to description. See description tag in firewalld.helper5. setFamily(s: family) → Nothing Permanently set family of helper to family. See family tag in firewalld.helper5. setModule(s: module) → Nothing Permanently set module of helper to description. See module tag in firewalld.helper5. setPorts(a(ss): ports) → Nothing Permanently set ports of helper to list of (port, protocol). See port tag in firewalld.helper5. setShort(s: short) → Nothing Permanently set name of helper to short. See short tag in firewalld.helper5. setVersion(s: version) → Nothing Permanently set version of helper to version. See version attribute of helper tag in firewalld.helper5. update((sssssa(ss)): settings) → Nothing Update settings of helper to settings. Settings are in format: version, name, description, family, module and array of ports. version (s): see version attribute of helper tag in firewalld.helper5. name (s): see short tag in firewalld.helper5. description (s): see description tag in firewalld.helper5. family (s): see family tag in firewalld.helper5. module (s): see module tag in firewalld.helper5. ports (a(ss)): array of port and protocol pairs. See port tag in firewalld.helper5. Possible errors: INVALID_HELPER Signals Removed(s: name) Emitted when helper with name has been removed. Renamed(s: name) Emitted when helper has been renamed to name. Updated(s: name) Emitted when helper with name has been updated. Properties builtin - b - (ro) True if helper is build-in, false else. default - b - (ro) True if build-in helper has default settings. False if it has been modified. Always False for not build-in helpers. filename - s - (ro) Name (including .xml extension) of file where the configuration is stored. name - s - (ro) Name of helper. path - s - (ro) Path to directory where the configuration is stored. Should be either /usr/lib/firewalld/helpers or /etc/firewalld/helpers. org.fedoraproject.FirewallD1.config.icmptype Interface for permanent icmp type configuration, see also firewalld.icmptype5. Methods addDestination(s: destination) → Nothing Permanently add a destination ('ipv4' or 'ipv6') to list of destinations of this icmp type. See destination tag in firewalld.icmptype5. Possible errors: ALREADY_ENABLED getDescription() → s Get description of icmp type. See description tag in firewalld.icmptype5. getDestinations() → as Get list of destinations. See destination tag in firewalld.icmptype5. getSettings() → (sssas) Return permanent settings of icmp type. For getting runtime settings see org.fedoraproject.FirewallD1.Methods.getIcmpTypeSettings. Settings are in format: version, name, description, array of destinations. version (s): see version attribute of icmptype tag in firewalld.icmptype5. name (s): see short tag in firewalld.icmptype5. description (s): see description tag in firewalld.icmptype5. destinations (as): array, either empty or containing strings 'ipv4' and/or 'ipv6', see destination tag in firewalld.icmptype5. getShort() → s Get name of icmp type. See short tag in firewalld.icmptype5. getVersion() → s Get version of icmp type. See version attribute of icmptype tag in firewalld.icmptype5. loadDefaults() → Nothing Load default settings for built-in icmp type. Possible errors: NO_DEFAULTS queryDestination(s: destination) → b Return whether a destination ('ipv4' or 'ipv6') is in list of destinations of this icmp type. See destination tag in firewalld.icmptype5. remove() → Nothing Remove not built-in icmp type. Possible errors: BUILTIN_ICMPTYPE removeDestination(s: destination) → Nothing Permanently remove a destination ('ipv4' or 'ipv6') from list of destinations of this icmp type. See destination tag in firewalld.icmptype5. Possible errors: NOT_ENABLED rename(s: name) → Nothing Rename not built-in icmp type to name. Possible errors: BUILTIN_ICMPTYPE setDescription(s: description) → Nothing Permanently set description of icmp type to description. See description tag in firewalld.icmptype5. setDestinations(as: destinations) → Nothing Permanently set destinations of icmp type to destinations, which is array, either empty or containing strings 'ipv4' and/or 'ipv6'. See destination tag in firewalld.icmptype5. setShort(s: short) → Nothing Permanently set name of icmp type to short. See short tag in firewalld.icmptype5. setVersion(s: version) → Nothing Permanently set version of icmp type to version. See version attribute of icmptype tag in firewalld.icmptype5. update((sssas): settings) → Nothing Update permanent settings of icmp type to settings. Settings are in format: version, name, description, array of destinations. version (s): see version attribute of icmptype tag in firewalld.icmptype5. name (s): see short tag in firewalld.icmptype5. description (s): see description tag in firewalld.icmptype5. destinations (as): array, either empty or containing strings 'ipv4' and/or 'ipv6', see destination tag in firewalld.icmptype5. Signals Removed(s: name) Emitted when icmp type with name has been removed. Renamed(s: name) Emitted when icmp type has been renamed to name. Updated(s: name) Emitted when icmp type with name has been updated. Properties builtin - b - (ro) True if icmptype is build-in, false else. default - b - (ro) True if build-in icmp type has default settings. False if it has been modified. Always False for not build-in zones. filename - s - (ro) Name (including .xml extension) of file where the configuration is stored. name - s - (ro) Name of icmp type. path - s - (ro) Path to directory where the icmp type configuration is stored. Should be either /usr/lib/firewalld/icmptypes or /etc/firewalld/icmptypes. &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.direct.xml0000644000000000000000000003312014217345545021003 0ustar00rootroot00000000000000 ]> firewalld.direct firewalld &authors; firewalld.direct 5 firewalld.direct firewalld direct configuration file /firewalld/direct.xml deprecated The direct interface has been deprecated. It will be removed in a future release. It is superseded by policies, see firewalld.policies5. Description Direct configuration gives a more direct access to the firewall. It requires user to know basic ip(6)tables/ebtables concepts, i.e. table (filter/mangle/nat/...), chain (INPUT/OUTPUT/FORWARD/...), commands (-A/-D/-I/...), parameters (-p/-s/-d/-j/...) and targets (ACCEPT/DROP/REJECT/...). Direct configuration should be used only as a last resort when it's not possible to use firewalld.zone5. See also Direct Options in firewall-cmd1. A firewalld direct configuration file contains information about permanent direct chains, rules and passthrough ... This is the structure of a direct configuration file: <?xml version="1.0" encoding="utf-8"?> <direct> [ <chain ipv="ipv4|ipv6|eb" table="table" chain="chain"/> ] [ <rule ipv="ipv4|ipv6|eb" table="table" chain="chain" priority="priority"> args </rule> ] [ <passthrough ipv="ipv4|ipv6|eb"> args </passthrough> ] </direct> direct The mandatory direct start and end tag defines the direct. This tag can only be used once in a direct configuration file. There are no attributes for direct. chain Is an optional empty-element tag and can be used several times. It can be used to define names for additional chains. A chain entry has exactly three attributes: ipv="ipv4|ipv6|eb" The IP family where the chain will be created. This can be either ipv4, ipv6 or eb. table="table" The table name where the chain will be created. This can be one of the tables that can be used for iptables, ip6tables or ebtables. For the possible values, see TABLES section in the iptables, ip6tables or ebtables man pages. chain="chain" The name of the chain, that will be created. Please make sure that there is no other chain with this name already. Please remember to add a rule or passthrough rule with an or option to connect the chain to another one. rule Is an optional element tag and can be used several times. It can be used to add rules to a built-in or added chain. A rule entry has exactly four attributes: ipv="ipv4|ipv6|eb" The IP family where the rule will be added. This can be either ipv4, ipv6 or eb. table="table" The table name where the rule will be added. This can be one of the tables that can be used for iptables, ip6tables or ebtables. For the possible values, see TABLES section in the iptables, ip6tables or ebtables man pages. chain="chain" The name of the chain where the rule will be added. This can be either a built-in chain or a chain that has been created with the chain tag. If the chain name is a built-in chain, then the rule will be added to chain_direct, else the supplied chain name is used. chain_direct is created internally for all built-in chains to make sure that the added rules do not conflict with the rules created by firewalld. priority="priority" The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. The args can be any arguments of iptables or ip6tables, that do not conflict with the table or chain attributes. passthrough Is an optional element tag and can be used several times. It can be used to add rules to a built-in or added chain. A rule entry has exactly one attribute: ipv="ipv4|ipv6|eb" The IP family where the passthrough rule will be added. This can be either ipv4, ipv6 or eb. The args can be any arguments of iptables or ip6tables. The passthrough rule will be added to the chain directly. There is no mechanism like for the direct above. The user of the passthrough rule has to make sure that there will be no conflict with the rules created by firewalld. Caveats Depending on the value of FirewallBackend (see firewalld.conf5) direct rules behave differently in some scenarios. Packet accept/drop precedence Due to implementation details of netfilter inside the kernel, if FirewallBackend=nftables is used direct rules that ACCEPT packets don't actually cause the packets to be immediately accepted by the system. Those packets are still be subject to firewalld's nftables ruleset. This basically means there are two independent firewalls and packets must be accepted by both (iptables and nftables). As an aside, this scenario also occurs inside of nftables (again due to netfilter) if there are multiple chains attached to the same hook - it's not as simple as iptables vs nftables. There are a handful of options to workaround the ACCEPT issue: Rich Rules If a rich rule can be used, then they should always be preferred over direct rules. Rich Rules will be converted to the enabled FirewallBackend. See firewalld.richlanguage5. Blanket Accept Users can add an explicit accept to the nftables ruleset. This can be done by adding the interface or source to the trusted zone. This strategy is often employed by things that perform their own filtering such as: libvirt, podman, docker. Warning: This means firewalld will do no filtering on these packets. It must all be done via direct rules or out-of-band iptables rules. Selective Accept Alternatively, enable only the relevant service, port, address, or otherwise in the appropriate zone. Revert to the iptables backend A last resort is to revert to the iptables backend by setting FirewallBackend=iptables. Users should be aware that firewalld development focuses on the nftables backend. For direct rules that DROP packets the packets are immediately dropped regardless of the value of FirewallBackend. As such, there is no special consideration needed. Firewalld guarantees the above ACCEPT/DROP behavior by registering nftables hooks with a lower precedence than iptables hooks. Direct interface precedence With FirewallBackend=iptables firewalld's top-level internal rules apply before direct rules are executed. This includes rules to accept existing connections. In the past this has surprised users. As an example, if a user adds a direct rule to drop traffic on destination port 22 existing SSH sessions would continue to function, but new connections would be denied. With FirewallBackend=nftables direct rules were deliberately given a higher precedence than all other firewalld rules. This includes rules to accept existing connections. Example Denylisting of the networks 192.168.1.0/24 and 192.168.5.0/24 with logging and dropping early in the raw table: <?xml version="1.0" encoding="utf-8"?> <direct> <chain ipv="ipv4" table="raw" chain="denylist"/> <rule ipv="ipv4" table="raw" chain="PREROUTING" priority="0">-s 192.168.1.0/24 -j denylist</rule> <rule ipv="ipv4" table="raw" chain="PREROUTING" priority="1">-s 192.168.5.0/24 -j denylist</rule> <rule ipv="ipv4" table="raw" chain="denylist" priority="0">-m limit --limit 1/min -j LOG --log-prefix "denylisted: "</rule> <rule ipv="ipv4" table="raw" chain="denylist" priority="1">-j DROP</rule> </direct> &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.helper.xml0000644000000000000000000001273314217342322021005 0ustar00rootroot00000000000000 ]> firewalld.helper firewalld &authors; firewalld.helper 5 firewalld.helper firewalld helper configuration files /firewalld/helpers/helper.xml /lib/firewalld/helpers/helper.xml Description A firewalld helper configuration file provides the information of a helper entry for firewalld. The most important configuration options are ports, family and module. This example configuration file shows the structure of a helper configuration file: <?xml version="1.0" encoding="utf-8"?> <helper module="nf_conntrack_module" [family="ipv4|ipv6"]> <short>short</short> <description>description</description> <port portid[-portid]" protocol="tcp|udp|sctp|dccp"/> </helper> Options The config can contain these tags and attributes. Some of them are mandatory, others optional. helper The mandatory helper start and end tag defines the helper. This tag can only be used once in a helper configuration file. There is one mandatory and also optional attributes for helper: module="string" The mandatory module of the helper. This is one of the netfilter conntrack helper modules. The name starts with nf_conntrack_. family="ipv4|ipv6" The optional family of the helper. This can be one of these ipv types: ipv4 or ipv6. If the family is not specified, then the helper is usable for IPv4 and IPv6. version="string" To give the helper a version. short Is an optional start and end tag and is used to give a helper a more readable name. description Is an optional start and end tag to have a description for a helper. port Is an mandatory empty-element tag and can be used several times to have more than one port entry. All attributes of a port entry are mandatory: port="string" The port string can be a single port number or a port range portid-portid or also empty to match a protocol only. protocol="string" The protocol value can either be , , or . &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.icmptype.xml0000644000000000000000000001043214217342322021352 0ustar00rootroot00000000000000 ]> firewalld.icmptype firewalld &authors; firewalld.icmptype 5 firewalld.icmptype firewalld icmptype configuration files /firewalld/icmptypes/icmptype.xml /lib/firewalld/icmptypes/icmptype.xml Description A firewalld icmptype configuration file provides the information for an Internet Control Message Protocol (ICMP) type for firewalld. This example configuration file shows the structure of an icmptype configuration file: <?xml version="1.0" encoding="utf-8"?> <icmptype> <short>My Icmptype</short> <description>description</description> <destination ipv4="yes" ipv6="yes"/> </icmptype> Options The config can contain these tags and attributes. Some of them are mandatory, others optional. icmptype The mandatory icmptype start and end tag defines the icmptype. This tag can only be used once in an icmptype configuration file. This tag has optional attributes: version="string" To give the icmptype a version. short Is an optional start and end tag and is used to give an icmptype a more readable name. description Is an optional start and end tag to have a description for a icmptype. destination Is an optional empty-element tag and can be used only once. The destination tag specifies if an icmptype entry is available for IPv4 and/or IPv6. The default is IPv4 and IPv6, where this tag can be missing. ipv4="bool" Describes if the icmptype is available for IPv4. ipv6="bool" Describes if the icmptype is available for IPv6. &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.ipset.xml0000644000000000000000000001231214217342322020643 0ustar00rootroot00000000000000 ]> firewalld.ipset firewalld &authors; firewalld.ipset 5 firewalld.ipset firewalld ipset configuration files /firewalld/ipsets/ipset.xml /lib/firewalld/ipsets/ipset.xml Description A firewalld ipset configuration file provides the information of an ip set for firewalld. The most important configuration options are type, option and entry. This example configuration file shows the structure of an ipset configuration file: <?xml version="1.0" encoding="utf-8"?> <ipset type="hash:ip"> <short>My Ipset</short> <description>description</description> <entry>1.2.3.4</entry> <entry>1.2.3.5</entry> <entry>1.2.3.6</entry> </ipset> Options The config can contain these tags and attributes. Some of them are mandatory, others optional. ipset The mandatory ipset start and end tag defines the ipset. This tag can only be used once in a ipset configuration file. There is one mandatory and also optional attributes for ipsets: type="string" The mandatory type of the ipset. To get the list of supported types, use firewall-cmd --get-ipset-types. version="string" To give the ipset a version. short Is an optional start and end tag and is used to give an ipset a more readable name. description Is an optional start and end tag to have a description for a ipset. option Is an optional empty-element tag and can be used several times to have more than one option. Mostly all attributes of an option entry are mandatory: name="string" The mandatory option name string. value="string" The optional value of the option. The supported options are: family: "inet"|"inet6", timeout: integer, hashsize: integer, maxelem: integer. For more information on these options, please have a look at the ipset documentation. entry Is an optional start and end tag and can be used several times to have more than one entry entry. An entry entry does not have attributes. &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.lockdown-whitelist.xml0000644000000000000000000001324514217342322023357 0ustar00rootroot00000000000000 ]> firewalld.lockdown-whitelist firewalld &authors; firewalld.lockdown-whitelist 5 firewalld.lockdown-whitelist firewalld lockdown whitelist configuration file /firewalld/lockdown-whitelists.xml Description The firewalld lockdown-whitelist configuration file contains the selinux contexts, commands, users and user ids that are white-listed when firewalld lockdown feature is enabled (see firewalld.conf5 and firewall-cmd1). This example configuration file shows the structure of an lockdown-whitelist file: <?xml version="1.0" encoding="utf-8"?> <whitelist> <selinux context="selinuxcontext"/> <command name="commandline[*]"/> <user {name="username|id="userid"}/> </whitelist> Options The config can contain these tags and attributes. Some of them are mandatory, others optional. whitelist The mandatory whitelist start and end tag defines the lockdown-whitelist. This tag can only be used once in a lockdown-whitelist configuration file. There are no attributes for this. selinux Is an optional empty-element tag and can be used several times to have more than one selinux contexts entries. A selinux entry has exactly one attribute: context="string" The context is the security (SELinux) context of a running application or service. To get the context of a running application use ps -e --context and search for the application that should be white-listed. Warning: If the context of an application is unconfined, then this will open access for more than the desired application. command Is an optional empty-element tag and can be used several times to have more than one command entry. A command entry has exactly one attribute: name="string" The command string is a complete command line including path and also attributes. If a command entry ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the absolute command inclusive arguments must match. Commands for user root and others is not always the same, the used path depends on the use of the PATH environment variable. user Is an optional empty-element tag and can be used several times to white-list more than one user. A user entry has exactly one attribute of these: name="string" The user with the name string will be white-listed. id="integer" The user with the id userid will be white-listed. &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.richlanguage.xml0000644000000000000000000005107114217342322022155 0ustar00rootroot00000000000000 ]> firewalld.richlanguage firewalld &authors; firewalld.richlanguage 5 firewalld.richlanguage Rich Language Documentation Description With the rich language more complex firewall rules can be created in an easy to understand way. The language uses keywords with values and is an abstract representation of ip*tables rules. The rich language extends the current zone elements (service, port, icmp-block, icmp-type, masquerade, forward-port and source-port) with additional source and destination addresses, logging, actions and limits for logs and actions. This page describes the rich language used in the command line client and D-Bus interface. For information about the rich language representation used in the zone configuration files, please have a look at firewalld.zone5. A rule is part of a zone. One zone can contain several rules. If some rules interact/contradict, the first rule that matches "wins". General rule structure rule [source] [destination] service|port|protocol|icmp-block|icmp-type|masquerade|forward-port|source-port [log|nflog] [audit] [accept|reject|drop|mark] The complete rule is provided as a single line string. A destination is allowed here as long as it does not conflict with the destination of a service. Rule structure for source black or white listing rule source [log|nflog] [audit] accept|reject|drop|mark This is used to grant or limit access from a source to this machine or machines that are reachable by this machine. A destination is not allowed here. Important information about element options: Options for elements in a rule need to be added exactly after the element. If the option is placed somewhere else it might be used for another element as far as it matches the options of the other element or will result in a rule error. Rule rule [family="ipv4|ipv6"] [priority="priority"] If the rule family is provided, it can be either "ipv4" or "ipv6", which limits the rule to IPv4 or IPv6. If the rule family is not provided, the rule will be added for IPv4 and IPv6. If source or destination addresses are used in a rule, then the rule family need to be provided. This is also the case for port/packet forwarding. If the rule priority is provided, it can be in the range of -32768 to 32767 where lower values have higher precendence. Rich rules are sorted by priority. Ordering for rules with the same priority value is undefined. A negative priority value will be executed before other firewalld primitives. A positive priority value will be executed after other firewalld primitives. A priority value of 0 will place the rule in a chain based on the action as per the "Information about logging and actions" below. Source source [not] address="address[/mask]"|mac="mac-address"|ipset="ipset" With the source address the origin of a connection attempt can be limited to the source address. An address is either a single IP address, or a network IP address, a MAC address or an IPSet. The address has to match the rule family (IPv4/IPv6). Subnet mask is expressed in either dot-decimal (/x.x.x.x) or prefix (/x) notations for IPv4, and in prefix notation (/x) for IPv6 network addresses. It is possible to invert the sense of an address by adding before . All but the specified address will match then. Destination destination [not] address="address[/mask]"|ipset="ipset" With the destination address the target can be limited to the destination address. The destination address is using the same syntax as the source address. The use of source and destination addresses is optional and the use of a destination addresses is not possible with all elements. This depends on the use of destination addresses for example in service entries. Service service name="service name" The service service name will be added to the rule. The service name is one of the firewalld provided services. To get a list of the supported services, use firewall-cmd --get-services. If a service provides a destination address, it will conflict with a destination address in the rule and will result in an error. The services using destination addresses internally are mostly services using multicast. Port port port="port value" protocol="tcp|udp" The port port value can either be a single port number portid or a port range portid-portid. The protocol can either be tcp or udp. Protocol protocol value="protocol value" The protocol value can be either a protocol id number or a protocol name. For allowed protocol entries, please have a look at /etc/protocols. Tcp-Mss-Clamp tcp-mss-clamp="value=pmtu|value=number >= 536|None" The tcp-mss-clamp sets the maximum segment size in the rule. The tcp-mss-clamp has an optional attribute value can be either be set to "pmtu" or a number greater than or equal to 536. If attribute value is not present then the maximum segment size is automatically set to "pmtu". ICMP-Block icmp-block name="icmptype name" The icmptype is the one of the icmp types firewalld supports. To get a listing of supported icmp types: firewall-cmd --get-icmptypes It is not allowed to specify an action here. icmp-block uses the action reject internally. Masquerade masquerade Turn on masquerading in the rule. A source and also a destination address can be provided to limit masquerading to this area. It is not allowed to specify an action here. Note: IP forwarding will be implicitly enabled. ICMP-Type icmp-type name="icmptype name" The icmptype is the one of the icmp types firewalld supports. To get a listing of supported icmp types: firewall-cmd --get-icmptypes Forward-Port forward-port port="port value" protocol="tcp|udp" to-port="port value" to-addr="address" Forward port/packets from local port value with protocol "tcp" or "udp" to either another port locally or to another machine or to another port on another machine. The port value can either be a single port number or a port range portid-portid. The is an IP address. It is not allowed to specify an action here. forward-port uses the action accept internally. Note: IP forwarding will be implicitly enabled if is specified. Source-Port source-port port="port value" protocol="tcp|udp" The source-port port value can either be a single port number portid or a port range portid-portid. The protocol can either be tcp or udp. Log log [prefix="prefix text"] [level="log level"] [limit value="rate/duration"] Log new connection attempts to the rule with kernel logging for example in syslog. You can define a prefix text with a maximum length of 127 characters that will be added to the log message as a prefix. Log level can be one of "", "", "", "", "", "", "" or "", where default (i.e. if there's no one specified) is "". See syslog3 for description of levels. See Limit section for description of tag. Note: The iptables backend truncates prefix to 29 characters. NFLog nflog [group="group id"] [prefix="prefix text"] [queue-size="threshold"] [limit value="rate/duration"] Log new connection attempts to the rule using kernel logging to pass the packets through a 'netlink' socket to users or applications monitoring the multicast . The minimum and default value for is 0, maximum value is 65535. See NETLINK_NETFILTER in netlink7 man page and NFLOG in both iptables-extensions8 and nft8 man pages for a more detailed description. You can define a prefix text with a maximum length of 127 characters that will be added to the log message as a prefix. The option can be set to increase the queue threshold which can help limit context switching. The default value for is 1, maximum value is 65535. See iptables-extensions8 and nft8 for more details. See Limit section for description of tag. Note: The iptables backend truncates prefix to 63 characters. Audit audit [limit value="rate/duration"] Audit provides an alternative way for logging using audit records sent to the service auditd. Audit type will be discovered from the rule action automatically. Use of audit is optional. See Limit section for description of tag. Action An action can be one of , , or . The rule can either contain an element or also a source only. If the rule contains an element, then new connection matching the element will be handled with the action. If the rule does not contain an element, then everything from the source address will be handled with the action. accept [limit value="rate/duration"] reject [type="reject type"] [limit value="rate/duration"] drop [limit value="rate/duration"] mark set="mark[/mask]" [limit value="rate/duration"] With all new connection attempts will be granted. With they will not be accepted and their source will get a reject ICMP(v6) message. The reject type can be set to specify appropriate ICMP(v6) error message. For valid reject types see in iptables-extensions8 man page. Because reject types are different for IPv4 and IPv6 you have to specify rule family when using reject type. With all packets will be dropped immediately, there is no information sent to the source. With all packets will be marked in the chain in the table with the mark and mask combination. See Limit section for description of tag. Limit limit value="rate/duration" It is possible to limit Log, NFLog, Audit and Action. A rule using this tag will match until this limit is reached. The rate is a natural positive number [1, ..] The duration is of "s", "m", "h", "d". "s" means seconds, "m" minutes, "h" hours and "d" days. Maximum limit value is "2/d", which means at maximum two matches per day. Information about logging and actions Logging can be done with the log, nflog and audit actions. A new chain is added to all zones: zone_log. This will be jumped into before the deny chain to be able to have a proper ordering. The rules or parts of them are placed in separate chains according to the priority and action of the rule: zone_pre zone_log zone_deny zone_allow zone_post When priority < 0, the rich rule will be placed in the zone_pre chain. When priority == 0 Then all logging rules will be placed in the zone_log chain. All reject and drop rules will be placed in the zone_deny chain, which will be walked after the log chain. All accept rules will be placed in the zone_allow chain, which will be walked after the deny chain. If a rule contains log and also deny or allow actions, the parts are placed in the matching chains. When priority > 0, the rich rule will be placed in the zone_post chain. Examples These are examples of how to specify rich language rules. This format (i.e. one string that specifies whole rule) uses for example (see firewall-cmd1) as well as D-Bus interface. Example 1 Enable new IPv4 and IPv6 connections for protocol 'ah' rule protocol value="ah" accept Example 2 Allow new IPv4 and IPv6 connections for service ftp and log 1 per minute using audit rule service name="ftp" log limit value="1/m" audit accept Example 3 Allow new IPv4 connections from address 192.168.0.0/24 for service tftp and log 1 per minutes using syslog rule family="ipv4" source address="192.168.0.0/24" service name="tftp" log prefix="tftp" level="info" limit value="1/m" accept Example 4 New IPv6 connections from 1:2:3:4:6:: to service radius are all rejected and logged at a rate of 3 per minute. New IPv6 connections from other sources are accepted. rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns" level="info" limit value="3/m" reject rule family="ipv6" service name="radius" accept Example 5 Forward IPv6 port/packets receiving from 1:2:3:4:6:: on port 4011 with protocol tcp to 1::2:3:4:7 on port 4012 rule family="ipv6" source address="1:2:3:4:6::" forward-port to-addr="1::2:3:4:7" to-port="4012" protocol="tcp" port="4011" Example 6 White-list source address to allow all connections from 192.168.2.2 rule family="ipv4" source address="192.168.2.2" accept Example 7 Black-list source address to reject all connections from 192.168.2.3 rule family="ipv4" source address="192.168.2.3" reject type="icmp-admin-prohibited" Example 8 Black-list source address to drop all connections from 192.168.2.4 rule family="ipv4" source address="192.168.2.4" drop &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.service.xml0000644000000000000000000002262714217342322021171 0ustar00rootroot00000000000000 ]> firewalld.service firewalld &authors; firewalld.service 5 firewalld.service firewalld service configuration files /firewalld/services/service.xml /lib/firewalld/services/service.xml Description A firewalld service configuration file provides the information of a service entry for firewalld. The most important configuration options are ports, modules and destination addresses. This example configuration file shows the structure of a service configuration file: <?xml version="1.0" encoding="utf-8"?> <service> <short>My Service</short> <description>description</description> <port port="137" protocol="tcp"/> <protocol value="igmp"/> <module name="nf_conntrack_netbios_ns"/> <destination ipv4="224.0.0.251" ipv6="ff02::fb"/> <include service="ssdp"/> <helper name="ftp"/> </service> Options The config can contain these tags and attributes. Some of them are mandatory, others optional. service The mandatory service start and end tag defines the service. This tag can only be used once in a service configuration file. There are optional attributes for services: version="string" To give the service a version. short Is an optional start and end tag and is used to give an service a more readable name. description Is an optional start and end tag to have a description for a service. port Is an optional empty-element tag and can be used several times to have more than one port entry. All attributes of a port entry are mandatory: port="string" The port string can be a single port number or a port range portid-portid or also empty to match a protocol only. protocol="string" The protocol value can either be tcp, udp, sctp or dccp. For compatibility with older firewalld versions, it is possible to add protocols with the port option where the port is empty. With the addition of native protocol support in the service, this it not needed anymore. These entries will automatically be converted to protocols. With the next modification of the service file, the enries will be listed as protocols. protocol Is an optional empty-element tag and can be used several times to have more than one protocol entry. A protocol entry has exactly one attribute: value="string" The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. source-port Is an optional empty-element tag and can be used several times to have more than one source port entry. All attributes of a source port entry are mandatory: port="string" The port string can be a single port number or a port range portid-portid. protocol="string" The protocol value can either be tcp, udp, sctp or dccp. module This element is deprecated. Please use helper described below in . destination Is an optional empty-element tag and can be used only once. The destination specifies the destination network as a network IP address (optional with /mask), or a plain IP address. The use of hostnames is not recommended, because these will only be resolved at service activation and transmitted to the kernel. For more information in this element, please have a look at in iptables8 and ip6tables8. ipv4="address[/mask]" The IPv4 destination address with optional mask. ipv6="address[/mask]" The IPv6 destination address with optional mask. include Is an optional empty-element tag and can be used several times to have more than one include entry. An include entry has exactly one attribute: service="string" The include can be any service supported by firewalld. Warning:Firewalld will only check that the included service is a valid service if it's applied to a zone. helper Is an optional empty-element tag and can be used several times to have more than one helper entry. An helper entry has exactly one attribute: name="string" The helper can be any helper supported by firewalld. &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.zone.xml0000644000000000000000000001637414217342322020506 0ustar00rootroot00000000000000 ]> firewalld.zone firewalld &authors; firewalld.zone 5 firewalld.zone firewalld zone configuration files /firewalld/zones/zone.xml /lib/firewalld/zones/zone.xml Description A firewalld zone configuration file contains the information for a zone. These are the zone description, services, ports, protocols, icmp-blocks, masquerade, forward-ports, intra-zone forwarding and rich language rules in an XML file format. The file name has to be zone_name.xml where length of zone_name is currently limited to 17 chars. This is the structure of a zone configuration file: <?xml version="1.0" encoding="utf-8"?> <zone [version="versionstring"] [target="ACCEPT|%%REJECT%%|DROP"]> [ <interface name="string"/> ] [ <source address="address[/mask]"|mac="MAC"|ipset="ipset"/> ] [ <icmp-block-inversion/> ] [ <forward/> ] &policy_zone_syntax; </zone> The config can contain these tags and attributes. Some of them are mandatory, others optional. zone The mandatory zone start and end tag defines the zone. This tag can only be used once in a zone configuration file. There are optional attributes for zones: version="string" To give the zone a version. target="ACCEPT|%%REJECT%%|DROP" Can be used to accept, reject or drop every packet that doesn't match any rule (port, service, etc.). The ACCEPT target is used in trusted zone to accept every packet not matching any rule. The %%REJECT%% target is used in block zone to reject (with default firewalld reject type) every packet not matching any rule. The DROP target is used in drop zone to drop every packet not matching any rule. If the target is not specified, every packet not matching any rule will be rejected. interface Is an optional empty-element tag and can be used several times. It can be used to bind an interface to a zone. You don't need this for NetworkManager-managed interfaces, because NetworkManager binds interfaces to zones automatically. See also 'How to set or change a zone for a connection?' in firewalld.zones5. You can use it as a fallback mechanism for interfaces that can't be managed via NetworkManager. An interface entry has exactly one attribute: name="string" The name of the interface to be bound to the zone. source Is an optional empty-element tag and can be used several times. It can be used to bind a source address, address range, a MAC address or an ipset to a zone. A source entry has exactly one of these attributes: address="address/mask" The source is either an IP address or a network IP address with a mask for IPv4 or IPv6. The network family (IPv4/IPv6) will be automatically discovered. For IPv4, the mask can be a network mask or a plain number. For IPv6 the mask is a plain number. The use of host names is not supported. mac="MAC" The source is a MAC address. It must be of the form XX:XX:XX:XX:XX:XX. ipset="ipset" The source is an ipset. icmp-block-inversion Is an optional empty-element tag and can be used only once in a zone configuration. This flag inverts the icmp block handling. Only enabled ICMP types are accepted and all others are rejected in the zone. forward Is an optional empty-element tag and can be used only once in a zone configuration. This flag enables intra-zone forwarding. When enabled, packets will be forwarded between interfaces or sources within a zone, even if the zone's target is not set to ACCEPT. &policy_zone_descriptions; &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.zones.xml0000644000000000000000000002217614217342322020666 0ustar00rootroot00000000000000 ]> firewalld.zones firewalld &authors; firewalld.zones 5 firewalld.zones firewalld zones Description What is a zone? A network zone defines the level of trust for network connections. This is a one to many relation, which means that a connection can only be part of one zone, but a zone can be used for many network connections. The zone defines the firewall features that are enabled in this zone: Intra Zone Forwarding Allows packets received by a zone to be forwarded to other interfaces or sources within the same zone, even if the zone's target is not ACCEPT. Predefined services A service is a combination of port and/or protocol entries. Optionally netfilter helper modules can be added and also a IPv4 and IPv6 destination address. Ports and protocols Definition of tcp or udp ports, where ports can be a single port or a port range. ICMP blocks Blocks selected Internet Control Message Protocol (ICMP) messages. These messages are either information requests or created as a reply to information requests or in error conditions. ICMP block inversion Changes how ICMP messages are handled. When enabled, all ICMP message types are blocked, except for those in the ICMP block list. Masquerading The addresses of a private network are mapped to and hidden behind a public IP address. This is a form of address translation. Forward ports A forward port is either mapped to the same port on another host or to another port on the same host or to another port on another host. Rich language rules The rich language extends the elements (service, port, icmp-block, masquerade, forward-port and source-port) with additional source and destination addresses, logging, actions and limits for logs and actions. It can also be used for host or network white and black listing (for more information, please have a look at firewalld.richlanguage5). For more information on the zone file format, please have a look at firewalld.zone5. Which zones are available? Here are the zones provided by firewalld sorted according to the default trust level of the zones from untrusted to trusted: drop Any incoming network packets are dropped, there is no reply. Only outgoing network connections are possible. block Any incoming network connections are rejected with an icmp-host-prohibited message for IPv4 and icmp6-adm-prohibited for IPv6. Only network connections initiated within this system are possible. public For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. external For use on external networks with masquerading enabled especially for routers. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. dmz For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted. work For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. home For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. internal For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted. trusted All network connections are accepted. Which zone should be used? A public WIFI network connection for example should be mainly untrusted, a wired home network connection should be fairly trusted. Select the zone that best matches the network you are using. How to configure or add zones? To configure or add zones you can either use one of the firewalld interfaces to handle and change the configuration: These are the graphical configuration tool firewall-config, the command line tool firewall-cmd or the D-Bus interface. Or you can create or copy a zone file in one of the configuration directories. /lib/firewalld/zones is used for default and fallback configurations and /firewalld/zones is used for user created and customized configuration files. How to set or change a zone for a connection? The zone is stored into the ifcfg of the connection with option. If the option is missing or empty, the default zone set in firewalld is used. If the connection is controlled by NetworkManager, you can also use nm-connection-editor to change the zone. For the addion or change of interfaces that are not under control of NetworkManager: firewalld tries to change the ZONE setting in the ifcfg file, if an ifcfg file exists that is using the interface. Only for the removal of interfaces that are not under control of NetworkManager: firewalld is not trying to change the ZONE setting in the ifcfg file. This is needed to make sure that an ifdown of the interface will not result in a reset of the zone setting to the default zone. Only the zone binding is then removed in firewalld then. &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.policy.xml0000644000000000000000000001303114217342322021015 0ustar00rootroot00000000000000 ]> firewalld.policy firewalld &authors; firewalld.policy 5 firewalld.policy firewalld policy configuration files /firewalld/policies/policy.xml /lib/firewalld/policies/policy.xml Description A firewalld policy configuration file contains the information for a policy. These are the policy descriptions, services, ports, protocols, icmp-blocks, masquerade, forward-ports and rich language rules in an XML file format. The file name has to be policy_name.xml where length of policy_name is currently limited to 17 chars. This is the structure of a policy configuration file: <?xml version="1.0" encoding="utf-8"?> <policy [version="versionstring"] [target="CONTINUE|ACCEPT|REJECT|DROP"] [priority="priority"]> [ <ingress-zone name="zone"/> ] [ <egress-zone name="zone"/> ] &policy_zone_syntax; </policy> The config can contain these tags and attributes. Some of them are mandatory, others optional. policy The mandatory policy start and end tag defines the policy. This tag can only be used once in a policy configuration file. There are optional attributes for policy: version="string" To give the policy a version. target="CONTINUE|ACCEPT|REJECT|DROP" Can be used to accept, reject or drop every packet that doesn't match any rule (port, service, etc.). The CONTINUE is the default and used for policies that are non-terminal. ingress-zone An optional element that can be used several times. It can be the name of a firewalld zone or one of the symbolic zones: HOST, ANY. See firewalld.policies5 for information about symbolic zones. egress-zone An optional element that can be used several times. It can be the name of a firewalld zone or one of the symbolic zones: HOST, ANY. See firewalld.policies5 for information about symbolic zones. &policy_zone_descriptions; &seealso; ¬es; firewalld-1.1.1/doc/xml/firewalld.policies.xml0000644000000000000000000002045314217342322021333 0ustar00rootroot00000000000000 ]> firewalld.policies firewalld &authors; firewalld.policies 5 firewalld.policies firewalld policies Description What is a policy? A policy applies a set of rules to traffic flowing between between zones (see zones (see firewalld.zones 5 ). The policy affects traffic in a stateful unidirectional manner, e.g. zoneA to zoneB. This allows asynchronous filtering policies. A policy's relationship to zones is defined by assigning a set of ingress zones and a set of egress zones. For example, if the set of ingress zones contains "public" and the set of egress zones contains "internal" then the policy will affect all traffic flowing from the "public" zone to the "internal" zone. However, since policies are unidirectional it will not apply to traffic flowing from "internal" to "public". Note that the ingress set and egress set can contain multiple zones. Active Policies Policies only become active if all of the following are true. The ingress zones list contain at least one regular zone or a single symbolic zone. The egress zones list contain at least one regular zone or a single symbolic zone. For non symbolic zones, the zone must be active. That is, it must have interfaces or sources assigned to it. If the policy is not active then the policy has no effect. Symbolic Zones Regular zones are not enough to express every form of packet filtering. For example there is no zone to represent traffic flowing to or from the host running firewalld. As such, there are some symbolic zones to fill these gaps. However, symbolic zones are unique in that they're the only zone allowed in the ingress or egress zone sets. For example, you cannot use "public" and "HOST" in the ingress zones. Symbolic zones: HOST This symbolic zone is for traffic flowing to or from the host running firewalld. This corresponds to netfilter (iptables/nftables) chains INPUT and OUTPUT. If used in the egress zones list it will apply to traffic on the INPUT chain. If used in the ingress zones list it will apply to traffic on the OUTPUT chain. ANY This symbolic zone behaves like a wildcard for the ingress and egress zones. With the exception that it does not include "HOST". It's useful if you want a policy to apply to every zone. If used in the ingress zones list it will apply for traffic originating from any zone. If used in the egress zones list it will apply for traffic destined to any zone. Predefined Policies firewalld ships with some predefined policies. These may or may not be active by default. For details see the description of each policy. allow-host-ipv6 Similarity to Zones Policies are similar to zones in that they are an attachment point for firewalld's primitives: services, ports, forward ports, etc. This is not a coincidence. Policies are a generalization of how zones have traditionally achieved filtering. In fact, in modern firewalld zones are internally implemented as a set of policies. The main difference between policies and zones is that policies allow filtering in all directions: input, output, and forwarding. With a couple of exceptions zones only allow input filtering which is sufficient for an end station firewalling. However, for network level filtering or filtering on behalf of virtual machines and containers something more flexible, i.e. policies, are needed. &seealso; ¬es; firewalld-1.1.1/doc/xml/authors.xml0000644000000000000000000000243714217342322017243 0ustar00rootroot00000000000000 Developer Thomas Woerner twoerner@redhat.com Developer Jiri Popelka jpopelka@redhat.com Developer Eric Garver eric@garver.life firewalld-1.1.1/doc/xml/notes.xml0000644000000000000000000000237414217342322016706 0ustar00rootroot00000000000000 Notes firewalld home page: More documentation with examples: firewalld-1.1.1/doc/xml/seealso.xml0000644000000000000000000000604214217342322017205 0ustar00rootroot00000000000000 See Also firewall-applet1 firewalld1 firewall-cmd1 firewall-config1 firewalld.conf5 firewalld.direct5 firewalld.dbus5 firewalld.icmptype5 firewalld.lockdown-whitelist5 firewall-offline-cmd1 firewalld.richlanguage5 firewalld.service5 firewalld.zone5 firewalld.zones5 firewalld.policy5 firewalld.policies5 firewalld.ipset5 firewalld.helper5 firewalld-1.1.1/doc/xml/errorcodes.xml0000644000000000000000000001150414217353163017725 0ustar00rootroot00000000000000ALREADY_ENABLED11NOT_ENABLED12COMMAND_FAILED13NO_IPV6_NAT14PANIC_MODE15ZONE_ALREADY_SET16UNKNOWN_INTERFACE17ZONE_CONFLICT18BUILTIN_CHAIN19EBTABLES_NO_REJECT20NOT_OVERLOADABLE21NO_DEFAULTS22BUILTIN_ZONE23BUILTIN_SERVICE24BUILTIN_ICMPTYPE25NAME_CONFLICT26NAME_MISMATCH27PARSE_ERROR28ACCESS_DENIED29UNKNOWN_SOURCE30RT_TO_PERM_FAILED31IPSET_WITH_TIMEOUT32BUILTIN_IPSET33ALREADY_SET34MISSING_IMPORT35DBUS_ERROR36BUILTIN_HELPER37NOT_APPLIED38INVALID_ACTION100INVALID_SERVICE101INVALID_PORT102INVALID_PROTOCOL103INVALID_INTERFACE104INVALID_ADDR105INVALID_FORWARD106INVALID_ICMPTYPE107INVALID_TABLE108INVALID_CHAIN109INVALID_TARGET110INVALID_IPV111INVALID_ZONE112INVALID_PROPERTY113INVALID_VALUE114INVALID_OBJECT115INVALID_NAME116INVALID_FILENAME117INVALID_DIRECTORY118INVALID_TYPE119INVALID_SETTING120INVALID_DESTINATION121INVALID_RULE122INVALID_LIMIT123INVALID_FAMILY124INVALID_LOG_LEVEL125INVALID_AUDIT_TYPE126INVALID_MARK127INVALID_CONTEXT128INVALID_COMMAND129INVALID_USER130INVALID_UID131INVALID_MODULE132INVALID_PASSTHROUGH133INVALID_MAC134INVALID_IPSET135INVALID_ENTRY136INVALID_OPTION137INVALID_HELPER138INVALID_PRIORITY139INVALID_POLICY140INVALID_LOG_PREFIX141INVALID_NFLOG_GROUP142INVALID_NFLOG_QUEUE143MISSING_TABLE200MISSING_CHAIN201MISSING_PORT202MISSING_PROTOCOL203MISSING_ADDR204MISSING_NAME205MISSING_SETTING206MISSING_FAMILY207RUNNING_BUT_FAILED251NOT_RUNNING252NOT_AUTHORIZED253UNKNOWN_ERROR254 firewalld-1.1.1/doc/xml/transform-man.xsl.in0000644000000000000000000000250614217342322020752 0ustar00rootroot00000000000000 @PACKAGE_STRING@ @SYSCONFDIR@ @PREFIX@ \fI\fR \fI\fR \fI\fR firewalld-1.1.1/doc/xml/transform-html.xsl.in0000644000000000000000000000746714217342322021156 0ustar00rootroot00000000000000 @SYSCONFDIR@ @PREFIX@ .html

, firewalld-1.1.1/doc/xml/firewalld.xml.in0000644000000000000000000002702014217342322020127 0ustar00rootroot00000000000000 ]> firewalld firewalld &authors; firewalld 1 firewalld Dynamic Firewall Manager firewalld OPTIONS Description firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and has a separation of runtime and permanent configuration options. It also supports an interface for services or applications to add firewall rules directly. Options These are the command line options of firewalld: Prints a short help text and exists. Path to firewalld default configuration. This usually defaults to /usr/lib/firewalld. =level Set the debug level for firewalld to level. The range of the debug level is 1 (lowest level) to 10 (highest level). The debug output will be written to the firewalld log file /var/log/firewalld. Print garbage collector leak information. The collector runs every 10 seconds and if there are leaks, it prints information about the leaks. Turn off daemon forking. Force firewalld to run as a foreground process instead of as a daemon in the background. Disable writing pid file. By default the program will write a pid file. If the program is invoked with this option it will not check for an existing server process. Path to firewalld system (user) configuration. This usually defaults to /etc/firewalld. Concepts firewalld has a D-Bus interface for firewall configuration of services and applications. It also has a command line client for the user. Services or applications already using D-Bus can request changes to the firewall with the D-Bus interface directly. For more information on the firewalld D-Bus interface, please have a look at firewalld.dbus5. firewalld provides support for zones, predefined services and ICMP types and has a separation of runtime and permanent configuration options. Permanent configuration is loaded from XML files in /usr/lib/firewalld () or /etc/firewalld () (see ). If NetworkManager is not in use and firewalld gets started after the network is already up, the connections and manually created interfaces are not bound to the zone specified in the ifcfg file. The interfaces will automatically be handled by the default zone. firewalld will also not get notified about network device renames. All this also applies to interfaces that are not controlled by NetworkManager if NM_CONTROLLED=no is set. You can add these interfaces to a zone with firewall-cmd [--permanent] --zone=zone --add-interface=interface. If there is a @IFCFGDIR@/ifcfg-interface file, firewalld tries to change the ZONE=zone setting in this file. If firewalld gets reloaded, it will restore the interface bindings that were in place before reloading to keep interface bindings stable in the case of NetworkManager uncontrolled interfaces. This mechanism is not possible in the case of a firewalld service restart. It is essential to keep the ZONE= setting in the ifcfg file consistent to the binding in firewalld in the case of NetworkManager uncontrolled interfaces. Zones A network or firewall zone defines the trust level of the interface used for a connection. There are several pre-defined zones provided by firewalld. Zone configuration options and generic information about zones are described in firewalld.zone5 Services A service can be a list of local ports, protocols and destinations and additionally also a list of firewall helper modules automatically loaded if a service is enabled. Service configuration options and generic information about services are described in firewalld.service5. The use of predefined services makes it easier for the user to enable and disable access to a service. ICMP types The Internet Control Message Protocol (ICMP) is used to exchange information and also error messages in the Internet Protocol (IP). ICMP types can be used in firewalld to limit the exchange of these messages. For more information, please have a look at firewalld.icmptype5. Runtime configuration Runtime configuration is the actual active configuration and is not permanent. After reload/restart of the service or a system reboot, runtime settings will be gone if they haven't been also in permanent configuration. Permanent configuration The permanent configuration is stored in config files and will be loaded and become new runtime configuration with every machine boot or service reload/restart. Direct interface DEPRECATED The direct interface has been deprecated. It will be removed in a future release. It is superseded by policies, see firewalld.policies5. The direct interface is mainly used by services or applications to add specific firewall rules. It requires basic knowledge of ip(6)tables concepts (tables, chains, commands, parameters, targets). Directories firewalld supports two configuration directories: Default/Fallback configuration in <filename class="directory">/usr/lib/firewalld</filename> (<option>--default-config</option>) This directory contains the default and fallback configuration provided by firewalld for icmptypes, services and zones. The files provided with the firewalld package should not get changed and the changes are gone with an update of the firewalld package. Additional , and can be provided with packages or by creating files. System configuration settings in <filename class="directory">/etc/firewalld</filename> (<option>--system-config</option>) The system or user configuration stored here is either created by the system administrator or by customization with the configuration interface of firewalld or by hand. The files will overload the default configuration files. To manually change settings of pre-defined icmptypes, zones or services, copy the file from the default configuration directory to the corresponding directory in the system configuration directory and change it accordingly. For more information on icmptypes, please have a look at the firewalld.icmptype5 man page, for services at firewalld.service5 and for zones at firewalld.zone5. SIGNALS Currently only SIGHUP is supported. SIGHUP Reloads the complete firewall configuration. You can also use firewall-cmd --reload. All runtime configuration settings will be restored. Permanent configuration will change according to options defined in the configuration files. &seealso; ¬es; firewalld-1.1.1/doc/xml/firewall-cmd.xml.in0000644000000000000000000036372414217345545020554 0ustar00rootroot00000000000000 ]> firewall-cmd firewalld &authors; firewall-cmd 1 firewall-cmd firewalld command line client firewall-cmd OPTIONS Description firewall-cmd is the command line client of the firewalld daemon. It provides an interface to manage the runtime and permanent configurations. The runtime configuration in firewalld is separated from the permanent configuration. This means that things can get changed in the runtime or permanent configuration. Options Sequence options are the options that can be specified multiple times, the exit code is 0 if there is at least one item that succeeded. The ALREADY_ENABLED (11), NOT_ENABLED (12) and also ZONE_ALREADY_SET (16) errors are treated as succeeded. If there are issues while parsing the items, then these are treated as warnings and will not change the result as long as there is a succeeded one. Without any succeeded item, the exit code will depend on the error codes. If there is exactly one error code, then this is used. If there are more than one then UNKNOWN_ERROR (254) will be used. The following options are supported: General Options Prints a short help text and exits. Print the version string of firewalld. This option is not combinable with other options. Do not print status messages. Status Options Check whether the firewalld daemon is active (i.e. running). Returns an exit code 0 if it is active, RUNNING_BUT_FAILED if failure occurred on startup, NOT_RUNNING otherwise. See . This will also print the state to STDOUT. Reload firewall rules and keep state information. Current permanent configuration will become new runtime configuration, i.e. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration. Note: If FlushAllOnReload=no, runtime changes applied via the direct interface are not affected and will therefore stay in place until firewalld daemon is restarted completely. For FlushAllOnReload, see firewalld.conf5. Reload firewall completely, even netfilter kernel modules. This will most likely terminate active connections, because state information is lost. This option should only be used in case of severe firewall problems. For example if there are state information problems that no connection can be established with correct firewall rules. Note: If FlushAllOnReload=no, runtime changes applied via the direct interface are not affected and will therefore stay in place until firewalld daemon is restarted completely. For FlushAllOnReload, see firewalld.conf5. Save active runtime configuration and overwrite permanent configuration with it. The way this is supposed to work is that when configuring firewalld you do runtime changes only and once you're happy with the configuration and you tested that it works the way you want, you save the configuration to disk. Run checks on the permanent configuration. This includes XML validity and semantics. Log Denied Options Print the log denied setting. =value Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link-layer packet type. The possible values are: all, unicast, broadcast, multicast and off. The default setting is off, which disables the logging. This is a runtime and permanent change and will also reload the firewall to be able to add the logging rules. Permanent Options The permanent option can be used to set options permanently. These changes are not effective immediately, only after service restart/reload or system reboot. Without the option, a change will only be part of the runtime configuration. If you want to make a change in runtime and permanent configuration, use the same call with and without the option. The option can be optionally added to all options further down where it is supported. Zone Options Print default zone for connections and interfaces. =zone Set default zone for connections and interfaces where no zone has been selected. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone. This is a runtime and permanent change. Print currently active zones altogether with interfaces and sources used in these zones. Active zones are zones, that have a binding to an interface or source. The output format is: zone1 interfaces: interface1 interface2 .. sources: source1 .. zone2 interfaces: interface3 .. zone3 sources: source2 .. If there are no interfaces or sources bound to the zone, the corresponding line will be omitted. Print predefined zones as a space separated list. Print predefined services as a space separated list. Print predefined icmptypes as a space separated list. =interface Print the name of the zone the interface is bound to or no zone. =source/mask|MAC|ipset:ipset Print the name of the zone the source is bound to or no zone. Print information about the zone zone. The output format is: zone interfaces: interface1 .. sources: source1 .. services: service1 .. ports: port1 .. protocols: protocol1 .. forward-ports: forward-port1 .. source-ports: source-port1 .. icmp-blocks: icmp-type1 .. rich rules: rich-rule1 .. List everything added for or enabled in all zones. The output format is: zone1 interfaces: interface1 .. sources: source1 .. services: service1 .. ports: port1 .. protocols: protocol1 .. forward-ports: forward-port1 .. icmp-blocks: icmp-type1 .. rich rules: rich-rule1 .. .. =zone Add a new permanent and empty zone. Zone names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =zone Add a new permanent zone from a prepared zone file with an optional name override. =zone Delete an existing permanent zone. =zone Load zone default settings or report NO_DEFAULTS error. Print path of the zone configuration file. Policy Options Print predefined policies as a space separated list. =policy Print information about the policy policy. List everything added for or enabled in all policies. =policy Add a new permanent policy. Policy names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =policy Add a new permanent policy from a prepared policy file with an optional name override. =policy Print path of the policy configuration file. =policy Delete an existing permanent policy. =policy Load the shipped defaults for a policy. Only applies to policies shipped with firewalld. Does not apply to user defined policies. Options to Adapt and Query Zones and Policies Options in this section affect only one particular zone or policy. If used with =zone or =policy option, they affect the specified zone or policy. If both options are omitted, they affect the default zone (see ). =zone =policy List everything added or enabled. =zone =policy Get the target. =zone =policy =zone Set the target. For zones target is one of: default, ACCEPT, DROP, REJECT For policies target is one of: CONTINUE, ACCEPT, DROP, REJECT default is similar to REJECT, but it implicitly allows ICMP packets. =zone =policy =description Set description. =zone =policy Print description. =zone =policy =description Set short description. =zone =policy Print short description. =zone =policy List services added as a space separated list. =zone =policy =service =timeval Add a service. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The service is one of the firewalld provided services. To get a list of the supported services, use firewall-cmd --get-services. The option is not combinable with the option. Note: Some services define connection tracking helpers. Helpers that may operate in client mode (e.g. tftp) must be added to an outbound policy instead of a zone to take effect for clients. Otherwise the helper will not be applied to the outbound traffic. The related traffic, as defined by the connection tracking helper, on the return path (ingress) will be allowed by the stateful firewall rules. An example of an outbound policy for connection tracking helpers: # firewall-cmd --permanent --new-policy clientConntrack # firewall-cmd --permanent --policy clientConntrack --add-ingress-zone HOST # firewall-cmd --permanent --policy clientConntrack --add-egress-zone ANY # firewall-cmd --permanent --policy clientConntrack --add-service tftp =zone =policy =service Remove a service. This option can be specified multiple times. =zone =policy =service Return whether service has been added. Returns 0 if true, 1 otherwise. =zone =policy List ports added as a space separated list. A port is of the form portid-portid/protocol, it can be either a port and protocol pair or a port range with a protocol. =zone =policy =portid-portid/protocol =timeval Add the port. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The option is not combinable with the option. =zone =policy =portid-portid/protocol Remove the port. This option can be specified multiple times. =zone =policy =portid-portid/protocol Return whether the port has been added. Returns 0 if true, 1 otherwise. =zone =policy List protocols added as a space separated list. =zone =policy =protocol =timeval Add the protocol. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. The option is not combinable with the option. =zone =policy =protocol Remove the protocol. This option can be specified multiple times. =zone =policy =protocol Return whether the protocol has been added. Returns 0 if true, 1 otherwise. =zone =policy List source ports added as a space separated list. A port is of the form portid-portid/protocol. =zone =policy =portid-portid/protocol =timeval Add the source port. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The port can either be a single port number or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The option is not combinable with the option. =zone =policy =portid-portid/protocol Remove the source port. This option can be specified multiple times. =zone =policy =portid-portid/protocol Return whether the source port has been added. Returns 0 if true, 1 otherwise. =zone =policy List Internet Control Message Protocol (ICMP) type blocks added as a space separated list. =zone =policy =icmptype =timeval Add an ICMP block for icmptype. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The icmptype is the one of the icmp types firewalld supports. To get a listing of supported icmp types: firewall-cmd --get-icmptypes The option is not combinable with the option. =zone =policy =icmptype Remove the ICMP block for icmptype. This option can be specified multiple times. =zone =policy =icmptype Return whether an ICMP block for icmptype has been added. Returns 0 if true, 1 otherwise. =zone =policy List IPv4 forward ports added as a space separated list. For IPv6 forward ports, please use the rich language. =zone =policy =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask =timeval Add the IPv4 forward port. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. The port can either be a single port number portid or a port range portid-portid. The protocol can either be tcp, udp, sctp or dccp. The destination address is a simple IP address. The option is not combinable with the option. For IPv6 forward ports, please use the rich language. Note: IP forwarding will be implicitly enabled if is specified. =zone =policy =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Remove the IPv4 forward port. This option can be specified multiple times. For IPv6 forward ports, please use the rich language. =zone =policy =port=portid-portid:proto=protocol:toport=portid-portid:toaddr=address/mask Return whether the IPv4 forward port has been added. Returns 0 if true, 1 otherwise. For IPv6 forward ports, please use the rich language. =zone =policy =timeval Enable IPv4 masquerade. If a timeout is supplied, masquerading will be active for the specified amount of time. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. Masquerading is useful if the machine is a router and machines connected over an interface in another zone should be able to use the first connection. The option is not combinable with the option. For IPv6 masquerading, please use the rich language. Note: IP forwarding will be implicitly enabled. =zone =policy Disable IPv4 masquerade. If the masquerading was enabled with a timeout, it will be disabled also. For IPv6 masquerading, please use the rich language. =zone =policy Return whether IPv4 masquerading has been enabled. Returns 0 if true, 1 otherwise. For IPv6 masquerading, please use the rich language. =zone =policy List rich language rules added as a newline separated list. =zone =policy ='rule' =timeval Add rich language rule 'rule'. This option can be specified multiple times. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards. timeval is either a number (of seconds) or number followed by one of characters s (seconds), m (minutes), h (hours), for example 20m or 1h. For the rich language rule syntax, please have a look at firewalld.richlanguage5. The option is not combinable with the option. =zone =policy ='rule' Remove rich language rule 'rule'. This option can be specified multiple times. For the rich language rule syntax, please have a look at firewalld.richlanguage5. =zone =policy ='rule' Return whether a rich language rule 'rule' has been added. Returns 0 if true, 1 otherwise. For the rich language rule syntax, please have a look at firewalld.richlanguage5. Options to Adapt and Query Zones Options in this section affect only one particular zone. If used with =zone option, they affect the specified zone. If the option is omitted, they affect default zone (see ). =zone Enable ICMP block inversion. =zone Disable ICMP block inversion. =zone Return whether ICMP block inversion is enabled. Returns 0 if true, 1 otherwise. =zone Enable intra zone forwarding. =zone Disable intra zone forwarding. =zone Return whether intra zone forwarding is enabled. Returns 0 if true, 1 otherwise. Options to Adapt and Query Policies Options in this section affect only one particular policy. It's required to specify =policy with these options. =policy Get the priority. =policy priority Set the priority. The priority determines the relative ordering of policies. This is an integer value between -32768 and 32767 where -1 is the default value for new policies and 0 is reserved for internal use. If a priority is < 0, then the policy's rules will execute before all rules in all zones. If a priority is > 0, then the policy's rules will execute after all rules in all zones. =policy List ingress zones added as a space separated list. =policy =zone Add an ingress zone. This option can be specified multiple times. The ingress zone is one of the firewalld provided zones or one of the pseudo-zones: HOST, ANY. HOST is used for traffic originating from the host machine, i.e. the host running firewalld. ANY is used for traffic originating from any zone. This can be thought of as a wild card for zones. However it does not include traffic originating from the host machine - use HOST for that. =policy =zone Remove an ingress zone. This option can be specified multiple times. =policy =zone Return whether zone has been added. Returns 0 if true, 1 otherwise. =policy List egress zones added as a space separated list. =policy =zone Add an egress zone. This option can be specified multiple times. The egress zone is one of the firewalld provided zones or one of the pseudo-zones: HOST, ANY. For clarification on HOST and ANY see option . =policy =zone Remove an egress zone. This option can be specified multiple times. =policy =zone Return whether zone has been added. Returns 0 if true, 1 otherwise. Options to Handle Bindings of Interfaces Binding an interface to a zone means that this zone settings are used to restrict traffic via the interface. Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). For a list of predefined zones use firewall-cmd --get-zones. An interface name is a string up to 16 characters long, that may not contain , , and . =zone List interfaces that are bound to zone zone as a space separated list. If zone is omitted, default zone will be used. =zone =interface Bind interface interface to zone zone. If zone is omitted, default zone will be used. If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface. If this fails, the zone binding is created in firewalld and the limitations below apply. For interfaces that are not under control of NetworkManager, firewalld tries to change the ZONE setting in the ifcfg file, if the file exists. As a end user you don't need this in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to option from ifcfg-interface file) if NM_CONTROLLED=no is not set. You should do it only if there's no @IFCFGDIR@/ifcfg-interface file. If there is such file and you add interface to zone with this option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined. Please also have a look at the firewalld1 man page in the Concepts section. For permanent association of interface with a zone, see also 'How to set or change a zone for a connection?' in firewalld.zones5. =zone =interface If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface. If this fails, the zone binding is created in firewalld and the limitations below apply. For interfaces that are not under control of NetworkManager, firewalld tries to change the ZONE setting in the ifcfg file, if the file exists. Change zone the interface interface is bound to to zone zone. It's basically followed by . If the interface has not been bound to a zone before, it behaves like . If zone is omitted, default zone will be used. =zone =interface Query whether interface interface is bound to zone zone. Returns 0 if true, 1 otherwise. =interface If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface. If this fails, the zone binding is created in firewalld and the limitations below apply. For the addion or change of interfaces that are not under control of NetworkManager: firewalld tries to change the ZONE setting in the ifcfg file, if an ifcfg file exists that is using the interface. Only for the removal of interfaces that are not under control of NetworkManager: firewalld is not trying to change the ZONE setting in the ifcfg file. This is needed to make sure that an ifdown of the interface will not result in a reset of the zone setting to the default zone. Only the zone binding is then removed in firewalld then. Remove binding of interface interface from zone it was previously added to. Options to Handle Bindings of Sources Binding a source to a zone means that this zone settings will be used to restrict traffic from this source. A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6 or a MAC address or an ipset with the ipset: prefix. For IPv4, the mask can be a network mask or a plain number. For IPv6 the mask is a plain number. The use of host names is not supported. Options in this section affect only one particular zone. If used with =zone option, they affect the zone zone. If the option is omitted, they affect default zone (see ). For a list of predefined zones use firewall-cmd --get-zones. =zone List sources that are bound to zone zone as a space separated list. If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Bind the source to zone zone. If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Change zone the source is bound to to zone zone. It's basically followed by . If the source has not been bound to a zone before, it behaves like . If zone is omitted, default zone will be used. =zone =source/mask|MAC|ipset:ipset Query whether the source is bound to the zone zone. Returns 0 if true, 1 otherwise. =source/mask|MAC|ipset:ipset Remove binding of the source from zone it was previously added to. IPSet Options Print the supported ipset types. =ipset =type =inet|inet6 =key=value Add a new permanent and empty ipset with specifying the type and optional the family and options like timeout, hashsize and maxelem. For more information please have a look at ipset8 man page. ipset names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =ipset Add a new permanent ipset from a prepared ipset file with an optional name override. =ipset Delete an existing permanent ipset. =ipset Load ipset default settings or report NO_DEFAULTS error. Print information about the ipset ipset. The output format is: ipset type: type options: option1[=value1] .. entries: entry1 .. Print predefined ipsets as a space separated list. =ipset =description Set new description to ipset =ipset Print description for ipset =ipset =description Set short description to ipset =ipset Print short description for ipset =ipset =entry Add a new entry to the ipset. Adding an entry to an ipset with option timeout is permitted, but these entries are not tracked by firewalld. =ipset =entry Remove an entry from the ipset. =ipset =entry Return whether the entry has been added to an ipset. Returns 0 if true, 1 otherwise. Querying an ipset with a timeout will yield an error. Entries are not tracked for ipsets with a timeout. =ipset List all entries of the ipset. =ipset =filename Add a new entries to the ipset from the file. For all entries that are listed in the file but already in the ipset, a warning will be printed. The file should contain an entry per line. Lines starting with an hash or semicolon are ignored. Also empty lines. =ipset =filename Remove existing entries from the ipset from the file. For all entries that are listed in the file but not in the ipset, a warning will be printed. The file should contain an entry per line. Lines starting with an hash or semicolon are ignored. Also empty lines. Print path of the ipset configuration file. Service Options Options in this section affect only one particular service. Print information about the service service. The output format is: service ports: port1 .. protocols: protocol1 .. source-ports: source-port1 .. helpers: helper1 .. destination: ipv1:address1 .. The following options are only usable in the permanent configuration. =service Add a new permanent and empty service. Service names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =service Add a new permanent service from a prepared service file with an optional name override. =service Delete an existing permanent service. =service Load service default settings or report NO_DEFAULTS error. Print path of the service configuration file. =service =description Set new description to service =service Print description for service =service =description Set short description to service =service Print short description for service =service =portid-portid/protocol Add a new port to the permanent service. =service =portid-portid/protocol Remove a port from the permanent service. =service =portid-portid/protocol Return whether the port has been added to the permanent service. =service List ports added to the permanent service. =service =protocol Add a new protocol to the permanent service. =service =protocol Remove a protocol from the permanent service. =service =protocol Return whether the protocol has been added to the permanent service. =service List protocols added to the permanent service. =service =portid-portid/protocol Add a new source port to the permanent service. =service =portid-portid/protocol Remove a source port from the permanent service. =service =portid-portid/protocol Return whether the source port has been added to the permanent service. =service List source ports added to the permanent service. =service =helper Add a new helper to the permanent service. =service =helper Remove a helper from the permanent service. =service =helper Return whether the helper has been added to the permanent service. =service List helpers added to the permanent service. =service =ipv:address/mask Set destination for ipv to address[/mask] in the permanent service. =service =ipv Remove the destination for ipv from the permanent service. =service =ipv:address/mask Return whether the destination ipv to address[/mask] has been set in the permanent service. =service List destinations added to the permanent service. =service =service Add a new include to the permanent service. =service =service Remove a include from the permanent service. =service =service Return whether the include has been added to the permanent service. =service List includes added to the permanent service. Helper Options Options in this section affect only one particular helper. Print information about the helper helper. The output format is: helper family: family module: module ports: port1 .. The following options are only usable in the permanent configuration. =helper =nf_conntrack_module =ipv4|ipv6 Add a new permanent helper with module and optionally family defined. Helper names must be alphanumeric and may additionally include characters: '-'. =filename =helper Add a new permanent helper from a prepared helper file with an optional name override. =helper Delete an existing permanent helper. =helper Load helper default settings or report NO_DEFAULTS error. Print path of the helper configuration file. Print predefined helpers as a space separated list. =helper =description Set new description to helper =helper Print description for helper =helper =description Set short description to helper =helper Print short description for helper =helper =portid-portid/protocol Add a new port to the permanent helper. =helper =portid-portid/protocol Remove a port from the permanent helper. =helper =portid-portid/protocol Return whether the port has been added to the permanent helper. =helper List ports added to the permanent helper. =helper =description Set module description for helper =helper Print module description for helper =helper =description Set family description for helper =helper Print family description of helper Internet Control Message Protocol (ICMP) type Options Options in this section affect only one particular icmptype. Print information about the icmptype icmptype. The output format is: icmptype destination: ipv1 .. The following options are only usable in the permanent configuration. =icmptype Add a new permanent and empty icmptype. ICMP type names must be alphanumeric and may additionally include characters: '_' and '-'. =filename =icmptype Add a new permanent icmptype from a prepared icmptype file with an optional name override. =icmptype Delete an existing permanent icmptype. =icmptype Load icmptype default settings or report NO_DEFAULTS error. =icmptype =description Set new description to icmptype =icmptype Print description for icmptype =icmptype =description Set short description to icmptype =icmptype Print short description for icmptype =icmptype =ipv Enable destination for ipv in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype =ipv Disable destination for ipv in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype =ipv Return whether destination for ipv is enabled in permanent icmptype. ipv is one of ipv4 or ipv6. =icmptype List destinations in permanent icmptype. Print path of the icmptype configuration file. Direct Options DEPRECATED The direct interface has been deprecated. It will be removed in a future release. It is superseded by policies, see firewalld.policies5. The direct options give a more direct access to the firewall. These options require user to know basic iptables concepts, i.e. table (filter/mangle/nat/...), chain (INPUT/OUTPUT/FORWARD/...), commands (-A/-D/-I/...), parameters (-p/-s/-d/-j/...) and targets (ACCEPT/DROP/REJECT/...). Direct options should be used only as a last resort when it's not possible to use for example =service or ='rule'. Warning: Direct rules behavior is different depending on the value of FirewallBackend. See CAVEATS in firewalld.direct5. The first argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it will be for IPv4 (iptables8), with ipv6 for IPv6 (ip6tables8) and with eb for ethernet bridges (ebtables8). Get all chains added to all tables. This option concerns only chains previously added with . { ipv4 | ipv6 | eb } table Get all chains added to table table as a space separated list. This option concerns only chains previously added with . { ipv4 | ipv6 | eb } table chain Add a new chain with name chain to table table. Make sure there's no other chain with this name already. There already exist basic chains to use with direct options, for example INPUT_direct chain (see iptables-save | grep direct output for all of them). These chains are jumped into before chains for zones, i.e. every rule put into INPUT_direct will be checked before rules in zones. { ipv4 | ipv6 | eb } table chain Remove chain with name chain from table table. Only chains previously added with can be removed this way. { ipv4 | ipv6 | eb } table chain Return whether a chain with name chain exists in table table. Returns 0 if true, 1 otherwise. This option concerns only chains previously added with . Get all rules added to all chains in all tables as a newline separated list of the priority and arguments. This option concerns only rules previously added with . { ipv4 | ipv6 | eb } table chain Get all rules added to chain chain in table table as a newline separated list of the priority and arguments. This option concerns only rules previously added with . { ipv4 | ipv6 | eb } table chain priority args Add a rule with the arguments args to chain chain in table table with priority priority. The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. { ipv4 | ipv6 | eb } table chain priority args Remove a rule with priority and the arguments args from chain chain in table table. Only rules previously added with can be removed this way. { ipv4 | ipv6 | eb } table chain Remove all rules in the chain with name chain exists in table table. This option concerns only rules previously added with in this chain. { ipv4 | ipv6 | eb } table chain priority args Return whether a rule with priority and the arguments args exists in chain chain in table table. Returns 0 if true, 1 otherwise. This option concerns only rules previously added with . { ipv4 | ipv6 | eb } args Pass a command through to the firewall. args can be all iptables, ip6tables and ebtables command line arguments. This command is untracked, which means that firewalld is not able to provide information about this command later on, also not a listing of the untracked passthoughs. Get all passthrough rules as a newline separated list of the ipv value and arguments. { ipv4 | ipv6 | eb } Get all passthrough rules for the ipv value as a newline separated list of the priority and arguments. { ipv4 | ipv6 | eb } args Add a passthrough rule with the arguments args for the ipv value. { ipv4 | ipv6 | eb } args Remove a passthrough rule with the arguments args for the ipv value. { ipv4 | ipv6 | eb } args Return whether a passthrough rule with the arguments args exists for the ipv value. Returns 0 if true, 1 otherwise. Lockdown Options Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt) or are authenticated using PolicyKit. With this feature administrators can lock the firewall configuration so that only applications on lockdown whitelist are able to request firewall changes. The lockdown access check limits D-Bus methods that are changing firewall rules. Query, list and get methods are not limited. The lockdown feature is a very light version of user and application policies for firewalld and is turned off by default. Enable lockdown. Be careful - if firewall-cmd is not on lockdown whitelist when you enable lockdown you won't be able to disable it again with firewall-cmd, you would need to edit firewalld.conf. This is a runtime and permanent change. Disable lockdown. This is a runtime and permanent change. Query whether lockdown is enabled. Returns 0 if lockdown is enabled, 1 otherwise. Lockdown Whitelist Options The lockdown whitelist can contain commands, contexts, users and user ids. If a command entry on the whitelist ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the absolute command inclusive arguments must match. Command paths for users are not always the same and depends on the users PATH. Some distributions symlink /bin to /usr/bin in which case it depends on the order they appear in the PATH environment variable. The context is the security (SELinux) context of a running application or service. To get the context of a running application use ps -e --context. Warning: If the context is unconfined, then this will open access for more than the desired application. The lockdown whitelist entries are checked in the following order: 1. context 2. uid 3. user 4. command List all command lines that are on the whitelist. =command Add the command to the whitelist. =command Remove the command from the whitelist. =command Query whether the command is on the whitelist. Returns 0 if true, 1 otherwise. List all contexts that are on the whitelist. =context Add the context context to the whitelist. =context Remove the context from the whitelist. =context Query whether the context is on the whitelist. Returns 0 if true, 1 otherwise. List all user ids that are on the whitelist. =uid Add the user id uid to the whitelist. =uid Remove the user id uid from the whitelist. =uid Query whether the user id uid is on the whitelist. Returns 0 if true, 1 otherwise. List all user names that are on the whitelist. =user Add the user name user to the whitelist. =user Remove the user name user from the whitelist. =user Query whether the user name user is on the whitelist. Returns 0 if true, 1 otherwise. Panic Options Enable panic mode. All incoming and outgoing packets are dropped, active connections will expire. Enable this only if there are serious problems with your network environment. For example if the machine is getting hacked in. This is a runtime only change. Disable panic mode. After disabling panic mode established connections might work again, if panic mode was enabled for a short period of time. This is a runtime only change. Returns 0 if panic mode is enabled, 1 otherwise. Examples For more examples see Example 1 Enable http service in default zone. This is runtime only change, i.e. effective until restart. firewall-cmd --add-service=http Example 2 Enable port 443/tcp immediately and permanently in default zone. To make the change effective immediately and also after restart we need two commands. The first command makes the change in runtime configuration, i.e. makes it effective immediately, until restart. The second command makes the change in permanent configuration, i.e. makes it effective after restart. firewall-cmd --add-port=443/tcp firewall-cmd --permanent --add-port=443/tcp Exit Codes On success 0 is returned. On failure the output is red colored and exit code is either 2 in case of wrong command-line option usage or one of the following error codes in other cases: String Code &errorcodes; Note that return codes of --query-* options are special: Successful queries return 0, unsuccessful ones return 1 unless an error occurred in which case the table above applies. &seealso; ¬es; firewalld-1.1.1/doc/xml/policy_zone_syntax.xml0000644000000000000000000001160414217342322021512 0ustar00rootroot00000000000000 [ <short>short description</short> ] [ <description>description</description> ] [ <service name="string"/> ] [ <port port="portid[-portid]" protocol="tcp|udp|sctp|dccp"/> ] [ <protocol value="protocol"/> ] [ <icmp-block name="string"/> ] [ <masquerade/> ] [ <forward-port port="portid[-portid]" protocol="tcp|udp|sctp|dccp" [to-port="portid[-portid]"] [to-addr="IP address"]/> ] [ <source-port port="portid[-portid]" protocol="tcp|udp|sctp|dccp"/> ] [ <rule [family="ipv4|ipv6"]> [ <source address="address[/mask]"|mac="MAC"|ipset="ipset" [invert="True"]/> ] [ <destination address="address[/mask]"|ipset="ipset" [invert="True"]/> ] [ <service name="string"/> | <port port="portid[-portid]" protocol="tcp|udp|sctp|dccp"/> | <protocol value="protocol"/> | <icmp-block name="icmptype"/> | <icmp-type name="icmptype"/> | <masquerade/> | <forward-port port="portid[-portid]" protocol="tcp|udp|sctp|dccp" [to-port="portid[-portid]"] [to-addr="address"]/> ] [ <log [prefix="prefix text"] [level="emerg|alert|crit|err|warn|notice|info|debug"]> [<limit value="rate/duration"/>] </log> | <nflog [group="group id"] [prefix="prefix text"] [queue-size="threshold"]> [<limit value="rate/duration"/>] </nflog> ] [ <audit> [<limit value="rate/duration"/>] </audit> ] [ <accept> [<limit value="rate/duration"/>] </accept> | <reject [type="rejecttype"]> [<limit value="rate/duration"/>] </reject> | <drop> [<limit value="rate/duration"/>] </drop> | <mark set="mark[/mask]"> [<limit value="rate/duration"/>] </mark> ] </rule> ] firewalld-1.1.1/doc/xml/policy_zone_descriptions.xml0000644000000000000000000003467214217342322022704 0ustar00rootroot00000000000000 short Is an optional start and end tag and is used to give a more readable name. description Is an optional start and end tag to have a description. service Is an optional empty-element tag and can be used several times to have more than one service entry enabled. A service entry has exactly one attribute: name="string" The name of the service to be enabled. To get a list of valid service names firewall-cmd --get-services can be used. port Is an optional empty-element tag and can be used several times to have more than one port entry. All attributes of a port entry are mandatory: port="portid-portid" The port can either be a single port number portid or a port range portid-portid. protocol="tcp|udp|sctp|dccp" The protocol can either be tcp, udp, sctp or dccp. protocol Is an optional empty-element tag and can be used several times to have more than one protocol entry. All protocol has exactly one attribute: value="string" The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols. icmp-block Is an optional empty-element tag and can be used several times to have more than one icmp-block entry. Each icmp-block tag has exactly one mandatory attribute: name="string" The name of the Internet Control Message Protocol (ICMP) type to be blocked. To get a list of valid ICMP types firewall-cmd --get-icmptypes can be used. tcp-mss-clamp Is an optional empty-element tag and can be used several times. If left empty maximum segment size is set to 'pmtu'. This tag has exactly one optional attribute: value="string" Value can set maximum segment size to 'pmtu' (Path Maximum Transmission Unit) or a user-defined value that is greater than or equal to 536. masquerade Is an optional empty-element tag. It can be used only once. If it's present masquerading is enabled. forward-port Is an optional empty-element tag and can be used several times to have more than one port or packet forward entry. There are mandatory and also optional attributes for forward ports: Mandatory attributes: The local port and protocol to be forwarded. port="portid-portid" The port can either be a single port number portid or a port range portid-portid. protocol="tcp|udp|sctp|dccp" The protocol can either be tcp, udp, sctp or dccp. Optional attributes: The destination of the forward. For local forwarding add only. For remote forwarding add and use optionally if the destination port on the destination machine should be different. to-port="portid-portid" The destination port or port range to forward to. If omitted, the value of the port= attribute will be used altogether with the to-addr attribute. to-addr="address" The destination IP address either for IPv4 or IPv6. source-port Is an optional empty-element tag and can be used several times to have more than one source port entry. All attributes of a source port entry are mandatory: port="portid-portid" The port can either be a single port number portid or a port range portid-portid. protocol="tcp|udp|sctp|dccp" The protocol can either be tcp, udp, sctp or dccp. rule Is an optional element tag and can be used several times to have more than one rich language rule entry. The general rule structure: <rule [family="ipv4|ipv6"]> [ <source address="address[/mask]"|mac="MAC"|ipset="ipset" [invert="True"]/> ] [ <destination address="address[/mask]"|ipset="ipset" [invert="True"]/> ] [ <service name="string"/> | <port port="portid[-portid]" protocol="tcp|udp|sctp|dccp"/> | <protocol value="protocol"/> | <icmp-block name="icmptype"/> | <icmp-type name="icmptype"/> | <masquerade/> | <forward-port port="portid[-portid]" protocol="tcp|udp|sctp|dccp" [to-port="portid[-portid]"] [to-addr="address"]/> | <source-port port="portid[-portid]" protocol="tcp|udp|sctp|dccp"/> | ] [ <log [prefix="prefix text"] [level="emerg|alert|crit|err|warn|notice|info|debug"]> [<limit value="rate/duration"/>] </log> | <nflog [group="group id"] [prefix="prefix text"] [queue-size="threshold"]> [<limit value="rate/duration"/>] </nflog> ] [ <audit> [<limit value="rate/duration"/>] </audit> ] [ <accept> [<limit value="rate/duration"/>] </accept> | <reject [type="rejecttype"]> [<limit value="rate/duration"/>] </reject> | <drop> [<limit value="rate/duration"/>] </drop> | <mark set="mark[/mask]"> [<limit value="rate/duration"/>] </mark> ] </rule> Rule structure for source black or white listing: <rule [family="ipv4|ipv6"]> <source address="address[/mask]"|mac="MAC"|ipset="ipset" [invert="True"]/> [ <log [prefix="prefix text"] [level="emerg|alert|crit|err|warn|notice|info|debug"]> [<limit value="rate/duration"/>] </log> | <nflog [group="group id"] [prefix="prefix text"] [queue-size="threshold"]> [<limit value="rate/duration"/>] </nflog> ] [ <audit> [<limit value="rate/duration"/>] </audit> ] <accept> [<limit value="rate/duration"/>] </accept> | <reject [type="rejecttype"]> [<limit value="rate/duration"/>] </reject> | <drop> [<limit value="rate/duration"/>] </drop> </rule> For a full description on rich language rules, please have a look at firewalld.richlanguage5. firewalld-1.1.1/doc/man/0000755000000000000000000000000014217353174015010 5ustar00rootroot00000000000000firewalld-1.1.1/doc/man/Makefile.am0000644000000000000000000000002414217342322017031 0ustar00rootroot00000000000000SUBDIRS = man1 man5 firewalld-1.1.1/doc/man/Makefile.in0000644000000000000000000004550214217352322017055 0ustar00rootroot00000000000000# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = doc/man ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ distdir distdir-am am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = man1 man5 all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/man/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign doc/man/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(am__recursive_targets) install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ check-am clean clean-generic cscopelist-am ctags ctags-am \ distclean distclean-generic distclean-tags distdir dvi dvi-am \ html html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags tags-am uninstall uninstall-am .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-1.1.1/doc/man/man1/0000755000000000000000000000000014217353174015644 5ustar00rootroot00000000000000firewalld-1.1.1/doc/man/man1/Makefile.am0000644000000000000000000000010614217342322017666 0ustar00rootroot00000000000000if ENABLE_DOCS EXTRA_DIST = $(man_MANS) man_MANS = firewall*.1 endif firewalld-1.1.1/doc/man/man1/Makefile.in0000644000000000000000000003730214217352322017710 0ustar00rootroot00000000000000# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = doc/man/man1 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } man1dir = $(mandir)/man1 am__installdirs = "$(DESTDIR)$(man1dir)" NROFF = nroff MANS = $(man_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @ENABLE_DOCS_TRUE@EXTRA_DIST = $(man_MANS) @ENABLE_DOCS_TRUE@man_MANS = firewall*.1 all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/man/man1/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign doc/man/man1/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-man1: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man1dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.1[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ done; } uninstall-man1: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man1dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.1[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(MANS) installdirs: for dir in "$(DESTDIR)$(man1dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man1 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-man: uninstall-man1 .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ ctags-am distclean distclean-generic distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man1 install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags-am uninstall uninstall-am uninstall-man \ uninstall-man1 .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-1.1.1/doc/man/man1/firewall-applet.10000644000000000000000000001266514217353163021026 0ustar00rootroot00000000000000'\" t .\" Title: firewall-applet .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewall-applet .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALL\-APPLET" "1" "" "firewalld 1.1.1" "firewall-applet" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewall-applet \- firewalld applet .SH "SYNOPSIS" .HP \w'\fBfirewall\-applet\fR\ 'u \fBfirewall\-applet\fR [OPTIONS...] .SH "DESCRIPTION" .PP firewall\-applet is a tray applet for firewalld\&. .SH "OPTIONS" .PP \fBfirewall\-applet\fR does not support any special options\&. .PP The following options are supported: .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Prints a short help text and exists\&. .RE .SH "QSETTINGS" .PP \fBfirewall\-applet\fR has additional settings to adapt the look and feel\&. QSettings is used and stores them in \fI~/\&.config/firewall/applet\&.conf\fR\&. The file is automatically reloaded if it has been changed and the new settings will immediately be effective\&. .PP There is also the global config file \fI/etc/firewall/applet\&.conf\fR, which contains the default values\&. The settings in this file will be overloaded by settings in the user settings file\&. .PP Here is an example \fIapplet\&.conf\fR file: .sp .if n \{\ .RS 4 .\} .nf [General] notifications=true show\-inactive=true .fi .if n \{\ .RE .\} .PP The following settings are supported: .PP \fBnotifications\fR .RS 4 The applet shows notifications if enabled\&. This setting can be enabled also in the applet with the "Enable Notifications" checkbox in the right mouse menu\&. .sp This setting defaults to \fBfalse\fR\&. .sp If notifications are shown for these actions if enabled: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Connection to firewalld established .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Connection to firewalld lost .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Firewall has been reloaded .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Default zone has been changed .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Panic mode has been enabled or disabled .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Activation, deactivation or change of zones bound to interfaces .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Activation, deactivation or change of zones bound to sources addresses .RE .sp .RE .PP \fBshow\-inactive\fR .RS 4 Show applet also if firewalld is not running\&. If firewalld has been stopped or is not running the applet will be hidden and not visible in the applet tray\&. Enable this setting to see the applet all the time for example to be sure that the firewall is active\&. .sp This setting defaults to \fBfalse\fR\&. .RE .PP \fBshields\-up\fR .RS 4 The shields\-up zone name to be used if shields\-up is enabled\&. .sp This setting defaults to \*(Aq\fBblock\fR\*(Aq\&. .RE .PP \fBshields\-down\fR .RS 4 The shields\-down zone name to be used if shields\-up has been deactivated again\&. .sp This setting defaults to \*(Aq\fBpublic\fR\*(Aq\&. .RE .PP \fBblink\fR .RS 4 If enabled, the applet icon blinks in these cases: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Connection to firewalld lost .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Panic mode has been enabled or disabled .RE .sp This setting defaults to \fBfalse\fR\&. .RE .PP \fBblink\-count\fR .RS 4 The number of blinks if \fBblink\fR is enabled\&. .sp This setting defaults to \fB5\fR\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man1/firewall-cmd.10000644000000000000000000020754014217353164020303 0ustar00rootroot00000000000000'\" t .\" Title: firewall-cmd .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewall-cmd .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALL\-CMD" "1" "" "firewalld 1.1.1" "firewall-cmd" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewall-cmd \- firewalld command line client .SH "SYNOPSIS" .HP \w'\fBfirewall\-cmd\fR\ 'u \fBfirewall\-cmd\fR [OPTIONS...] .SH "DESCRIPTION" .PP firewall\-cmd is the command line client of the firewalld daemon\&. It provides an interface to manage the runtime and permanent configurations\&. .PP The runtime configuration in firewalld is separated from the permanent configuration\&. This means that things can get changed in the runtime or permanent configuration\&. .SH "OPTIONS" .PP Sequence options are the options that can be specified multiple times, the exit code is 0 if there is at least one item that succeeded\&. The \fIALREADY_ENABLED\fR (11), \fINOT_ENABLED\fR (12) and also \fIZONE_ALREADY_SET\fR (16) errors are treated as succeeded\&. If there are issues while parsing the items, then these are treated as warnings and will not change the result as long as there is a succeeded one\&. Without any succeeded item, the exit code will depend on the error codes\&. If there is exactly one error code, then this is used\&. If there are more than one then \fIUNKNOWN_ERROR\fR (254) will be used\&. .PP The following options are supported: .SS "General Options" .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Prints a short help text and exits\&. .RE .PP \fB\-V\fR, \fB\-\-version\fR .RS 4 Print the version string of firewalld\&. This option is not combinable with other options\&. .RE .PP \fB\-q\fR, \fB\-\-quiet\fR .RS 4 Do not print status messages\&. .RE .SS "Status Options" .PP \fB\-\-state\fR .RS 4 Check whether the firewalld daemon is active (i\&.e\&. running)\&. Returns an exit code 0 if it is active, \fIRUNNING_BUT_FAILED\fR if failure occurred on startup, \fINOT_RUNNING\fR otherwise\&. See the section called \(lqEXIT CODES\(rq\&. This will also print the state to \fISTDOUT\fR\&. .RE .PP \fB\-\-reload\fR .RS 4 Reload firewall rules and keep state information\&. Current permanent configuration will become new runtime configuration, i\&.e\&. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration\&. .sp Note: If FlushAllOnReload=no, runtime changes applied via the direct interface are not affected and will therefore stay in place until firewalld daemon is restarted completely\&. For FlushAllOnReload, see \fBfirewalld.conf\fR(5)\&. .RE .PP \fB\-\-complete\-reload\fR .RS 4 Reload firewall completely, even netfilter kernel modules\&. This will most likely terminate active connections, because state information is lost\&. This option should only be used in case of severe firewall problems\&. For example if there are state information problems that no connection can be established with correct firewall rules\&. .sp Note: If FlushAllOnReload=no, runtime changes applied via the direct interface are not affected and will therefore stay in place until firewalld daemon is restarted completely\&. For FlushAllOnReload, see \fBfirewalld.conf\fR(5)\&. .RE .PP \fB\-\-runtime\-to\-permanent\fR .RS 4 Save active runtime configuration and overwrite permanent configuration with it\&. The way this is supposed to work is that when configuring firewalld you do runtime changes only and once you\*(Aqre happy with the configuration and you tested that it works the way you want, you save the configuration to disk\&. .RE .PP \fB\-\-check\-config\fR .RS 4 Run checks on the permanent configuration\&. This includes XML validity and semantics\&. .RE .SS "Log Denied Options" .PP \fB\-\-get\-log\-denied\fR .RS 4 Print the log denied setting\&. .RE .PP \fB\-\-set\-log\-denied\fR=\fIvalue\fR .RS 4 Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link\-layer packet type\&. The possible values are: \fIall\fR, \fIunicast\fR, \fIbroadcast\fR, \fImulticast\fR and \fIoff\fR\&. The default setting is \fIoff\fR, which disables the logging\&. .sp This is a runtime and permanent change and will also reload the firewall to be able to add the logging rules\&. .RE .SS "Permanent Options" .PP \fB\-\-permanent\fR .RS 4 The permanent option \fB\-\-permanent\fR can be used to set options permanently\&. These changes are not effective immediately, only after service restart/reload or system reboot\&. Without the \fB\-\-permanent\fR option, a change will only be part of the runtime configuration\&. .sp If you want to make a change in runtime and permanent configuration, use the same call with and without the \fB\-\-permanent\fR option\&. .sp The \fB\-\-permanent\fR option can be optionally added to all options further down where it is supported\&. .RE .SS "Zone Options" .PP \fB\-\-get\-default\-zone\fR .RS 4 Print default zone for connections and interfaces\&. .RE .PP \fB\-\-set\-default\-zone\fR=\fIzone\fR .RS 4 Set default zone for connections and interfaces where no zone has been selected\&. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone\&. .sp This is a runtime and permanent change\&. .RE .PP \fB\-\-get\-active\-zones\fR .RS 4 Print currently active zones altogether with interfaces and sources used in these zones\&. Active zones are zones, that have a binding to an interface or source\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIzone1\fR interfaces: \fIinterface1\fR \fIinterface2\fR \&.\&. sources: \fIsource1\fR \&.\&. \fIzone2\fR interfaces: \fIinterface3\fR \&.\&. \fIzone3\fR sources: \fIsource2\fR \&.\&. .fi .if n \{\ .RE .\} .sp If there are no interfaces or sources bound to the zone, the corresponding line will be omitted\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-zones\fR .RS 4 Print predefined zones as a space separated list\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-services\fR .RS 4 Print predefined services as a space separated list\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-icmptypes\fR .RS 4 Print predefined icmptypes as a space separated list\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-zone\-of\-interface\fR=\fIinterface\fR .RS 4 Print the name of the zone the \fIinterface\fR is bound to or \fIno zone\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-zone\-of\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Print the name of the zone the source is bound to or \fIno zone\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-info\-zone=\fR\fB\fIzone\fR\fR .RS 4 Print information about the zone \fIzone\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIzone\fR interfaces: \fIinterface1\fR \&.\&. sources: \fIsource1\fR \&.\&. services: \fIservice1\fR \&.\&. ports: \fIport1\fR \&.\&. protocols: \fIprotocol1\fR \&.\&. forward\-ports: \fIforward\-port1\fR \&.\&. source\-ports: \fIsource\-port1\fR \&.\&. icmp\-blocks: \fIicmp\-type1\fR \&.\&. rich rules: \fIrich\-rule1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP [\fB\-\-permanent\fR] \fB\-\-list\-all\-zones\fR .RS 4 List everything added for or enabled in all zones\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIzone1\fR interfaces: \fIinterface1\fR \&.\&. sources: \fIsource1\fR \&.\&. services: \fIservice1\fR \&.\&. ports: \fIport1\fR \&.\&. protocols: \fIprotocol1\fR \&.\&. forward\-ports: \fIforward\-port1\fR \&.\&. icmp\-blocks: \fIicmp\-type1\fR \&.\&. rich rules: \fIrich\-rule1\fR \&.\&. \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-\-permanent\fR \fB\-\-new\-zone\fR=\fIzone\fR .RS 4 Add a new permanent and empty zone\&. .sp Zone names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-zone\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIzone\fR] .RS 4 Add a new permanent zone from a prepared zone file with an optional name override\&. .RE .PP \fB\-\-permanent\fR \fB\-\-delete\-zone\fR=\fIzone\fR .RS 4 Delete an existing permanent zone\&. .RE .PP \fB\-\-permanent\fR \fB\-\-load\-zone\-defaults\fR=\fIzone\fR .RS 4 Load zone default settings or report NO_DEFAULTS error\&. .RE .PP \fB\-\-permanent\fR \fB\-\-path\-zone=\fR\fB\fIzone\fR\fR .RS 4 Print path of the zone configuration file\&. .RE .SS "Policy Options" .PP [\fB\-\-permanent\fR] \fB\-\-get\-policies\fR .RS 4 Print predefined policies as a space separated list\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-info\-policy\fR=\fIpolicy\fR .RS 4 Print information about the policy \fIpolicy\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-list\-all\-policies\fR .RS 4 List everything added for or enabled in all policies\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-policy\fR=\fIpolicy\fR .RS 4 Add a new permanent policy\&. .sp Policy names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-policy\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIpolicy\fR] .RS 4 Add a new permanent policy from a prepared policy file with an optional name override\&. .RE .PP \fB\-\-permanent\fR \fB\-\-path\-policy\fR=\fIpolicy\fR .RS 4 Print path of the policy configuration file\&. .RE .PP \fB\-\-permanent\fR \fB\-\-delete\-policy\fR=\fIpolicy\fR .RS 4 Delete an existing permanent policy\&. .RE .PP \fB\-\-permanent\fR \fB\-\-load\-policy\-defaults\fR=\fIpolicy\fR .RS 4 Load the shipped defaults for a policy\&. Only applies to policies shipped with firewalld\&. Does not apply to user defined policies\&. .RE .SS "Options to Adapt and Query Zones and Policies" .PP Options in this section affect only one particular zone or policy\&. If used with \fB\-\-zone\fR=\fIzone\fR or \fB\-\-policy\fR=\fIpolicy\fR option, they affect the specified zone or policy\&. If both options are omitted, they affect the default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-all\fR .RS 4 List everything added or enabled\&. .RE .PP \fB\-\-permanent\fR [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-get\-target\fR .RS 4 Get the target\&. .RE .PP \fB\-\-permanent\fR [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-set\-target\fR=\fIzone\fR .RS 4 Set the target\&. .sp For zones \fItarget\fR is one of: \fIdefault\fR, \fIACCEPT\fR, \fIDROP\fR, \fIREJECT\fR .sp For policies \fItarget\fR is one of: \fICONTINUE\fR, \fIACCEPT\fR, \fIDROP\fR, \fIREJECT\fR .sp \fIdefault\fR is similar to \fIREJECT\fR, but it implicitly allows ICMP packets\&. .RE .PP \fB\-\-permanent\fR [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set description\&. .RE .PP \fB\-\-permanent\fR [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-get\-description\fR .RS 4 Print description\&. .RE .PP \fB\-\-permanent\fR [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description\&. .RE .PP \fB\-\-permanent\fR [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-get\-short\fR .RS 4 Print short description\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-services\fR .RS 4 List services added as a space separated list\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-service\fR=\fIservice\fR [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add a service\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The service is one of the firewalld provided services\&. To get a list of the supported services, use \fBfirewall\-cmd \-\-get\-services\fR\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .sp \fBNote\fR: Some services define connection tracking helpers\&. Helpers that may operate in client mode (e\&.g\&. tftp) must be added to an outbound policy instead of a zone to take effect for clients\&. Otherwise the helper will not be applied to the outbound traffic\&. The related traffic, as defined by the connection tracking helper, on the return path (ingress) will be allowed by the stateful firewall rules\&. .sp An example of an outbound policy for connection tracking helpers: .sp .if n \{\ .RS 4 .\} .nf # firewall\-cmd \-\-permanent \-\-new\-policy clientConntrack # firewall\-cmd \-\-permanent \-\-policy clientConntrack \-\-add\-ingress\-zone HOST # firewall\-cmd \-\-permanent \-\-policy clientConntrack \-\-add\-egress\-zone ANY # firewall\-cmd \-\-permanent \-\-policy clientConntrack \-\-add\-service tftp .fi .if n \{\ .RE .\} .sp .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-service\fR=\fIservice\fR .RS 4 Remove a service\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-service\fR=\fIservice\fR .RS 4 Return whether \fIservice\fR has been added\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-ports\fR .RS 4 List ports added as a space separated list\&. A port is of the form \fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR, it can be either a port and protocol pair or a port range with a protocol\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add the port\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove the port\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the port has been added\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-protocols\fR .RS 4 List protocols added as a space separated list\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-protocol\fR=\fIprotocol\fR [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add the protocol\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-protocol\fR=\fIprotocol\fR .RS 4 Remove the protocol\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-protocol\fR=\fIprotocol\fR .RS 4 Return whether the protocol has been added\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-source\-ports\fR .RS 4 List source ports added as a space separated list\&. A port is of the form \fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add the source port\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove the source port\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the source port has been added\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-icmp\-blocks\fR .RS 4 List Internet Control Message Protocol (ICMP) type blocks added as a space separated list\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-icmp\-block\fR=\fIicmptype\fR [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add an ICMP block for \fIicmptype\fR\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The \fIicmptype\fR is the one of the icmp types firewalld supports\&. To get a listing of supported icmp types: \fBfirewall\-cmd \-\-get\-icmptypes\fR .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-icmp\-block\fR=\fIicmptype\fR .RS 4 Remove the ICMP block for \fIicmptype\fR\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-icmp\-block\fR=\fIicmptype\fR .RS 4 Return whether an ICMP block for \fIicmptype\fR has been added\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-forward\-ports\fR .RS 4 List \fIIPv4\fR forward ports added as a space separated list\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-forward\-port\fR=port=\fIportid\fR[\-\fIportid\fR]:proto=\fIprotocol\fR[:toport=\fIportid\fR[\-\fIportid\fR]][:toaddr=\fIaddress\fR[/\fImask\fR]] [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add the \fIIPv4\fR forward port\&. This option can be specified multiple times\&. If a timeout is supplied, the rule will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. The destination address is a simple IP address\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .sp \fINote:\fR IP forwarding will be implicitly enabled if \fBtoaddr\fR is specified\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-forward\-port\fR=port=\fIportid\fR[\-\fIportid\fR]:proto=\fIprotocol\fR[:toport=\fIportid\fR[\-\fIportid\fR]][:toaddr=\fIaddress\fR[/\fImask\fR]] .RS 4 Remove the \fIIPv4\fR forward port\&. This option can be specified multiple times\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-forward\-port\fR=port=\fIportid\fR[\-\fIportid\fR]:proto=\fIprotocol\fR[:toport=\fIportid\fR[\-\fIportid\fR]][:toaddr=\fIaddress\fR[/\fImask\fR]] .RS 4 Return whether the \fIIPv4\fR forward port has been added\&. Returns 0 if true, 1 otherwise\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-masquerade\fR [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Enable \fIIPv4\fR masquerade\&. If a timeout is supplied, masquerading will be active for the specified amount of time\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. Masquerading is useful if the machine is a router and machines connected over an interface in another zone should be able to use the first connection\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .sp For \fIIPv6\fR masquerading, please use the rich language\&. .sp \fINote:\fR IP forwarding will be implicitly enabled\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-masquerade\fR .RS 4 Disable \fIIPv4\fR masquerade\&. If the masquerading was enabled with a timeout, it will be disabled also\&. .sp For \fIIPv6\fR masquerading, please use the rich language\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-masquerade\fR .RS 4 Return whether \fIIPv4\fR masquerading has been enabled\&. Returns 0 if true, 1 otherwise\&. .sp For \fIIPv6\fR masquerading, please use the rich language\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-rich\-rules\fR .RS 4 List rich language rules added as a newline separated list\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq [\fB\-\-timeout\fR=\fItimeval\fR] .RS 4 Add rich language rule \*(Aq\fIrule\fR\*(Aq\&. This option can be specified multiple times\&. If a timeout is supplied, the \fIrule\fR will be active for the specified amount of time and will be removed automatically afterwards\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp For the rich language rule syntax, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .sp The \fB\-\-timeout\fR option is not combinable with the \fB\-\-permanent\fR option\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq .RS 4 Remove rich language rule \*(Aq\fIrule\fR\*(Aq\&. This option can be specified multiple times\&. .sp For the rich language rule syntax, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-permanent\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq .RS 4 Return whether a rich language rule \*(Aq\fIrule\fR\*(Aq has been added\&. Returns 0 if true, 1 otherwise\&. .sp For the rich language rule syntax, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .RE .SS "Options to Adapt and Query Zones" .PP Options in this section affect only one particular zone\&. If used with \fB\-\-zone\fR=\fIzone\fR option, they affect the specified zone\&. If the option is omitted, they affect default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-icmp\-block\-inversion\fR .RS 4 Enable ICMP block inversion\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-icmp\-block\-inversion\fR .RS 4 Disable ICMP block inversion\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-icmp\-block\-inversion\fR .RS 4 Return whether ICMP block inversion is enabled\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-forward\fR .RS 4 Enable intra zone forwarding\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-forward\fR .RS 4 Disable intra zone forwarding\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-forward\fR .RS 4 Return whether intra zone forwarding is enabled\&. Returns 0 if true, 1 otherwise\&. .RE .SS "Options to Adapt and Query Policies" .PP Options in this section affect only one particular policy\&. It\*(Aqs required to specify \fB\-\-policy\fR=\fIpolicy\fR with these options\&. .PP \fB\-\-permanent\fR \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-get\-priority\fR .RS 4 Get the priority\&. .RE .PP \fB\-\-permanent\fR \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-set\-priority\fR\fIpriority\fR .RS 4 Set the priority\&. The priority determines the relative ordering of policies\&. This is an integer value between \-32768 and 32767 where \-1 is the default value for new policies and 0 is reserved for internal use\&. .sp If a priority is < 0, then the policy\*(Aqs rules will execute before all rules in all zones\&. .sp If a priority is > 0, then the policy\*(Aqs rules will execute after all rules in all zones\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-list\-ingress\-zones\fR .RS 4 List ingress zones added as a space separated list\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-add\-ingress\-zone\fR=\fIzone\fR .RS 4 Add an ingress zone\&. This option can be specified multiple times\&. .sp The ingress zone is one of the firewalld provided zones or one of the pseudo\-zones: HOST, ANY\&. .sp HOST is used for traffic originating from the host machine, i\&.e\&. the host running firewalld\&. .sp ANY is used for traffic originating from any zone\&. This can be thought of as a wild card for zones\&. However it does not include traffic originating from the host machine \- use HOST for that\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-remove\-ingress\-zone\fR=\fIzone\fR .RS 4 Remove an ingress zone\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-query\-ingress\-zone\fR=\fIzone\fR .RS 4 Return whether \fIzone\fR has been added\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-list\-egress\-zones\fR .RS 4 List egress zones added as a space separated list\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-add\-egress\-zone\fR=\fIzone\fR .RS 4 Add an egress zone\&. This option can be specified multiple times\&. .sp The egress zone is one of the firewalld provided zones or one of the pseudo\-zones: HOST, ANY\&. .sp For clarification on HOST and ANY see option \fB\-\-add\-ingress\-zone\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-remove\-egress\-zone\fR=\fIzone\fR .RS 4 Remove an egress zone\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-query\-egress\-zone\fR=\fIzone\fR .RS 4 Return whether \fIzone\fR has been added\&. Returns 0 if true, 1 otherwise\&. .RE .SS "Options to Handle Bindings of Interfaces" .PP Binding an interface to a zone means that this zone settings are used to restrict traffic via the interface\&. .PP Options in this section affect only one particular zone\&. If used with \fB\-\-zone\fR=\fIzone\fR option, they affect the zone \fIzone\fR\&. If the option is omitted, they affect default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP For a list of predefined zones use \fBfirewall\-cmd \-\-get\-zones\fR\&. .PP An interface name is a string up to 16 characters long, that may not contain \fB\*(Aq \*(Aq\fR, \fB\*(Aq/\*(Aq\fR, \fB\*(Aq!\*(Aq\fR and \fB\*(Aq*\*(Aq\fR\&. .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-interfaces\fR .RS 4 List interfaces that are bound to zone \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-interface\fR=\fIinterface\fR .RS 4 Bind interface \fIinterface\fR to zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. .sp If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface\&. If this fails, the zone binding is created in firewalld and the limitations below apply\&. For interfaces that are not under control of NetworkManager, firewalld tries to change the ZONE setting in the ifcfg file, if the file exists\&. .sp As a end user you don\*(Aqt need this in most cases, because NetworkManager (or legacy network service) adds interfaces into zones automatically (according to \fBZONE=\fR option from ifcfg\-\fIinterface\fR file) if \fINM_CONTROLLED=no\fR is not set\&. You should do it only if there\*(Aqs no /etc/sysconfig/network\-scripts/ifcfg\-\fIinterface\fR file\&. If there is such file and you add interface to zone with this \fB\-\-add\-interface\fR option, make sure the zone is the same in both cases, otherwise the behaviour would be undefined\&. Please also have a look at the \fBfirewalld\fR(1) man page in the \fIConcepts\fR section\&. For permanent association of interface with a zone, see also \*(AqHow to set or change a zone for a connection?\*(Aq in \fBfirewalld.zones\fR(5)\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-change\-interface\fR=\fIinterface\fR .RS 4 If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface\&. If this fails, the zone binding is created in firewalld and the limitations below apply\&. For interfaces that are not under control of NetworkManager, firewalld tries to change the ZONE setting in the ifcfg file, if the file exists\&. .sp Change zone the interface \fIinterface\fR is bound to to zone \fIzone\fR\&. It\*(Aqs basically \fB\-\-remove\-interface\fR followed by \fB\-\-add\-interface\fR\&. If the interface has not been bound to a zone before, it behaves like \fB\-\-add\-interface\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-interface\fR=\fIinterface\fR .RS 4 Query whether interface \fIinterface\fR is bound to zone \fIzone\fR\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-remove\-interface\fR=\fIinterface\fR .RS 4 If the interface is under control of NetworkManager, it is at first connected to change the zone for the connection that is using the interface\&. If this fails, the zone binding is created in firewalld and the limitations below apply\&. .sp For the addion or change of interfaces that are not under control of NetworkManager: firewalld tries to change the ZONE setting in the ifcfg file, if an ifcfg file exists that is using the interface\&. .sp Only for the removal of interfaces that are not under control of NetworkManager: firewalld is not trying to change the ZONE setting in the ifcfg file\&. This is needed to make sure that an ifdown of the interface will not result in a reset of the zone setting to the default zone\&. Only the zone binding is then removed in firewalld then\&. .sp Remove binding of interface \fIinterface\fR from zone it was previously added to\&. .RE .SS "Options to Handle Bindings of Sources" .PP Binding a source to a zone means that this zone settings will be used to restrict traffic from this source\&. .PP A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6 or a MAC address or an ipset with the ipset: prefix\&. For IPv4, the mask can be a network mask or a plain number\&. For IPv6 the mask is a plain number\&. The use of host names is not supported\&. .PP Options in this section affect only one particular zone\&. If used with \fB\-\-zone\fR=\fIzone\fR option, they affect the zone \fIzone\fR\&. If the option is omitted, they affect default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP For a list of predefined zones use \fBfirewall\-cmd \fR\fB[\fB\-\-permanent\fR]\fR\fB \-\-get\-zones\fR\&. .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-sources\fR .RS 4 List sources that are bound to zone \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Bind the source to zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-change\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Change zone the source is bound to to zone \fIzone\fR\&. It\*(Aqs basically \fB\-\-remove\-source\fR followed by \fB\-\-add\-source\fR\&. If the source has not been bound to a zone before, it behaves like \fB\-\-add\-source\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-permanent\fR] [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Query whether the source is bound to the zone \fIzone\fR\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-remove\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Remove binding of the source from zone it was previously added to\&. .RE .SS "IPSet Options" .PP \fB\-\-get\-ipset\-types\fR .RS 4 Print the supported ipset types\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-ipset\fR=\fIipset\fR \fB\-\-type\fR=\fItype\fR [\fB\-\-family\fR=\fIinet\fR|\fIinet6\fR] [\fB\-\-option\fR=\fIkey\fR[=\fIvalue\fR]] .RS 4 Add a new permanent and empty ipset with specifying the type and optional the family and options like \fItimeout\fR, \fIhashsize\fR and \fImaxelem\fR\&. For more information please have a look at \fBipset\fR(8) man page\&. .sp ipset names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-ipset\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIipset\fR] .RS 4 Add a new permanent ipset from a prepared ipset file with an optional name override\&. .RE .PP \fB\-\-permanent\fR \fB\-\-delete\-ipset\fR=\fIipset\fR .RS 4 Delete an existing permanent ipset\&. .RE .PP \fB\-\-permanent\fR \fB\-\-load\-ipset\-defaults\fR=\fIipset\fR .RS 4 Load ipset default settings or report NO_DEFAULTS error\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-info\-ipset=\fR\fB\fIipset\fR\fR .RS 4 Print information about the ipset \fIipset\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIipset\fR type: \fItype\fR options: \fIoption1[=value1]\fR \&.\&. entries: \fIentry1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-ipsets\fR .RS 4 Print predefined ipsets as a space separated list\&. .RE .PP \fB\-\-permanent\fR \fB\-\-ipset\fR=\fIipset\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to ipset .RE .PP \fB\-\-permanent\fR \fB\-\-ipset\fR=\fIipset\fR \fB\-\-get\-description\fR .RS 4 Print description for ipset .RE .PP \fB\-\-permanent\fR \fB\-\-ipset\fR=\fIipset\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to ipset .RE .PP \fB\-\-permanent\fR \fB\-\-ipset\fR=\fIipset\fR \fB\-\-get\-short\fR .RS 4 Print short description for ipset .RE .PP [\fB\-\-permanent\fR] \fB\-\-ipset\fR=\fIipset\fR \fB\-\-add\-entry\fR=\fIentry\fR .RS 4 Add a new entry to the ipset\&. .sp Adding an entry to an ipset with option \fItimeout\fR is permitted, but these entries are not tracked by firewalld\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-ipset\fR=\fIipset\fR \fB\-\-remove\-entry\fR=\fIentry\fR .RS 4 Remove an entry from the ipset\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-ipset\fR=\fIipset\fR \fB\-\-query\-entry\fR=\fIentry\fR .RS 4 Return whether the entry has been added to an ipset\&. Returns 0 if true, 1 otherwise\&. .sp Querying an ipset with a timeout will yield an error\&. Entries are not tracked for ipsets with a timeout\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-ipset\fR=\fIipset\fR \fB\-\-get\-entries\fR .RS 4 List all entries of the ipset\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-ipset\fR=\fIipset\fR \fB\-\-add\-entries\-from\-file\fR=\fIfilename\fR .RS 4 Add a new entries to the ipset from the file\&. For all entries that are listed in the file but already in the ipset, a warning will be printed\&. .sp The file should contain an entry per line\&. Lines starting with an hash or semicolon are ignored\&. Also empty lines\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-ipset\fR=\fIipset\fR \fB\-\-remove\-entries\-from\-file\fR=\fIfilename\fR .RS 4 Remove existing entries from the ipset from the file\&. For all entries that are listed in the file but not in the ipset, a warning will be printed\&. .sp The file should contain an entry per line\&. Lines starting with an hash or semicolon are ignored\&. Also empty lines\&. .RE .PP \fB\-\-permanent\fR \fB\-\-path\-ipset=\fR\fB\fIipset\fR\fR .RS 4 Print path of the ipset configuration file\&. .RE .SS "Service Options" .PP Options in this section affect only one particular service\&. .PP [\fB\-\-permanent\fR] \fB\-\-info\-service=\fR\fB\fIservice\fR\fR .RS 4 Print information about the service \fIservice\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIservice\fR ports: \fIport1\fR \&.\&. protocols: \fIprotocol1\fR \&.\&. source\-ports: \fIsource\-port1\fR \&.\&. helpers: \fIhelper1\fR \&.\&. destination: \fIipv1\fR:\fIaddress1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP The following options are only usable in the permanent configuration\&. .PP \fB\-\-permanent\fR \fB\-\-new\-service\fR=\fIservice\fR .RS 4 Add a new permanent and empty service\&. .sp Service names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-service\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIservice\fR] .RS 4 Add a new permanent service from a prepared service file with an optional name override\&. .RE .PP \fB\-\-permanent\fR \fB\-\-delete\-service\fR=\fIservice\fR .RS 4 Delete an existing permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-load\-service\-defaults\fR=\fIservice\fR .RS 4 Load service default settings or report NO_DEFAULTS error\&. .RE .PP \fB\-\-permanent\fR \fB\-\-path\-service=\fR\fB\fIservice\fR\fR .RS 4 Print path of the service configuration file\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to service .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-description\fR .RS 4 Print description for service .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to service .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-short\fR .RS 4 Print short description for service .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add a new port to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove a port from the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the port has been added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-ports\fR .RS 4 List ports added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-protocol\fR=\fIprotocol\fR .RS 4 Add a new protocol to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-protocol\fR=\fIprotocol\fR .RS 4 Remove a protocol from the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-protocol\fR=\fIprotocol\fR .RS 4 Return whether the protocol has been added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-protocols\fR .RS 4 List protocols added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add a new source port to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove a source port from the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the source port has been added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-source\-ports\fR .RS 4 List source ports added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-helper\fR=\fIhelper\fR .RS 4 Add a new helper to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-helper\fR=\fIhelper\fR .RS 4 Remove a helper from the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-helper\fR=\fIhelper\fR .RS 4 Return whether the helper has been added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-service\-helpers\fR .RS 4 List helpers added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-set\-destination\fR=\fIipv\fR:\fIaddress\fR[/\fImask\fR] .RS 4 Set destination for ipv to address[/mask] in the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-destination\fR=\fIipv\fR .RS 4 Remove the destination for ipv from the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-destination\fR=\fIipv\fR:\fIaddress\fR[/\fImask\fR] .RS 4 Return whether the destination ipv to address[/mask] has been set in the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-destinations\fR .RS 4 List destinations added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-include\fR=\fIservice\fR .RS 4 Add a new include to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-include\fR=\fIservice\fR .RS 4 Remove a include from the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-include\fR=\fIservice\fR .RS 4 Return whether the include has been added to the permanent service\&. .RE .PP \fB\-\-permanent\fR \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-includes\fR .RS 4 List includes added to the permanent service\&. .RE .SS "Helper Options" .PP Options in this section affect only one particular helper\&. .PP [\fB\-\-permanent\fR] \fB\-\-info\-helper=\fR\fB\fIhelper\fR\fR .RS 4 Print information about the helper \fIhelper\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIhelper\fR family: \fIfamily\fR module: \fImodule\fR ports: \fIport1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP The following options are only usable in the permanent configuration\&. .PP \fB\-\-permanent\fR \fB\-\-new\-helper\fR=\fIhelper\fR \fB\-\-module\fR=\fInf_conntrack_module\fR [\fB\-\-family\fR=\fIipv4\fR|\fIipv6\fR] .RS 4 Add a new permanent helper with module and optionally family defined\&. .sp Helper names must be alphanumeric and may additionally include characters: \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-helper\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIhelper\fR] .RS 4 Add a new permanent helper from a prepared helper file with an optional name override\&. .RE .PP \fB\-\-permanent\fR \fB\-\-delete\-helper\fR=\fIhelper\fR .RS 4 Delete an existing permanent helper\&. .RE .PP \fB\-\-permanent\fR \fB\-\-load\-helper\-defaults\fR=\fIhelper\fR .RS 4 Load helper default settings or report NO_DEFAULTS error\&. .RE .PP \fB\-\-permanent\fR \fB\-\-path\-helper=\fR\fB\fIhelper\fR\fR .RS 4 Print path of the helper configuration file\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-get\-helpers\fR .RS 4 Print predefined helpers as a space separated list\&. .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-description\fR .RS 4 Print description for helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-short\fR .RS 4 Print short description for helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-add\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add a new port to the permanent helper\&. .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-remove\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove a port from the permanent helper\&. .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-query\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the port has been added to the permanent helper\&. .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-ports\fR .RS 4 List ports added to the permanent helper\&. .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-module\fR=\fIdescription\fR .RS 4 Set module description for helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-module\fR .RS 4 Print module description for helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-family\fR=\fIdescription\fR .RS 4 Set family description for helper .RE .PP \fB\-\-permanent\fR \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-family\fR .RS 4 Print family description of helper .RE .SS "Internet Control Message Protocol (ICMP) type Options" .PP Options in this section affect only one particular icmptype\&. .PP [\fB\-\-permanent\fR] \fB\-\-info\-icmptype=\fR\fB\fIicmptype\fR\fR .RS 4 Print information about the icmptype \fIicmptype\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIicmptype\fR destination: \fIipv1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP The following options are only usable in the permanent configuration\&. .PP \fB\-\-permanent\fR \fB\-\-new\-icmptype\fR=\fIicmptype\fR .RS 4 Add a new permanent and empty icmptype\&. .sp ICMP type names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-permanent\fR \fB\-\-new\-icmptype\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIicmptype\fR] .RS 4 Add a new permanent icmptype from a prepared icmptype file with an optional name override\&. .RE .PP \fB\-\-permanent\fR \fB\-\-delete\-icmptype\fR=\fIicmptype\fR .RS 4 Delete an existing permanent icmptype\&. .RE .PP \fB\-\-permanent\fR \fB\-\-load\-icmptype\-defaults\fR=\fIicmptype\fR .RS 4 Load icmptype default settings or report NO_DEFAULTS error\&. .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to icmptype .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-get\-description\fR .RS 4 Print description for icmptype .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to icmptype .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-get\-short\fR .RS 4 Print short description for icmptype .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-add\-destination\fR=\fIipv\fR .RS 4 Enable destination for ipv in permanent icmptype\&. ipv is one of \fIipv4\fR or \fIipv6\fR\&. .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-remove\-destination\fR=\fIipv\fR .RS 4 Disable destination for ipv in permanent icmptype\&. ipv is one of \fIipv4\fR or \fIipv6\fR\&. .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-query\-destination\fR=\fIipv\fR .RS 4 Return whether destination for ipv is enabled in permanent icmptype\&. ipv is one of \fIipv4\fR or \fIipv6\fR\&. .RE .PP \fB\-\-permanent\fR \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-get\-destinations\fR .RS 4 List destinations in permanent icmptype\&. .RE .PP \fB\-\-permanent\fR \fB\-\-path\-icmptype=\fR\fB\fIicmptype\fR\fR .RS 4 Print path of the icmptype configuration file\&. .RE .SS "Direct Options" .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBDEPRECATED\fR .RS 4 .PP The direct interface has been deprecated\&. It will be removed in a future release\&. It is superseded by policies, see \fBfirewalld.policies\fR(5)\&. .RE .PP The direct options give a more direct access to the firewall\&. These options require user to know basic iptables concepts, i\&.e\&. \fItable\fR (filter/mangle/nat/\&.\&.\&.), \fIchain\fR (INPUT/OUTPUT/FORWARD/\&.\&.\&.), \fIcommands\fR (\-A/\-D/\-I/\&.\&.\&.), \fIparameters\fR (\-p/\-s/\-d/\-j/\&.\&.\&.) and \fItargets\fR (ACCEPT/DROP/REJECT/\&.\&.\&.)\&. .PP Direct options should be used only as a last resort when it\*(Aqs not possible to use for example \fB\-\-add\-service\fR=\fIservice\fR or \fB\-\-add\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq\&. .PP \fBWarning\fR: Direct rules behavior is different depending on the value of \fIFirewallBackend\fR\&. See \fICAVEATS\fR in \fBfirewalld.direct\fR(5)\&. .PP The first argument of each option has to be \fIipv4\fR or \fIipv6\fR or \fIeb\fR\&. With \fIipv4\fR it will be for IPv4 (\fBiptables\fR(8)), with \fIipv6\fR for IPv6 (\fBip6tables\fR(8)) and with \fIeb\fR for ethernet bridges (\fBebtables\fR(8))\&. .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-get\-all\-chains\fR .RS 4 Get all chains added to all tables\&. This option concerns only chains previously added with \fB\-\-direct \-\-add\-chain\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-get\-chains\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR .RS 4 Get all chains added to table \fItable\fR as a space separated list\&. This option concerns only chains previously added with \fB\-\-direct \-\-add\-chain\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-add\-chain\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Add a new chain with name \fIchain\fR to table \fItable\fR\&. Make sure there\*(Aqs no other chain with this name already\&. .sp There already exist basic chains to use with direct options, for example \fIINPUT_direct\fR chain (see \fIiptables\-save | grep direct\fR output for all of them)\&. These chains are jumped into before chains for zones, i\&.e\&. every rule put into \fIINPUT_direct\fR will be checked before rules in zones\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-remove\-chain\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Remove chain with name \fIchain\fR from table \fItable\fR\&. Only chains previously added with \fB\-\-direct \-\-add\-chain\fR can be removed this way\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-query\-chain\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Return whether a chain with name \fIchain\fR exists in table \fItable\fR\&. Returns 0 if true, 1 otherwise\&. This option concerns only chains previously added with \fB\-\-direct \-\-add\-chain\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-get\-all\-rules\fR .RS 4 Get all rules added to all chains in all tables as a newline separated list of the priority and arguments\&. This option concerns only rules previously added with \fB\-\-direct \-\-add\-rule\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-get\-rules\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Get all rules added to chain \fIchain\fR in table \fItable\fR as a newline separated list of the priority and arguments\&. This option concerns only rules previously added with \fB\-\-direct \-\-add\-rule\fR\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-add\-rule\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR \fIpriority\fR \fIargs\fR .RS 4 Add a rule with the arguments \fIargs\fR to chain \fIchain\fR in table \fItable\fR with priority \fIpriority\fR\&. .sp The \fIpriority\fR is used to order rules\&. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down\&. Rules with the same priority are on the same level and the order of these rules is not fixed and may change\&. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-remove\-rule\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR \fIpriority\fR \fIargs\fR .RS 4 Remove a rule with \fIpriority\fR and the arguments \fIargs\fR from chain \fIchain\fR in table \fItable\fR\&. Only rules previously added with \fB\-\-direct \-\-add\-rule\fR can be removed this way\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-remove\-rules\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Remove all rules in the chain with name \fIchain\fR exists in table \fItable\fR\&. This option concerns only rules previously added with \fB\-\-direct \-\-add\-rule\fR in this chain\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-query\-rule\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR \fIpriority\fR \fIargs\fR .RS 4 Return whether a rule with \fIpriority\fR and the arguments \fIargs\fR exists in chain \fIchain\fR in table \fItable\fR\&. Returns 0 if true, 1 otherwise\&. This option concerns only rules previously added with \fB\-\-direct \-\-add\-rule\fR\&. .RE .PP \fB\-\-direct\fR \fB\-\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Pass a command through to the firewall\&. \fIargs\fR can be all \fBiptables\fR, \fBip6tables\fR and \fBebtables\fR command line arguments\&. This command is untracked, which means that firewalld is not able to provide information about this command later on, also not a listing of the untracked passthoughs\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-get\-all\-passthroughs\fR .RS 4 Get all passthrough rules as a newline separated list of the ipv value and arguments\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-get\-passthroughs\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } .RS 4 Get all passthrough rules for the ipv value as a newline separated list of the priority and arguments\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-add\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Add a passthrough rule with the arguments \fIargs\fR for the ipv value\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-remove\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Remove a passthrough rule with the arguments \fIargs\fR for the ipv value\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-direct\fR \fB\-\-query\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Return whether a passthrough rule with the arguments \fIargs\fR exists for the ipv value\&. Returns 0 if true, 1 otherwise\&. .RE .SS "Lockdown Options" .PP Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt) or are authenticated using PolicyKit\&. With this feature administrators can lock the firewall configuration so that only applications on lockdown whitelist are able to request firewall changes\&. .PP The lockdown access check limits D\-Bus methods that are changing firewall rules\&. Query, list and get methods are not limited\&. .PP The lockdown feature is a very light version of user and application policies for firewalld and is turned off by default\&. .PP \fB\-\-lockdown\-on\fR .RS 4 Enable lockdown\&. Be careful \- if firewall\-cmd is not on lockdown whitelist when you enable lockdown you won\*(Aqt be able to disable it again with firewall\-cmd, you would need to edit firewalld\&.conf\&. .sp This is a runtime and permanent change\&. .RE .PP \fB\-\-lockdown\-off\fR .RS 4 Disable lockdown\&. .sp This is a runtime and permanent change\&. .RE .PP \fB\-\-query\-lockdown\fR .RS 4 Query whether lockdown is enabled\&. Returns 0 if lockdown is enabled, 1 otherwise\&. .RE .SS "Lockdown Whitelist Options" .PP The lockdown whitelist can contain \fIcommands\fR, \fIcontexts\fR, \fIusers\fR and \fIuser ids\fR\&. .PP If a command entry on the whitelist ends with an asterisk \*(Aq*\*(Aq, then all command lines starting with the command will match\&. If the \*(Aq*\*(Aq is not there the absolute command inclusive arguments must match\&. .PP Command paths for users are not always the same and depends on the users PATH\&. Some distributions symlink \fB/bin\fR to \fB/usr/bin\fR in which case it depends on the order they appear in the PATH environment variable\&. .PP The context is the security (SELinux) context of a running application or service\&. To get the context of a running application use \fBps \-e \-\-context\fR\&. .PP \fBWarning:\fR If the context is unconfined, then this will open access for more than the desired application\&. .PP The lockdown whitelist entries are checked in the following order: .RS 4 1\&. \fIcontext\fR .RE .RS 4 2\&. \fIuid\fR .RE .RS 4 3\&. \fIuser\fR .RE .RS 4 4\&. \fIcommand\fR .RE .PP [\fB\-\-permanent\fR] \fB\-\-list\-lockdown\-whitelist\-commands\fR .RS 4 List all command lines that are on the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-add\-lockdown\-whitelist\-command\fR=\fIcommand\fR .RS 4 Add the \fIcommand\fR to the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-remove\-lockdown\-whitelist\-command\fR=\fIcommand\fR .RS 4 Remove the \fIcommand\fR from the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-query\-lockdown\-whitelist\-command\fR=\fIcommand\fR .RS 4 Query whether the \fIcommand\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-list\-lockdown\-whitelist\-contexts\fR .RS 4 List all contexts that are on the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-add\-lockdown\-whitelist\-context\fR=\fIcontext\fR .RS 4 Add the context \fIcontext\fR to the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-remove\-lockdown\-whitelist\-context\fR=\fIcontext\fR .RS 4 Remove the \fIcontext\fR from the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-query\-lockdown\-whitelist\-context\fR=\fIcontext\fR .RS 4 Query whether the \fIcontext\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-list\-lockdown\-whitelist\-uids\fR .RS 4 List all user ids that are on the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-add\-lockdown\-whitelist\-uid\fR=\fIuid\fR .RS 4 Add the user id \fIuid\fR to the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-remove\-lockdown\-whitelist\-uid\fR=\fIuid\fR .RS 4 Remove the user id \fIuid\fR from the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-query\-lockdown\-whitelist\-uid\fR=\fIuid\fR .RS 4 Query whether the user id \fIuid\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-list\-lockdown\-whitelist\-users\fR .RS 4 List all user names that are on the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-add\-lockdown\-whitelist\-user\fR=\fIuser\fR .RS 4 Add the user name \fIuser\fR to the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-remove\-lockdown\-whitelist\-user\fR=\fIuser\fR .RS 4 Remove the user name \fIuser\fR from the whitelist\&. .RE .PP [\fB\-\-permanent\fR] \fB\-\-query\-lockdown\-whitelist\-user\fR=\fIuser\fR .RS 4 Query whether the user name \fIuser\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .SS "Panic Options" .PP \fB\-\-panic\-on\fR .RS 4 Enable panic mode\&. All incoming and outgoing packets are dropped, active connections will expire\&. Enable this only if there are serious problems with your network environment\&. For example if the machine is getting hacked in\&. .sp This is a runtime only change\&. .RE .PP \fB\-\-panic\-off\fR .RS 4 Disable panic mode\&. After disabling panic mode established connections might work again, if panic mode was enabled for a short period of time\&. .sp This is a runtime only change\&. .RE .PP \fB\-\-query\-panic\fR .RS 4 Returns 0 if panic mode is enabled, 1 otherwise\&. .RE .SH "EXAMPLES" .PP For more examples see \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .SS "Example 1" .PP Enable http service in default zone\&. This is runtime only change, i\&.e\&. effective until restart\&. .PP .if n \{\ .RS 4 .\} .nf firewall\-cmd \-\-add\-service=http .fi .if n \{\ .RE .\} .sp .SS "Example 2" .PP Enable port 443/tcp immediately and permanently in default zone\&. To make the change effective immediately and also after restart we need two commands\&. The first command makes the change in runtime configuration, i\&.e\&. makes it effective immediately, until restart\&. The second command makes the change in permanent configuration, i\&.e\&. makes it effective after restart\&. .PP .if n \{\ .RS 4 .\} .nf firewall\-cmd \-\-add\-port=443/tcp firewall\-cmd \-\-permanent \-\-add\-port=443/tcp .fi .if n \{\ .RE .\} .sp .SH "EXIT CODES" .PP On success 0 is returned\&. On failure the output is red colored and exit code is either 2 in case of wrong command\-line option usage or one of the following error codes in other cases: .TS allbox tab(:); lB rB. T{ String T}:T{ Code T} .T& l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r l r. T{ ALREADY_ENABLED T}:T{ 11 T} T{ NOT_ENABLED T}:T{ 12 T} T{ COMMAND_FAILED T}:T{ 13 T} T{ NO_IPV6_NAT T}:T{ 14 T} T{ PANIC_MODE T}:T{ 15 T} T{ ZONE_ALREADY_SET T}:T{ 16 T} T{ UNKNOWN_INTERFACE T}:T{ 17 T} T{ ZONE_CONFLICT T}:T{ 18 T} T{ BUILTIN_CHAIN T}:T{ 19 T} T{ EBTABLES_NO_REJECT T}:T{ 20 T} T{ NOT_OVERLOADABLE T}:T{ 21 T} T{ NO_DEFAULTS T}:T{ 22 T} T{ BUILTIN_ZONE T}:T{ 23 T} T{ BUILTIN_SERVICE T}:T{ 24 T} T{ BUILTIN_ICMPTYPE T}:T{ 25 T} T{ NAME_CONFLICT T}:T{ 26 T} T{ NAME_MISMATCH T}:T{ 27 T} T{ PARSE_ERROR T}:T{ 28 T} T{ ACCESS_DENIED T}:T{ 29 T} T{ UNKNOWN_SOURCE T}:T{ 30 T} T{ RT_TO_PERM_FAILED T}:T{ 31 T} T{ IPSET_WITH_TIMEOUT T}:T{ 32 T} T{ BUILTIN_IPSET T}:T{ 33 T} T{ ALREADY_SET T}:T{ 34 T} T{ MISSING_IMPORT T}:T{ 35 T} T{ DBUS_ERROR T}:T{ 36 T} T{ BUILTIN_HELPER T}:T{ 37 T} T{ NOT_APPLIED T}:T{ 38 T} T{ INVALID_ACTION T}:T{ 100 T} T{ INVALID_SERVICE T}:T{ 101 T} T{ INVALID_PORT T}:T{ 102 T} T{ INVALID_PROTOCOL T}:T{ 103 T} T{ INVALID_INTERFACE T}:T{ 104 T} T{ INVALID_ADDR T}:T{ 105 T} T{ INVALID_FORWARD T}:T{ 106 T} T{ INVALID_ICMPTYPE T}:T{ 107 T} T{ INVALID_TABLE T}:T{ 108 T} T{ INVALID_CHAIN T}:T{ 109 T} T{ INVALID_TARGET T}:T{ 110 T} T{ INVALID_IPV T}:T{ 111 T} T{ INVALID_ZONE T}:T{ 112 T} T{ INVALID_PROPERTY T}:T{ 113 T} T{ INVALID_VALUE T}:T{ 114 T} T{ INVALID_OBJECT T}:T{ 115 T} T{ INVALID_NAME T}:T{ 116 T} T{ INVALID_FILENAME T}:T{ 117 T} T{ INVALID_DIRECTORY T}:T{ 118 T} T{ INVALID_TYPE T}:T{ 119 T} T{ INVALID_SETTING T}:T{ 120 T} T{ INVALID_DESTINATION T}:T{ 121 T} T{ INVALID_RULE T}:T{ 122 T} T{ INVALID_LIMIT T}:T{ 123 T} T{ INVALID_FAMILY T}:T{ 124 T} T{ INVALID_LOG_LEVEL T}:T{ 125 T} T{ INVALID_AUDIT_TYPE T}:T{ 126 T} T{ INVALID_MARK T}:T{ 127 T} T{ INVALID_CONTEXT T}:T{ 128 T} T{ INVALID_COMMAND T}:T{ 129 T} T{ INVALID_USER T}:T{ 130 T} T{ INVALID_UID T}:T{ 131 T} T{ INVALID_MODULE T}:T{ 132 T} T{ INVALID_PASSTHROUGH T}:T{ 133 T} T{ INVALID_MAC T}:T{ 134 T} T{ INVALID_IPSET T}:T{ 135 T} T{ INVALID_ENTRY T}:T{ 136 T} T{ INVALID_OPTION T}:T{ 137 T} T{ INVALID_HELPER T}:T{ 138 T} T{ INVALID_PRIORITY T}:T{ 139 T} T{ INVALID_POLICY T}:T{ 140 T} T{ INVALID_LOG_PREFIX T}:T{ 141 T} T{ INVALID_NFLOG_GROUP T}:T{ 142 T} T{ INVALID_NFLOG_QUEUE T}:T{ 143 T} T{ MISSING_TABLE T}:T{ 200 T} T{ MISSING_CHAIN T}:T{ 201 T} T{ MISSING_PORT T}:T{ 202 T} T{ MISSING_PROTOCOL T}:T{ 203 T} T{ MISSING_ADDR T}:T{ 204 T} T{ MISSING_NAME T}:T{ 205 T} T{ MISSING_SETTING T}:T{ 206 T} T{ MISSING_FAMILY T}:T{ 207 T} T{ RUNNING_BUT_FAILED T}:T{ 251 T} T{ NOT_RUNNING T}:T{ 252 T} T{ NOT_AUTHORIZED T}:T{ 253 T} T{ UNKNOWN_ERROR T}:T{ 254 T} .TE .sp 1 .PP Note that return codes of \fB\-\-query\-*\fR options are special: Successful queries return 0, unsuccessful ones return 1 unless an error occurred in which case the table above applies\&. .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man1/firewall-config.10000644000000000000000000000535214217353164021002 0ustar00rootroot00000000000000'\" t .\" Title: firewall-config .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewall-config .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALL\-CONFIG" "1" "" "firewalld 1.1.1" "firewall-config" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewall-config \- firewalld GUI configuration tool .SH "SYNOPSIS" .HP \w'\fBfirewall\-config\fR\ 'u \fBfirewall\-config\fR [OPTIONS...] .SH "DESCRIPTION" .PP firewall\-config is a GUI configuration tool for firewalld\&. .SH "OPTIONS" .PP \fBfirewall\-config\fR does not support any special options\&. The only options that can be used are the general options that Gtk uses for Gtk application initialization\&. For more information on these options, please have a look at the runtime documentation for Gtk\&. .PP The following options are supported: .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Prints a short help text and exits\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man1/firewalld.10000644000000000000000000002220614217353164017700 0ustar00rootroot00000000000000'\" t .\" Title: firewalld .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD" "1" "" "firewalld 1.1.1" "firewalld" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld \- Dynamic Firewall Manager .SH "SYNOPSIS" .HP \w'\fBfirewalld\ \fR\fB[OPTIONS...]\fR\ 'u \fBfirewalld \fR\fB[OPTIONS...]\fR .SH "DESCRIPTION" .PP firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces\&. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and has a separation of runtime and permanent configuration options\&. It also supports an interface for services or applications to add firewall rules directly\&. .SH "OPTIONS" .PP These are the command line options of firewalld: .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Prints a short help text and exists\&. .RE .PP \fB\-\-default\-config\fR .RS 4 Path to firewalld default configuration\&. This usually defaults to \fI/usr/lib/firewalld\fR\&. .RE .PP \fB\-\-debug\fR[=\fIlevel\fR] .RS 4 Set the debug level for firewalld to \fIlevel\fR\&. The range of the debug level is 1 (lowest level) to 10 (highest level)\&. The debug output will be written to the firewalld log file \fI/var/log/firewalld\fR\&. .RE .PP \fB\-\-debug\-gc\fR .RS 4 Print garbage collector leak information\&. The collector runs every 10 seconds and if there are leaks, it prints information about the leaks\&. .RE .PP \fB\-\-nofork\fR .RS 4 Turn off daemon forking\&. Force firewalld to run as a foreground process instead of as a daemon in the background\&. .RE .PP \fB\-\-nopid\fR .RS 4 Disable writing pid file\&. By default the program will write a pid file\&. If the program is invoked with this option it will not check for an existing server process\&. .RE .PP \fB\-\-system\-config\fR .RS 4 Path to firewalld system (user) configuration\&. This usually defaults to \fI/etc/firewalld\fR\&. .RE .SH "CONCEPTS" .PP firewalld has a D\-Bus interface for firewall configuration of services and applications\&. It also has a command line client for the user\&. Services or applications already using D\-Bus can request changes to the firewall with the D\-Bus interface directly\&. For more information on the firewalld D\-Bus interface, please have a look at \fBfirewalld.dbus\fR(5)\&. .PP firewalld provides support for zones, predefined services and ICMP types and has a separation of runtime and permanent configuration options\&. Permanent configuration is loaded from XML files in \fI/usr/lib/firewalld\fR (\fB\-\-default\-config\fR) or \fI/etc/firewalld\fR (\fB\-\-system\-config\fR) (see the section called \(lqDIRECTORIES\(rq)\&. .PP If NetworkManager is not in use and firewalld gets started after the network is already up, the connections and manually created interfaces are not bound to the zone specified in the ifcfg file\&. The interfaces will automatically be handled by the default zone\&. firewalld will also not get notified about network device renames\&. All this also applies to interfaces that are not controlled by NetworkManager if \fINM_CONTROLLED=no\fR is set\&. .PP You can add these interfaces to a zone with \fBfirewall\-cmd [\-\-permanent] \-\-zone=\fR\fB\fIzone\fR\fR\fB \-\-add\-interface=\fR\fB\fIinterface\fR\fR\&. If there is a /etc/sysconfig/network\-scripts/ifcfg\-\fIinterface\fR file, firewalld tries to change the ZONE=\fIzone\fR setting in this file\&. .PP If firewalld gets reloaded, it will restore the interface bindings that were in place before reloading to keep interface bindings stable in the case of NetworkManager uncontrolled interfaces\&. This mechanism is not possible in the case of a firewalld service restart\&. .PP It is essential to keep the ZONE= setting in the ifcfg file consistent to the binding in firewalld in the case of NetworkManager uncontrolled interfaces\&. .SS "Zones" .PP A network or firewall zone defines the trust level of the interface used for a connection\&. There are several pre\-defined zones provided by firewalld\&. Zone configuration options and generic information about zones are described in \fBfirewalld.zone\fR(5) .SS "Services" .PP A service can be a list of local ports, protocols and destinations and additionally also a list of firewall helper modules automatically loaded if a service is enabled\&. Service configuration options and generic information about services are described in \fBfirewalld.service\fR(5)\&. The use of predefined services makes it easier for the user to enable and disable access to a service\&. .SS "ICMP types" .PP The Internet Control Message Protocol (ICMP) is used to exchange information and also error messages in the Internet Protocol (IP)\&. ICMP types can be used in firewalld to limit the exchange of these messages\&. For more information, please have a look at \fBfirewalld.icmptype\fR(5)\&. .SS "Runtime configuration" .PP Runtime configuration is the actual active configuration and is not permanent\&. After reload/restart of the service or a system reboot, runtime settings will be gone if they haven\*(Aqt been also in permanent configuration\&. .SS "Permanent configuration" .PP The permanent configuration is stored in config files and will be loaded and become new runtime configuration with every machine boot or service reload/restart\&. .SS "Direct interface" .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBDEPRECATED\fR .RS 4 .PP The direct interface has been deprecated\&. It will be removed in a future release\&. It is superseded by policies, see \fBfirewalld.policies\fR(5)\&. .RE .PP The direct interface is mainly used by services or applications to add specific firewall rules\&. It requires basic knowledge of ip(6)tables concepts (tables, chains, commands, parameters, targets)\&. .SH "DIRECTORIES" .PP firewalld supports two configuration directories: .SS "Default/Fallback configuration in \fI/usr/lib/firewalld\fR (\-\-default\-config)" .PP This directory contains the default and fallback configuration provided by firewalld for icmptypes, services and zones\&. The files provided with the firewalld package should not get changed and the changes are gone with an update of the firewalld package\&. Additional \fBicmptypes\fR, \fBservices\fR and \fBzones\fR can be provided with packages or by creating files\&. .SS "System configuration settings in \fI/etc/firewalld\fR (\-\-system\-config)" .PP The system or user configuration stored here is either created by the system administrator or by customization with the configuration interface of firewalld or by hand\&. The files will overload the default configuration files\&. .PP To manually change settings of pre\-defined icmptypes, zones or services, copy the file from the default configuration directory to the corresponding directory in the system configuration directory and change it accordingly\&. .PP For more information on icmptypes, please have a look at the \fBfirewalld.icmptype\fR(5) man page, for services at \fBfirewalld.service\fR(5) and for zones at \fBfirewalld.zone\fR(5)\&. .SH "SIGNALS" .PP Currently only SIGHUP is supported\&. .SS "SIGHUP" .PP Reloads the complete firewall configuration\&. You can also use \fBfirewall\-cmd \-\-reload\fR\&. All runtime configuration settings will be restored\&. Permanent configuration will change according to options defined in the configuration files\&. .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man1/firewall-offline-cmd.10000644000000000000000000015236614217353164021730 0ustar00rootroot00000000000000'\" t .\" Title: firewall-offline-cmd .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewall-offline-cmd .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALL\-OFFLINE\-C" "1" "" "firewalld 1.1.1" "firewall-offline-cmd" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewall-offline-cmd \- firewalld offline command line client .SH "SYNOPSIS" .HP \w'\fBfirewall\-offline\-cmd\fR\ 'u \fBfirewall\-offline\-cmd\fR [OPTIONS...] .SH "DESCRIPTION" .PP firewall\-offline\-cmd is an offline command line client of the firewalld daemon\&. It should be used only if the firewalld service is not running\&. For example to migrate from system\-config\-firewall/lokkit or in the install environment to configure firewall settings with kickstart\&. .PP Some lokkit options can not be automatically converted for firewalld, they will result in an error or warning message\&. This tool tries to convert as much as possible, but there are limitations for example with custom rules, modules and masquerading\&. .PP Check the firewall configuration after using this tool\&. .SH "OPTIONS" .PP If no options are given, configuration from \fB/etc/sysconfig/system\-config\-firewall\fR will be migrated\&. .PP Sequence options are the options that can be specified multiple times, the exit code is 0 if there is at least one item that succeeded\&. The \fIALREADY_ENABLED\fR (11), \fINOT_ENABLED\fR (12) and also \fIZONE_ALREADY_SET\fR (16) errors are treated as succeeded\&. If there are issues while parsing the items, then these are treated as warnings and will not change the result as long as there is a succeeded one\&. Without any succeeded item, the exit code will depend on the error codes\&. If there is exactly one error code, then this is used\&. If there are more than one then \fIUNKNOWN_ERROR\fR (254) will be used\&. .PP The following options are supported: .SS "General Options" .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Prints a short help text and exists\&. .RE .PP \fB\-V\fR, \fB\-\-version\fR .RS 4 Prints the version string of firewalld and exits\&. .RE .PP \fB\-q\fR, \fB\-\-quiet\fR .RS 4 Do not print status messages\&. .RE .PP \fB\-\-default\-config\fR .RS 4 Path to firewalld default configuration\&. This usually defaults to \fI/usr/lib/firewalld\fR\&. .RE .PP \fB\-\-system\-config\fR .RS 4 Path to firewalld system (user) configuration\&. This usually defaults to \fI/etc/firewalld\fR\&. .RE .SS "Status Options" .PP \fB\-\-enabled\fR .RS 4 Enable the firewall\&. This option is a default option and will activate the firewall if not already enabled as long as the option \fB\-\-disabled\fR is not given\&. .RE .PP \fB\-\-disabled\fR .RS 4 Disable the firewall by disabling the firewalld service\&. .RE .PP \fB\-\-check\-config\fR .RS 4 Run checks on the permanent (default and system) configuration\&. This includes XML validity and semantics\&. .sp This is may be used with \fB\-\-system\-config\fR to check the validity of handwritten configuration files before copying them to the standard location\&. .RE .SS "Lokkit Compatibility Options" .PP These options are nearly identical to the options of \fBlokkit\fR\&. .PP \fB\-\-migrate\-system\-config\-firewall=\fR\fB\fIfile\fR\fR .RS 4 Migrate system\-config\-firewall configuration from the given file\&. No further .RE .PP \fB\-\-addmodule\fR=\fImodule\fR .RS 4 This option will result in a warning message and will be ignored\&. .sp Handling of netfilter helpers has been merged into services completely\&. Adding or removing netfilter helpers outside of services is therefore not needed anymore\&. For more information on handling netfilter helpers in services, please have a look at \fBfirewalld.zone\fR(5)\&. .RE .PP \fB\-\-removemodule\fR .RS 4 This option will result in a warning message and will be ignored\&. .sp Handling of netfilter helpers has been merged into services completely\&. Adding or removing netfilter helpers outside of services is therefore not needed anymore\&. For more information on handling netfilter helpers in services, please have a look at \fBfirewalld.zone\fR(5)\&. .RE .PP \fB\-\-remove\-service\fR=\fIservice\fR .RS 4 Remove a service from the default zone\&. This option can be specified multiple times\&. .sp The service is one of the firewalld provided services\&. To get a list of the supported services, use \fBfirewall\-cmd \-\-get\-services\fR\&. .RE .PP \fB\-s\fR \fIservice\fR, \fB\-\-service\fR=\fIservice\fR .RS 4 Add a service to the default zone\&. This option can be specified multiple times\&. .sp The service is one of the firewalld provided services\&. To get a list of the supported services, use \fBfirewall\-cmd \-\-get\-services\fR\&. .RE .PP \fB\-p\fR \fIportid\fR[\-\fIportid\fR]:\fIprotocol\fR, \fB\-\-port\fR=\fIportid\fR[\-\fIportid\fR]:\fIprotocol\fR .RS 4 Add the port to the default zone\&. This option can be specified multiple times\&. .sp The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .PP \fB\-t\fR \fIinterface\fR, \fB\-\-trust\fR=\fIinterface\fR .RS 4 This option will result in a warning message\&. .sp Mark an interface as trusted\&. This option can be specified multiple times\&. The interface will be bound to the trusted zone\&. .sp If the interface is used in a NetworkManager managed connection or if there is an ifcfg file for this interface, the zone will be changed to the zone defined in the configuration as soon as it gets activated\&. To change the zone of a connection use \fBnm\-connection\-editor\fR and set the zone to trusted, for an ifcfg file, use an editor and add "ZONE=trusted"\&. If the zone is not defined in the ifcfg file, the firewalld default zone will be used\&. .RE .PP \fB\-m\fR \fIinterface\fR, \fB\-\-masq\fR=\fIinterface\fR .RS 4 This option will result in a warning message\&. .sp Masquerading will be enabled in the default zone\&. The interface argument will be ignored\&. This is for \fIIPv4\fR only\&. .RE .PP \fB\-\-custom\-rules\fR=[\fItype\fR:][\fItable\fR:]\fIfilename\fR .RS 4 This option will result in a warning message and will be ignored\&. .sp Custom rule files are not supported by firewalld\&. .RE .PP \fB\-\-forward\-port\fR=if=\fIinterface\fR:port=\fIport\fR:proto=\fIprotocol\fR[:toport=\fIdestination port\fR:][:toaddr=\fIdestination address\fR] .RS 4 This option will result in a warning message\&. .sp Add the \fIIPv4\fR forward port in the default zone\&. This option can be specified multiple times\&. .sp The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. The destination address is an IP address\&. .RE .PP \fB\-\-block\-icmp\fR=\fIicmptype\fR .RS 4 This option will result in a warning message\&. .sp Add an ICMP block for \fIicmptype\fR in the default zone\&. This option can be specified multiple times\&. .sp The \fIicmptype\fR is the one of the icmp types firewalld supports\&. To get a listing of supported icmp types: \fBfirewall\-cmd \-\-get\-icmptypes\fR .RE .SS "Log Denied Options" .PP \fB\-\-get\-log\-denied\fR .RS 4 Print the log denied setting\&. .RE .PP \fB\-\-set\-log\-denied\fR=\fIvalue\fR .RS 4 Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link\-layer packet type\&. The possible values are: \fIall\fR, \fIunicast\fR, \fIbroadcast\fR, \fImulticast\fR and \fIoff\fR\&. The default setting is \fIoff\fR, which disables the logging\&. .sp This is a runtime and permanent change and will also reload the firewall to be able to add the logging rules\&. .RE .SS "Zone Options" .PP \fB\-\-get\-default\-zone\fR .RS 4 Print default zone for connections and interfaces\&. .RE .PP \fB\-\-set\-default\-zone\fR=\fIzone\fR .RS 4 Set default zone for connections and interfaces where no zone has been selected\&. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone\&. .RE .PP \fB\-\-get\-zones\fR .RS 4 Print predefined zones as a space separated list\&. .RE .PP \fB\-\-get\-services\fR .RS 4 Print predefined services as a space separated list\&. .RE .PP \fB\-\-get\-icmptypes\fR .RS 4 Print predefined icmptypes as a space separated list\&. .RE .PP \fB\-\-get\-zone\-of\-interface\fR=\fIinterface\fR .RS 4 Print the name of the zone the \fIinterface\fR is bound to or \fIno zone\fR\&. .RE .PP \fB\-\-get\-zone\-of\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Print the name of the zone the source is bound to or \fIno zone\fR\&. .RE .PP \fB\-\-info\-zone=\fR\fB\fIzone\fR\fR .RS 4 Print information about the zone \fIzone\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIzone\fR interfaces: \fIinterface1\fR \&.\&. sources: \fIsource1\fR \&.\&. services: \fIservice1\fR \&.\&. ports: \fIport1\fR \&.\&. protocols: \fIprotocol1\fR \&.\&. forward\-ports: \fIforward\-port1\fR \&.\&. source\-ports: \fIsource\-port1\fR \&.\&. icmp\-blocks: \fIicmp\-type1\fR \&.\&. rich rules: \fIrich\-rule1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-\-list\-all\-zones\fR .RS 4 List everything added for or enabled in all zones\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIzone1\fR interfaces: \fIinterface1\fR \&.\&. sources: \fIsource1\fR \&.\&. services: \fIservice1\fR \&.\&. ports: \fIport1\fR \&.\&. protocols: \fIprotocol1\fR \&.\&. forward\-ports: \fIforward\-port1\fR \&.\&. source\-ports: \fIsource\-port1\fR \&.\&. icmp\-blocks: \fIicmp\-type1\fR \&.\&. rich rules: \fIrich\-rule1\fR \&.\&. \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-\-new\-zone\fR=\fIzone\fR .RS 4 Add a new permanent zone\&. .sp Zone names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-new\-zone\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIzone\fR] .RS 4 Add a new permanent zone from a prepared zone file with an optional name override\&. .RE .PP \fB\-\-path\-zone=\fR\fB\fIzone\fR\fR .RS 4 Print path of the zone configuration file\&. .RE .PP \fB\-\-delete\-zone\fR=\fIzone\fR .RS 4 Delete an existing permanent zone\&. .RE .SS "Policy Options" .PP \fB\-\-get\-policies\fR .RS 4 Print predefined policies as a space separated list\&. .RE .PP \fB\-\-info\-policy\fR=\fIpolicy\fR .RS 4 Print information about the policy \fIpolicy\fR\&. .RE .PP \fB\-\-list\-all\-policies\fR .RS 4 List everything added for or enabled in all policies\&. .RE .PP \fB\-\-new\-policy\fR=\fIpolicy\fR .RS 4 Add a new permanent policy\&. .sp Policy names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-new\-policy\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIpolicy\fR] .RS 4 Add a new permanent policy from a prepared policy file with an optional name override\&. .RE .PP \fB\-\-path\-policy\fR=\fIpolicy\fR .RS 4 Print path of the policy configuration file\&. .RE .PP \fB\-\-delete\-policy\fR=\fIpolicy\fR .RS 4 Delete an existing permanent policy\&. .RE .PP \fB\-\-load\-policy\-defaults\fR=\fIpolicy\fR .RS 4 Load the shipped defaults for a policy\&. Only applies to policies shipped with firewalld\&. Does not apply to user defined policies\&. .RE .SS "Options to Adapt and Query Zones and Policies" .PP Options in this section affect only one particular zone or policy\&. If used with \fB\-\-zone\fR=\fIzone\fR or \fB\-\-policy\fR=\fIpolicy\fR option, they affect the specified zone or policy\&. If both options are omitted, they affect default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-all\fR .RS 4 List everything added or enabled\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-get\-target\fR .RS 4 Get the target\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-set\-target\fR=\fIzone\fR .RS 4 Set the target\&. .sp For zones \fItarget\fR is one of: \fIdefault\fR, \fIACCEPT\fR, \fIDROP\fR, \fIREJECT\fR .sp For policies \fItarget\fR is one of: \fICONTINUE\fR, \fIACCEPT\fR, \fIDROP\fR, \fIREJECT\fR .sp \fIdefault\fR is similar to \fIREJECT\fR, but it implicitly allows ICMP packets\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set description\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-get\-description\fR .RS 4 Print description\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-get\-short\fR .RS 4 Print short description\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-services\fR .RS 4 List services added as a space separated list\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-service\fR=\fIservice\fR .RS 4 Add a service\&. This option can be specified multiple times\&. .sp The service is one of the firewalld provided services\&. To get a list of the supported services, use \fBfirewall\-cmd \-\-get\-services\fR\&. .sp \fBNote\fR: Some services define connection tracking helpers\&. Helpers that may operate in client mode (e\&.g\&. tftp) must be added to an outbound policy instead of a zone to take effect for clients\&. Otherwise the helper will not be applied to the outbound traffic\&. The related traffic, as defined by the connection tracking helper, on the return path (ingress) will be allowed by the stateful firewall rules\&. .sp An example of an outbound policy for connection tracking helpers: .sp .if n \{\ .RS 4 .\} .nf # firewall\-cmd \-\-new\-policy clientConntrack # firewall\-cmd \-\-policy clientConntrack \-\-add\-ingress\-zone HOST # firewall\-cmd \-\-policy clientConntrack \-\-add\-egress\-zone ANY # firewall\-cmd \-\-policy clientConntrack \-\-add\-service tftp .fi .if n \{\ .RE .\} .sp .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-service\-from\-zone\fR=\fIservice\fR .RS 4 Remove a service from \fIzone\fR\&. This option can be specified multiple times\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-service\-from\-policy\fR=\fIservice\fR .RS 4 Remove a service from \fIpolicy\fR\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-service\fR=\fIservice\fR .RS 4 Return whether \fIservice\fR has been added\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-ports\fR .RS 4 List ports added as a space separated list\&. A port is of the form \fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR, it can be either a port and protocol pair or a port range with a protocol\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add the port\&. This option can be specified multiple times\&. .sp The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove the port\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the port has been added\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-protocols\fR .RS 4 List protocols added as a space separated list\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-protocol\fR=\fIprotocol\fR .RS 4 Add the protocol\&. This option can be specified multiple times\&. \fItimeval\fR is either a number (of seconds) or number followed by one of characters \fIs\fR (seconds), \fIm\fR (minutes), \fIh\fR (hours), for example \fI20m\fR or \fI1h\fR\&. .sp The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-protocol\fR=\fIprotocol\fR .RS 4 Remove the protocol\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-protocol\fR=\fIprotocol\fR .RS 4 Return whether the protocol has been added\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-icmp\-blocks\fR .RS 4 List Internet Control Message Protocol (ICMP) type blocks added as a space separated list\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-icmp\-block\fR=\fIicmptype\fR .RS 4 Add an ICMP block for \fIicmptype\fR\&. This option can be specified multiple times\&. .sp The \fIicmptype\fR is the one of the icmp types firewalld supports\&. To get a listing of supported icmp types: \fBfirewall\-cmd \-\-get\-icmptypes\fR .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-icmp\-block\fR=\fIicmptype\fR .RS 4 Remove the ICMP block for \fIicmptype\fR\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-icmp\-block\fR=\fIicmptype\fR .RS 4 Return whether an ICMP block for \fIicmptype\fR has been added\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-forward\-ports\fR .RS 4 List \fIIPv4\fR forward ports added as a space separated list\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-forward\-port\fR=port=\fIportid\fR[\-\fIportid\fR]:proto=\fIprotocol\fR[:toport=\fIportid\fR[\-\fIportid\fR]][:toaddr=\fIaddress\fR[/\fImask\fR]] .RS 4 Add the \fIIPv4\fR forward port\&. This option can be specified multiple times\&. .sp The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. The destination address is a simple IP address\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .sp \fINote:\fR IP forwarding will be implicitly enabled if \fBtoaddr\fR is specified\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-forward\-port\fR=port=\fIportid\fR[\-\fIportid\fR]:proto=\fIprotocol\fR[:toport=\fIportid\fR[\-\fIportid\fR]][:toaddr=\fIaddress\fR[/\fImask\fR]] .RS 4 Remove the \fIIPv4\fR forward port\&. This option can be specified multiple times\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-forward\-port\fR=port=\fIportid\fR[\-\fIportid\fR]:proto=\fIprotocol\fR[:toport=\fIportid\fR[\-\fIportid\fR]][:toaddr=\fIaddress\fR[/\fImask\fR]] .RS 4 Return whether the \fIIPv4\fR forward port has been added\&. Returns 0 if true, 1 otherwise\&. .sp For \fIIPv6\fR forward ports, please use the rich language\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-source\-ports\fR .RS 4 List source ports added as a space separated list\&. A port is of the form \fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add the source port\&. This option can be specified multiple times\&. .sp The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove the source port\&. This option can be specified multiple times\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the source port has been added\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-masquerade\fR .RS 4 Enable \fIIPv4\fR masquerade\&. Masquerading is useful if the machine is a router and machines connected over an interface in another zone should be able to use the first connection\&. .sp For \fIIPv6\fR masquerading, please use the rich language\&. .sp \fINote:\fR IP forwarding will be implicitly enabled\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-masquerade\fR .RS 4 Disable \fIIPv4\fR masquerade\&. .sp For \fIIPv6\fR masquerading, please use the rich language\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-masquerade\fR .RS 4 Return whether \fIIPv4\fR masquerading has been enabled\&. Returns 0 if true, 1 otherwise\&. .sp For \fIIPv6\fR masquerading, please use the rich language\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-list\-rich\-rules\fR .RS 4 List rich language rules added as a newline separated list\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-add\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq .RS 4 Add rich language rule \*(Aq\fIrule\fR\*(Aq\&. This option can be specified multiple times\&. .sp For the rich language rule syntax, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-remove\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq .RS 4 Remove rich language rule \*(Aq\fIrule\fR\*(Aq\&. This option can be specified multiple times\&. .sp For the rich language rule syntax, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] [\fB\-\-policy\fR=\fIpolicy\fR] \fB\-\-query\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq .RS 4 Return whether a rich language rule \*(Aq\fIrule\fR\*(Aq has been added\&. Returns 0 if true, 1 otherwise\&. .sp For the rich language rule syntax, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .RE .SS "Options to Adapt and Query Zones" .PP Options in this section affect only one particular zone\&. If used with \fB\-\-zone\fR=\fIzone\fR option, they affect the specified zone\&. If the option is omitted, they affect the default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-icmp\-block\-inversion\fR .RS 4 Enable ICMP block inversion\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-icmp\-block\-inversion\fR .RS 4 Disable ICMP block inversion\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-icmp\-block\-inversion\fR .RS 4 Return whether ICMP block inversion is enabled\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-forward\fR .RS 4 Enable intra zone forwarding\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-forward\fR .RS 4 Disable intra zone forwarding\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-forward\fR .RS 4 Return whether intra zone forwarding is enabled\&. Returns 0 if true, 1 otherwise\&. .RE .SS "Options to Adapt and Query Policies" .PP Options in this section affect only one particular policy\&. It\*(Aqs required to specify \fB\-\-policy\fR=\fIpolicy\fR with these options\&. .PP \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-get\-priority\fR .RS 4 Get the priority\&. .RE .PP \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-set\-priority\fR\fIpriority\fR .RS 4 Set the priority\&. The priority determines the relative ordering of policies\&. This is an integer value between \-32768 and 32767 where \-1 is the default value for new policies and 0 is reserved for internal use\&. .sp If a priority is < 0, then the policy\*(Aqs rules will execute before all rules in all zones\&. .sp If a priority is > 0, then the policy\*(Aqs rules will execute after all rules in all zones\&. .RE .PP \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-list\-ingress\-zones\fR .RS 4 List ingress zones added as a space separated list\&. .RE .PP \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-add\-ingress\-zone\fR=\fIzone\fR .RS 4 Add an ingress zone\&. This option can be specified multiple times\&. .sp The ingress zone is one of the firewalld provided zones or one of the pseudo\-zones: HOST, ANY\&. .sp HOST is used for traffic originating from the host machine, i\&.e\&. the host running firewalld\&. .sp ANY is used for traffic originating from any zone\&. This can be thought of as a wild card for zones\&. However it does not include traffic originating from the host machine \- use HOST for that\&. .RE .PP \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-remove\-ingress\-zone\fR=\fIzone\fR .RS 4 Remove an ingress zone\&. This option can be specified multiple times\&. .RE .PP \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-query\-ingress\-zone\fR=\fIzone\fR .RS 4 Return whether \fIzone\fR has been added\&. Returns 0 if true, 1 otherwise\&. .RE .PP \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-list\-egress\-zones\fR .RS 4 List egress zones added as a space separated list\&. .RE .PP \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-add\-egress\-zone\fR=\fIzone\fR .RS 4 Add an egress zone\&. This option can be specified multiple times\&. .sp The egress zone is one of the firewalld provided zones or one of the pseudo\-zones: HOST, ANY\&. .sp For clarification on HOST and ANY see option \fB\-\-add\-ingress\-zone\fR\&. .RE .PP \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-remove\-egress\-zone\fR=\fIzone\fR .RS 4 Remove an egress zone\&. This option can be specified multiple times\&. .RE .PP \fB\-\-policy\fR=\fIpolicy\fR \fB\-\-query\-egress\-zone\fR=\fIzone\fR .RS 4 Return whether \fIzone\fR has been added\&. Returns 0 if true, 1 otherwise\&. .RE .SS "Options to Handle Bindings of Interfaces" .PP Binding an interface to a zone means that this zone settings are used to restrict traffic via the interface\&. .PP Options in this section affect only one particular zone\&. If used with \fB\-\-zone\fR=\fIzone\fR option, they affect the zone \fIzone\fR\&. If the option is omitted, they affect default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP For a list of predefined zones use \fBfirewall\-cmd \-\-get\-zones\fR\&. .PP An interface name is a string up to 16 characters long, that may not contain \fB\*(Aq \*(Aq\fR, \fB\*(Aq/\*(Aq\fR, \fB\*(Aq!\*(Aq\fR and \fB\*(Aq*\*(Aq\fR\&. .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-interfaces\fR .RS 4 List interfaces that are bound to zone \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-interface\fR=\fIinterface\fR .RS 4 Bind interface \fIinterface\fR to zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-change\-interface\fR=\fIinterface\fR .RS 4 Change zone the interface \fIinterface\fR is bound to to zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. If old and new zone are the same, the call will be ignored without an error\&. If the interface has not been bound to a zone before, it will behave like \fB\-\-add\-interface\fR\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-interface\fR=\fIinterface\fR .RS 4 Query whether interface \fIinterface\fR is bound to zone \fIzone\fR\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-interface\fR=\fIinterface\fR .RS 4 Remove binding of interface \fIinterface\fR from zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. .RE .SS "Options to Handle Bindings of Sources" .PP Binding a source to a zone means that this zone settings will be used to restrict traffic from this source\&. .PP A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6 or a MAC address or an ipset with the ipset: prefix\&. For IPv4, the mask can be a network mask or a plain number\&. For IPv6 the mask is a plain number\&. The use of host names is not supported\&. .PP Options in this section affect only one particular zone\&. If used with \fB\-\-zone\fR=\fIzone\fR option, they affect the zone \fIzone\fR\&. If the option is omitted, they affect default zone (see \fB\-\-get\-default\-zone\fR)\&. .PP For a list of predefined zones use \fBfirewall\-cmd \-\-get\-zones\fR\&. .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-list\-sources\fR .RS 4 List sources that are bound to zone \fIzone\fR as a space separated list\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-add\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Bind the source to zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-change\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Change zone the source is bound to to zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. If old and new zone are the same, the call will be ignored without an error\&. If the source has not been bound to a zone before, it will behave like \fB\-\-add\-source\fR\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-query\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Query whether the source is bound to the zone \fIzone\fR\&. Returns 0 if true, 1 otherwise\&. .RE .PP [\fB\-\-zone\fR=\fIzone\fR] \fB\-\-remove\-source\fR=\fIsource\fR[/\fImask\fR]|\fIMAC\fR|ipset:\fIipset\fR .RS 4 Remove binding of the source from zone \fIzone\fR\&. If zone is omitted, default zone will be used\&. .RE .SS "IPSet Options" .PP \fB\-\-new\-ipset\fR=\fIipset\fR \fB\-\-type\fR=\fIipset type\fR [\fB\-\-option\fR=\fIipset option\fR[=\fIvalue\fR]] .RS 4 Add a new permanent ipset with specifying the type and optional options\&. .sp ipset names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-new\-ipset\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIipset\fR] .RS 4 Add a new permanent ipset from a prepared ipset file with an optional name override\&. .RE .PP \fB\-\-delete\-ipset\fR=\fIipset\fR .RS 4 Delete an existing permanent ipset\&. .RE .PP \fB\-\-info\-ipset=\fR\fB\fIipset\fR\fR .RS 4 Print information about the ipset \fIipset\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIipset\fR type: \fItype\fR options: \fIoption1[=value1]\fR \&.\&. entries: \fIentry1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-\-get\-ipsets\fR .RS 4 Print predefined ipsets as a space separated list\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-add\-entry\fR=\fIentry\fR .RS 4 Add a new entry to the ipset\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-remove\-entry\fR=\fIentry\fR .RS 4 Remove an entry from the ipset\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-query\-entry\fR=\fIentry\fR .RS 4 Return whether the entry has been added to an ipset\&. Returns 0 if true, 1 otherwise\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-get\-entries\fR .RS 4 List all entries of the ipset\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-add\-entries\-from\-file\fR=\fIfilename\fR .RS 4 Add a new entries to the ipset from the file\&. For all entries that are listed in the file but already in the ipset, a warning will be printed\&. .sp The file should contain an entry per line\&. Lines starting with an hash or semicolon are ignored\&. Also empty lines\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-remove\-entries\-from\-file\fR=\fIfilename\fR .RS 4 Remove existing entries from the ipset from the file\&. For all entries that are listed in the file but not in the ipset, a warning will be printed\&. .sp The file should contain an entry per line\&. Lines starting with an hash or semicolon are ignored\&. Also empty lines\&. .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to ipset .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-get\-description\fR .RS 4 Print description for ipset .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set new short description to ipset .RE .PP \fB\-\-ipset\fR=\fIipset\fR \fB\-\-get\-short\fR .RS 4 Print short description for ipset .RE .PP \fB\-\-path\-ipset=\fR\fB\fIipset\fR\fR .RS 4 Print path of the ipset configuration file\&. .RE .SS "Service Options" .PP \fB\-\-info\-service=\fR\fB\fIservice\fR\fR .RS 4 Print information about the service \fIservice\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIservice\fR ports: \fIport1\fR \&.\&. protocols: \fIprotocol1\fR \&.\&. source\-ports: \fIsource\-port1\fR \&.\&. helpers: \fIhelper1\fR \&.\&. destination: \fIipv1\fR:\fIaddress1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-\-new\-service\fR=\fIservice\fR .RS 4 Add a new permanent service\&. .sp Service names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-new\-service\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIservice\fR] .RS 4 Add a new permanent service from a prepared service file with an optional name override\&. .RE .PP \fB\-\-delete\-service\fR=\fIservice\fR .RS 4 Delete an existing permanent service\&. .RE .PP \fB\-\-path\-service=\fR\fB\fIservice\fR\fR .RS 4 Print path of the service configuration file\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to service .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-description\fR .RS 4 Print description for service .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to service .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-short\fR .RS 4 Print short description for service .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add a new port to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove a port from the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the port has been added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-ports\fR .RS 4 List ports added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-protocol\fR=\fIprotocol\fR .RS 4 Add a new protocol to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-protocol\fR=\fIprotocol\fR .RS 4 Remove a protocol from the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-protocol\fR=\fIprotocol\fR .RS 4 Return whether the protocol has been added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-protocols\fR .RS 4 List protocols added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add a new source port to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove a source port from the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-source\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the source port has been added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-source\-ports\fR .RS 4 List source ports added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-helper\fR=\fIhelper\fR .RS 4 Add a new helper to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-helper\fR=\fIhelper\fR .RS 4 Remove a helper from the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-helper\fR=\fIhelper\fR .RS 4 Return whether the helper has been added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-service\-helpers\fR .RS 4 List helpers added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-set\-destination\fR=\fIipv\fR:\fIaddress\fR[/\fImask\fR] .RS 4 Set destination for ipv to address[/mask] in the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-destination\fR=\fIipv\fR .RS 4 Remove the destination for ipv from the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-destination\fR=\fIipv\fR:\fIaddress\fR[/\fImask\fR] .RS 4 Return whether the destination ipv to address[/mask] has been set in the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-destinations\fR .RS 4 List destinations added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-add\-include\fR=\fIservice\fR .RS 4 Add a new include to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-remove\-include\fR=\fIservice\fR .RS 4 Remove a include from the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-query\-include\fR=\fIservice\fR .RS 4 Return whether the include has been added to the permanent service\&. .RE .PP \fB\-\-service\fR=\fIservice\fR \fB\-\-get\-includes\fR .RS 4 List includes added to the permanent service\&. .RE .SS "Helper Options" .PP Options in this section affect only one particular helper\&. .PP \fB\-\-info\-helper=\fR\fB\fIhelper\fR\fR .RS 4 Print information about the helper \fIhelper\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIhelper\fR family: \fIfamily\fR module: \fImodule\fR ports: \fIport1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP The following options are only usable in the permanent configuration\&. .PP \fB\-\-new\-helper\fR=\fIhelper\fR \fB\-\-module\fR=\fInf_conntrack_module\fR [\fB\-\-family\fR=\fIipv4\fR|\fIipv6\fR] .RS 4 Add a new permanent helper with module and optionally family defined\&. .sp Helper names must be alphanumeric and may additionally include characters: \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-new\-helper\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIhelper\fR] .RS 4 Add a new permanent helper from a prepared helper file with an optional name override\&. .RE .PP \fB\-\-delete\-helper\fR=\fIhelper\fR .RS 4 Delete an existing permanent helper\&. .RE .PP \fB\-\-load\-helper\-defaults\fR=\fIhelper\fR .RS 4 Load helper default settings or report NO_DEFAULTS error\&. .RE .PP \fB\-\-path\-helper=\fR\fB\fIhelper\fR\fR .RS 4 Print path of the helper configuration file\&. .RE .PP \fB\-\-get\-helpers\fR .RS 4 Print predefined helpers as a space separated list\&. .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-description\fR .RS 4 Print description for helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-short\fR .RS 4 Print short description for helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-add\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Add a new port to the permanent helper\&. .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-remove\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Remove a port from the permanent helper\&. .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-query\-port\fR=\fIportid\fR[\-\fIportid\fR]/\fIprotocol\fR .RS 4 Return whether the port has been added to the permanent helper\&. .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-ports\fR .RS 4 List ports added to the permanent helper\&. .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-module\fR=\fIdescription\fR .RS 4 Set module description for helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-module\fR .RS 4 Print module description for helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-set\-family\fR=\fIdescription\fR .RS 4 Set family description for helper .RE .PP \fB\-\-helper\fR=\fIhelper\fR \fB\-\-get\-family\fR .RS 4 Print family description of helper .RE .SS "Internet Control Message Protocol (ICMP) type Options" .PP \fB\-\-info\-icmptype=\fR\fB\fIicmptype\fR\fR .RS 4 Print information about the icmptype \fIicmptype\fR\&. The output format is: .sp .if n \{\ .RS 4 .\} .nf \fIicmptype\fR destination: \fIipv1\fR \&.\&. .fi .if n \{\ .RE .\} .sp .RE .PP \fB\-\-new\-icmptype\fR=\fIicmptype\fR .RS 4 Add a new permanent icmptype\&. .sp ICMP type names must be alphanumeric and may additionally include characters: \*(Aq_\*(Aq and \*(Aq\-\*(Aq\&. .RE .PP \fB\-\-new\-icmptype\-from\-file\fR=\fIfilename\fR [\fB\-\-name\fR=\fIicmptype\fR] .RS 4 Add a new permanent icmptype from a prepared icmptype file with an optional name override\&. .RE .PP \fB\-\-delete\-icmptype\fR=\fIicmptype\fR .RS 4 Delete an existing permanent icmptype\&. .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-set\-description\fR=\fIdescription\fR .RS 4 Set new description to icmptype .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-get\-description\fR .RS 4 Print description for icmptype .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-set\-short\fR=\fIdescription\fR .RS 4 Set short description to icmptype .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-get\-short\fR .RS 4 Print short description for icmptype .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-add\-destination\fR=\fIipv\fR .RS 4 Enable destination for ipv in permanent icmptype\&. ipv is one of \fIipv4\fR or \fIipv6\fR\&. .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-remove\-destination\fR=\fIipv\fR .RS 4 Disable destination for ipv in permanent icmptype\&. ipv is one of \fIipv4\fR or \fIipv6\fR\&. .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-query\-destination\fR=\fIipv\fR .RS 4 Return whether destination for ipv is enabled in permanent icmptype\&. ipv is one of \fIipv4\fR or \fIipv6\fR\&. .RE .PP \fB\-\-icmptype\fR=\fIicmptype\fR \fB\-\-get\-destinations\fR .RS 4 List destinations in permanent icmptype\&. .RE .PP \fB\-\-path\-icmptype=\fR\fB\fIicmptype\fR\fR .RS 4 Print path of the icmptype configuration file\&. .RE .SS "Direct Options" .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBDEPRECATED\fR .RS 4 .PP The direct interface has been deprecated\&. It will be removed in a future release\&. It is superseded by policies, see \fBfirewalld.policies\fR(5)\&. .RE .PP The direct options give a more direct access to the firewall\&. These options require user to know basic iptables concepts, i\&.e\&. \fItable\fR (filter/mangle/nat/\&.\&.\&.), \fIchain\fR (INPUT/OUTPUT/FORWARD/\&.\&.\&.), \fIcommands\fR (\-A/\-D/\-I/\&.\&.\&.), \fIparameters\fR (\-p/\-s/\-d/\-j/\&.\&.\&.) and \fItargets\fR (ACCEPT/DROP/REJECT/\&.\&.\&.)\&. .PP Direct options should be used only as a last resort when it\*(Aqs not possible to use for example \fB\-\-add\-service\fR=\fIservice\fR or \fB\-\-add\-rich\-rule\fR=\*(Aq\fIrule\fR\*(Aq\&. .PP \fBWarning\fR: Direct rules behavior is different depending on the value of \fIFirewallBackend\fR\&. See \fICAVEATS\fR in \fBfirewalld.direct\fR(5)\&. .PP The first argument of each option has to be \fIipv4\fR or \fIipv6\fR or \fIeb\fR\&. With \fIipv4\fR it will be for IPv4 (\fBiptables\fR(8)), with \fIipv6\fR for IPv6 (\fBip6tables\fR(8)) and with \fIeb\fR for ethernet bridges (\fBebtables\fR(8))\&. .PP \fB\-\-direct\fR \fB\-\-get\-all\-chains\fR .RS 4 Get all chains added to all tables\&. .sp This option concerns only chains previously added with \fB\-\-direct \-\-add\-chain\fR\&. .RE .PP \fB\-\-direct\fR \fB\-\-get\-chains\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR .RS 4 Get all chains added to table \fItable\fR as a space separated list\&. .sp This option concerns only chains previously added with \fB\-\-direct \-\-add\-chain\fR\&. .RE .PP \fB\-\-direct\fR \fB\-\-add\-chain\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Add a new chain with name \fIchain\fR to table \fItable\fR\&. .sp There already exist basic chains to use with direct options, for example \fIINPUT_direct\fR chain (see \fIiptables\-save | grep direct\fR output for all of them)\&. These chains are jumped into before chains for zones, i\&.e\&. every rule put into \fIINPUT_direct\fR will be checked before rules in zones\&. .RE .PP \fB\-\-direct\fR \fB\-\-remove\-chain\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Remove the chain with name \fIchain\fR from table \fItable\fR\&. .RE .PP \fB\-\-direct\fR \fB\-\-query\-chain\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Return whether a chain with name \fIchain\fR exists in table \fItable\fR\&. Returns 0 if true, 1 otherwise\&. .sp This option concerns only chains previously added with \fB\-\-direct \-\-add\-chain\fR\&. .RE .PP \fB\-\-direct\fR \fB\-\-get\-all\-rules\fR .RS 4 Get all rules added to all chains in all tables as a newline separated list of the priority and arguments\&. .RE .PP \fB\-\-direct\fR \fB\-\-get\-rules\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Get all rules added to chain \fIchain\fR in table \fItable\fR as a newline separated list of the priority and arguments\&. .RE .PP \fB\-\-direct\fR \fB\-\-add\-rule\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR \fIpriority\fR \fIargs\fR .RS 4 Add a rule with the arguments \fIargs\fR to chain \fIchain\fR in table \fItable\fR with priority \fIpriority\fR\&. .sp The \fIpriority\fR is used to order rules\&. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down\&. Rules with the same priority are on the same level and the order of these rules is not fixed and may change\&. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following\&. .RE .PP \fB\-\-direct\fR \fB\-\-remove\-rule\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR \fIpriority\fR \fIargs\fR .RS 4 Remove a rule with \fIpriority\fR and the arguments \fIargs\fR from chain \fIchain\fR in table \fItable\fR\&. .RE .PP \fB\-\-direct\fR \fB\-\-remove\-rules\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR .RS 4 Remove all rules in the chain with name \fIchain\fR exists in table \fItable\fR\&. .sp This option concerns only rules previously added with \fB\-\-direct \-\-add\-rule\fR in this chain\&. .RE .PP \fB\-\-direct\fR \fB\-\-query\-rule\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fItable\fR \fIchain\fR \fIpriority\fR \fIargs\fR .RS 4 Return whether a rule with \fIpriority\fR and the arguments \fIargs\fR exists in chain \fIchain\fR in table \fItable\fR\&. Returns 0 if true, 1 otherwise\&. .RE .PP \fB\-\-direct\fR \fB\-\-get\-all\-passthroughs\fR .RS 4 Get all permanent passthrough as a newline separated list of the ipv value and arguments\&. .RE .PP \fB\-\-direct\fR \fB\-\-get\-passthroughs\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } .RS 4 Get all permanent passthrough rules for the ipv value as a newline separated list of the priority and arguments\&. .RE .PP \fB\-\-direct\fR \fB\-\-add\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Add a permanent passthrough rule with the arguments \fIargs\fR for the ipv value\&. .RE .PP \fB\-\-direct\fR \fB\-\-remove\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Remove a permanent passthrough rule with the arguments \fIargs\fR for the ipv value\&. .RE .PP \fB\-\-direct\fR \fB\-\-query\-passthrough\fR { \fIipv4\fR | \fIipv6\fR | \fIeb\fR } \fIargs\fR .RS 4 Return whether a permanent passthrough rule with the arguments \fIargs\fR exists for the ipv value\&. Returns 0 if true, 1 otherwise\&. .RE .SS "Lockdown Options" .PP Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt) or are authenticated using PolicyKit\&. With this feature administrators can lock the firewall configuration so that only applications on lockdown whitelist are able to request firewall changes\&. .PP The lockdown access check limits D\-Bus methods that are changing firewall rules\&. Query, list and get methods are not limited\&. .PP The lockdown feature is a very light version of user and application policies for firewalld and is turned off by default\&. .PP \fB\-\-lockdown\-on\fR .RS 4 Enable lockdown\&. Be careful \- if firewall\-cmd is not on lockdown whitelist when you enable lockdown you won\*(Aqt be able to disable it again with firewall\-cmd, you would need to edit firewalld\&.conf\&. .RE .PP \fB\-\-lockdown\-off\fR .RS 4 Disable lockdown\&. .RE .PP \fB\-\-query\-lockdown\fR .RS 4 Query whether lockdown is enabled\&. Returns 0 if lockdown is enabled, 1 otherwise\&. .RE .SS "Lockdown Whitelist Options" .PP The lockdown whitelist can contain \fIcommands\fR, \fIcontexts\fR, \fIusers\fR and \fIuser ids\fR\&. .PP If a command entry on the whitelist ends with an asterisk \*(Aq*\*(Aq, then all command lines starting with the command will match\&. If the \*(Aq*\*(Aq is not there the absolute command inclusive arguments must match\&. .PP Commands for user root and others is not always the same\&. Example: As root \fB/bin/firewall\-cmd\fR is used, as a normal user \fB/usr/bin/firewall\-cmd\fR is be used on Fedora\&. .PP The context is the security (SELinux) context of a running application or service\&. To get the context of a running application use \fBps \-e \-\-context\fR\&. .PP \fBWarning:\fR If the context is unconfined, then this will open access for more than the desired application\&. .PP The lockdown whitelist entries are checked in the following order: .RS 4 1\&. \fIcontext\fR .RE .RS 4 2\&. \fIuid\fR .RE .RS 4 3\&. \fIuser\fR .RE .RS 4 4\&. \fIcommand\fR .RE .PP \fB\-\-list\-lockdown\-whitelist\-commands\fR .RS 4 List all command lines that are on the whitelist\&. .RE .PP \fB\-\-add\-lockdown\-whitelist\-command\fR=\fIcommand\fR .RS 4 Add the \fIcommand\fR to the whitelist\&. .RE .PP \fB\-\-remove\-lockdown\-whitelist\-command\fR=\fIcommand\fR .RS 4 Remove the \fIcommand\fR from the whitelist\&. .RE .PP \fB\-\-query\-lockdown\-whitelist\-command\fR=\fIcommand\fR .RS 4 Query whether the \fIcommand\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .PP \fB\-\-list\-lockdown\-whitelist\-contexts\fR .RS 4 List all contexts that are on the whitelist\&. .RE .PP \fB\-\-add\-lockdown\-whitelist\-context\fR=\fIcontext\fR .RS 4 Add the context \fIcontext\fR to the whitelist\&. .RE .PP \fB\-\-remove\-lockdown\-whitelist\-context\fR=\fIcontext\fR .RS 4 Remove the \fIcontext\fR from the whitelist\&. .RE .PP \fB\-\-query\-lockdown\-whitelist\-context\fR=\fIcontext\fR .RS 4 Query whether the \fIcontext\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .PP \fB\-\-list\-lockdown\-whitelist\-uids\fR .RS 4 List all user ids that are on the whitelist\&. .RE .PP \fB\-\-add\-lockdown\-whitelist\-uid\fR=\fIuid\fR .RS 4 Add the user id \fIuid\fR to the whitelist\&. .RE .PP \fB\-\-remove\-lockdown\-whitelist\-uid\fR=\fIuid\fR .RS 4 Remove the user id \fIuid\fR from the whitelist\&. .RE .PP \fB\-\-query\-lockdown\-whitelist\-uid\fR=\fIuid\fR .RS 4 Query whether the user id \fIuid\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .PP \fB\-\-list\-lockdown\-whitelist\-users\fR .RS 4 List all user names that are on the whitelist\&. .RE .PP \fB\-\-add\-lockdown\-whitelist\-user\fR=\fIuser\fR .RS 4 Add the user name \fIuser\fR to the whitelist\&. .RE .PP \fB\-\-remove\-lockdown\-whitelist\-user\fR=\fIuser\fR .RS 4 Remove the user name \fIuser\fR from the whitelist\&. .RE .PP \fB\-\-query\-lockdown\-whitelist\-user\fR=\fIuser\fR .RS 4 Query whether the user name \fIuser\fR is on the whitelist\&. Returns 0 if true, 1 otherwise\&. .RE .SS "Policy Options" .PP \fB\-\-policy\-server\fR .RS 4 Change Polkit actions to \*(Aqserver\*(Aq (more restricted) .RE .PP \fB\-\-policy\-desktop\fR .RS 4 Change Polkit actions to \*(Aqdesktop\*(Aq (less restricted) .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man5/0000755000000000000000000000000014217353174015650 5ustar00rootroot00000000000000firewalld-1.1.1/doc/man/man5/Makefile.am0000644000000000000000000000010614217342322017672 0ustar00rootroot00000000000000if ENABLE_DOCS EXTRA_DIST = $(man_MANS) man_MANS = firewall*.5 endif firewalld-1.1.1/doc/man/man5/Makefile.in0000644000000000000000000003730214217352322017714 0ustar00rootroot00000000000000# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = doc/man/man5 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } man5dir = $(mandir)/man5 am__installdirs = "$(DESTDIR)$(man5dir)" NROFF = nroff MANS = $(man_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @ENABLE_DOCS_TRUE@EXTRA_DIST = $(man_MANS) @ENABLE_DOCS_TRUE@man_MANS = firewall*.5 all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/man/man5/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign doc/man/man5/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-man5: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man5dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.5[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(MANS) installdirs: for dir in "$(DESTDIR)$(man5dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man5 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-man: uninstall-man5 .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ ctags-am distclean distclean-generic distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man5 install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags-am uninstall uninstall-am uninstall-man \ uninstall-man5 .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-1.1.1/doc/man/man5/firewalld.conf.50000644000000000000000000001401614217353165020635 0ustar00rootroot00000000000000'\" t .\" Title: firewalld.conf .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld.conf .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD\&.CONF" "5" "" "firewalld 1.1.1" "firewalld.conf" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.conf \- firewalld configuration file .SH "SYNOPSIS" .PP .nf \fI/etc/firewalld/firewalld\&.conf\fR .fi .sp .SH "DESCRIPTION" .PP firewalld\&.conf is loaded by firewalld during the initialization process\&. The file contains the basic configuration options for firewalld\&. .SH "OPTIONS" .PP These are the options that can be set in the config file: .PP \fBDefaultZone\fR .RS 4 This sets the default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool\&. The default zone is public\&. .RE .PP \fBMinimalMark\fR .RS 4 Deprecated\&. This option is ignored and no longer used\&. Marks are no longer used internally\&. .RE .PP \fBCleanupModulesOnExit\fR .RS 4 Setting this option to yes or true unloads all firewall\-related kernel modules when firewalld is stopped\&. The default value is no or false\&. .RE .PP \fBCleanupOnExit\fR .RS 4 If firewalld stops, it cleans up all firewall rules\&. Setting this option to no or false leaves the current firewall rules untouched\&. The default value is yes or true\&. .RE .PP \fBLockdown\fR .RS 4 If this option is enabled, firewall changes with the D\-Bus interface will be limited to applications that are listed in the lockdown whitelist (see \fBfirewalld.lockdown-whitelist\fR(5))\&. The default value is no or false\&. .RE .PP \fBIPv6_rpfilter\fR .RS 4 If this option is enabled (it is by default), reverse path filter test on a packet for IPv6 is performed\&. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped\&. For IPv4 the rp_filter is controlled using sysctl\&. .sp \fBNote\fR: This feature has a performance impact\&. In most cases the impact is not enough to cause a noticeable difference\&. It requires route lookups and its execution occurs before the established connections fast path\&. As such it can have a significant performance impact if there is a lot of traffic\&. It\*(Aqs enabled by default for security, but can be disabled if performance is a concern\&. .RE .PP \fBIndividualCalls\fR .RS 4 If this option is disabled (it is by default), combined \-restore calls are used and not individual calls to apply changes to the firewall\&. The use of individiual calls increases the time that is needed to apply changes and to start the daemon, but is good for debugging as error messages are more specific\&. .RE .PP \fBLogDenied\fR .RS 4 Add logging rules right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones for the configured link\-layer packet type\&. The possible values are: \fIall\fR, \fIunicast\fR, \fIbroadcast\fR, \fImulticast\fR and \fIoff\fR\&. The default setting is \fIoff\fR, which disables the logging\&. .RE .PP \fBAutomaticHelpers\fR .RS 4 Deprecated\&. This option is ignored and no longer used\&. .RE .PP \fBFirewallBackend\fR .RS 4 Selects the firewall backend implementation\&. Possible values are; \fInftables\fR (default), or \fIiptables\fR\&. This applies to all firewalld primitives\&. The only exception is direct and passthrough rules which always use the traditional iptables, ip6tables, and ebtables backends\&. .sp \fBNote\fR: The iptables backend is deprecated\&. It will be removed in a future release\&. .RE .PP \fBFlushAllOnReload\fR .RS 4 Flush all runtime rules on a reload\&. In previous releases some runtime configuration was retained during a reload, namely; interface to zone assignment, and direct rules\&. This was confusing to users\&. To get the old behavior set this to "no"\&. Defaults to "yes"\&. .RE .PP \fBRFC3964_IPv4\fR .RS 4 As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that correspond to IPv4 addresses that should not be routed over the public internet\&. Defaults to "yes"\&. .RE .PP \fBAllowZoneDrifting\fR .RS 4 Deprecated\&. This option is ignored and no longer used\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man5/firewalld.dbus.50000644000000000000000000045217714217353166020664 0ustar00rootroot00000000000000'\" t .\" Title: firewalld.dbus .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld.dbus .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD\&.DBUS" "5" "" "firewalld 1.1.1" "firewalld.dbus" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.dbus \- firewalld D\-Bus interface description .SH "OBJECT PATHS" .PP This is the basic firewalld object path structure\&. The used interfaces are explained below in the section called \(lqINTERFACES\(rq\&. .PP .if n \{\ .RS 4 .\} .nf /org/fedoraproject/FirewallD1 Interfaces org\&.fedoraproject\&.FirewallD1 org\&.fedoraproject\&.FirewallD1\&.direct (deprecated) org\&.fedoraproject\&.FirewallD1\&.ipset org\&.fedoraproject\&.FirewallD1\&.policies org\&.fedoraproject\&.FirewallD1\&.zone org\&.freedesktop\&.DBus\&.Introspectable org\&.freedesktop\&.DBus\&.Properties /org/fedoraproject/FirewallD1/config Interfaces org\&.fedoraproject\&.FirewallD1\&.config org\&.fedoraproject\&.FirewallD1\&.config\&.direct (deprecated) org\&.fedoraproject\&.FirewallD1\&.config\&.policies org\&.freedesktop\&.DBus\&.Introspectable org\&.freedesktop\&.DBus\&.Properties /org/fedoraproject/FirewallD1/config/zone/i Interfaces org\&.fedoraproject\&.FirewallD1\&.config\&.zone org\&.freedesktop\&.DBus\&.Introspectable org\&.freedesktop\&.DBus\&.Properties /org/fedoraproject/FirewallD1/config/service/i Interfaces: org\&.fedoraproject\&.FirewallD1\&.config\&.service org\&.freedesktop\&.DBus\&.Introspectable org\&.freedesktop\&.DBus\&.Properties /org/fedoraproject/FirewallD1/config/ipset/i Interfaces org\&.fedoraproject\&.FirewallD1\&.config\&.ipset org\&.freedesktop\&.DBus\&.Introspectable org\&.freedesktop\&.DBus\&.Properties /org/fedoraproject/FirewallD1/config/icmptype/i Interfaces org\&.fedoraproject\&.FirewallD1\&.config\&.icmptype org\&.freedesktop\&.DBus\&.Introspectable org\&.freedesktop\&.DBus\&.Properties .fi .if n \{\ .RE .\} .sp .SH "INTERFACES" .PP .SS "org\&.fedoraproject\&.FirewallD1" .PP This interface contains general runtime operations, like: reloading, panic mode, default zone handling, getting services and icmp types and their settings\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP authorizeAll() → Nothing .RS 4 Initiate authorization for the complete firewalld D\-Bus interface\&. This method it mostly useful for configuration applications\&. .RE .PP completeReload() → Nothing .RS 4 Reload firewall completely, even netfilter kernel modules\&. This will most likely terminate active connections, because state information is lost\&. This option should only be used in case of severe firewall problems\&. For example if there are state information problems that no connection can be established with correct firewall rules\&. .RE .PP disablePanicMode() → Nothing .RS 4 Disable panic mode\&. After disabling panic mode established connections might work again, if panic mode was enabled for a short period of time\&. .sp Possible errors: NOT_ENABLED, COMMAND_FAILED .RE .PP enablePanicMode() → Nothing .RS 4 Enable panic mode\&. All incoming and outgoing packets are dropped, active connections will expire\&. Enable this only if there are serious problems with your network environment\&. .sp Possible errors: ALREADY_ENABLED, COMMAND_FAILED .RE .PP getAutomaticHelpers() → s .RS 4 Deprecated\&. This always returns "no"\&. .RE .PP getDefaultZone() → s .RS 4 Return default zone\&. .RE .PP getHelperSettings(s: \fIhelper\fR) → (sssssa(ss)) .RS 4 Return runtime settings of given \fIhelper\fR\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.helper\&.Methods\&.getSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fIfamily\fR, \fImodule\fR and array of \fIports\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIhelper\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIfamily (s)\fR: see \fIfamily\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fImodule (s)\fR: see \fImodule\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_HELPER .RE .PP getHelpers() → as .RS 4 Return array of helper names (s) in runtime configuration\&. For permanent configuration see org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.listHelpers\&. .RE .PP getIcmpTypeSettings(s: \fIicmptype\fR) → (sssas) .RS 4 Return runtime settings of given \fIicmptype\fR\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.icmptype\&.Methods\&.getSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, array of \fIdestinations\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdestinations (as)\fR: array, either empty or containing strings \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq, see \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_ICMPTYPE .RE .PP getLogDenied() → s .RS 4 Retruns the LogDenied value\&. If LogDenied is enabled, then logging rules are added right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones\&. Possible values are: \fIall\fR, \fIunicast\fR, \fIbroadcast\fR, \fImulticast\fR and \fIoff\fR\&. The default value is \fIoff\fR .RE .PP getServiceSettings(s: \fIservice\fR) → (sssa(ss)asa{ss}asa(ss)) .RS 4 This function is deprecated, use org\&.fedoraproject\&.FirewallD1\&.Methods\&.getServiceSettings2 instead\&. .RE .PP getServiceSettings2(s: \fIservice\fR) → s{sv} .RS 4 Return runtime settings of given \fIservice\fR\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.service\&.Methods\&.getSettings2\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. If the value is empty it may be ommitted\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fImodule names (as)\fR: array of kernel netfilter helpers, see \fImodule\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdestinations (a{ss})\fR: dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIincludes (as)\fR: array of service includes, see \fIinclude\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIhelpers (as)\fR: array of service helpers, see \fIhelper\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_SERVICE .RE .PP getZoneSettings(s: \fIzone\fR) → (sssbsasa(ss)asba(ssss)asasasasa(ss)b) .RS 4 This function is deprecated, use org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.getZoneSettings2 instead\&. .RE .PP listIcmpTypes() → as .RS 4 Return array of names (s) of icmp types in runtime configuration\&. For permanent configuration see org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.listIcmpTypes\&. .RE .PP listServices() → as .RS 4 Return array of service names (s) in runtime configuration\&. For permanent configuration see org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.listServices\&. .RE .PP queryPanicMode() → b .RS 4 Return true if panic mode is enabled, false otherwise\&. In panic mode all incoming and outgoing packets are dropped\&. .RE .PP reload() → Nothing .RS 4 Reload firewall rules and keep state information\&. Current permanent configuration will become new runtime configuration, i\&.e\&. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration\&. .RE .PP runtimeToPermanent() → Nothing .RS 4 Make runtime settings permanent\&. Replaces permanent settings with runtime settings for zones, services, icmptypes, direct (deprecated) and policies (lockdown whitelist)\&. .sp Possible errors: RT_TO_PERM_FAILED .RE .PP checkPermanentConfig() → Nothing .RS 4 Run checks on the permanent configuration\&. This is most useful if changes were made manually to configuration files\&. .sp Possible errors: any .RE .PP setDefaultZone(s: \fIzone\fR) → Nothing .RS 4 Set default zone for connections and interfaces where no zone has been selected to \fIzone\fR\&. Setting the default zone changes the zone for the connections or interfaces, that are using the default zone\&. This is a runtime and permanent change\&. .sp Possible errors: ZONE_ALREADY_SET, COMMAND_FAILED .RE .PP setLogDenied(s: \fIvalue\fR) → Nothing .RS 4 Set LogDenied value to \fIvalue\fR\&. If LogDenied is enabled, then logging rules are added right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones\&. Possible values are: \fIall\fR, \fIunicast\fR, \fIbroadcast\fR, \fImulticast\fR and \fIoff\fR\&. The default value is \fIoff\fR This is a runtime and permanent change\&. .sp Possible errors: ALREADY_SET, INVALID_VALUE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP DefaultZoneChanged(s: \fIzone\fR) .RS 4 Emitted when default zone has been changed to \fIzone\fR\&. .RE .PP LogDeniedChanged(s: \fIvalue\fR) .RS 4 Emitted when LogDenied value has been changed\&. .RE .PP PanicModeDisabled() .RS 4 Emitted when panic mode has been deactivated\&. .RE .PP PanicModeEnabled() .RS 4 Emitted when panic mode has been activated\&. .RE .PP Reloaded() .RS 4 Emitted when firewalld has been reloaded\&. Also emitted for a complete reload\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP \fIBRIDGE\fR \- b \- (ro) .RS 4 Indicates whether the firewall has ethernet bridge support\&. .RE .PP \fIIPSet\fR \- b \- (ro) .RS 4 Indicates whether the firewall has IPSet support\&. .RE .PP \fIIPSetTypes\fR \- as \- (ro) .RS 4 The supported IPSet types by ipset and firewalld\&. .RE .PP \fIIPv4\fR \- b \- (ro) .RS 4 Indicates whether the firewall has IPv4 support\&. .RE .PP \fIIPv4ICMPTypes\fR \- as \- (ro) .RS 4 The list of supported IPv4 ICMP types\&. .RE .PP \fIIPv6\fR \- b \- (ro) .RS 4 Indicates whether the firewall has IPv6 support\&. .RE .PP \fIIPv6_rpfilter\fR \- b \- (ro) .RS 4 Indicates whether the reverse path filter test on a packet for IPv6 is enabled\&. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped\&. .RE .PP \fIIPv6ICMPTypes\fR \- as \- (ro) .RS 4 The list of supported IPv6 ICMP types\&. .RE .PP \fInf_conntrach_helper_setting\fR \- b \- (ro) .RS 4 Deprecated\&. Always False\&. .RE .PP \fInf_conntrack_helpers\fR \- a{sas} \- (ro) .RS 4 Deprecated\&. Always returns an empty dictionary\&. .RE .PP \fInf_nat_helpers\fR \- a{sas} \- (ro) .RS 4 Deprecated\&. Always returns an empty dictionary\&. .RE .PP \fIinterface_version\fR \- s \- (ro) .RS 4 firewalld D\-Bus interface version string\&. .RE .PP \fIstate\fR \- s \- (ro) .RS 4 firewalld state\&. This can be either \fIINIT\fR, \fIFAILED\fR, or \fIRUNNING\fR\&. In \fIINIT\fR state, firewalld is starting up and initializing\&. In \fIFAILED\fR state, firewalld completely started but experienced a failure\&. .RE .PP \fIversion\fR \- s \- (ro) .RS 4 firewalld version string\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.ipset" .PP Operations in this interface allows one to get, add, remove and query runtime ipset settings\&. For permanent configuration see org\&.fedoraproject\&.FirewallD1\&.config\&.ipset interface\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addEntry(s: ipset, s: entry) → as .RS 4 Add a new \fIentry\fR to \fIipset\fR\&. The entry must match the type of the ipset\&. If the ipset is using the timeout option, it is not possible to see the entries, as they are timing out automatically in the kernel\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.ipset\&.Methods\&.addEntry\&. .sp Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT .RE .PP getEntries(s: ipset) → Nothing .RS 4 Get all entries added to the \fIipset\fR\&. If the ipset is using the timeout option, it is not possible to see the entries, as they are timing out automatically in the kernel\&. Return value is a array of \fIentry\fR\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.ipset\&.Methods\&.getEntries\&. .sp Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT .RE .PP getSettings(s: ipset) → (ssssa{ss}as) .RS 4 Return runtime settings of given \fIipset\fR\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.ipset\&.Methods\&.getSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fItype\fR, dictionary of \fIoptions\fR and array of \fIentries\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fItype (s)\fR: see \fItype\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIoptions (a{ss})\fR: dictionary of {option : value} \&. See \fIoptions\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIentries (as)\fR: array of entries, see \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_IPSET .RE .PP getIPSets() → as .RS 4 Return array of ipset names (s) in runtime configuration\&. For permanent configuration see org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.listIPSets\&. .RE .PP queryEntry(s: ipset, s: entry) → b .RS 4 Return whether \fIentry\fR has been added to \fIipset\fR\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.ipset\&.Methods\&.queryEntry\&. .sp Possible errors: INVALID_IPSET .RE .PP queryIPSet(s: ipset) → b .RS 4 Return whether \fIipset\fR is defined in runtime configuration\&. .RE .PP removeEntry(s: ipset, s: entry) → as .RS 4 Removes an \fIentry\fR from \fIipset\fR\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.ipset\&.Methods\&.removeEntry\&. .sp Possible errors: INVALID_IPSET, IPSET_WITH_TIMEOUT .RE .PP setEntries(as: entries) → Nothing .RS 4 Permanently set list of entries to \fIentries\fR\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.ipset\&.Methods\&.setEntries\&. See \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP EntryAdded(s: ipset, s: entry) .RS 4 Emitted when \fIentry\fR has been added to \fIipset\fR\&. .RE .PP EntryRemoved(s: ipset, s: entry) .RS 4 Emitted when \fIentry\fR has been removed from \fIipset\fR\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.direct" .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBDEPRECATED\fR .RS 4 .PP The direct interface has been deprecated\&. It will be removed in a future release\&. It is superseded by policies, see \fBfirewalld.policies\fR(5)\&. .RE .PP This interface enables more direct access to the firewall\&. It enables runtime manipulation with chains and rules\&. For permanent configuration see org\&.fedoraproject\&.FirewallD1\&.config\&.direct interface\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addChain(s: ipv, s: table, s: chain) → Nothing .RS 4 Add a new \fIchain\fR to \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Make sure there\*(Aqs no other chain with this name already\&. There already exist basic chains to use with direct methods, for example \fIINPUT_direct\fR chain\&. These chains are jumped into before chains for zones, i\&.e\&. every rule put into \fIINPUT_direct\fR will be checked before rules in zones\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.addChain\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED, COMMAND_FAILED .RE .PP addPassthrough(s: ipv, as: args) → Nothing .RS 4 Add a tracked passthrough rule with the arguments \fIargs\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Valid commands in args are only \fI\-A/\-\-append\fR, \fI\-I/\-\-insert\fR and \fI\-N/\-\-new\-chain\fR\&. This method is (unlike passthrough method) tracked, i\&.e\&. firewalld remembers it\&. It\*(Aqs useful with org\&.fedoraproject\&.FirewallD1\&.Methods\&.runtimeToPermanent For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.addPassthrough\&. .sp Possible errors: INVALID_IPV, ALREADY_ENABLED, COMMAND_FAILED .RE .PP addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing .RS 4 Add a rule with the arguments \fIargs\fR to \fIchain\fR in \fItable\fR with \fIpriority\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. The priority is used to order rules\&. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down\&. Rules with the same priority are on the same level and the order of these rules is not fixed and may change\&. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.addRule\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED, COMMAND_FAILED .RE .PP getAllChains() → a(sss) .RS 4 Get all chains added to all tables in format: ipv, table, chain\&. This concerns only chains previously added with addChain\&. Return value is a array of (\fIipv\fR, \fItable\fR, \fIchain\fR)\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.getAllChains\&. .PP \fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RS 4 .RE .PP \fItable (s)\fR: one of \fIfilter\fR, \fImangle\fR, \fInat\fR, \fIraw\fR, \fIsecurity\fR .RS 4 .RE .PP \fIchain (s)\fR: name of a chain\&. .RS 4 .RE .sp .RE .PP getAllPassthroughs() → a(sas) .RS 4 Get all tracked passthrough rules added in all ipv types in format: ipv, rule\&. This concerns only rules previously added with addPassthrough\&. Return value is a array of (\fIipv\fR, array of \fIarguments\fR)\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.getAllPassthroughs\&. .PP \fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RS 4 .RE .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp .RE .PP getAllRules() → a(sssias) .RS 4 Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule\&. This concerns only rules previously added with addRule\&. Return value is a array of (\fIipv\fR, \fItable\fR, \fIchain\fR, \fIpriority\fR, array of \fIarguments\fR)\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.getAllRules\&. .PP \fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RS 4 .RE .PP \fItable (s)\fR: one of \fIfilter\fR, \fImangle\fR, \fInat\fR, \fIraw\fR, \fIsecurity\fR .RS 4 .RE .PP \fIchain (s)\fR: name of a chain\&. .RS 4 .RE .PP \fIpriority (i)\fR: used to order rules\&. .RS 4 .RE .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp .RE .PP getChains(s: ipv, s: table) → as .RS 4 Return an array of chains (s) added to \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only chains previously added with addChain\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.getChains\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP getPassthroughs(s: ipv) → aas .RS 4 Get tracked passthrough rules added in either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addPassthrough\&. Return value is a array of (array of \fIarguments\fR)\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.getPassthroughs\&. .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp .RE .PP getRules(s: ipv, s: table, s: chain) → a(ias) .RS 4 Get all rules added to \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addRule\&. Return value is a array of (\fIpriority\fR, array of \fIarguments\fR)\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.getRules\&. .PP \fIpriority (i)\fR: used to order rules\&. .RS 4 .RE .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP passthrough(s: ipv, as: args) → s .RS 4 Pass a command through to the firewall\&. \fIipv\fR can be either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. \fIargs\fR can be all \fBiptables\fR, \fBip6tables\fR and \fBebtables\fR command line arguments\&. \fIargs\fR can be all iptables, ip6tables and ebtables command line arguments\&. This command is untracked, which means that firewalld is not able to provide information about this command later on\&. .sp Possible errors: COMMAND_FAILED .RE .PP queryChain(s: ipv, s: table, s: chain) → b .RS 4 Return whether a \fIchain\fR exists in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only chains previously added with addChain\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.queryChain\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP queryPassthrough(s: ipv, as: args) → b .RS 4 Return whether a tracked passthrough rule with the arguments \fIargs\fR exists for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addPassthrough\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.queryPassthrough\&. .sp Possible errors: INVALID_IPV .RE .PP queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b .RS 4 Return whether a rule with \fIpriority\fR and the arguments \fIargs\fR exists in \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addRule\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.queryRule\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP removeAllPassthroughs() → Nothing .RS 4 Remove all passthrough rules previously added with addPassthrough\&. .RE .PP removeChain(s: ipv, s: table, s: chain) → Nothing .RS 4 Remove a \fIchain\fR from \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Only chains previously added with addChain can be removed this way\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.removeChain\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED, COMMAND_FAILED .RE .PP removePassthrough(s: ipv, as: args) → Nothing .RS 4 Remove a tracked passthrough rule with arguments \fIargs\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Only rules previously added with addPassthrough can be removed this way\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.removePassthrough\&. .sp Possible errors: INVALID_IPV, NOT_ENABLED, COMMAND_FAILED .RE .PP removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing .RS 4 Remove a rule with \fIpriority\fR and arguments \fIargs\fR from \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Only rules previously added with addRule can be removed this way\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.removeRule\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED, COMMAND_FAILED .RE .PP removeRules(s: ipv, s: table, s: chain) → Nothing .RS 4 Remove all rules from \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addRule\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.direct\&.Methods\&.removeRules\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP ChainAdded(s: ipv, s: table, s: chain) .RS 4 Emitted when \fIchain\fR has been added into \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RE .PP ChainRemoved(s: ipv, s: table, s: chain) .RS 4 Emitted when \fIchain\fR has been removed from \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RE .PP PassthroughAdded(s: ipv, as: args) .RS 4 Emitted when a tracked passthruogh rule with \fIargs\fR has been added for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RE .PP PassthroughRemoved(s: ipv, as: args) .RS 4 Emitted when a tracked passthrough rule with \fIargs\fR has been removed for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RE .PP RuleAdded(s: ipv, s: table, s: chain, i: priority, as: args) .RS 4 Emitted when a rule with \fIargs\fR has been added to \fIchain\fR in \fItable\fR with \fIpriority\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RE .PP RuleRemoved(s: ipv, s: table, s: chain, i: priority, as: args) .RS 4 Emitted when a rule with \fIargs\fR has been removed from \fIchain\fR in \fItable\fR with \fIpriority\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.policies" .PP Enables firewalld to be able to lock down configuration changes from local applications\&. Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt)\&. With these operations administrator can lock the firewall configuration so that either none or only applications that are in the whitelist are able to request firewall changes\&. For permanent configuration see org\&.fedoraproject\&.FirewallD1\&.config\&.policies interface\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addLockdownWhitelistCommand(s: command) → Nothing .RS 4 Add \fIcommand\fR to whitelist\&. See \fIcommand\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.addLockdownWhitelistCommand\&. .sp Possible errors: ALREADY_ENABLED, INVALID_COMMAND .RE .PP addLockdownWhitelistContext(s: context) → Nothing .RS 4 Add \fIcontext\fR to whitelist\&. See \fIselinux\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.addLockdownWhitelistContext\&. .sp Possible errors: ALREADY_ENABLED, INVALID_COMMAND .RE .PP addLockdownWhitelistUid(i: uid) → Nothing .RS 4 Add user id \fIuid\fR to whitelist\&. See \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.addLockdownWhitelistUid\&. .sp Possible errors: ALREADY_ENABLED, INVALID_COMMAND .RE .PP addLockdownWhitelistUser(s: user) → Nothing .RS 4 Add \fIuser\fR name to whitelist\&. See \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.addLockdownWhitelistUser\&. .sp Possible errors: ALREADY_ENABLED, INVALID_COMMAND .RE .PP disableLockdown() → Nothing .RS 4 Disable lockdown\&. This is a runtime and permanent change\&. .sp Possible errors: NOT_ENABLED .RE .PP enableLockdown() → Nothing .RS 4 Enable lockdown\&. Be careful \- if the calling application/user is not on lockdown whitelist when you enable lockdown you won\*(Aqt be able to disable it again with the application, you would need to edit firewalld\&.conf\&. This is a runtime and permanent change\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getLockdownWhitelistCommands() → as .RS 4 List all command lines (s) that are on whitelist\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.getLockdownWhitelistCommands\&. .RE .PP getLockdownWhitelistContexts() → as .RS 4 List all contexts (s) that are on whitelist\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.getLockdownWhitelistContexts\&. .RE .PP getLockdownWhitelistUids() → ai .RS 4 List all user ids (i) that are on whitelist\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.getLockdownWhitelistUids\&. .RE .PP getLockdownWhitelistUsers() → as .RS 4 List all users (s) that are on whitelist\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.getLockdownWhitelistUsers\&. .RE .PP queryLockdown() → b .RS 4 Query whether lockdown is enabled\&. .RE .PP queryLockdownWhitelistCommand(s: command) → b .RS 4 Query whether \fIcommand\fR is on whitelist\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.queryLockdownWhitelistCommand\&. .RE .PP queryLockdownWhitelistContext(s: context) → b .RS 4 Query whether \fIcontext\fR is on whitelist\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.queryLockdownWhitelistContext\&. .RE .PP queryLockdownWhitelistUid(i: uid) → b .RS 4 Query whether user id \fIuid\fR is on whitelist\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.queryLockdownWhitelistUid\&. .RE .PP queryLockdownWhitelistUser(s: user) → b .RS 4 Query whether \fIuser\fR is on whitelist\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.queryLockdownWhitelistUser\&. .RE .PP removeLockdownWhitelistCommand(s: command) → Nothing .RS 4 Remove \fIcommand\fR from whitelist\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.removeLockdownWhitelistCommand\&. .sp Possible errors: NOT_ENABLED .RE .PP removeLockdownWhitelistContext(s: context) → Nothing .RS 4 Remove \fIcontext\fR from whitelist\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.removeLockdownWhitelistContext\&. .sp Possible errors: NOT_ENABLED .RE .PP removeLockdownWhitelistUid(i: uid) → Nothing .RS 4 Remove user id \fIuid\fR from whitelist\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.removeLockdownWhitelistUid\&. .sp Possible errors: NOT_ENABLED .RE .PP removeLockdownWhitelistUser(s: user) → Nothing .RS 4 Remove \fIuser\fR from whitelist\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.policies\&.Methods\&.removeLockdownWhitelistUser\&. .sp Possible errors: NOT_ENABLED .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP LockdownDisabled() .RS 4 Emitted when lockdown has been disabled\&. .RE .PP LockdownEnabled() .RS 4 Emitted when lockdown has been enabled\&. .RE .PP LockdownWhitelistCommandAdded(s: command) .RS 4 Emitted when \fIcommand\fR has been added to whitelist\&. .RE .PP LockdownWhitelistCommandRemoved(s: command) .RS 4 Emitted when \fIcommand\fR has been removed from whitelist\&. .RE .PP LockdownWhitelistContextAdded(s: context) .RS 4 Emitted when \fIcontext\fR has been added to whitelist\&. .RE .PP LockdownWhitelistContextRemoved(s: context) .RS 4 Emitted when \fIcontext\fR has been removed from whitelist\&. .RE .PP LockdownWhitelistUidAdded(i: uid) .RS 4 Emitted when user id \fIuid\fR has been added to whitelist\&. .RE .PP LockdownWhitelistUidRemoved(i: uid) .RS 4 Emitted when user id \fIuid\fR has been removed from whitelist\&. .RE .PP LockdownWhitelistUserAdded(s: user) .RS 4 Emitted when \fIuser\fR has been added to whitelist\&. .RE .PP LockdownWhitelistUserRemoved(s: user) .RS 4 Emitted when \fIuser\fR has been removed from whitelist\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.zone" .PP Operations in this interface allows one to get, add, remove and query runtime zone\*(Aqs settings\&. For permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone interface\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP getZoneSettings2(s: \fIzone\fR) → a{sv} .RS 4 Return runtime settings of given \fIzone\fR\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.getSettings2\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. If the value is empty it may be omitted\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fItarget (s)\fR: see \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp_blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward_ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIinterfaces (as)\fR: array of interfaces\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsources (as)\fR: array of source addresses\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIrules_str (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp_block_inversion (b)\fR: see \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward (b)\fR: see \fIforward\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_ZONE .RE .PP setZoneSettings2(s: \fIzone\fR, a{sv}: \fIsettings\fR, i: \fItimeout\fR) .RS 4 Set runtime settings of given \fIzone\fR\&. For setting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.update2\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. To zero a value pass an empty string or list\&. .PP \fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp_blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward_ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIinterfaces (as)\fR: array of interfaces\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsources (as)\fR: array of source addresses\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIrules_str (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp_block_inversion (b)\fR: see \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward (b)\fR: see \fIforward\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_ZONE .RE .PP addForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) → s .RS 4 Add the IPv4 forward port into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR or \fIudp\fR\&. The destination address is a simple IP address\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.addForwardPort\&. .sp Returns name of zone to which the forward port was added\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addIcmpBlock(s: zone, s: icmp, i: timeout) → s .RS 4 Add an ICMP block \fIicmp\fR into \fIzone\fR\&. The \fIicmp\fR is the one of the icmp types firewalld supports\&. To get a listing of supported icmp types use org\&.fedoraproject\&.FirewallD1\&.Methods\&.listIcmpTypes If \fIzone\fR is empty, use default zone\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.addIcmpBlock\&. .sp Returns name of zone to which the ICMP block was added\&. .sp Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addIcmpBlockInversion(s: zone) → s .RS 4 Add ICMP block inversion to \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.addIcmpBlockInversion\&. .sp Returns name of zone to which the ICMP block inversion was added\&. .sp Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addInterface(s: zone, s: interface) → s .RS 4 Bind \fIinterface\fR with \fIzone\fR\&. From now on all traffic going through the \fIinterface\fR will respect the \fIzone\fR\*(Aqs settings\&. If \fIzone\fR is empty, use default zone\&. For permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.addInterface\&. .sp Returns name of zone to which the interface was bound\&. .sp Possible errors: INVALID_ZONE, INVALID_INTERFACE, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addMasquerade(s: zone, i: timeout) → s .RS 4 Enable masquerade in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. If \fItimeout\fR is non\-zero, masquerading will be active for the amount of seconds\&. For permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.addMasquerade\&. .sp Returns name of zone in which the masquerade was enabled\&. .sp Possible errors: INVALID_ZONE, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addPort(s: zone, s: port, s: protocol, i: timeout) → s .RS 4 Add port into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR or \fIudp\fR\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.addPort\&. .sp Returns name of zone to which the port was added\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addProtocol(s: zone, s: protocol, i: timeout) → s .RS 4 Add protocol into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.addProtocol\&. .sp Returns name of zone to which the protocol was added\&. .sp Possible errors: INVALID_ZONE, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addRichRule(s: zone, s: rule, i: timeout) → s .RS 4 Add rich language \fIrule\fR into \fIzone\fR\&. For the rich language rule syntax, please have a look at \fBfirewalld.direct\fR(5)\&. If \fIzone\fR is empty, use default zone\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.addRichRule\&. .sp Returns name of zone to which the rich language rule was added\&. .sp Possible errors: INVALID_ZONE, INVALID_RULE, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addService(s: zone, s: service, i: timeout) → s .RS 4 Add \fIservice\fR into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. To get a list of supported services, use org\&.fedoraproject\&.FirewallD1\&.Methods\&.listServices\&. For permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.addService\&. .sp Returns name of zone to which the service was added\&. .sp Possible errors: INVALID_ZONE, INVALID_SERVICE, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addSource(s: zone, s: source) → s .RS 4 Bind \fIsource\fR with \fIzone\fR\&. From now on all traffic going from this \fIsource\fR will respect the \fIzone\fR\*(Aqs settings\&. A source address or address range is either an IP address or a network IP address with a mask for IPv4 or IPv6\&. For IPv4, the mask can be a network mask or a plain number\&. For IPv6 the mask is a plain number\&. Use of host names is not supported\&. If \fIzone\fR is empty, use default zone\&. For permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.addSource\&. .sp Returns name of zone to which the source was bound\&. .sp Possible errors: INVALID_ZONE, INVALID_ADDR, ALREADY_ENABLED, INVALID_COMMAND .RE .PP addSourcePort(s: zone, s: port, s: protocol, i: timeout) → s .RS 4 Add source port into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. The port can either be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR or \fIudp\fR\&. If \fItimeout\fR is non\-zero, the operation will be active only for the amount of seconds\&. For permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.addSourcePort\&. .sp Returns name of zone to which the port was added\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, ALREADY_ENABLED, INVALID_COMMAND .RE .PP changeZone(s: zone, s: interface) → s .RS 4 This function is deprecated, use org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.changeZoneOfInterface instead\&. .RE .PP changeZoneOfInterface(s: zone, s: interface) → s .RS 4 Change a zone an \fIinterface\fR is bound to to \fIzone\fR\&. It\*(Aqs basically removeInterface(\fIinterface\fR) followed by addInterface(\fIzone\fR, \fIinterface\fR)\&. If \fIinterface\fR has not been bound to a zone before, it behaves like addInterface\&. If \fIzone\fR is empty, use default zone\&. .sp Returns name of zone to which the interface was bound\&. .sp Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT .RE .PP changeZoneOfSource(s: zone, s: source) → s .RS 4 Change a zone an \fIsource\fR is bound to to \fIzone\fR\&. It\*(Aqs basically removeSource(\fIsource\fR) followed by addSource(\fIzone\fR, \fIsource\fR)\&. If \fIsource\fR has not been bound to a zone before, it behaves like addSource\&. If \fIzone\fR is empty, use default zone\&. .sp Returns name of zone to which the source was bound\&. .sp Possible errors: INVALID_ZONE, ZONE_ALREADY_SET, ZONE_CONFLICT .RE .PP getActiveZones() → a{sa{sas}} .RS 4 Return dictionary of currently active zones altogether with interfaces and sources used in these zones\&. Active zones are zones, that have a binding to an interface or source\&. .sp Return value is a dictionary where keys are zone names (s) and values are again dictionaries where keys are either \*(Aqinterfaces\*(Aq or \*(Aqsources\*(Aq and values are arrays of interface names (s) or sources (s)\&. .RE .PP getForwardPorts(s: zone) → aas .RS 4 Return array of IPv4 forward ports previously added into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.getForwardPorts\&. .sp Return value is array of 4\-tuples, where each 4\-tuple consists of (port, protocol, to\-port, to\-addr)\&. to\-addr might be empty in case of local forwarding\&. .sp Possible errors: INVALID_ZONE .RE .PP getIcmpBlocks(s: zone) → as .RS 4 Return array of ICMP type (s) blocks previously added into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.getIcmpBlocks\&. .sp Possible errors: INVALID_ZONE .RE .PP getIcmpBlockInversion(s: zone) → b .RS 4 Return whether ICMP block inversion was previously added to \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.getIcmpBlockInversion\&. .sp Possible errors: INVALID_ZONE .RE .PP getInterfaces(s: zone) → as .RS 4 Return array of interfaces (s) previously bound with \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.getInterfaces\&. .sp Possible errors: INVALID_ZONE .RE .PP getPorts(s: zone) → aas .RS 4 Return array of ports (2\-tuple of port and protocol) previously enabled in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.getPorts\&. .sp Possible errors: INVALID_ZONE .RE .PP getProtocols(s: zone) → as .RS 4 Return array of protocols (s) previously enabled in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.getProtocols\&. .sp Possible errors: INVALID_ZONE .RE .PP getRichRules(s: zone) → as .RS 4 Return array of rich language rules (s) previously added into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.getRichRules\&. .sp Possible errors: INVALID_ZONE .RE .PP getServices(s: zone) → as .RS 4 Return array of services (s) previously enabled in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.getServices\&. .sp Possible errors: INVALID_ZONE .RE .PP getSourcePorts(s: zone) → aas .RS 4 Return array of source ports (2\-tuple of port and protocol) previously enabled in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.getSourcePorts\&. .sp Possible errors: INVALID_ZONE .RE .PP getSources(s: zone) → as .RS 4 Return array of sources (s) previously bound with \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.getSources\&. .sp Possible errors: INVALID_ZONE .RE .PP getZoneOfInterface(s: interface) → s .RS 4 Return name (s) of zone the \fIinterface\fR is bound to or empty string\&. .RE .PP getZoneOfSource(s: source) → s .RS 4 Return name (s) of zone the \fIsource\fR is bound to or empty string\&. .RE .PP getZones() → as .RS 4 Return array of names (s) of predefined zones known to current runtime environment\&. For list of zones known to permanent environment see org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.listZones\&. The lists (of zones known to runtime and permanent environment) will contain same zones in most cases, but might differ for example if org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.addZone has been called recently, but firewalld has not been reloaded since then\&. .RE .PP isImmutable(s: zone) → b .RS 4 Deprecated\&. .RE .PP queryForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → b .RS 4 Return whether the IPv4 forward port (\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR) has been added into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.queryForwardPort\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD .RE .PP queryIcmpBlock(s: zone, s: icmp) → b .RS 4 Return whether an ICMP block for \fIicmp\fR has been added into \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.queryIcmpBlock\&. .sp Possible errors: INVALID_ZONE, INVALID_ICMPTYPE .RE .PP queryIcmpBlockInversion(s: zone) → b .RS 4 Return whether ICMP block inversion has been added to \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.queryIcmpBlockInversion\&. .sp Possible errors: INVALID_ZONE, INVALID_ICMPTYPE .RE .PP queryInterface(s: zone, s: interface) → b .RS 4 Query whether \fIinterface\fR has been bound to \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.queryInterface\&. .sp Possible errors: INVALID_ZONE, INVALID_INTERFACE .RE .PP queryMasquerade(s: zone) → b .RS 4 Return whether masquerading has been enabled in \fIzone\fR If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.queryMasquerade\&. .sp Possible errors: INVALID_ZONE .RE .PP queryPort(s: zone, s: port, s: protocol) → b .RS 4 Return whether \fIport\fR/\fIprotocol\fR has been added in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.queryPort\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL .RE .PP queryProtocol(s: zone, s: protocol) → b .RS 4 Return whether \fIprotocol\fR has been added in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.queryProtocol\&. .sp Possible errors: INVALID_ZONE, INVALID_PROTOCOL .RE .PP queryRichRule(s: zone, s: rule) → b .RS 4 Return whether rich rule \fIrule\fR has been added in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.queryRichRule\&. .sp Possible errors: INVALID_ZONE, INVALID_RULE .RE .PP queryService(s: zone, s: service) → b .RS 4 Return whether \fIservice\fR has been added for \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.queryService\&. .sp Possible errors: INVALID_ZONE, INVALID_SERVICE .RE .PP querySource(s: zone, s: source) → b .RS 4 Query whether \fIsource\fRhas been bound to \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.querySource\&. .sp Possible errors: INVALID_ZONE, INVALID_ADDR .RE .PP querySourcePort(s: zone, s: port, s: protocol) → b .RS 4 Return whether \fIport\fR/\fIprotocol\fR has been added in \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.querySourcePort\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL .RE .PP removeForwardPort(s: zone, s: port, s: protocol, s: toport, s: toaddr) → s .RS 4 Remove IPv4 forward port ((\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR)) from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.removeForwardPort\&. .sp Returns name of zone from which the forward port was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, INVALID_ADDR, INVALID_FORWARD, NOT_ENABLED, INVALID_COMMAND .RE .PP removeIcmpBlock(s: zone, s: icmp) → s .RS 4 Remove ICMP block \fIicmp\fR from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.removeIcmpBlock\&. .sp Returns name of zone from which the ICMP block was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_ICMPTYPE, NOT_ENABLED, INVALID_COMMAND .RE .PP removeIcmpBlockInversion(s: zone) → s .RS 4 Remove ICMP block inversion from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.removeIcmpBlockInversion\&. .sp Returns name of zone from which the ICMP block inversion was removed\&. .sp Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND .RE .PP removeInterface(s: zone, s: interface) → s .RS 4 Remove binding of \fIinterface\fR from \fIzone\fR\&. If \fIzone\fR is empty, the interface will be removed from zone it belongs to\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.removeInterface\&. .sp Returns name of zone from which the \fIinterface\fR was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_INTERFACE, NOT_ENABLED, INVALID_COMMAND .RE .PP removeMasquerade(s: zone) → s .RS 4 Disable masquerade for \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.removeMasquerade\&. .sp Returns name of zone for which the masquerade was disabled\&. .sp Possible errors: INVALID_ZONE, NOT_ENABLED, INVALID_COMMAND .RE .PP removePort(s: zone, s: port, s: protocol) → s .RS 4 Remove \fIport\fR/\fIprotocol\fR from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.removePort\&. .sp Returns name of zone from which the port was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND .RE .PP removeProtocol(s: zone, s: protocol) → s .RS 4 Remove protocol from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.removeProtocol\&. .sp Returns name of zone from which the protocol was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND .RE .PP removeRichRule(s: zone, s: rule) → s .RS 4 Remove rich language \fIrule\fR from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.removeRichRule\&. .sp Returns name of zone from which the rich language rule was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_RULE, NOT_ENABLED, INVALID_COMMAND .RE .PP removeService(s: zone, s: service) → s .RS 4 Remove \fIservice\fR from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.removeService\&. .sp Returns name of zone from which the service was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_SERVICE, NOT_ENABLED, INVALID_COMMAND .RE .PP removeSource(s: zone, s: source) → s .RS 4 Remove binding of \fIsource\fR from \fIzone\fR\&. If \fIzone\fR is empty, the source will be removed from zone it belongs to\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.removeSource\&. .sp Returns name of zone from which the \fIsource\fR was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_ADDR, NOT_ENABLED, INVALID_COMMAND .RE .PP removeSourcePort(s: zone, s: port, s: protocol) → s .RS 4 Remove \fIport\fR/\fIprotocol\fR from \fIzone\fR\&. If \fIzone\fR is empty, use default zone\&. For permanent operation see org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.removeSourcePort\&. .sp Returns name of zone from which the source port was removed\&. .sp Possible errors: INVALID_ZONE, INVALID_PORT, MISSING_PROTOCOL, INVALID_PROTOCOL, NOT_ENABLED, INVALID_COMMAND .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP ForwardPortAdded(s: zone, s: port, s: protocol, s: toport, s: toaddr, i: timeout) .RS 4 Emitted when forward port has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP ForwardPortRemoved(s: zone, s: port, s: protocol, s: toport, s: toaddr) .RS 4 Emitted when forward port has been removed from \fIzone\fR\&. .RE .PP IcmpBlockAdded(s: zone, s: icmp, i: timeout) .RS 4 Emitted when ICMP block for \fIicmp\fR has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP IcmpBlockInversionAdded(s: zone) .RS 4 Emitted when ICMP block inversion has been added to \fIzone\fR\&. .RE .PP IcmpBlockInversionRemoved(s: zone) .RS 4 Emitted when ICMP block inversion has been removed from \fIzone\fR\&. .RE .PP IcmpBlockRemoved(s: zone, s: icmp) .RS 4 Emitted when ICMP block for \fIicmp\fR has been removed from \fIzone\fR\&. .RE .PP InterfaceAdded(s: zone, s: interface) .RS 4 Emitted when \fIinterface\fR has been added to \fIzone\fR\&. .RE .PP InterfaceRemoved(s: zone, s: interface) .RS 4 Emitted when \fIinterface\fR has been removed from \fIzone\fR\&. .RE .PP MasqueradeAdded(s: zone, i: timeout) .RS 4 Emitted when masquerade has been enabled for \fIzone\fR\&. .RE .PP MasqueradeRemoved(s: zone) .RS 4 Emitted when masquerade has been disabled for \fIzone\fR\&. .RE .PP PortAdded(s: zone, s: port, s: protocol, i: timeout) .RS 4 Emitted when \fIport\fR/\fIprotocol\fR has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP PortRemoved(s: zone, s: port, s: protocol) .RS 4 Emitted when \fIport\fR/\fIprotocol\fR has been removed from \fIzone\fR\&. .RE .PP ProtocolAdded(s: zone, s: protocol, i: timeout) .RS 4 Emitted when \fIprotocol\fR has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP ProtocolRemoved(s: zone, s: protocol) .RS 4 Emitted when \fIprotocol\fR has been removed from \fIzone\fR\&. .RE .PP RichRuleAdded(s: zone, s: rule, i: timeout) .RS 4 Emitted when rich language \fIrule\fR has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP RichRuleRemoved(s: zone, s: rule) .RS 4 Emitted when rich language \fIrule\fR has been removed from \fIzone\fR\&. .RE .PP ServiceAdded(s: zone, s: service, i: timeout) .RS 4 Emitted when \fIservice\fR has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP ServiceRemoved(s: zone, s: service) .RS 4 Emitted when \fIservice\fR has been removed from \fIzone\fR\&. .RE .PP SourceAdded(s: zone, s: source) .RS 4 Emitted when \fIsource\fR has been added to \fIzone\fR\&. .RE .PP SourcePortAdded(s: zone, s: port, s: protocol, i: timeout) .RS 4 Emitted when \fIsource\-port\fR/\fIprotocol\fR has been added to \fIzone\fR with \fItimeout\fR\&. .RE .PP SourcePortRemoved(s: zone, s: port, s: protocol) .RS 4 Emitted when \fIsource\-port\fR/\fIprotocol\fR has been removed from \fIzone\fR\&. .RE .PP SourceRemoved(s: zone, s: source) .RS 4 Emitted when \fIsource\fR has been removed from \fIzone\fR\&. .RE .PP ZoneChanged(s: zone, s: interface) .RS 4 Deprecated .RE .PP ZoneOfInterfaceChanged(s: zone, s: interface) .RS 4 Emitted when a zone an \fIinterface\fR is part of has been changed to \fIzone\fR\&. .RE .PP ZoneOfSourceChanged(s: zone, s: source) .RS 4 Emitted when a zone an \fIsource\fR is part of has been changed to \fIzone\fR\&. .RE .PP ZoneUpdated2(s: zone, a{sv}: settings) .RS 4 Emitted when a zone\*(Aqs settings are updated via org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.setZoneSettings2 .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.policy" .PP Operations in this interface allows one to get, add, remove and query runtime policy settings\&. For permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.policy interface\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP getActivePolicies() → a{sa{sas}} .RS 4 Return dictionary of currently active policies altogether with ingress zones and egress zones used in these policies\&. Active policies are policies, that have a binding to an active ingress zone and an active egress zone\&. .sp Return value is a dictionary where keys are policy names (s) and values are again dictionaries where keys are either \*(Aqingress_zones\*(Aq or \*(Aqegress_zones\*(Aq and values are arrays of zone names (s)\&. .RE .PP getPolicies() → as .RS 4 Return array of names (s) of predefined policies known to current runtime environment\&. For list of policies known to permanent environment see org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.listPolicies\&. The lists (of policies known to runtime and permanent environment) will contain same policies in most cases, but might differ for example if org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.addPolicy has been called recently, but firewalld has not been reloaded since then\&. .RE .PP getPolicySettings(s: \fIpolicy\fR) → a{sv} .RS 4 Return runtime settings of given \fIpolicy\fR\&. For getting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.policy\&.Methods\&.getSettings\&. Settings are a dictionary indexed by keywords\&. For possible keywords see org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.addPolicy\&. If the value is empty it may be omitted\&. .sp Possible errors: INVALID_POLICY .RE .PP setPolicySettings(s: \fIpolicy\fR, a{sv}: \fIsettings\fR, i: \fItimeout\fR) .RS 4 Set runtime settings of given \fIpolicy\fR\&. For setting permanent settings see org\&.fedoraproject\&.FirewallD1\&.config\&.policy\&.Methods\&.update\&. Settings are a dictionary indexed by keywords\&. For possible keywords see org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.addPolicy\&. To zero a value pass an empty string or list\&. Some keywords are not available to modify in the runtime: \fIdescription\fR, \fIname\fR, \fIpriority\fR, \fItarget\fR, \fIversion\fR\&. .sp Possible errors: INVALID_POLICY .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP ForwardPortAdded(s: policy, a{sv}: settings) .RS 4 Emitted when a policy\*(Aqs settings are updated via org\&.fedoraproject\&.FirewallD1\&.policy\&.Methods\&.setPolicySettings .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config" .PP Allows one to permanently add, remove and query zones, services and icmp types\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addIPSet(s: ipset, (ssssa{ss}as): settings) → o .RS 4 Add \fIipset\fR with given \fIsettings\fR into permanent configuration\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fItype\fR, dictionary of \fIoptions\fR and array of \fIentries\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fItype (s)\fR: see \fItype\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIoptions (a{ss})\fR: dictionary of {option : value} \&. See \fIoptions\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIentries (as)\fR: array of entries, see \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .sp Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE .RE .PP addIcmpType(s: icmptype, (sssas): settings) → o .RS 4 Add \fIicmptype\fR with given \fIsettings\fR into permanent configuration\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, array of \fIdestinations\fR\&. Returns object path of the new icmp type\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdestinations (as)\fR: array, either empty or containing strings \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq, see \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .sp Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE .RE .PP addService(s: service, (sssa(ss)asa{ss}asa(ss)): settings) → o .RS 4 This function is deprecated, use org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.addService2 instead\&. .RE .PP addService2s: service, a{sv}: settings) → o .RS 4 Add \fIservice\fR with given \fIsettings\fR into permanent configuration\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. To zero a value pass an empty string or list\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fImodule names (as)\fR: array of kernel netfilter helpers, see \fImodule\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdestinations (a{ss})\fR: dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIincludes (as)\fR: array of service includes, see \fIinclude\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIhelpers (as)\fR: array of service helpers, see \fIhelper\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .sp Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE .RE .PP addZone(s: zone, (sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → o .RS 4 This function is deprecated, use org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.addZone2 instead\&. .RE .PP addZone2(s: zone, a{sv}: settings) → o .RS 4 Add \fIzone\fR with given \fIsettings\fR into permanent configuration\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. To zero a value pass an empty string or list\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fItarget (s)\fR: see \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp_blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward_ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIinterfaces (as)\fR: array of interfaces\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsources (as)\fR: array of source addresses\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIrules_str (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp_block_inversion (b)\fR: see \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward (b)\fR: see \fIforward\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .sp Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE .RE .PP addPolicy(s: policy, a{sv}: settings) → o .RS 4 Add \fIpolicy\fR with given \fIsettings\fR into permanent configuration\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. If a keyword is omitted the default value will be used\&. .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fIegress_zones as\fR: array of zone names\&. See \fIegress\-zone\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fIforward_ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fIicmp_blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fIingress_zones as\fR: array of zone names\&. See \fIingress\-zone\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fIpriority (i)\fR: see \fIpriority\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fIrich_rules (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fIshort (s)\fR: see \fIshort\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fItarget (s)\fR: see \fItarget\fR attribute of \fIpolicy\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIpolicy\fR tag in \fBfirewalld.policy\fR(5)\&. .RS 4 .RE .sp Possible errors: NAME_CONFLICT, INVALID_NAME, INVALID_TYPE .RE .PP getHelperByName(s: helper) → o .RS 4 Return object path (permanent configuration) of \fIhelper\fR with given name\&. .sp Possible errors: INVALID_HELPER .RE .PP getHelperNames() → as .RS 4 Return list of \fIhelper\fR names (permanent configuration)\&. .RE .PP getIPSetByName(s: ipset) → o .RS 4 Return object path (permanent configuration) of \fIipset\fR with given name\&. .sp Possible errors: INVALID_IPSET .RE .PP getIPSetNames() → as .RS 4 Return list of \fIipset\fR names (permanent configuration)\&. .RE .PP getIcmpTypeByName(s: icmptype) → o .RS 4 Return object path (permanent configuration) of \fIicmptype\fR with given name\&. .sp Possible errors: INVALID_ICMPTYPE .RE .PP getIcmpTypeNames() → as .RS 4 Return list of \fIicmptype\fR names (permanent configuration)\&. .RE .PP getServiceByName(s: service) → o .RS 4 Return object path (permanent configuration) of \fIservice\fR with given name\&. .sp Possible errors: INVALID_SERVICE .RE .PP getServiceNames() → as .RS 4 Return list of \fIservice\fR names (permanent configuration)\&. .RE .PP getZoneByName(s: zone) → o .RS 4 Return object path (permanent configuration) of \fIzone\fR with given name\&. .sp Possible errors: INVALID_ZONE .RE .PP getZoneNames() → as .RS 4 Return list of \fIzone\fR names (permanent configuration) of\&. .RE .PP getZoneOfInterface(s: iface) → s .RS 4 Return name of zone the \fIiface\fR is bound to or empty string\&. .RE .PP getZoneOfSource(s: source) → s .RS 4 Return name of zone the \fIsource\fR is bound to or empty string\&. .RE .PP getPolicyByName(s: policy) → o .RS 4 Return object path (permanent configuration) of \fIpolicy\fR with given name\&. .sp Possible errors: INVALID_POLICY .RE .PP getPolicyNames() → as .RS 4 Return list of \fIpolicy\fR names (permanent configuration)\&. .RE .PP listHelpers() → ao .RS 4 Return array of object paths (o) of helper in permanent configuration\&. For runtime configuration see org\&.fedoraproject\&.FirewallD1\&.Methods\&.getHelpers\&. .RE .PP listIPSets() → ao .RS 4 Return array of object paths (o) of ipset in permanent configuration\&. For runtime configuration see org\&.fedoraproject\&.FirewallD1\&.ipset\&.Methods\&.getIPSets\&. .RE .PP listIcmpTypes() → ao .RS 4 Return array of object paths (o) of icmp types in permanent configuration\&. For runtime configuration see org\&.fedoraproject\&.FirewallD1\&.Methods\&.listIcmpTypes\&. .RE .PP listServices() → ao .RS 4 Return array of objects paths (o) of services in permanent configuration\&. For runtime configuration see org\&.fedoraproject\&.FirewallD1\&.Methods\&.listServices\&. .RE .PP listZones() → ao .RS 4 List object paths of zones known to permanent environment\&. For list of zones known to runtime environment see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.getZones\&. The lists (of zones known to runtime and permanent environment) will contain same zones in most cases, but might differ for example if org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.addZone has been called recently, but firewalld has not been reloaded since then\&. .RE .PP listPolicies() → ao .RS 4 List object paths of policies known to permanent environment\&. For list of policies known to runtime environment see org\&.fedoraproject\&.FirewallD1\&.policy\&.Methods\&.getPolicies\&. The lists (of policies known to runtime and permanent environment) will contain same policies in most cases, but might differ for example if org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.addPolicy has been called recently, but firewalld has not been reloaded since then\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP HelperAdded(s: helper) .RS 4 Emitted when \fIhelper\fR has been added\&. .RE .PP IPSetAdded(s: ipset) .RS 4 Emitted when \fIipset\fR has been added\&. .RE .PP IcmpTypeAdded(s: icmptype) .RS 4 Emitted when \fIicmptype\fR has been added\&. .RE .PP ServiceAdded(s: service) .RS 4 Emitted when \fIservice\fR has been added\&. .RE .PP ZoneAdded(s: zone) .RS 4 Emitted when \fIzone\fR has been added\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP \fIAllowZoneDrifting\fR \- s \- (rw) .RS 4 Deprecated\&. Getting this value always returns "no"\&. Setting this value is ignored\&. .RE .PP AutomaticHelpers \- s \- (rw) .RS 4 Deprecated\&. Getting this value always returns "no"\&. Setting this value is ignored\&. .RE .PP CleanupModulesOnExit \- s \- (rw) .RS 4 Setting this option to yes or true unloads all firewall\-related kernel modules when firewalld is stopped\&. .RE .PP CleanupOnExit \- s \- (rw) .RS 4 If firewalld stops, it cleans up all firewall rules\&. Setting this option to no or false leaves the current firewall rules untouched\&. .RE .PP DefaultZone \- s \- (ro) .RS 4 Default zone for connections or interfaces if the zone is not selected or specified by NetworkManager, initscripts or command line tool\&. .RE .PP FirewallBackend \- s \- (rw) .RS 4 Selects the firewalld backend for all rules except the direct interface\&. Valid options are; nftables, iptables\&. Default in nftables\&. .sp \fBNote\fR: The iptables backend is deprecated\&. It will be removed in a future release\&. .RE .PP FlushAllOnReload \- s \- (rw) .RS 4 Flush all runtime rules on a reload\&. Valid options are; yes, no\&. .RE .PP \fIIPv6_rpfilter\fR \- s \- (rw) .RS 4 Indicates whether the reverse path filter test on a packet for IPv6 is enabled\&. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped\&. .RE .PP \fIIndividualCalls\fR \- s \- (ro) .RS 4 Indicates whether individual calls combined \-restore calls are used\&. If enabled, this increases the time that is needed to apply changes and to start the daemon, but is good for debugging\&. .RE .PP Lockdown \- s \- (rw) .RS 4 If this property is enabled, firewall changes with the D\-Bus interface will be limited to applications that are listed in the lockdown whitelist\&. .RE .PP LogDenied \- s \- (rw) .RS 4 If LogDenied is enabled, then logging rules are added right before reject and drop rules in the INPUT, FORWARD and OUTPUT chains for the default rules and also final reject and drop rules in zones\&. Possible values are: \fIall\fR, \fIunicast\fR, \fIbroadcast\fR, \fImulticast\fR and \fIoff\fR\&. .RE .PP MinimalMark \- i \- (rw) .RS 4 Deprecated\&. This option is ignored and no longer used\&. Marks are no longer used internally\&. .RE .PP RFC3964_IPv4 \- s \- (rw) .RS 4 As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that correspond to IPv4 addresses that should not be routed over the public internet\&. Valid options are; yes, no\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.direct" .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBDEPRECATED\fR .RS 4 .PP The direct interface has been deprecated\&. It will be removed in a future release\&. It is superseded by policies, see \fBfirewalld.policies\fR(5)\&. .RE .PP Interface for permanent direct configuration, see also \fBfirewalld.direct\fR(5)\&. For runtime direct configuration see org\&.fedoraproject\&.FirewallD1\&.direct interface\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addChain(s: ipv, s: table, s: chain) → Nothing .RS 4 Add a new \fIchain\fR to \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Make sure there\*(Aqs no other chain with this name already\&. There already exist basic chains to use with direct methods, for example \fIINPUT_direct\fR chain\&. These chains are jumped into before chains for zones, i\&.e\&. every rule put into \fIINPUT_direct\fR will be checked before rules in zones\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.addChain\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED .RE .PP addPassthrough(s: ipv, as: args) → Nothing .RS 4 Add a passthrough rule with the arguments \fIargs\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.addPassthrough\&. .sp Possible errors: INVALID_IPV, ALREADY_ENABLED .RE .PP addRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing .RS 4 Add a rule with the arguments \fIargs\fR to \fIchain\fR in \fItable\fR with \fIpriority\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. The priority is used to order rules\&. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down\&. Rules with the same priority are on the same level and the order of these rules is not fixed and may change\&. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.addRule\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, ALREADY_ENABLED .RE .PP getAllChains() → a(sss) .RS 4 Get all chains added to all tables in format: ipv, table, chain\&. This concerns only chains previously added with addChain\&. Return value is a array of (\fIipv\fR, \fItable\fR, \fIchain\fR)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.getAllChains\&. .PP \fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RS 4 .RE .PP \fItable (s)\fR: one of \fIfilter\fR, \fImangle\fR, \fInat\fR, \fIraw\fR, \fIsecurity\fR .RS 4 .RE .PP \fIchain (s)\fR: name of a chain\&. .RS 4 .RE .sp .RE .PP getAllPassthroughs() → a(sas) .RS 4 Get all passthrough rules added in all ipv types in format: ipv, rule\&. This concerns only rules previously added with addPassthrough\&. Return value is a array of (\fIipv\fR, array of \fIarguments\fR)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.getAllPassthroughs\&. .PP \fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RS 4 .RE .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp .RE .PP getAllRules() → a(sssias) .RS 4 Get all rules added to all chains in all tables in format: ipv, table, chain, priority, rule\&. This concerns only rules previously added with addRule\&. Return value is a array of (\fIipv\fR, \fItable\fR, \fIchain\fR, \fIpriority\fR, array of \fIarguments\fR)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.getAllRules\&. .PP \fIipv (s)\fR: either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. .RS 4 .RE .PP \fItable (s)\fR: one of \fIfilter\fR, \fImangle\fR, \fInat\fR, \fIraw\fR, \fIsecurity\fR .RS 4 .RE .PP \fIchain (s)\fR: name of a chain\&. .RS 4 .RE .PP \fIpriority (i)\fR: used to order rules\&. .RS 4 .RE .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp .RE .PP getChains(s: ipv, s: table) → as .RS 4 Return an array of chains (s) added to \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only chains previously added with addChain\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.getChains\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP getPassthroughs(s: ipv) → aas .RS 4 Get tracked passthrough rules added in either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addPassthrough\&. Return value is a array of (array of \fIarguments\fR)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.getPassthroughs\&. .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp .RE .PP getRules(s: ipv, s: table, s: chain) → a(ias) .RS 4 Get all rules added to \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addRule\&. Return value is a array of (\fIpriority\fR, array of \fIarguments\fR)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.getRules\&. .PP \fIpriority (i)\fR: used to order rules\&. .RS 4 .RE .PP \fIarguments (as)\fR: array of commands, parameters and other iptables/ip6tables/ebtables command line options\&. .RS 4 .RE .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP getSettings() → (a(sss)a(sssias)a(sas)) .RS 4 Get settings of permanent direct configuration in format: array of \fIchains\fR, array of \fIrules\fR, array of \fIpassthroughs\fR\&. .PP \fIchains (a(sss))\fR: array of (\fIipv\fR, \fItable\fR, \fIchain\fR), see \*(Aqchain\*(Aq in \fBfirewalld.direct\fR(5)\&. .RS 4 .RE \&. .PP \fIrules (a(sssias))\fR: array of (\fIipv\fR, \fItable\fR, \fIchain\fR, \fIpriority\fR, array of \fIarguments\fR), see \*(Aqrule\*(Aq in \fBfirewalld.direct\fR(5)\&. .RS 4 .RE \&. .PP \fIpassthroughs (a(sas))\fR: array of (\fIipv\fR, array of \fIarguments\fR), see passthrough in \fBfirewalld.direct\fR(5)\&. .RS 4 .RE \&. .sp .RE .PP queryChain(s: ipv, s: table, s: chain) → b .RS 4 Return whether a \fIchain\fR exists in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only chains previously added with addChain\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.queryChain\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP queryPassthrough(s: ipv, as: args) → b .RS 4 Return whether a tracked passthrough rule with the arguments \fIargs\fR exists for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addPassthrough\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.queryPassthrough\&. .sp Possible errors: INVALID_IPV .RE .PP queryRule(s: ipv, s: table, s: chain, i: priority, as: args) → b .RS 4 Return whether a rule with \fIpriority\fR and the arguments \fIargs\fR exists in \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addRule\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.queryRule\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP removeChain(s: ipv, s: table, s: chain) → Nothing .RS 4 Remove a \fIchain\fR from \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Only chains previously added with addChain can be removed this way\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.removeChain\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED .RE .PP removePassthrough(s: ipv, as: args) → Nothing .RS 4 Remove a passthrough rule with arguments \fIargs\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Only rules previously added with addPassthrough can be removed this way\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.removePassthrough\&. .sp Possible errors: INVALID_IPV, NOT_ENABLED .RE .PP removeRule(s: ipv, s: table, s: chain, i: priority, as: args) → Nothing .RS 4 Remove a rule with \fIpriority\fR and arguments \fIargs\fR from \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. Only rules previously added with addRule can be removed this way\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.removeRule\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE, NOT_ENABLED .RE .PP removeRules(s: ipv, s: table, s: chain) → Nothing .RS 4 Remove all rules from \fIchain\fR in \fItable\fR for \fIipv\fR being either \fIipv4\fR (iptables) or \fIipv6\fR (ip6tables) or \fIeb\fR (ebtables)\&. This concerns only rules previously added with addRule\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.direct\&.Methods\&.removeRules\&. .sp Possible errors: INVALID_IPV, INVALID_TABLE .RE .PP update((a(sss)a(sssias)a(sas)): settings) → Nothing .RS 4 Update permanent direct configuration with given \fIsettings\fR\&. Settings are in format: array of \fIchains\fR, array of \fIrules\fR, array of \fIpassthroughs\fR\&. .PP \fIchains (a(sss))\fR: array of (\fIipv\fR, \fItable\fR, \fIchain\fR), see \*(Aqchain\*(Aq in \fBfirewalld.direct\fR(5)\&. .RS 4 .RE \&. .PP \fIrules (a(sssias))\fR: array of (\fIipv\fR, \fItable\fR, \fIchain\fR, \fIpriority\fR, array of \fIarguments\fR), see \*(Aqrule\*(Aq in \fBfirewalld.direct\fR(5)\&. .RS 4 .RE \&. .PP \fIpassthroughs (a(sas))\fR: array of (\fIipv\fR, array of \fIarguments\fR), see passthrough in \fBfirewalld.direct\fR(5)\&. .RS 4 .RE \&. .sp Possible errors: INVALID_TYPE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP Updated() .RS 4 Emitted when configuration has been updated\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.policies" .PP Interface for permanent lockdown\-whitelist configuration, see also \fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime configuration see org\&.fedoraproject\&.FirewallD1\&.policies interface\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addLockdownWhitelistCommand(s: command) → Nothing .RS 4 Add \fIcommand\fR to whitelist\&. See \fIcommand\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.addLockdownWhitelistCommand\&. .sp Possible errors: ALREADY_ENABLED, INVALID_TYPE .RE .PP addLockdownWhitelistContext(s: context) → Nothing .RS 4 Add \fIcontext\fR to whitelist\&. See \fIselinux\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.addLockdownWhitelistContext\&. .sp Possible errors: ALREADY_ENABLED, INVALID_TYPE .RE .PP addLockdownWhitelistUid(i: uid) → Nothing .RS 4 Add user id \fIuid\fR to whitelist\&. See \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.addLockdownWhitelistUid\&. .sp Possible errors: ALREADY_ENABLED, INVALID_TYPE .RE .PP addLockdownWhitelistUser(s: user) → Nothing .RS 4 Add \fIuser\fR name to whitelist\&. See \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.addLockdownWhitelistUser\&. .sp Possible errors: ALREADY_ENABLED, INVALID_TYPE .RE .PP getLockdownWhitelist() → (asasasai) .RS 4 Get settings of permanent lockdown\-whitelist configuration in format: \fIcommands\fR, \fIselinux contexts\fR, \fIusers\fR, \fIuids\fR .PP \fIcommands (as)\fR: see \fIcommand\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .PP \fIselinux contexts (as)\fR: see \fIselinux\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .PP \fIusers (as)\fR: see \fIname\fR attribute of \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .PP \fIuids (ai)\fR: see \fIid\fR attribute of \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .sp .RE .PP getLockdownWhitelistCommands() → as .RS 4 List all command lines (s) that are on whitelist\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.getLockdownWhitelistCommands\&. .RE .PP getLockdownWhitelistContexts() → as .RS 4 List all contexts (s) that are on whitelist\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.getLockdownWhitelistContexts\&. .RE .PP getLockdownWhitelistUids() → ai .RS 4 List all user ids (i) that are on whitelist\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.getLockdownWhitelistUids\&. .RE .PP getLockdownWhitelistUsers() → as .RS 4 List all users (s) that are on whitelist\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.getLockdownWhitelistUsers\&. .RE .PP queryLockdownWhitelistCommand(s: command) → b .RS 4 Query whether \fIcommand\fR is on whitelist\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.queryLockdownWhitelistCommand\&. .RE .PP queryLockdownWhitelistContext(s: context) → b .RS 4 Query whether \fIcontext\fR is on whitelist\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.queryLockdownWhitelistContext\&. .RE .PP queryLockdownWhitelistUid(i: uid) → b .RS 4 Query whether user id \fIuid\fR is on whitelist\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.queryLockdownWhitelistUid\&. .RE .PP queryLockdownWhitelistUser(s: user) → b .RS 4 Query whether \fIuser\fR is on whitelist\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.queryLockdownWhitelistUser\&. .RE .PP removeLockdownWhitelistCommand(s: command) → Nothing .RS 4 Remove \fIcommand\fR from whitelist\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.removeLockdownWhitelistCommand\&. .sp Possible errors: NOT_ENABLED .RE .PP removeLockdownWhitelistContext(s: context) → Nothing .RS 4 Remove \fIcontext\fR from whitelist\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.removeLockdownWhitelistContext\&. .sp Possible errors: NOT_ENABLED .RE .PP removeLockdownWhitelistUid(i: uid) → Nothing .RS 4 Remove user id \fIuid\fR from whitelist\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.removeLockdownWhitelistUid\&. .sp Possible errors: NOT_ENABLED .RE .PP removeLockdownWhitelistUser(s: user) → Nothing .RS 4 Remove \fIuser\fR from whitelist\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.policies\&.Methods\&.removeLockdownWhitelistUser\&. .sp Possible errors: NOT_ENABLED .RE .PP setLockdownWhitelist((asasasai): settings) → Nothing .RS 4 Set permanent lockdown\-whitelist configuration to \fIsettings\fR\&. Settings are in format: \fIcommands\fR, \fIselinux contexts\fR, \fIusers\fR, \fIuids\fR .PP \fIcommands (as)\fR: see \fIcommand\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .PP \fIselinux contexts (as)\fR: see \fIselinux\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .PP \fIusers (as)\fR: see \fIname\fR attribute of \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .PP \fIuids (ai)\fR: see \fIid\fR attribute of \fIuser\fR option in \fBfirewalld.lockdown-whitelist\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_TYPE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP LockdownWhitelistUpdated() .RS 4 Emitted when permanent lockdown\-whitelist configuration has been updated\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.ipset" .PP Interface for permanent ipset configuration, see also \fBfirewalld.ipset\fR(5)\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addEntry(s: entry) → Nothing .RS 4 Permanently add \fIentry\fR to list of entries of ipset\&. See \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.ipset\&.Methods\&.addEntry\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addOption(s: key, s: value) → Nothing .RS 4 Permanently add (\fIkey\fR, \fIvalue\fR) to the ipset\&. See \fIoption\fR tag in \fBfirewalld.ipset\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getDescription() → s .RS 4 Get description of ipset\&. See \fIdescription\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP getEntries() → as .RS 4 Get list of entries added to ipset\&. See \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.ipset\&.Methods\&.getEntries\&. .sp Possible errors: IPSET_WITH_TIMEOUT .RE .PP getOptions() → a{ss} .RS 4 Get dictionary of \fIoptions\fR set for ipset\&. See \fIoption\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP getSettings() → (ssssa{ss}as) .RS 4 Return permament settings of the ipset\&. For getting runtime settings see org\&.fedoraproject\&.FirewallD1\&.ipset\&.Methods\&.getIPSetSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fItype\fR, dictionary of \fIoptions\fR and array of \fIentries\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fItype (s)\fR: see \fItype\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIoptions (a{ss})\fR: dictionary of {option : value} \&. See \fIoptions\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIentries (as)\fR: array of entries, see \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .sp .RE .PP getShort() → s .RS 4 Get name of ipset\&. See \fIshort\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP getType() → s .RS 4 Get type of ipset\&. See \fItype\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP getVersion() → s .RS 4 Get version of ipset\&. See \fIversion\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP loadDefaults() → Nothing .RS 4 Load default settings for built\-in ipset\&. .sp Possible errors: NO_DEFAULTS .RE .PP queryEntry(s: entry) → b .RS 4 Return whether \fIentry\fR has been added to \fIipset\fR\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.ipset\&.Methods\&.queryEntry\&. .RE .PP queryOption(s: key, s: value) → b .RS 4 Return whether (\fIkey\fR, \fIvalue\fR) has been added to options of the \fIipset\fR\&. .RE .PP remove() → Nothing .RS 4 Remove not built\-in ipset\&. .sp Possible errors: BUILTIN_IPSET .RE .PP removeEntry(s: entry) → Nothing .RS 4 Permanently remove \fIentry\fR from ipset\&. See \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.ipset\&.Methods\&.removeEntry\&. .sp Possible errors: NOT_ENABLED .RE .PP removeOption(s: key) → Nothing .RS 4 Permanently remove \fIkey\fR from the ipset\&. See \fIoption\fR tag in \fBfirewalld.ipset\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP rename(s: name) → Nothing .RS 4 Rename not built\-in ipset to \fIname\fR\&. .sp Possible errors: BUILTIN_IPSET .RE .PP setDescription(s: description) → Nothing .RS 4 Permanently set description of ipset to \fIdescription\fR\&. See \fIdescription\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP setEntries(as: entries) → Nothing .RS 4 Permanently set list of entries to \fIentries\fR\&. See \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP setOptions(a{ss}: options) → Nothing .RS 4 Permanently set dict of options to \fIoptions\fR\&. See \fIoption\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP setShort(s: short) → Nothing .RS 4 Permanently set name of ipset to \fIshort\fR\&. See \fIshort\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP setType(s: ipset_type) → Nothing .RS 4 Permanently set type of ipset to \fIipset_type\fR\&. See \fItype\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP setVersion(s: version) → Nothing .RS 4 Permanently set version of ipset to \fIversion\fR\&. See \fIversion\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RE .PP update((ssssa{ss}as): settings) → Nothing .RS 4 Update settings of ipset to \fIsettings\fR\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fItype\fR, dictionary of \fIoptions\fR and array of \fIentries\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fItype (s)\fR: see \fItype\fR attribute of \fIipset\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIoptions (a{ss})\fR: dictionary of {option : value} \&. See \fIoptions\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .PP \fIentries (as)\fR: array of entries, see \fIentry\fR tag in \fBfirewalld.ipset\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_TYPE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP Removed(s: name) .RS 4 Emitted when ipset with \fIname\fR has been removed\&. .RE .PP Renamed(s: name) .RS 4 Emitted when ipset has been renamed to \fIname\fR\&. .RE .PP Updated(s: name) .RS 4 Emitted when ipset with \fIname\fR has been updated\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP builtin \- b \- (ro) .RS 4 True if ipset is build\-in, false else\&. .RE .PP default \- b \- (ro) .RS 4 True if build\-in ipset has default settings\&. False if it has been modified\&. Always False for not build\-in ipsets\&. .RE .PP filename \- s \- (ro) .RS 4 Name (including \&.xml extension) of file where the configuration is stored\&. .RE .PP name \- s \- (ro) .RS 4 Name of ipset\&. .RE .PP path \- s \- (ro) .RS 4 Path to directory where the ipset configuration is stored\&. Should be either /usr/lib/firewalld/ipsets or /etc/firewalld/ipsets\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.zone" .PP Interface for permanent zone configuration, see also \fBfirewalld.zone\fR(5)\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addForwardPort(s: port, s: protocol, s: toport, s: toaddr) → Nothing .RS 4 Permanently add (\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR) to list of forward ports of zone\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.addForwardPort\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addIcmpBlock(s: icmptype) → Nothing .RS 4 Permanently add \fIicmptype\fR to list of icmp types blocked in zone\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.addIcmpBlock\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addIcmpBlock(s: icmptype) → Nothing .RS 4 Permanently add icmp block inversion to zone\&. See \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.addIcmpBlockInversion\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addInterface(s: interface) → Nothing .RS 4 Permanently add \fIinterface\fR to list of interfaces bound to zone\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.addInterface\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addMasquerade() → Nothing .RS 4 Permanently enable masquerading in zone\&. See \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.addMasquerade\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addPort(s: port, s: protocol) → Nothing .RS 4 Permanently add (\fIport\fR, \fIprotocol\fR) to list of ports of zone\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.addPort\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addProtocol(s: protocol) → Nothing .RS 4 Permanently add protocol into \fIzone\fR\&. The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.addProtocol\&. .sp Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED .RE .PP addRichRule(s: rule) → Nothing .RS 4 Permanently add \fIrule\fR to list of rich\-language rules in zone\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.addRichRule\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addService(s: service) → Nothing .RS 4 Permanently add \fIservice\fR to list of services used in zone\&. See \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.addService\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addSource(s: source) → Nothing .RS 4 Permanently add \fIsource\fR to list of source addresses bound to zone\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.addSource\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addSourcePort(s: port, s: protocol) → Nothing .RS 4 Permanently add (\fIport\fR, \fIprotocol\fR) to list of source ports of zone\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.addSourcePort\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getDescription() → s .RS 4 Get description of zone\&. See \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP getForwardPorts() → a(ssss) .RS 4 Get list of (\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR) defined in zone\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.getForwardPorts\&. .RE .PP getIcmpBlockInversion() → b .RS 4 Get icmp block inversion flag of zone\&. See \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP getIcmpBlocks() → as .RS 4 Get list of icmp type names blocked in zone\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.getIcmpBlocks\&. .RE .PP getInterfaces() → as .RS 4 Get list of interfaces bound to zone\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.getInterfaces\&. .RE .PP getMasquerade() → b .RS 4 Return whether \fImasquerade\fR is enabled in zone\&. This is the same as queryMasquerade() method\&. See \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP getPorts() → a(ss) .RS 4 Get list of (\fIport\fR, \fIprotocol\fR) defined in zone\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.getPorts\&. .RE .PP getProtocols() → as .RS 4 Return array of protocols (s) previously enabled in \fIzone\fR\&. For getting runtime settings see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.getProtocols\&. .RE .PP getRichRules() → as .RS 4 Get list of rich\-language rules in zone\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.getRichRules\&. .RE .PP getServices() → as .RS 4 Get list of service names used in zone\&. See \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.getServices\&. .RE .PP getSettings() → (sssbsasa(ss)asba(ssss)asasasasa(ss)b) .RS 4 This function is deprecated, use org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.getSettings2 instead\&. .RE .PP getSettings2() → a{sv} .RS 4 Return permanent settings of given \fIzone\fR\&. For getting runtime settings see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.getZoneSettings2\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. If the value is empty it may be omitted\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fItarget (s)\fR: see \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp_blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward_ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIinterfaces (as)\fR: array of interfaces\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsources (as)\fR: array of source addresses\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIrules_str (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp_block_inversion (b)\fR: see \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward (b)\fR: see \fIforward\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .sp .RE .PP getShort() → s .RS 4 Get name of zone\&. See \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP getSourcePorts() → a(ss) .RS 4 Get list of (\fIport\fR, \fIprotocol\fR) defined in zone\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.getSourcePorts\&. .RE .PP getSources() → as .RS 4 Get list of source addresses bound to zone\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.getSources\&. .RE .PP getTarget() → s .RS 4 Get target of zone\&. See \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP getVersion() → s .RS 4 Get version of zone\&. See \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP loadDefaults() → Nothing .RS 4 Load default settings for built\-in zone\&. .sp Possible errors: NO_DEFAULTS .RE .PP queryForwardPort(s: port, s: protocol, s: toport, s: toaddr) → b .RS 4 Return whether (\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR) is in list of forward ports of zone\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.queryForwardPort\&. .RE .PP queryIcmpBlock(s: icmptype) → b .RS 4 Return whether \fIicmptype\fR is in list of icmp types blocked in zone\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.queryIcmpBlock\&. .RE .PP queryIcmpBlockInversion() → b .RS 4 Return whether \fIicmp block inversion\fR is in enabled in zone\&. See \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.queryIcmpBlockInversion\&. .RE .PP queryInterface(s: interface) → b .RS 4 Return whether \fIinterface\fR is in list of interfaces bound to zone\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.queryInterface\&. .RE .PP queryMasquerade() → b .RS 4 Return whether \fImasquerade\fR is enabled in zone\&. This is the same as getMasquerade() method\&. See \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.queryMasquerade\&. .RE .PP queryPort(s: port, s: protocol) → b .RS 4 Return whether (\fIport\fR, \fIprotocol\fR) is in list of ports of zone\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.queryPort\&. .RE .PP queryProtocol(s: protocol) → b .RS 4 Return whether \fIprotocol\fR has been added in \fIzone\fR\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.queryProtocol\&. .sp Possible errors: INVALID_PROTOCOL .RE .PP queryRichRule(s: rule) → b .RS 4 Return whether \fIrule\fR is in list of rich\-language rules in zone\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.queryRichRule\&. .RE .PP queryService(s: service) → b .RS 4 Return whether \fIservice\fR is in list of services used in zone\&. See \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.queryService\&. .RE .PP querySource(s: source) → b .RS 4 Return whether \fIsource\fR is in list of source addresses bound to zone\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.querySource\&. .RE .PP querySourcePort(s: port, s: protocol) → b .RS 4 Return whether (\fIport\fR, \fIprotocol\fR) is in list of source ports of zone\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.querySourcePort\&. .RE .PP remove() → Nothing .RS 4 Remove not built\-in zone\&. .sp Possible errors: BUILTIN_ZONE .RE .PP removeForwardPort(s: port, s: protocol, s: toport, s: toaddr) → Nothing .RS 4 Permanently remove (\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR) from list of forward ports of zone\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.removeForwardPort\&. .sp Possible errors: NOT_ENABLED .RE .PP removeIcmpBlock(s: icmptype) → Nothing .RS 4 Permanently remove \fIicmptype\fR from list of icmp types blocked in zone\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.removeIcmpBlock\&. .sp Possible errors: NOT_ENABLED .RE .PP removeIcmpBlockInversion() → Nothing .RS 4 Permanently remove \fIicmp block inversion\fR from the zone\&. See \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.removeIcmpBlockInversion\&. .sp Possible errors: NOT_ENABLED .RE .PP removeInterface(s: interface) → Nothing .RS 4 Permanently remove \fIinterface\fR from list of interfaces bound to zone\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.removeInterface\&. .sp Possible errors: NOT_ENABLED .RE .PP removeMasquerade() → Nothing .RS 4 Permanently disable masquerading in zone\&. See \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.removeMasquerade\&. .sp Possible errors: NOT_ENABLED .RE .PP removePort(s: port, s: protocol) → Nothing .RS 4 Permanently remove (\fIport\fR, \fIprotocol\fR) from list of ports of zone\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.removePort\&. .sp Possible errors: NOT_ENABLED .RE .PP removeProtocol(s: protocol) → Nothing .RS 4 Permanently remove protocol from \fIzone\fR\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.removeProtocol\&. .sp Possible errors: INVALID_PROTOCOL, NOT_ENABLED .RE .PP removeRichRule(s: rule) → Nothing .RS 4 Permanently remove \fIrule\fR from list of rich\-language rules in zone\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.removeRichRule\&. .sp Possible errors: NOT_ENABLED .RE .PP removeService(s: service) → Nothing .RS 4 Permanently remove \fIservice\fR from list of services used in zone\&. See \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.removeService\&. .sp Possible errors: NOT_ENABLED .RE .PP removeSource(s: source) → Nothing .RS 4 Permanently remove \fIsource\fR from list of source addresses bound to zone\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.removeSource\&. .sp Possible errors: NOT_ENABLED .RE .PP removeSourcePort(s: port, s: protocol) → Nothing .RS 4 Permanently remove (\fIport\fR, \fIprotocol\fR) from list of source ports of zone\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. For runtime operation see org\&.fedoraproject\&.FirewallD1\&.zone\&.Methods\&.removeSourcePort\&. .sp Possible errors: NOT_ENABLED .RE .PP rename(s: name) → Nothing .RS 4 Rename not built\-in zone to \fIname\fR\&. .sp Possible errors: BUILTIN_ZONE .RE .PP setDescription(s: description) → Nothing .RS 4 Permanently set description of zone to \fIdescription\fR\&. See \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setForwardPorts(a(ssss): ports) → Nothing .RS 4 Permanently set forward ports of zone to list of (\fIport\fR, \fIprotocol\fR, \fItoport\fR, \fItoaddr\fR)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setIcmpBlockInversion(b: flag) → Nothing .RS 4 Permanently set icmp block inversion flag of zone to \fIflag\fR\&. See \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setIcmpBlocks(as: icmptypes) → Nothing .RS 4 Permanently set list of icmp types blocked in zone to \fIicmptypes\fR\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setInterfaces(as: interfaces) → Nothing .RS 4 Permanently set list of interfaces bound to zone to \fIinterfaces\fR\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setMasquerade(b: masquerade) → Nothing .RS 4 Permanently set masquerading in zone to \fImasquerade\fR\&. See \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setPorts(a(ss): ports) → Nothing .RS 4 Permanently set ports of zone to list of (\fIport\fR, \fIprotocol\fR)\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setProtocols(as: protocols) → Nothing .RS 4 Permanently set list of protocols used in zone to \fIprotocols\fR\&. See \fIprotocol\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setRichRules(as: rules) → Nothing .RS 4 Permanently set list of rich\-language rules to \fIrules\fR\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setServices(as: services) → Nothing .RS 4 Permanently set list of services used in zone to \fIservices\fR\&. See \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setShort(s: short) → Nothing .RS 4 Permanently set name of zone to \fIshort\fR\&. See \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setSourcePorts(a(ss): ports) → Nothing .RS 4 Permanently set source\-ports of zone to list of (\fIport\fR, \fIprotocol\fR)\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setSources(as: sources) → Nothing .RS 4 Permanently set list of source addresses bound to zone to \fIsources\fR\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setTarget(s: target) → Nothing .RS 4 Permanently set target of zone to \fItarget\fR\&. See \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP setVersion(s: version) → Nothing .RS 4 Permanently set version of zone to \fIversion\fR\&. See \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RE .PP update((sssbsasa(ss)asba(ssss)asasasasa(ss)b): settings) → Nothing .RS 4 This function is deprecated, use org\&.fedoraproject\&.FirewallD1\&.config\&.zone\&.Methods\&.update2 instead\&. .RE .PP update2(a{sv}: settings) → Nothing .RS 4 Update settings of zone to \fIsettings\fR\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. To zero a value pass an empty string or list\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fItarget (s)\fR: see \fItarget\fR attribute of \fIzone\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIservices (as)\fR: array of service names, see \fIservice\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp_blocks (as)\fR: array of icmp\-blocks\&. See \fIicmp\-block\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fImasquerade (b)\fR: see \fImasquerade\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward_ports (a(ssss))\fR: array of (port, protocol, to\-port, to\-addr)\&. See \fIforward\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIinterfaces (as)\fR: array of interfaces\&. See \fIinterface\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsources (as)\fR: array of source addresses\&. See \fIsource\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIrules_str (as)\fR: array of rich\-language rules\&. See \fIrule\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIicmp_block_inversion (b)\fR: see \fIicmp\-block\-inversion\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .PP \fIforward (b)\fR: see \fIforward\fR tag in \fBfirewalld.zone\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_TYPE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP Removed(s: name) .RS 4 Emitted when zone with \fIname\fR has been removed\&. .RE .PP Renamed(s: name) .RS 4 Emitted when zone has been renamed to \fIname\fR\&. .RE .PP Updated(s: name) .RS 4 Emitted when zone with \fIname\fR has been updated\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP builtin \- b \- (ro) .RS 4 True if zone is build\-in, false else\&. .RE .PP default \- b \- (ro) .RS 4 True if build\-in zone has default settings\&. False if it has been modified\&. Always False for not build\-in zones\&. .RE .PP filename \- s \- (ro) .RS 4 Name (including \&.xml extension) of file where the configuration is stored\&. .RE .PP name \- s \- (ro) .RS 4 Name of zone\&. .RE .PP path \- s \- (ro) .RS 4 Path to directory where the zone configuration is stored\&. Should be either /usr/lib/firewalld/zones or /etc/firewalld/zones\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.policy" .PP Interface for permanent policy configuration, see also \fBfirewalld.policy\fR(5)\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP getSettings() → a{sv} .RS 4 Return permanent settings of given \fIpolicy\fR\&. For getting runtime settings see org\&.fedoraproject\&.FirewallD1\&.policy\&.Methods\&.getPolicySettings\&. Settings are a dictionary indexed by keywords\&. For possible keywords see org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.addPolicy\&. .RE .PP loadDefaults() → Nothing .RS 4 Load default settings for built\-in policy\&. .sp Possible errors: NO_DEFAULTS .RE .PP remove() → Nothing .RS 4 Remove not built\-in policy\&. .sp Possible errors: BUILTIN_POLICY .RE .PP rename(s: name) → Nothing .RS 4 Rename not built\-in policy to \fIname\fR\&. .sp Possible errors: BUILTIN_POLICY .RE .PP update(a{sv}: settings) → Nothing .RS 4 Update settings of policy to \fIsettings\fR\&. Settings are a dictionary indexed by keywords\&. For possible keywords see org\&.fedoraproject\&.FirewallD1\&.config\&.Methods\&.addPolicy\&. To zero a value pass an empty string or list\&. .sp Possible errors: INVALID_TYPE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP Removed(s: name) .RS 4 Emitted when policy with \fIname\fR has been removed\&. .RE .PP Renamed(s: name) .RS 4 Emitted when policy has been renamed to \fIname\fR\&. .RE .PP Updated(s: name) .RS 4 Emitted when policy with \fIname\fR has been updated\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP builtin \- b \- (ro) .RS 4 True if policy is build\-in, false else\&. .RE .PP default \- b \- (ro) .RS 4 True if build\-in policy has default settings\&. False if it has been modified\&. Always False for not build\-in policies\&. .RE .PP filename \- s \- (ro) .RS 4 Name (including \&.xml extension) of file where the configuration is stored\&. .RE .PP name \- s \- (ro) .RS 4 Name of policy\&. .RE .PP path \- s \- (ro) .RS 4 Path to directory where the policy configuration is stored\&. Should be either /usr/lib/firewalld/policies or /etc/firewalld/policies\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.service" .PP Interface for permanent service configuration, see also \fBfirewalld.service\fR(5)\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addModule(s: module) → Nothing .RS 4 This method is deprecated\&. Please use "helpers" in the update2() method\&. .RE .PP addPort(s: port, s: protocol) → Nothing .RS 4 Permanently add (\fIport\fR, \fIprotocol\fR) to list of ports in service\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP addProtocol(s: protocol) → Nothing .RS 4 Permanently add protocol into \fIzone\fR\&. The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. See \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: INVALID_PROTOCOL, ALREADY_ENABLED .RE .PP addSourcePort(s: port, s: protocol) → Nothing .RS 4 Permanently add (\fIport\fR, \fIprotocol\fR) to list of source ports in service\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getDescription() → s .RS 4 Get description of service\&. See \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP getDestination(s: family) → s .RS 4 Get destination for IP family being either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getDestinations() → a{ss} .RS 4 Get list of destinations\&. Return value is a dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP getModules() → as .RS 4 This method is deprecated\&. Please use "helpers" in the getSettings2() method\&. .RE .PP getPorts() → a(ss) .RS 4 Get list of (\fIport\fR, \fIprotocol\fR) defined in service\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP getProtocols() → as .RS 4 Return array of protocols (s) defined in \fIservice\fR\&. See \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP getSettings() → (sssa(ss)asa{ss}asa(ss)) .RS 4 This function is deprecated, use org\&.fedoraproject\&.FirewallD1\&.config\&.service\&.Methods\&.getSettings2 instead\&. .RE .PP getSettings2(s: \fIservice\fR) → s{sv} .RS 4 Return runtime settings of given \fIservice\fR\&. For getting runtime settings see org\&.fedoraproject\&.FirewallD1\&.Methods\&.getServiceSettings2\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. If the value is empty it may be ommitted\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fImodule names (as)\fR: array of kernel netfilter helpers, see \fImodule\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdestinations (a{ss})\fR: dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIincludes (as)\fR: array of service includes, see \fIinclude\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIhelpers (as)\fR: array of service helpers, see \fIhelper\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .sp .RE .PP getShort() → s .RS 4 Get name of service\&. See \fIshort\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP getSourcePorts() → a(ss) .RS 4 Get list of (\fIport\fR, \fIprotocol\fR) defined in service\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP getVersion() → s .RS 4 Get version of service\&. See \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP loadDefaults() → Nothing .RS 4 Load default settings for built\-in service\&. .sp Possible errors: NO_DEFAULTS .RE .PP queryDestination(s: family, s: address) → b .RS 4 Return whether a \fIdestination\fR is in dictionary of destinations of this service\&. destination is in format: (\fIIP family\fR, \fIIP address\fR) where \fIIP family\fR can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP queryModule(s: module) → b .RS 4 This method is deprecated\&. Please use "helpers" in the getSettings2() method\&. .RE .PP queryPort(s: port, s: protocol) → b .RS 4 Return whether (\fIport\fR, \fIprotocol\fR) is in list of ports in service\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP queryProtocol(s: protocol) → b .RS 4 Return whether \fIprotocol\fR is in list of protocols in service\&. See \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP querySourcePort(s: port, s: protocol) → b .RS 4 Return whether (\fIport\fR, \fIprotocol\fR) is in list of source ports in service\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP remove() → Nothing .RS 4 Remove not built\-in service\&. .sp Possible errors: BUILTIN_SERVICE .RE .PP removeDestination(s: family) → Nothing .RS 4 Permanently remove a destination with \fIfamily\fR (\*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq) from service\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP removeModule(s: module) → Nothing .RS 4 This method is deprecated\&. Please use "helpers" in the update2() method\&. .RE .PP removePort(s: port, s: protocol) → Nothing .RS 4 Permanently remove (\fIport\fR, \fIprotocol\fR) from list of ports in service\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP removeProtocol(s: protocol) → Nothing .RS 4 Permanently remove \fIprotocol\fR from list of protocols in service\&. See \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP removeSourcePort(s: port, s: protocol) → Nothing .RS 4 Permanently remove (\fIport\fR, \fIprotocol\fR) from list of source ports in service\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP rename(s: name) → Nothing .RS 4 Rename not built\-in service to \fIname\fR\&. .sp Possible errors: BUILTIN_SERVICE .RE .PP setDescription(s: description) → Nothing .RS 4 Permanently set description of service to \fIdescription\fR\&. See \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP setDestination(s: family, s: address) → Nothing .RS 4 Permanently set a destination address\&. destination is in format: (\fIIP family\fR, \fIIP address\fR) where \fIIP family\fR can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP setDestinations(a{ss}: destinations) → Nothing .RS 4 Permanently set destinations of service to \fIdestinations\fR, which is a dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP setModules(as: modules) → Nothing .RS 4 This method is deprecated\&. Please use "helpers" in the update2() method\&. .RE .PP setPorts(a(ss): ports) → Nothing .RS 4 Permanently set ports of service to list of (\fIport\fR, \fIprotocol\fR)\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP setProtocols(as: protocols) → Nothing .RS 4 Permanently set protocols of service to list of \fIprotocols\fR\&. See \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP setShort(s: short) → Nothing .RS 4 Permanently set name of service to \fIshort\fR\&. See \fIshort\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP setSourcePorts(a(ss): ports) → Nothing .RS 4 Permanently set source\-ports of service to list of (\fIport\fR, \fIprotocol\fR)\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP setVersion(s: version) → Nothing .RS 4 Permanently set version of service to \fIversion\fR\&. See \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&. .RE .PP update((sssa(ss)asa{ss}asa(ss)): settings) → Nothing .RS 4 This function is deprecated, use org\&.fedoraproject\&.FirewallD1\&.config\&.service\&.Methods\&.update2 instead\&. .RE .PP update2a{sv}: settings) → Nothing .RS 4 Update settings of service to \fIsettings\fR\&. Settings are a dictionary indexed by keywords\&. For the type of each value see below\&. To zero a value pass an empty string or list\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIservice\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fImodule names (as)\fR: array of kernel netfilter helpers, see \fImodule\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIdestinations (a{ss})\fR: dictionary of {IP family : IP address} where \*(AqIP family\*(Aq key can be either \*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIprotocols (as)\fR: array of protocols, see \fIprotocol\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIsource_ports (a(ss))\fR: array of port and protocol pairs\&. See \fIsource\-port\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIincludes (as)\fR: array of service includes, see \fIinclude\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .PP \fIhelpers (as)\fR: array of service helpers, see \fIhelper\fR tag in \fBfirewalld.service\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_TYPE .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP Removed(s: name) .RS 4 Emitted when service with \fIname\fR has been removed\&. .RE .PP Renamed(s: name) .RS 4 Emitted when service has been renamed to \fIname\fR\&. .RE .PP Updated(s: name) .RS 4 Emitted when service with \fIname\fR has been updated\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP builtin \- b \- (ro) .RS 4 True if service is build\-in, false else\&. .RE .PP default \- b \- (ro) .RS 4 True if build\-in service has default settings\&. False if it has been modified\&. Always False for not build\-in services\&. .RE .PP filename \- s \- (ro) .RS 4 Name (including \&.xml extension) of file where the configuration is stored\&. .RE .PP name \- s \- (ro) .RS 4 Name of service\&. .RE .PP path \- s \- (ro) .RS 4 Path to directory where the configuration is stored\&. Should be either /usr/lib/firewalld/services or /etc/firewalld/services\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.helper" .PP Interface for permanent helper configuration, see also \fBfirewalld.helper\fR(5)\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addPort(s: port, s: protocol) → Nothing .RS 4 Permanently add (\fIport\fR, \fIprotocol\fR) to list of ports in helper\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getDescription() → s .RS 4 Get description of helper\&. See \fIdescription\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP getFamily() → s .RS 4 Get family being \*(Aqipv4\*(Aq, \*(Aqipv6\*(Aq or empty for both\&. See \fIfamily\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP getModule() → s .RS 4 Get modules (netfilter kernel helpers) used in helper\&. See \fImodule\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP getPorts() → a(ss) .RS 4 Get list of (\fIport\fR, \fIprotocol\fR) defined in helper\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP getSettings() → (sssssa(ss)) .RS 4 Return permanent settings of a \fIhelper\fR\&. For getting runtime settings see org\&.fedoraproject\&.FirewallD1\&.Methods\&.getHelperSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fIfamily\fR, \fImodule\fR, array of \fIports\fR (port, protocol)\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIhelper\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIfamily (s)\fR: see \fIfamily\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fImodule (s)\fR: see \fImodule\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .sp .RE .PP getShort() → s .RS 4 Get name of helper\&. See \fIshort\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP getVersion() → s .RS 4 Get version of helper\&. See \fIversion\fR attribute of \fIhelper\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP loadDefaults() → Nothing .RS 4 Load default settings for built\-in helper\&. .sp Possible errors: NO_DEFAULTS .RE .PP queryFamily(s: module) → b .RS 4 Return whether \fIfamily\fR is set for helper\&. See \fIfamily\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP queryModule(s: module) → b .RS 4 Return whether \fImodule\fR (netfilter kernel helpers) is used in helper\&. See \fImodule\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP queryPort(s: port, s: protocol) → b .RS 4 Return whether (\fIport\fR, \fIprotocol\fR) is in list of ports in helper\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP remove() → Nothing .RS 4 Remove not built\-in helper\&. .sp Possible errors: BUILTIN_HELPER .RE .PP removePort(s: port, s: protocol) → Nothing .RS 4 Permanently remove (\fIport\fR, \fIprotocol\fR) from list of ports in helper\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP rename(s: name) → Nothing .RS 4 Rename not built\-in helper to \fIname\fR\&. .sp Possible errors: BUILTIN_HELPER .RE .PP setDescription(s: description) → Nothing .RS 4 Permanently set description of helper to \fIdescription\fR\&. See \fIdescription\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP setFamily(s: family) → Nothing .RS 4 Permanently set family of helper to \fIfamily\fR\&. See \fIfamily\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP setModule(s: module) → Nothing .RS 4 Permanently set module of helper to \fIdescription\fR\&. See \fImodule\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP setPorts(a(ss): ports) → Nothing .RS 4 Permanently set ports of helper to list of (\fIport\fR, \fIprotocol\fR)\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP setShort(s: short) → Nothing .RS 4 Permanently set name of helper to \fIshort\fR\&. See \fIshort\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP setVersion(s: version) → Nothing .RS 4 Permanently set version of helper to \fIversion\fR\&. See \fIversion\fR attribute of \fIhelper\fR tag in \fBfirewalld.helper\fR(5)\&. .RE .PP update((sssssa(ss)): settings) → Nothing .RS 4 Update settings of helper to \fIsettings\fR\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, \fIfamily\fR, \fImodule\fR and array of \fIports\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIhelper\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIfamily (s)\fR: see \fIfamily\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fImodule (s)\fR: see \fImodule\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .PP \fIports (a(ss))\fR: array of port and protocol pairs\&. See \fIport\fR tag in \fBfirewalld.helper\fR(5)\&. .RS 4 .RE .sp Possible errors: INVALID_HELPER .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP Removed(s: name) .RS 4 Emitted when helper with \fIname\fR has been removed\&. .RE .PP Renamed(s: name) .RS 4 Emitted when helper has been renamed to \fIname\fR\&. .RE .PP Updated(s: name) .RS 4 Emitted when helper with \fIname\fR has been updated\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP builtin \- b \- (ro) .RS 4 True if helper is build\-in, false else\&. .RE .PP default \- b \- (ro) .RS 4 True if build\-in helper has default settings\&. False if it has been modified\&. Always False for not build\-in helpers\&. .RE .PP filename \- s \- (ro) .RS 4 Name (including \&.xml extension) of file where the configuration is stored\&. .RE .PP name \- s \- (ro) .RS 4 Name of helper\&. .RE .PP path \- s \- (ro) .RS 4 Path to directory where the configuration is stored\&. Should be either /usr/lib/firewalld/helpers or /etc/firewalld/helpers\&. .RE .RE .SS "org\&.fedoraproject\&.FirewallD1\&.config\&.icmptype" .PP Interface for permanent icmp type configuration, see also \fBfirewalld.icmptype\fR(5)\&. .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMethods\fR .RS 4 .PP addDestination(s: destination) → Nothing .RS 4 Permanently add a \fIdestination\fR (\*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq) to list of destinations of this icmp type\&. See \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .sp Possible errors: ALREADY_ENABLED .RE .PP getDescription() → s .RS 4 Get description of icmp type\&. See \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP getDestinations() → as .RS 4 Get list of destinations\&. See \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP getSettings() → (sssas) .RS 4 Return permanent settings of \fIicmp type\fR\&. For getting runtime settings see org\&.fedoraproject\&.FirewallD1\&.Methods\&.getIcmpTypeSettings\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, array of \fIdestinations\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdestinations (as)\fR: array, either empty or containing strings \*(Aqipv4\*(Aq and/or \*(Aqipv6\*(Aq, see destination tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .sp .RE .PP getShort() → s .RS 4 Get name of icmp type\&. See \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP getVersion() → s .RS 4 Get version of icmp type\&. See \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP loadDefaults() → Nothing .RS 4 Load default settings for built\-in icmp type\&. .sp Possible errors: NO_DEFAULTS .RE .PP queryDestination(s: destination) → b .RS 4 Return whether a \fIdestination\fR (\*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq) is in list of destinations of this icmp type\&. See \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP remove() → Nothing .RS 4 Remove not built\-in icmp type\&. .sp Possible errors: BUILTIN_ICMPTYPE .RE .PP removeDestination(s: destination) → Nothing .RS 4 Permanently remove a \fIdestination\fR (\*(Aqipv4\*(Aq or \*(Aqipv6\*(Aq) from list of destinations of this icmp type\&. See \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .sp Possible errors: NOT_ENABLED .RE .PP rename(s: name) → Nothing .RS 4 Rename not built\-in icmp type to \fIname\fR\&. .sp Possible errors: BUILTIN_ICMPTYPE .RE .PP setDescription(s: description) → Nothing .RS 4 Permanently set description of icmp type to \fIdescription\fR\&. See \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP setDestinations(as: destinations) → Nothing .RS 4 Permanently set destinations of icmp type to \fIdestinations\fR, which is array, either empty or containing strings \*(Aqipv4\*(Aq and/or \*(Aqipv6\*(Aq\&. See \fIdestination\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP setShort(s: short) → Nothing .RS 4 Permanently set name of icmp type to \fIshort\fR\&. See \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP setVersion(s: version) → Nothing .RS 4 Permanently set version of icmp type to \fIversion\fR\&. See \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RE .PP update((sssas): settings) → Nothing .RS 4 Update permanent settings of icmp type to \fIsettings\fR\&. Settings are in format: \fIversion\fR, \fIname\fR, \fIdescription\fR, array of \fIdestinations\fR\&. .PP \fIversion (s)\fR: see \fIversion\fR attribute of \fIicmptype\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIname (s)\fR: see \fIshort\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdescription (s)\fR: see \fIdescription\fR tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .PP \fIdestinations (as)\fR: array, either empty or containing strings \*(Aqipv4\*(Aq and/or \*(Aqipv6\*(Aq, see destination tag in \fBfirewalld.icmptype\fR(5)\&. .RS 4 .RE .sp .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBSignals\fR .RS 4 .PP Removed(s: name) .RS 4 Emitted when icmp type with \fIname\fR has been removed\&. .RE .PP Renamed(s: name) .RS 4 Emitted when icmp type has been renamed to \fIname\fR\&. .RE .PP Updated(s: name) .RS 4 Emitted when icmp type with \fIname\fR has been updated\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBProperties\fR .RS 4 .PP builtin \- b \- (ro) .RS 4 True if icmptype is build\-in, false else\&. .RE .PP default \- b \- (ro) .RS 4 True if build\-in icmp type has default settings\&. False if it has been modified\&. Always False for not build\-in zones\&. .RE .PP filename \- s \- (ro) .RS 4 Name (including \&.xml extension) of file where the configuration is stored\&. .RE .PP name \- s \- (ro) .RS 4 Name of icmp type\&. .RE .PP path \- s \- (ro) .RS 4 Path to directory where the icmp type configuration is stored\&. Should be either /usr/lib/firewalld/icmptypes or /etc/firewalld/icmptypes\&. .RE .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man5/firewalld.direct.50000644000000000000000000002514014217353166021163 0ustar00rootroot00000000000000'\" t .\" Title: firewalld.direct .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld.direct .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD\&.DIRECT" "5" "" "firewalld 1.1.1" "firewalld.direct" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.direct \- firewalld direct configuration file .SH "SYNOPSIS" .PP .nf \fI/etc/firewalld/direct\&.xml\fR .fi .sp .SH "DEPRECATED" .PP The direct interface has been deprecated\&. It will be removed in a future release\&. It is superseded by policies, see \fBfirewalld.policies\fR(5)\&. .SH "DESCRIPTION" .PP Direct configuration gives a more direct access to the firewall\&. It requires user to know basic ip(6)tables/ebtables concepts, i\&.e\&. \fItable\fR (filter/mangle/nat/\&.\&.\&.), \fIchain\fR (INPUT/OUTPUT/FORWARD/\&.\&.\&.), \fIcommands\fR (\-A/\-D/\-I/\&.\&.\&.), \fIparameters\fR (\-p/\-s/\-d/\-j/\&.\&.\&.) and \fItargets\fR (ACCEPT/DROP/REJECT/\&.\&.\&.)\&. Direct configuration should be used only as a last resort when it\*(Aqs not possible to use \fBfirewalld.zone\fR(5)\&. See also \fIDirect Options\fR in \fBfirewall-cmd\fR(1)\&. .PP A firewalld direct configuration file contains information about permanent direct chains, rules and passthrough \&.\&.\&. .PP This is the structure of a direct configuration file: .sp .if n \{\ .RS 4 .\} .nf [ ] [ args ] [ args ] .fi .if n \{\ .RE .\} .sp .SS "direct" .PP The mandatory direct start and end tag defines the direct\&. This tag can only be used once in a direct configuration file\&. There are no attributes for direct\&. .SS "chain" .PP Is an optional empty\-element tag and can be used several times\&. It can be used to define names for additional chains\&. A chain entry has exactly three attributes: .PP ipv="\fIipv4\fR|\fIipv6\fR|\fIeb\fR" .RS 4 The IP family where the chain will be created\&. This can be either \fIipv4\fR, \fIipv6\fR or \fIeb\fR\&. .RE .PP table="\fItable\fR" .RS 4 The table name where the chain will be created\&. This can be one of the tables that can be used for iptables, ip6tables or ebtables\&. For the possible values, see TABLES section in the iptables, ip6tables or ebtables man pages\&. .RE .PP chain="\fIchain\fR" .RS 4 The name of the chain, that will be created\&. Please make sure that there is no other chain with this name already\&. .RE .PP Please remember to add a rule or passthrough rule with an \fB\-\-jump\fR or \fB\-\-goto\fR option to connect the chain to another one\&. .SS "rule" .PP Is an optional element tag and can be used several times\&. It can be used to add rules to a built\-in or added chain\&. A rule entry has exactly four attributes: .PP ipv="\fIipv4\fR|\fIipv6\fR|\fIeb\fR" .RS 4 The IP family where the rule will be added\&. This can be either \fIipv4\fR, \fIipv6\fR or \fIeb\fR\&. .RE .PP table="\fItable\fR" .RS 4 The table name where the rule will be added\&. This can be one of the tables that can be used for iptables, ip6tables or ebtables\&. For the possible values, see TABLES section in the iptables, ip6tables or ebtables man pages\&. .RE .PP chain="\fIchain\fR" .RS 4 The name of the chain where the rule will be added\&. This can be either a built\-in chain or a chain that has been created with the chain tag\&. If the chain name is a built\-in chain, then the rule will be added to \fIchain\fR_direct, else the supplied chain name is used\&. \fIchain\fR_direct is created internally for all built\-in chains to make sure that the added rules do not conflict with the rules created by firewalld\&. .RE .PP priority="\fIpriority\fR" .RS 4 The priority is used to order rules\&. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down\&. Rules with the same priority are on the same level and the order of these rules is not fixed and may change\&. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following\&. .RE .PP The \fIargs\fR can be any arguments of iptables or ip6tables, that do not conflict with the table or chain attributes\&. .SS "passthrough" .PP Is an optional element tag and can be used several times\&. It can be used to add rules to a built\-in or added chain\&. A rule entry has exactly one attribute: .PP ipv="\fIipv4\fR|\fIipv6\fR|\fIeb\fR" .RS 4 The IP family where the passthrough rule will be added\&. This can be either \fIipv4\fR, \fIipv6\fR or \fIeb\fR\&. .RE .PP The \fIargs\fR can be any arguments of iptables or ip6tables\&. .PP The passthrough rule will be added to the chain directly\&. There is no mechanism like for the direct \fBrule\fR above\&. The user of the passthrough rule has to make sure that there will be no conflict with the rules created by firewalld\&. .SH "CAVEATS" .PP Depending on the value of \fIFirewallBackend\fR (see \fBfirewalld.conf\fR(5)) direct rules behave differently in some scenarios\&. .SS "Packet accept/drop precedence" .PP Due to implementation details of netfilter inside the kernel, if \fIFirewallBackend=nftables\fR is used direct rules that \fIACCEPT\fR packets don\*(Aqt actually cause the packets to be immediately accepted by the system\&. Those packets are still be subject to firewalld\*(Aqs nftables ruleset\&. This basically means there are two independent firewalls and packets must be accepted by both (iptables and nftables)\&. As an aside, this scenario also occurs inside of nftables (again due to netfilter) if there are multiple chains attached to the same hook \- it\*(Aqs not as simple as iptables vs nftables\&. .PP There are a handful of options to workaround the \fIACCEPT\fR issue: .sp .RS 4 .ie n \{\ \h'-04' 1.\h'+01'\c .\} .el \{\ .sp -1 .IP " 1." 4.2 .\} Rich Rules .sp If a rich rule can be used, then they should always be preferred over direct rules\&. Rich Rules will be converted to the enabled \fIFirewallBackend\fR\&. See \fBfirewalld.richlanguage\fR(5)\&. .RE .sp .RS 4 .ie n \{\ \h'-04' 2.\h'+01'\c .\} .el \{\ .sp -1 .IP " 2." 4.2 .\} Blanket Accept .sp Users can add an explicit accept to the nftables ruleset\&. This can be done by adding the interface or source to the \fItrusted\fR zone\&. .sp This strategy is often employed by things that perform their own filtering such as: libvirt, podman, docker\&. .sp \fBWarning\fR: This means firewalld will do no filtering on these packets\&. It must all be done via direct rules or out\-of\-band iptables rules\&. .RE .sp .RS 4 .ie n \{\ \h'-04' 3.\h'+01'\c .\} .el \{\ .sp -1 .IP " 3." 4.2 .\} Selective Accept .sp Alternatively, enable only the relevant service, port, address, or otherwise in the appropriate zone\&. .RE .sp .RS 4 .ie n \{\ \h'-04' 4.\h'+01'\c .\} .el \{\ .sp -1 .IP " 4." 4.2 .\} Revert to the iptables backend .sp A last resort is to revert to the iptables backend by setting \fIFirewallBackend=iptables\fR\&. Users should be aware that firewalld development focuses on the nftables backend\&. .RE .PP For direct rules that \fIDROP\fR packets the packets are immediately dropped regardless of the value of \fIFirewallBackend\fR\&. As such, there is no special consideration needed\&. .PP Firewalld guarantees the above ACCEPT/DROP behavior by registering nftables hooks with a lower precedence than iptables hooks\&. .SS "Direct interface precedence" .PP With \fIFirewallBackend=iptables\fR firewalld\*(Aqs top\-level internal rules apply before direct rules are executed\&. This includes rules to accept existing connections\&. In the past this has surprised users\&. As an example, if a user adds a direct rule to drop traffic on destination port 22 existing SSH sessions would continue to function, but new connections would be denied\&. .PP With \fIFirewallBackend=nftables\fR direct rules were deliberately given a higher precedence than all other firewalld rules\&. This includes rules to accept existing connections\&. .SH "EXAMPLE" .PP Denylisting of the networks 192\&.168\&.1\&.0/24 and 192\&.168\&.5\&.0/24 with logging and dropping early in the raw table: .sp .if n \{\ .RS 4 .\} .nf \-s 192\&.168\&.1\&.0/24 \-j denylist \-s 192\&.168\&.5\&.0/24 \-j denylist \-m limit \-\-limit 1/min \-j LOG \-\-log\-prefix "denylisted: " \-j DROP .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man5/firewalld.helper.50000644000000000000000000001053514217353166021172 0ustar00rootroot00000000000000'\" t .\" Title: firewalld.helper .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld.helper .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD\&.HELPER" "5" "" "firewalld 1.1.1" "firewalld.helper" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.helper \- firewalld helper configuration files .SH "SYNOPSIS" .PP .nf \fI/etc/firewalld/helpers/helper\&.xml\fR \fI/usr/lib/firewalld/helpers/helper\&.xml\fR .fi .sp .SH "DESCRIPTION" .PP A firewalld helper configuration file provides the information of a helper entry for firewalld\&. The most important configuration options are ports, family and module\&. .PP This example configuration file shows the structure of a helper configuration file: .sp .if n \{\ .RS 4 .\} .nf \fIshort\fR \fIdescription\fR .fi .if n \{\ .RE .\} .sp .SH "OPTIONS" .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "helper" .PP The mandatory helper start and end tag defines the helper\&. This tag can only be used once in a helper configuration file\&. There is one mandatory and also optional attributes for helper: .PP module="\fIstring\fR" .RS 4 The mandatory module of the helper\&. This is one of the netfilter conntrack helper modules\&. The name starts with \fInf_conntrack_\fR\&. .RE .PP family="\fIipv4\fR|\fIipv6\fR" .RS 4 The optional family of the helper\&. This can be one of these ipv types: \fIipv4\fR or \fIipv6\fR\&. If the family is not specified, then the helper is usable for \fIIPv4\fR and \fIIPv6\fR\&. .RE .PP version="\fIstring\fR" .RS 4 To give the helper a version\&. .RE .SS "short" .PP Is an optional start and end tag and is used to give a helper a more readable name\&. .SS "description" .PP Is an optional start and end tag to have a description for a helper\&. .SS "port" .PP Is an mandatory empty\-element tag and can be used several times to have more than one port entry\&. All attributes of a port entry are mandatory: .PP port="\fIstring\fR" .RS 4 The port \fIstring\fR can be a single port number or a port range \fIportid\fR\-\fIportid\fR or also empty to match a protocol only\&. .RE .PP protocol="\fIstring\fR" .RS 4 The protocol value can either be \fBtcp\fR, \fBudp\fR, \fBsctp\fR or \fBdccp\fR\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man5/firewalld.icmptype.50000644000000000000000000000742014217353166021544 0ustar00rootroot00000000000000'\" t .\" Title: firewalld.icmptype .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld.icmptype .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD\&.ICMPTYPE" "5" "" "firewalld 1.1.1" "firewalld.icmptype" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.icmptype \- firewalld icmptype configuration files .SH "SYNOPSIS" .PP .nf \fI/etc/firewalld/icmptypes/icmptype\&.xml\fR \fI/usr/lib/firewalld/icmptypes/icmptype\&.xml\fR .fi .sp .SH "DESCRIPTION" .PP A firewalld icmptype configuration file provides the information for an Internet Control Message Protocol (ICMP) type for firewalld\&. .PP This example configuration file shows the structure of an icmptype configuration file: .sp .if n \{\ .RS 4 .\} .nf \fIMy Icmptype\fR \fIdescription\fR .fi .if n \{\ .RE .\} .sp .SH "OPTIONS" .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "icmptype" .PP The mandatory icmptype start and end tag defines the icmptype\&. This tag can only be used once in an icmptype configuration file\&. This tag has optional attributes: .PP version="\fIstring\fR" .RS 4 To give the icmptype a version\&. .RE .SS "short" .PP Is an optional start and end tag and is used to give an icmptype a more readable name\&. .SS "description" .PP Is an optional start and end tag to have a description for a icmptype\&. .SS "destination" .PP Is an optional empty\-element tag and can be used only once\&. The destination tag specifies if an icmptype entry is available for IPv4 and/or IPv6\&. The default is IPv4 and IPv6, where this tag can be missing\&. .PP ipv4="\fIbool\fR" .RS 4 Describes if the icmptype is available for IPv4\&. .RE .PP ipv6="\fIbool\fR" .RS 4 Describes if the icmptype is available for IPv6\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man5/firewalld.ipset.50000644000000000000000000001044414217353166021036 0ustar00rootroot00000000000000'\" t .\" Title: firewalld.ipset .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld.ipset .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD\&.IPSET" "5" "" "firewalld 1.1.1" "firewalld.ipset" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.ipset \- firewalld ipset configuration files .SH "SYNOPSIS" .PP .nf \fI/etc/firewalld/ipsets/ipset\&.xml\fR \fI/usr/lib/firewalld/ipsets/ipset\&.xml\fR .fi .sp .SH "DESCRIPTION" .PP A firewalld ipset configuration file provides the information of an ip set for firewalld\&. The most important configuration options are type, option and entry\&. .PP This example configuration file shows the structure of an ipset configuration file: .sp .if n \{\ .RS 4 .\} .nf \fIMy Ipset\fR \fIdescription\fR \fI1\&.2\&.3\&.4\fR \fI1\&.2\&.3\&.5\fR \fI1\&.2\&.3\&.6\fR .fi .if n \{\ .RE .\} .sp .SH "OPTIONS" .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "ipset" .PP The mandatory ipset start and end tag defines the ipset\&. This tag can only be used once in a ipset configuration file\&. There is one mandatory and also optional attributes for ipsets: .PP type="\fIstring\fR" .RS 4 The mandatory type of the ipset\&. To get the list of supported types, use \fBfirewall\-cmd \-\-get\-ipset\-types\fR\&. .RE .PP version="\fIstring\fR" .RS 4 To give the ipset a version\&. .RE .SS "short" .PP Is an optional start and end tag and is used to give an ipset a more readable name\&. .SS "description" .PP Is an optional start and end tag to have a description for a ipset\&. .SS "option" .PP Is an optional empty\-element tag and can be used several times to have more than one option\&. Mostly all attributes of an option entry are mandatory: .PP name="\fIstring\fR" .RS 4 The mandatory option name \fIstring\fR\&. .RE .PP value="\fIstring\fR" .RS 4 The optional value of the option\&. .RE .PP The supported options are: family: \fI"inet"\fR|\fI"inet6"\fR, timeout: \fIinteger\fR, hashsize: \fIinteger\fR, maxelem: \fIinteger\fR\&. For more information on these options, please have a look at the ipset documentation\&. .SS "entry" .PP Is an optional start and end tag and can be used several times to have more than one entry entry\&. An entry entry does not have attributes\&. .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man5/firewalld.lockdown-whitelist.50000644000000000000000000001140114217353167023537 0ustar00rootroot00000000000000'\" t .\" Title: firewalld.lockdown-whitelist .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld.lockdown-whitelist .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD\&.LOCKDOWN" "5" "" "firewalld 1.1.1" "firewalld.lockdown-whitelist" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.lockdown-whitelist \- firewalld lockdown whitelist configuration file .SH "SYNOPSIS" .PP .nf \fI/etc/firewalld/lockdown\-whitelists\&.xml\fR .fi .sp .SH "DESCRIPTION" .PP The firewalld lockdown\-whitelist configuration file contains the selinux contexts, commands, users and user ids that are white\-listed when firewalld lockdown feature is enabled (see \fBfirewalld.conf\fR(5) and \fBfirewall-cmd\fR(1))\&. .PP This example configuration file shows the structure of an lockdown\-whitelist file: .sp .if n \{\ .RS 4 .\} .nf .fi .if n \{\ .RE .\} .sp .SH "OPTIONS" .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "whitelist" .PP The mandatory whitelist start and end tag defines the lockdown\-whitelist\&. This tag can only be used once in a lockdown\-whitelist configuration file\&. There are no attributes for this\&. .SS "selinux" .PP Is an optional empty\-element tag and can be used several times to have more than one selinux contexts entries\&. A selinux entry has exactly one attribute: .PP context="\fIstring\fR" .RS 4 The context is the security (SELinux) context of a running application or service\&. .sp To get the context of a running application use \fBps \-e \-\-context\fR and search for the application that should be white\-listed\&. .sp Warning: If the context of an application is unconfined, then this will open access for more than the desired application\&. .RE .SS "command" .PP Is an optional empty\-element tag and can be used several times to have more than one command entry\&. A command entry has exactly one attribute: .PP name="\fIstring\fR" .RS 4 The command \fIstring\fR is a complete command line including path and also attributes\&. .sp If a command entry ends with an asterisk \*(Aq*\*(Aq, then all command lines starting with the command will match\&. If the \*(Aq*\*(Aq is not there the absolute command inclusive arguments must match\&. .sp Commands for user root and others is not always the same, the used path depends on the use of the \fBPATH\fR environment variable\&. .RE .SS "user" .PP Is an optional empty\-element tag and can be used several times to white\-list more than one user\&. A user entry has exactly one attribute of these: .PP name="\fIstring\fR" .RS 4 The user with the name \fIstring\fR will be white\-listed\&. .RE .PP id="\fIinteger\fR" .RS 4 The user with the id \fIuserid\fR will be white\-listed\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man5/firewalld.policies.50000644000000000000000000001441314217353170021514 0ustar00rootroot00000000000000'\" t .\" Title: firewalld.policies .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld.policies .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD\&.POLICIES" "5" "" "firewalld 1.1.1" "firewalld.policies" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.policies \- firewalld policies .SH "DESCRIPTION" .SS "What is a policy?" .PP A policy applies a set of rules to traffic flowing between between zones (see zones (see \fBfirewalld.zones\fR(5))\&. The policy affects traffic in a stateful unidirectional manner, e\&.g\&. zoneA to zoneB\&. This allows asynchronous filtering policies\&. .PP A policy\*(Aqs relationship to zones is defined by assigning a set of ingress zones and a set of egress zones\&. For example, if the set of ingress zones contains "public" and the set of egress zones contains "internal" then the policy will affect all traffic flowing from the "public" zone to the "internal" zone\&. However, since policies are unidirectional it will not apply to traffic flowing from "internal" to "public"\&. Note that the ingress set and egress set can contain multiple zones\&. .SS "Active Policies" .PP Policies only become active if all of the following are true\&. .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} The ingress zones list contain at least one regular zone or a single symbolic zone\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} The egress zones list contain at least one regular zone or a single symbolic zone\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} For non symbolic zones, the zone must be active\&. That is, it must have interfaces or sources assigned to it\&. .RE .PP If the policy is not active then the policy has no effect\&. .SS "Symbolic Zones" .PP Regular zones are not enough to express every form of packet filtering\&. For example there is no zone to represent traffic flowing to or from the host running firewalld\&. As such, there are some symbolic zones to fill these gaps\&. However, symbolic zones are unique in that they\*(Aqre the only zone allowed in the ingress or egress zone sets\&. For example, you cannot use "public" and "HOST" in the ingress zones\&. .PP Symbolic zones: .sp .RS 4 .ie n \{\ \h'-04' 1.\h'+01'\c .\} .el \{\ .sp -1 .IP " 1." 4.2 .\} HOST .sp This symbolic zone is for traffic flowing to or from the host running firewalld\&. This corresponds to netfilter (iptables/nftables) chains INPUT and OUTPUT\&. .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} If used in the egress zones list it will apply to traffic on the INPUT chain\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} If used in the ingress zones list it will apply to traffic on the OUTPUT chain\&. .RE .RE .sp .RS 4 .ie n \{\ \h'-04' 2.\h'+01'\c .\} .el \{\ .sp -1 .IP " 2." 4.2 .\} ANY .sp This symbolic zone behaves like a wildcard for the ingress and egress zones\&. With the exception that it does not include "HOST"\&. It\*(Aqs useful if you want a policy to apply to every zone\&. .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} If used in the ingress zones list it will apply for traffic originating from any zone\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} If used in the egress zones list it will apply for traffic destined to any zone\&. .RE .RE .SS "Predefined Policies" .PP firewalld ships with some predefined policies\&. These may or may not be active by default\&. For details see the description of each policy\&. .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} allow\-host\-ipv6 .RE .SS "Similarity to Zones" .PP Policies are similar to zones in that they are an attachment point for firewalld\*(Aqs primitives: services, ports, forward ports, etc\&. This is not a coincidence\&. Policies are a generalization of how zones have traditionally achieved filtering\&. In fact, in modern firewalld zones are internally implemented as a set of policies\&. .PP The main difference between policies and zones is that policies allow filtering in all directions: input, output, and forwarding\&. With a couple of exceptions zones only allow input filtering which is sufficient for an end station firewalling\&. However, for network level filtering or filtering on behalf of virtual machines and containers something more flexible, i\&.e\&. policies, are needed\&. .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man5/firewalld.policy.50000644000000000000000000003235114217353170021205 0ustar00rootroot00000000000000'\" t .\" Title: firewalld.policy .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld.policy .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD\&.POLICY" "5" "" "firewalld 1.1.1" "firewalld.policy" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.policy \- firewalld policy configuration files .SH "SYNOPSIS" .PP \fI/etc/firewalld/policies/policy\&.xml\fR .PP \fI/usr/lib/firewalld/policies/policy\&.xml\fR .SH "DESCRIPTION" .PP A firewalld policy configuration file contains the information for a policy\&. These are the policy descriptions, services, ports, protocols, icmp\-blocks, masquerade, forward\-ports and rich language rules in an XML file format\&. The file name has to be \fIpolicy_name\fR\&.xml where length of \fIpolicy_name\fR is currently limited to 17 chars\&. .PP This is the structure of a policy configuration file: .sp .if n \{\ .RS 4 .\} .nf [ ] [ ] [ \fIshort description\fR ] [ \fIdescription\fR ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ [ ] [ ] [ | | | | | | ] [ [] | [] ] [ [] ] [ [] | [] | [] | [] ] ] .fi .if n \{\ .RE .\} .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "policy" .PP The mandatory policy start and end tag defines the policy\&. This tag can only be used once in a policy configuration file\&. There are optional attributes for policy: .PP version="\fIstring\fR" .RS 4 To give the policy a version\&. .RE .PP target="\fICONTINUE\fR|\fIACCEPT\fR|\fIREJECT\fR|\fIDROP\fR" .RS 4 Can be used to accept, reject or drop every packet that doesn\*(Aqt match any rule (port, service, etc\&.)\&. The \fICONTINUE\fR is the default and used for policies that are non\-terminal\&. .RE .SS "ingress\-zone" .PP An optional element that can be used several times\&. It can be the name of a firewalld zone or one of the symbolic zones: HOST, ANY\&. See \fBfirewalld.policies\fR(5) for information about symbolic zones\&. .SS "egress\-zone" .PP An optional element that can be used several times\&. It can be the name of a firewalld zone or one of the symbolic zones: HOST, ANY\&. See \fBfirewalld.policies\fR(5) for information about symbolic zones\&. .SS "short" .PP Is an optional start and end tag and is used to give a more readable name\&. .SS "description" .PP Is an optional start and end tag to have a description\&. .SS "service" .PP Is an optional empty\-element tag and can be used several times to have more than one service entry enabled\&. A service entry has exactly one attribute: .PP name="\fIstring\fR" .RS 4 The name of the service to be enabled\&. To get a list of valid service names \fBfirewall\-cmd \-\-get\-services\fR can be used\&. .RE .SS "port" .PP Is an optional empty\-element tag and can be used several times to have more than one port entry\&. All attributes of a port entry are mandatory: .PP port="\fIportid\fR[\-\fIportid\fR]" .RS 4 The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. .RE .PP protocol="\fItcp\fR|\fIudp\fR|\fIsctp\fR|\fIdccp\fR" .RS 4 The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .SS "protocol" .PP Is an optional empty\-element tag and can be used several times to have more than one protocol entry\&. All protocol has exactly one attribute: .PP value="\fIstring\fR" .RS 4 The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. .RE .SS "icmp\-block" .PP Is an optional empty\-element tag and can be used several times to have more than one icmp\-block entry\&. Each icmp\-block tag has exactly one mandatory attribute: .PP name="\fIstring\fR" .RS 4 The name of the Internet Control Message Protocol (ICMP) type to be blocked\&. To get a list of valid ICMP types \fBfirewall\-cmd \-\-get\-icmptypes\fR can be used\&. .RE .SS "tcp\-mss\-clamp" .PP Is an optional empty\-element tag and can be used several times\&. If left empty maximum segment size is set to \*(Aqpmtu\*(Aq\&. This tag has exactly one optional attribute: .PP value="\fIstring\fR" .RS 4 Value can set maximum segment size to \*(Aqpmtu\*(Aq (Path Maximum Transmission Unit) or a user\-defined value that is greater than or equal to 536\&. .RE .SS "masquerade" .PP Is an optional empty\-element tag\&. It can be used only once\&. If it\*(Aqs present masquerading is enabled\&. .SS "forward\-port" .PP Is an optional empty\-element tag and can be used several times to have more than one port or packet forward entry\&. There are mandatory and also optional attributes for forward ports: .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMandatory attributes:\fR .RS 4 .PP The local port and protocol to be forwarded\&. .PP port="\fIportid\fR[\-\fIportid\fR]" .RS 4 The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. .RE .PP protocol="\fItcp\fR|\fIudp\fR|\fIsctp\fR|\fIdccp\fR" .RS 4 The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBOptional attributes:\fR .RS 4 .PP The destination of the forward\&. For local forwarding add \fBto\-port\fR only\&. For remote forwarding add \fBto\-addr\fR and use \fBto\-port\fR optionally if the destination port on the destination machine should be different\&. .PP to\-port="\fIportid\fR[\-\fIportid\fR]" .RS 4 The destination port or port range to forward to\&. If omitted, the value of the port= attribute will be used altogether with the to\-addr attribute\&. .RE .PP to\-addr="\fIaddress\fR" .RS 4 The destination IP address either for IPv4 or IPv6\&. .RE .RE .SS "source\-port" .PP Is an optional empty\-element tag and can be used several times to have more than one source port entry\&. All attributes of a source port entry are mandatory: .PP port="\fIportid\fR[\-\fIportid\fR]" .RS 4 The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. .RE .PP protocol="\fItcp\fR|\fIudp\fR|\fIsctp\fR|\fIdccp\fR" .RS 4 The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .SS "rule" .PP Is an optional element tag and can be used several times to have more than one rich language rule entry\&. .PP The general rule structure: .PP .if n \{\ .RS 4 .\} .nf [ ] [ ] [ | | | | | | | | ] [ [] | [] ] [ [] ] [ [] | [] | [] | [] ] .fi .if n \{\ .RE .\} .PP Rule structure for source black or white listing: .PP .if n \{\ .RS 4 .\} .nf [ [] | [] ] [ [] ] [] | [] | [] .fi .if n \{\ .RE .\} .PP For a full description on rich language rules, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man5/firewalld.richlanguage.50000644000000000000000000004170714217353167022352 0ustar00rootroot00000000000000'\" t .\" Title: firewalld.richlanguage .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld.richlanguage .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD\&.RICHLANG" "5" "" "firewalld 1.1.1" "firewalld.richlanguage" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.richlanguage \- Rich Language Documentation .SH "DESCRIPTION" .PP With the rich language more complex firewall rules can be created in an easy to understand way\&. The language uses keywords with values and is an abstract representation of ip*tables rules\&. .PP The rich language extends the current zone elements (service, port, icmp\-block, icmp\-type, masquerade, forward\-port and source\-port) with additional source and destination addresses, logging, actions and limits for logs and actions\&. .PP This page describes the rich language used in the command line client and D\-Bus interface\&. For information about the rich language representation used in the zone configuration files, please have a look at \fBfirewalld.zone\fR(5)\&. .PP A rule is part of a zone\&. One zone can contain several rules\&. If some rules interact/contradict, the first rule that matches "wins"\&. .PP \fBGeneral rule structure\fR .sp .if n \{\ .RS 4 .\} .nf rule [source] [destination] service|port|protocol|icmp\-block|icmp\-type|masquerade|forward\-port|source\-port [log|nflog] [audit] [accept|reject|drop|mark] .fi .if n \{\ .RE .\} .sp The complete rule is provided as a single line string\&. A destination is allowed here as long as it does not conflict with the destination of a service\&. .PP \fBRule structure for source black or white listing\fR .sp .if n \{\ .RS 4 .\} .nf rule source [log|nflog] [audit] accept|reject|drop|mark .fi .if n \{\ .RE .\} .sp This is used to grant or limit access from a source to this machine or machines that are reachable by this machine\&. A destination is not allowed here\&. .PP \fBImportant information about element options:\fR Options for elements in a rule need to be added exactly after the element\&. If the option is placed somewhere else it might be used for another element as far as it matches the options of the other element or will result in a rule error\&. .SS "Rule" .PP .if n \{\ .RS 4 .\} .nf rule [family="ipv4|ipv6"] [priority="priority"] .fi .if n \{\ .RE .\} .PP If the rule family is provided, it can be either "ipv4" or "ipv6", which limits the rule to IPv4 or IPv6\&. If the rule family is not provided, the rule will be added for IPv4 and IPv6\&. If source or destination addresses are used in a rule, then the rule family need to be provided\&. This is also the case for port/packet forwarding\&. .PP If the rule priority is provided, it can be in the range of \-32768 to 32767 where lower values have higher precendence\&. Rich rules are sorted by priority\&. Ordering for rules with the same priority value is undefined\&. A negative priority value will be executed before other firewalld primitives\&. A positive priority value will be executed after other firewalld primitives\&. A priority value of 0 will place the rule in a chain based on the action as per the "Information about logging and actions" below\&. .SS "Source" .PP .if n \{\ .RS 4 .\} .nf source [not] address="address[/mask]"|mac="mac\-address"|ipset="ipset" .fi .if n \{\ .RE .\} .sp With the source address the origin of a connection attempt can be limited to the source address\&. An address is either a single IP address, or a network IP address, a MAC address or an IPSet\&. The address has to match the rule family (IPv4/IPv6)\&. Subnet mask is expressed in either dot\-decimal (/x\&.x\&.x\&.x) or prefix (/x) notations for IPv4, and in prefix notation (/x) for IPv6 network addresses\&. It is possible to invert the sense of an address by adding \fBnot\fR before \fBaddress\fR\&. All but the specified address will match then\&. .SS "Destination" .PP .if n \{\ .RS 4 .\} .nf destination [not] address="address[/mask]"|ipset="ipset" .fi .if n \{\ .RE .\} .sp With the destination address the target can be limited to the destination address\&. The destination address is using the same syntax as the source address\&. .PP The use of source and destination addresses is optional and the use of a destination addresses is not possible with all elements\&. This depends on the use of destination addresses for example in service entries\&. .SS "Service" .PP .if n \{\ .RS 4 .\} .nf service name="service name" .fi .if n \{\ .RE .\} .PP The service \fIservice name\fR will be added to the rule\&. The service name is one of the firewalld provided services\&. To get a list of the supported services, use \fBfirewall\-cmd \-\-get\-services\fR\&. .PP If a service provides a destination address, it will conflict with a destination address in the rule and will result in an error\&. The services using destination addresses internally are mostly services using multicast\&. .SS "Port" .PP .if n \{\ .RS 4 .\} .nf port port="port value" protocol="tcp|udp" .fi .if n \{\ .RE .\} .PP The port \fIport value\fR can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR or \fIudp\fR\&. .SS "Protocol" .PP .if n \{\ .RS 4 .\} .nf protocol value="protocol value" .fi .if n \{\ .RE .\} .PP The protocol value can be either a protocol id number or a protocol name\&. For allowed protocol entries, please have a look at \fI/etc/protocols\fR\&. .SS "Tcp\-Mss\-Clamp" .PP .if n \{\ .RS 4 .\} .nf tcp\-mss\-clamp="value=pmtu|value=number >= 536|None" .fi .if n \{\ .RE .\} .PP The tcp\-mss\-clamp sets the maximum segment size in the rule\&. .PP The tcp\-mss\-clamp has an optional attribute value can be either be set to "pmtu" or a number greater than or equal to 536\&. If attribute value is not present then the maximum segment size is automatically set to "pmtu"\&. .SS "ICMP\-Block" .PP .if n \{\ .RS 4 .\} .nf icmp\-block name="icmptype name" .fi .if n \{\ .RE .\} .PP The icmptype is the one of the icmp types firewalld supports\&. To get a listing of supported icmp types: \fBfirewall\-cmd \-\-get\-icmptypes\fR .PP It is not allowed to specify an action here\&. icmp\-block uses the action reject internally\&. .SS "Masquerade" .PP .if n \{\ .RS 4 .\} .nf masquerade .fi .if n \{\ .RE .\} .PP Turn on masquerading in the rule\&. A source and also a destination address can be provided to limit masquerading to this area\&. .PP It is not allowed to specify an action here\&. .PP \fINote:\fR IP forwarding will be implicitly enabled\&. .SS "ICMP\-Type" .PP .if n \{\ .RS 4 .\} .nf icmp\-type name="icmptype name" .fi .if n \{\ .RE .\} .PP The icmptype is the one of the icmp types firewalld supports\&. To get a listing of supported icmp types: \fBfirewall\-cmd \-\-get\-icmptypes\fR .SS "Forward\-Port" .PP .if n \{\ .RS 4 .\} .nf forward\-port port="port value" protocol="tcp|udp" to\-port="port value" to\-addr="address" .fi .if n \{\ .RE .\} .PP Forward port/packets from local port value with protocol "tcp" or "udp" to either another port locally or to another machine or to another port on another machine\&. .PP The port value can either be a single port number or a port range \fIportid\-portid\fR\&. The \fBto\-addr\fR is an IP address\&. .PP It is not allowed to specify an action here\&. forward\-port uses the action accept internally\&. .PP \fINote:\fR IP forwarding will be implicitly enabled if \fBto\-addr\fR is specified\&. .SS "Source\-Port" .PP .if n \{\ .RS 4 .\} .nf source\-port port="port value" protocol="tcp|udp" .fi .if n \{\ .RE .\} .PP The source\-port \fIport value\fR can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. The protocol can either be \fItcp\fR or \fIudp\fR\&. .SS "Log" .PP .if n \{\ .RS 4 .\} .nf log [prefix="prefix text"] [level="log level"] [limit value="rate/duration"] .fi .if n \{\ .RE .\} .PP Log new connection attempts to the rule with kernel logging for example in syslog\&. You can define a prefix text with a maximum length of 127 characters that will be added to the log message as a prefix\&. Log level can be one of "\fBemerg\fR", "\fBalert\fR", "\fBcrit\fR", "\fBerror\fR", "\fBwarning\fR", "\fBnotice\fR", "\fBinfo\fR" or "\fBdebug\fR", where default (i\&.e\&. if there\*(Aqs no one specified) is "\fBwarning\fR"\&. See \fBsyslog\fR(3) for description of levels\&. See Limit section for description of \fBlimit\fR tag\&. .PP \fINote:\fR The iptables backend truncates prefix to 29 characters\&. .SS "NFLog" .PP .if n \{\ .RS 4 .\} .nf nflog [group="group id"] [prefix="prefix text"] [queue\-size="threshold"] [limit value="rate/duration"] .fi .if n \{\ .RE .\} .PP Log new connection attempts to the rule using kernel logging to pass the packets through a \*(Aqnetlink\*(Aq socket to users or applications monitoring the multicast \fBgroup\fR\&. The minimum and default value for \fBgroup\fR is 0, maximum value is 65535\&. See NETLINK_NETFILTER in \fBnetlink\fR(7) man page and NFLOG in both \fBiptables-extensions\fR(8) and \fBnft\fR(8) man pages for a more detailed description\&. .PP You can define a prefix text with a maximum length of 127 characters that will be added to the log message as a prefix\&. The \fBqueue\-size\fR option can be set to increase the queue threshold which can help limit context switching\&. The default value for \fBqueue\-size\fR is 1, maximum value is 65535\&. See \fBiptables-extensions\fR(8) and \fBnft\fR(8) for more details\&. .PP See Limit section for description of \fBlimit\fR tag\&. .PP \fINote:\fR The iptables backend truncates prefix to 63 characters\&. .SS "Audit" .PP .if n \{\ .RS 4 .\} .nf audit [limit value="rate/duration"] .fi .if n \{\ .RE .\} .PP Audit provides an alternative way for logging using audit records sent to the service auditd\&. Audit type will be discovered from the rule action automatically\&. Use of audit is optional\&. See Limit section for description of \fBlimit\fR tag\&. .SS "Action" .PP An action can be one of \fBaccept\fR, \fBreject\fR, \fBdrop\fR or \fBmark\fR\&. .PP The rule can either contain an element or also a source only\&. If the rule contains an element, then new connection matching the element will be handled with the action\&. If the rule does not contain an element, then everything from the source address will be handled with the action\&. .PP .if n \{\ .RS 4 .\} .nf accept [limit value="rate/duration"] .fi .if n \{\ .RE .\} .PP .if n \{\ .RS 4 .\} .nf reject [type="reject type"] [limit value="rate/duration"] .fi .if n \{\ .RE .\} .PP .if n \{\ .RS 4 .\} .nf drop [limit value="rate/duration"] .fi .if n \{\ .RE .\} .PP .if n \{\ .RS 4 .\} .nf mark set="mark[/mask]" [limit value="rate/duration"] .fi .if n \{\ .RE .\} .PP With \fBaccept\fR all new connection attempts will be granted\&. With \fBreject\fR they will not be accepted and their source will get a reject ICMP(v6) message\&. The reject type can be set to specify appropriate ICMP(v6) error message\&. For valid reject types see \fB\-\-reject\-with type\fR in \fBiptables-extensions\fR(8) man page\&. Because reject types are different for IPv4 and IPv6 you have to specify rule family when using reject type\&. With \fBdrop\fR all packets will be dropped immediately, there is no information sent to the source\&. With \fBmark\fR all packets will be marked in the \fBPREROUTING\fR chain in the \fBmangle\fR table with the mark and mask combination\&. See Limit section for description of \fBlimit\fR tag\&. .SS "Limit" .PP .if n \{\ .RS 4 .\} .nf limit value="rate/duration" .fi .if n \{\ .RE .\} .PP It is possible to limit Log, NFLog, Audit and Action\&. A rule using this tag will match until this limit is reached\&. The rate is a natural positive number [1, \&.\&.] The duration is of "s", "m", "h", "d"\&. "s" means seconds, "m" minutes, "h" hours and "d" days\&. Maximum limit value is "2/d", which means at maximum two matches per day\&. .SS "Information about logging and actions" .PP Logging can be done with the log, nflog and audit actions\&. A new chain is added to all zones: zone_log\&. This will be jumped into before the deny chain to be able to have a proper ordering\&. .PP The rules or parts of them are placed in separate chains according to the priority and action of the rule: .PP .if n \{\ .RS 4 .\} .nf \fIzone\fR_pre \fIzone\fR_log \fIzone\fR_deny \fIzone\fR_allow \fIzone\fR_post .fi .if n \{\ .RE .\} .PP When \fIpriority < 0\fR, the rich rule will be placed in the \fIzone\fR_pre chain\&. .PP When \fIpriority == 0\fR Then all logging rules will be placed in the \fIzone\fR_log chain\&. All reject and drop rules will be placed in the \fIzone\fR_deny chain, which will be walked after the log chain\&. All accept rules will be placed in the \fIzone\fR_allow chain, which will be walked after the deny chain\&. If a rule contains log and also deny or allow actions, the parts are placed in the matching chains\&. .PP When \fIpriority > 0\fR, the rich rule will be placed in the \fIzone\fR_post chain\&. .SH "EXAMPLES" .PP These are examples of how to specify rich language rules\&. This format (i\&.e\&. one string that specifies whole rule) uses for example \fBfirewall\-cmd \-\-add\-rich\-rule\fR (see \fBfirewall-cmd\fR(1)) as well as D\-Bus interface\&. .SS "Example 1" .PP Enable new IPv4 and IPv6 connections for protocol \*(Aqah\*(Aq .PP .if n \{\ .RS 4 .\} .nf rule protocol value="ah" accept .fi .if n \{\ .RE .\} .sp .SS "Example 2" .PP Allow new IPv4 and IPv6 connections for service ftp and log 1 per minute using audit .PP .if n \{\ .RS 4 .\} .nf rule service name="ftp" log limit value="1/m" audit accept .fi .if n \{\ .RE .\} .sp .SS "Example 3" .PP Allow new IPv4 connections from address 192\&.168\&.0\&.0/24 for service tftp and log 1 per minutes using syslog .PP .if n \{\ .RS 4 .\} .nf rule family="ipv4" source address="192\&.168\&.0\&.0/24" service name="tftp" log prefix="tftp" level="info" limit value="1/m" accept .fi .if n \{\ .RE .\} .sp .SS "Example 4" .PP New IPv6 connections from 1:2:3:4:6:: to service radius are all rejected and logged at a rate of 3 per minute\&. New IPv6 connections from other sources are accepted\&. .PP .if n \{\ .RS 4 .\} .nf rule family="ipv6" source address="1:2:3:4:6::" service name="radius" log prefix="dns" level="info" limit value="3/m" reject rule family="ipv6" service name="radius" accept .fi .if n \{\ .RE .\} .sp .SS "Example 5" .PP Forward IPv6 port/packets receiving from 1:2:3:4:6:: on port 4011 with protocol tcp to 1::2:3:4:7 on port 4012 .PP .if n \{\ .RS 4 .\} .nf rule family="ipv6" source address="1:2:3:4:6::" forward\-port to\-addr="1::2:3:4:7" to\-port="4012" protocol="tcp" port="4011" .fi .if n \{\ .RE .\} .sp .SS "Example 6" .PP White\-list source address to allow all connections from 192\&.168\&.2\&.2 .PP .if n \{\ .RS 4 .\} .nf rule family="ipv4" source address="192\&.168\&.2\&.2" accept .fi .if n \{\ .RE .\} .sp .SS "Example 7" .PP Black\-list source address to reject all connections from 192\&.168\&.2\&.3 .PP .if n \{\ .RS 4 .\} .nf rule family="ipv4" source address="192\&.168\&.2\&.3" reject type="icmp\-admin\-prohibited" .fi .if n \{\ .RE .\} .sp .SS "Example 8" .PP Black\-list source address to drop all connections from 192\&.168\&.2\&.4 .PP .if n \{\ .RS 4 .\} .nf rule family="ipv4" source address="192\&.168\&.2\&.4" drop .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man5/firewalld.service.50000644000000000000000000001510514217353167021352 0ustar00rootroot00000000000000'\" t .\" Title: firewalld.service .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld.service .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD\&.SERVICE" "5" "" "firewalld 1.1.1" "firewalld.service" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.service \- firewalld service configuration files .SH "SYNOPSIS" .PP .nf \fI/etc/firewalld/services/service\&.xml\fR \fI/usr/lib/firewalld/services/service\&.xml\fR .fi .sp .SH "DESCRIPTION" .PP A firewalld service configuration file provides the information of a service entry for firewalld\&. The most important configuration options are ports, modules and destination addresses\&. .PP This example configuration file shows the structure of a service configuration file: .sp .if n \{\ .RS 4 .\} .nf \fIMy Service\fR \fIdescription\fR .fi .if n \{\ .RE .\} .sp .SH "OPTIONS" .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "service" .PP The mandatory service start and end tag defines the service\&. This tag can only be used once in a service configuration file\&. There are optional attributes for services: .PP version="\fIstring\fR" .RS 4 To give the service a version\&. .RE .SS "short" .PP Is an optional start and end tag and is used to give an service a more readable name\&. .SS "description" .PP Is an optional start and end tag to have a description for a service\&. .SS "port" .PP Is an optional empty\-element tag and can be used several times to have more than one port entry\&. All attributes of a port entry are mandatory: .PP port="\fIstring\fR" .RS 4 The port \fIstring\fR can be a single port number or a port range \fIportid\fR\-\fIportid\fR or also empty to match a protocol only\&. .RE .PP protocol="\fIstring\fR" .RS 4 The protocol value can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .PP For compatibility with older firewalld versions, it is possible to add protocols with the port option where the port is empty\&. With the addition of native protocol support in the service, this it not needed anymore\&. These entries will automatically be converted to protocols\&. With the next modification of the service file, the enries will be listed as protocols\&. .SS "protocol" .PP Is an optional empty\-element tag and can be used several times to have more than one protocol entry\&. A protocol entry has exactly one attribute: .PP value="\fIstring\fR" .RS 4 The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. .RE .SS "source\-port" .PP Is an optional empty\-element tag and can be used several times to have more than one source port entry\&. All attributes of a source port entry are mandatory: .PP port="\fIstring\fR" .RS 4 The port \fIstring\fR can be a single port number or a port range \fIportid\fR\-\fIportid\fR\&. .RE .PP protocol="\fIstring\fR" .RS 4 The protocol value can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .SS "module" .PP This element is deprecated\&. Please use helper described below in the section called \(lqhelper\(rq\&. .SS "destination" .PP Is an optional empty\-element tag and can be used only once\&. The destination specifies the destination network as a network IP address (optional with /mask), or a plain IP address\&. The use of hostnames is not recommended, because these will only be resolved at service activation and transmitted to the kernel\&. For more information in this element, please have a look at \fB\-\-destination\fR in \fBiptables\fR(8) and \fBip6tables\fR(8)\&. .PP ipv4="\fIaddress\fR[/\fImask\fR]" .RS 4 The IPv4 destination address with optional mask\&. .RE .PP ipv6="\fIaddress\fR[/\fImask\fR]" .RS 4 The IPv6 destination address with optional mask\&. .RE .SS "include" .PP Is an optional empty\-element tag and can be used several times to have more than one include entry\&. An include entry has exactly one attribute: .PP service="\fIstring\fR" .RS 4 The include can be any service supported by firewalld\&. .sp \fBWarning:\fRFirewalld will only check that the included \fIservice\fR is a valid service if it\*(Aqs applied to a zone\&. .RE .SS "helper" .PP Is an optional empty\-element tag and can be used several times to have more than one helper entry\&. An helper entry has exactly one attribute: .PP name="\fIstring\fR" .RS 4 The helper can be any helper supported by firewalld\&. .RE .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man5/firewalld.zone.50000644000000000000000000003574114217353167020675 0ustar00rootroot00000000000000'\" t .\" Title: firewalld.zone .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld.zone .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD\&.ZONE" "5" "" "firewalld 1.1.1" "firewalld.zone" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.zone \- firewalld zone configuration files .SH "SYNOPSIS" .PP \fI/etc/firewalld/zones/zone\&.xml\fR .PP \fI/usr/lib/firewalld/zones/zone\&.xml\fR .SH "DESCRIPTION" .PP A firewalld zone configuration file contains the information for a zone\&. These are the zone description, services, ports, protocols, icmp\-blocks, masquerade, forward\-ports, intra\-zone forwarding and rich language rules in an XML file format\&. The file name has to be \fIzone_name\fR\&.xml where length of \fIzone_name\fR is currently limited to 17 chars\&. .PP This is the structure of a zone configuration file: .sp .if n \{\ .RS 4 .\} .nf [ ] [ ] [ ] [ ] [ \fIshort description\fR ] [ \fIdescription\fR ] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [ [ ] [ ] [ | | | | | | ] [ [] | [] ] [ [] ] [ [] | [] | [] | [] ] ] .fi .if n \{\ .RE .\} .PP The config can contain these tags and attributes\&. Some of them are mandatory, others optional\&. .SS "zone" .PP The mandatory zone start and end tag defines the zone\&. This tag can only be used once in a zone configuration file\&. There are optional attributes for zones: .PP version="\fIstring\fR" .RS 4 To give the zone a version\&. .RE .PP target="\fIACCEPT\fR|\fI%%REJECT%%\fR|\fIDROP\fR" .RS 4 Can be used to accept, reject or drop every packet that doesn\*(Aqt match any rule (port, service, etc\&.)\&. The \fIACCEPT\fR target is used in \fItrusted\fR zone to accept every packet not matching any rule\&. The \fI%%REJECT%%\fR target is used in \fIblock\fR zone to reject (with default firewalld reject type) every packet not matching any rule\&. The \fIDROP\fR target is used in \fIdrop\fR zone to drop every packet not matching any rule\&. If the target is not specified, every packet not matching any rule will be rejected\&. .RE .SS "interface" .PP Is an optional empty\-element tag and can be used several times\&. It can be used to bind an interface to a zone\&. You don\*(Aqt need this for NetworkManager\-managed interfaces, because NetworkManager binds interfaces to zones automatically\&. See also \*(AqHow to set or change a zone for a connection?\*(Aq in \fBfirewalld.zones\fR(5)\&. You can use it as a fallback mechanism for interfaces that can\*(Aqt be managed via NetworkManager\&. An interface entry has exactly one attribute: .PP name="\fIstring\fR" .RS 4 The name of the interface to be bound to the zone\&. .RE .SS "source" .PP Is an optional empty\-element tag and can be used several times\&. It can be used to bind a source address, address range, a MAC address or an ipset to a zone\&. A source entry has exactly one of these attributes: .PP address="\fIaddress\fR[/\fImask\fR]" .RS 4 The source is either an IP address or a network IP address with a mask for IPv4 or IPv6\&. The network family (IPv4/IPv6) will be automatically discovered\&. For IPv4, the mask can be a network mask or a plain number\&. For IPv6 the mask is a plain number\&. The use of host names is not supported\&. .RE .PP mac="\fIMAC\fR" .RS 4 The source is a MAC address\&. It must be of the form XX:XX:XX:XX:XX:XX\&. .RE .PP ipset="\fIipset\fR" .RS 4 The source is an ipset\&. .RE .SS "icmp\-block\-inversion" .PP Is an optional empty\-element tag and can be used only once in a zone configuration\&. This flag inverts the icmp block handling\&. Only enabled ICMP types are accepted and all others are rejected in the zone\&. .SS "forward" .PP Is an optional empty\-element tag and can be used only once in a zone configuration\&. This flag enables intra\-zone forwarding\&. When enabled, packets will be forwarded between interfaces or sources within a zone, even if the zone\*(Aqs target is not set to \fIACCEPT\fR\&. .SS "short" .PP Is an optional start and end tag and is used to give a more readable name\&. .SS "description" .PP Is an optional start and end tag to have a description\&. .SS "service" .PP Is an optional empty\-element tag and can be used several times to have more than one service entry enabled\&. A service entry has exactly one attribute: .PP name="\fIstring\fR" .RS 4 The name of the service to be enabled\&. To get a list of valid service names \fBfirewall\-cmd \-\-get\-services\fR can be used\&. .RE .SS "port" .PP Is an optional empty\-element tag and can be used several times to have more than one port entry\&. All attributes of a port entry are mandatory: .PP port="\fIportid\fR[\-\fIportid\fR]" .RS 4 The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. .RE .PP protocol="\fItcp\fR|\fIudp\fR|\fIsctp\fR|\fIdccp\fR" .RS 4 The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .SS "protocol" .PP Is an optional empty\-element tag and can be used several times to have more than one protocol entry\&. All protocol has exactly one attribute: .PP value="\fIstring\fR" .RS 4 The protocol can be any protocol supported by the system\&. Please have a look at \fI/etc/protocols\fR for supported protocols\&. .RE .SS "icmp\-block" .PP Is an optional empty\-element tag and can be used several times to have more than one icmp\-block entry\&. Each icmp\-block tag has exactly one mandatory attribute: .PP name="\fIstring\fR" .RS 4 The name of the Internet Control Message Protocol (ICMP) type to be blocked\&. To get a list of valid ICMP types \fBfirewall\-cmd \-\-get\-icmptypes\fR can be used\&. .RE .SS "tcp\-mss\-clamp" .PP Is an optional empty\-element tag and can be used several times\&. If left empty maximum segment size is set to \*(Aqpmtu\*(Aq\&. This tag has exactly one optional attribute: .PP value="\fIstring\fR" .RS 4 Value can set maximum segment size to \*(Aqpmtu\*(Aq (Path Maximum Transmission Unit) or a user\-defined value that is greater than or equal to 536\&. .RE .SS "masquerade" .PP Is an optional empty\-element tag\&. It can be used only once\&. If it\*(Aqs present masquerading is enabled\&. .SS "forward\-port" .PP Is an optional empty\-element tag and can be used several times to have more than one port or packet forward entry\&. There are mandatory and also optional attributes for forward ports: .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMandatory attributes:\fR .RS 4 .PP The local port and protocol to be forwarded\&. .PP port="\fIportid\fR[\-\fIportid\fR]" .RS 4 The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. .RE .PP protocol="\fItcp\fR|\fIudp\fR|\fIsctp\fR|\fIdccp\fR" .RS 4 The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBOptional attributes:\fR .RS 4 .PP The destination of the forward\&. For local forwarding add \fBto\-port\fR only\&. For remote forwarding add \fBto\-addr\fR and use \fBto\-port\fR optionally if the destination port on the destination machine should be different\&. .PP to\-port="\fIportid\fR[\-\fIportid\fR]" .RS 4 The destination port or port range to forward to\&. If omitted, the value of the port= attribute will be used altogether with the to\-addr attribute\&. .RE .PP to\-addr="\fIaddress\fR" .RS 4 The destination IP address either for IPv4 or IPv6\&. .RE .RE .SS "source\-port" .PP Is an optional empty\-element tag and can be used several times to have more than one source port entry\&. All attributes of a source port entry are mandatory: .PP port="\fIportid\fR[\-\fIportid\fR]" .RS 4 The port can either be a single port number \fIportid\fR or a port range \fIportid\fR\-\fIportid\fR\&. .RE .PP protocol="\fItcp\fR|\fIudp\fR|\fIsctp\fR|\fIdccp\fR" .RS 4 The protocol can either be \fItcp\fR, \fIudp\fR, \fIsctp\fR or \fIdccp\fR\&. .RE .SS "rule" .PP Is an optional element tag and can be used several times to have more than one rich language rule entry\&. .PP The general rule structure: .PP .if n \{\ .RS 4 .\} .nf [ ] [ ] [ | | | | | | | | ] [ [] | [] ] [ [] ] [ [] | [] | [] | [] ] .fi .if n \{\ .RE .\} .PP Rule structure for source black or white listing: .PP .if n \{\ .RS 4 .\} .nf [ [] | [] ] [ [] ] [] | [] | [] .fi .if n \{\ .RE .\} .PP For a full description on rich language rules, please have a look at \fBfirewalld.richlanguage\fR(5)\&. .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/doc/man/man5/firewalld.zones.50000644000000000000000000002011414217353167021044 0ustar00rootroot00000000000000'\" t .\" Title: firewalld.zones .\" Author: Thomas Woerner .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: .\" Manual: firewalld.zones .\" Source: firewalld 1.1.1 .\" Language: English .\" .TH "FIREWALLD\&.ZONES" "5" "" "firewalld 1.1.1" "firewalld.zones" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" firewalld.zones \- firewalld zones .SH "DESCRIPTION" .SS "What is a zone?" .PP A network zone defines the level of trust for network connections\&. This is a one to many relation, which means that a connection can only be part of one zone, but a zone can be used for many network connections\&. .PP The zone defines the firewall features that are enabled in this zone: .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBIntra Zone Forwarding\fR .RS 4 .PP Allows packets received by a zone to be forwarded to other interfaces or sources within the same zone, even if the zone\*(Aqs target is not \fIACCEPT\fR\&. .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBPredefined services\fR .RS 4 .PP A service is a combination of port and/or protocol entries\&. Optionally netfilter helper modules can be added and also a IPv4 and IPv6 destination address\&. .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBPorts and protocols\fR .RS 4 .PP Definition of \fItcp\fR or \fIudp\fR ports, where ports can be a single port or a port range\&. .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBICMP blocks\fR .RS 4 .PP Blocks selected Internet Control Message Protocol (ICMP) messages\&. These messages are either information requests or created as a reply to information requests or in error conditions\&. .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBICMP block inversion\fR .RS 4 .PP Changes how ICMP messages are handled\&. When enabled, all ICMP message types are blocked, \fIexcept\fR for those in the ICMP block list\&. .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBMasquerading\fR .RS 4 .PP The addresses of a private network are mapped to and hidden behind a public IP address\&. This is a form of address translation\&. .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBForward ports\fR .RS 4 .PP A forward port is either mapped to the same port on another host or to another port on the same host or to another port on another host\&. .RE .sp .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBRich language rules\fR .RS 4 .PP The rich language extends the elements (service, port, icmp\-block, masquerade, forward\-port and source\-port) with additional source and destination addresses, logging, actions and limits for logs and actions\&. It can also be used for host or network white and black listing (for more information, please have a look at \fBfirewalld.richlanguage\fR(5))\&. .RE .PP For more information on the zone file format, please have a look at \fBfirewalld.zone\fR(5)\&. .SS "Which zones are available?" .PP Here are the zones provided by firewalld sorted according to the default trust level of the zones from untrusted to trusted: .PP drop .RS 4 Any incoming network packets are dropped, there is no reply\&. Only outgoing network connections are possible\&. .RE .PP block .RS 4 Any incoming network connections are rejected with an \fIicmp\-host\-prohibited\fR message for IPv4 and \fIicmp6\-adm\-prohibited\fR for IPv6\&. Only network connections initiated within this system are possible\&. .RE .PP public .RS 4 For use in public areas\&. You do not trust the other computers on networks to not harm your computer\&. Only selected incoming connections are accepted\&. .RE .PP external .RS 4 For use on external networks with masquerading enabled especially for routers\&. You do not trust the other computers on networks to not harm your computer\&. Only selected incoming connections are accepted\&. .RE .PP dmz .RS 4 For computers in your demilitarized zone that are publicly\-accessible with limited access to your internal network\&. Only selected incoming connections are accepted\&. .RE .PP work .RS 4 For use in work areas\&. You mostly trust the other computers on networks to not harm your computer\&. Only selected incoming connections are accepted\&. .RE .PP home .RS 4 For use in home areas\&. You mostly trust the other computers on networks to not harm your computer\&. Only selected incoming connections are accepted\&. .RE .PP internal .RS 4 For use on internal networks\&. You mostly trust the other computers on the networks to not harm your computer\&. Only selected incoming connections are accepted\&. .RE .PP trusted .RS 4 All network connections are accepted\&. .RE .SS "Which zone should be used?" .PP A public WIFI network connection for example should be mainly untrusted, a wired home network connection should be fairly trusted\&. Select the zone that best matches the network you are using\&. .SS "How to configure or add zones?" .PP To configure or add zones you can either use one of the firewalld interfaces to handle and change the configuration: These are the graphical configuration tool firewall\-config, the command line tool \fBfirewall\-cmd\fR or the D\-Bus interface\&. Or you can create or copy a zone file in one of the configuration directories\&. \fI/usr/lib/firewalld/zones\fR is used for default and fallback configurations and \fI/etc/firewalld/zones\fR is used for user created and customized configuration files\&. .SS "How to set or change a zone for a connection?" .PP The zone is stored into the ifcfg of the connection with \fBZONE=\fR option\&. If the option is missing or empty, the default zone set in firewalld is used\&. .PP If the connection is controlled by NetworkManager, you can also use \fBnm\-connection\-editor\fR to change the zone\&. .PP For the addion or change of interfaces that are not under control of NetworkManager: firewalld tries to change the ZONE setting in the ifcfg file, if an ifcfg file exists that is using the interface\&. .PP Only for the removal of interfaces that are not under control of NetworkManager: firewalld is not trying to change the ZONE setting in the ifcfg file\&. This is needed to make sure that an ifdown of the interface will not result in a reset of the zone setting to the default zone\&. Only the zone binding is then removed in firewalld then\&. .SH "SEE ALSO" \fBfirewall-applet\fR(1), \fBfirewalld\fR(1), \fBfirewall-cmd\fR(1), \fBfirewall-config\fR(1), \fBfirewalld.conf\fR(5), \fBfirewalld.direct\fR(5), \fBfirewalld.dbus\fR(5), \fBfirewalld.icmptype\fR(5), \fBfirewalld.lockdown-whitelist\fR(5), \fBfirewall-offline-cmd\fR(1), \fBfirewalld.richlanguage\fR(5), \fBfirewalld.service\fR(5), \fBfirewalld.zone\fR(5), \fBfirewalld.zones\fR(5), \fBfirewalld.policy\fR(5), \fBfirewalld.policies\fR(5), \fBfirewalld.ipset\fR(5), \fBfirewalld.helper\fR(5) .SH "NOTES" .PP firewalld home page: .RS 4 \m[blue]\fB\%http://firewalld.org\fR\m[] .RE .PP More documentation with examples: .RS 4 \m[blue]\fB\%http://fedoraproject.org/wiki/FirewallD\fR\m[] .RE .SH "AUTHORS" .PP \fBThomas Woerner\fR <\&twoerner@redhat\&.com\&> .RS 4 Developer .RE .PP \fBJiri Popelka\fR <\&jpopelka@redhat\&.com\&> .RS 4 Developer .RE .PP \fBEric Garver\fR <\&eric@garver\&.life\&> .RS 4 Developer .RE firewalld-1.1.1/po/0000755000000000000000000000000014217353174014106 5ustar00rootroot00000000000000firewalld-1.1.1/po/Makefile.in.in0000644000000000000000000001575612477174752016607 0ustar00rootroot00000000000000# Makefile for program source directory in GNU NLS utilities package. # Copyright (C) 1995, 1996, 1997 by Ulrich Drepper # Copyright (C) 2004-2008 Rodney Dawes # # This file may be copied and used freely without restrictions. It may # be used in projects which are not available under a GNU Public License, # but which still want to provide support for the GNU gettext functionality. # # - Modified by Owen Taylor to use GETTEXT_PACKAGE # instead of PACKAGE and to look for po2tbl in ./ not in intl/ # # - Modified by jacob berkman to install # Makefile.in.in and po2tbl.sed.in for use with glib-gettextize # # - Modified by Rodney Dawes for use with intltool # # We have the following line for use by intltoolize: # INTLTOOL_MAKEFILE GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ PACKAGE = @PACKAGE@ VERSION = @VERSION@ SHELL = @SHELL@ srcdir = @srcdir@ top_srcdir = @top_srcdir@ top_builddir = @top_builddir@ VPATH = @srcdir@ prefix = @prefix@ exec_prefix = @exec_prefix@ datadir = @datadir@ datarootdir = @datarootdir@ libdir = @libdir@ localedir = @localedir@ subdir = po install_sh = @install_sh@ # Automake >= 1.8 provides @mkdir_p@. # Until it can be supposed, use the safe fallback: mkdir_p = $(install_sh) -d INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ GMSGFMT = @GMSGFMT@ MSGFMT = @MSGFMT@ XGETTEXT = @XGETTEXT@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ MSGMERGE = INTLTOOL_EXTRACT="$(INTLTOOL_EXTRACT)" XGETTEXT="$(XGETTEXT)" srcdir=$(srcdir) $(INTLTOOL_UPDATE) --gettext-package $(GETTEXT_PACKAGE) --dist GENPOT = INTLTOOL_EXTRACT="$(INTLTOOL_EXTRACT)" XGETTEXT="$(XGETTEXT)" srcdir=$(srcdir) $(INTLTOOL_UPDATE) --gettext-package $(GETTEXT_PACKAGE) --pot ALL_LINGUAS = @ALL_LINGUAS@ PO_LINGUAS=$(shell if test -r $(srcdir)/LINGUAS; then grep -v "^\#" $(srcdir)/LINGUAS; else echo "$(ALL_LINGUAS)"; fi) USER_LINGUAS=$(shell if test -n "$(LINGUAS)"; then LLINGUAS="$(LINGUAS)"; ALINGUAS="$(ALL_LINGUAS)"; for lang in $$LLINGUAS; do if test -n "`grep \^$$lang$$ $(srcdir)/LINGUAS 2>/dev/null`" -o -n "`echo $$ALINGUAS|tr ' ' '\n'|grep \^$$lang$$`"; then printf "$$lang "; fi; done; fi) USE_LINGUAS=$(shell if test -n "$(USER_LINGUAS)" -o -n "$(LINGUAS)"; then LLINGUAS="$(USER_LINGUAS)"; else if test -n "$(PO_LINGUAS)"; then LLINGUAS="$(PO_LINGUAS)"; else LLINGUAS="$(ALL_LINGUAS)"; fi; fi; for lang in $$LLINGUAS; do printf "$$lang "; done) POFILES=$(shell LINGUAS="$(PO_LINGUAS)"; for lang in $$LINGUAS; do printf "$$lang.po "; done) DISTFILES = Makefile.in.in POTFILES.in $(POFILES) EXTRA_DISTFILES = ChangeLog POTFILES.skip Makevars LINGUAS POTFILES = \ # This comment gets stripped out CATALOGS=$(shell LINGUAS="$(USE_LINGUAS)"; for lang in $$LINGUAS; do printf "$$lang.gmo "; done) .SUFFIXES: .SUFFIXES: .po .pox .gmo .mo .msg .cat AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ INTLTOOL_V_MSGFMT = $(INTLTOOL__v_MSGFMT_$(V)) INTLTOOL__v_MSGFMT_= $(INTLTOOL__v_MSGFMT_$(AM_DEFAULT_VERBOSITY)) INTLTOOL__v_MSGFMT_0 = @echo " MSGFMT" $@; .po.pox: $(MAKE) $(GETTEXT_PACKAGE).pot $(MSGMERGE) $* $(GETTEXT_PACKAGE).pot -o $*.pox .po.mo: $(INTLTOOL_V_MSGFMT)$(MSGFMT) -o $@ $< .po.gmo: $(INTLTOOL_V_MSGFMT)file=`echo $* | sed 's,.*/,,'`.gmo \ && rm -f $$file && $(GMSGFMT) -o $$file $< .po.cat: sed -f ../intl/po2msg.sed < $< > $*.msg \ && rm -f $@ && gencat $@ $*.msg all: all-@USE_NLS@ all-yes: $(CATALOGS) all-no: $(GETTEXT_PACKAGE).pot: $(POTFILES) $(GENPOT) install: install-data install-data: install-data-@USE_NLS@ install-data-no: all install-data-yes: all linguas="$(USE_LINGUAS)"; \ for lang in $$linguas; do \ dir=$(DESTDIR)$(localedir)/$$lang/LC_MESSAGES; \ $(mkdir_p) $$dir; \ if test -r $$lang.gmo; then \ $(INSTALL_DATA) $$lang.gmo $$dir/$(GETTEXT_PACKAGE).mo; \ echo "installing $$lang.gmo as $$dir/$(GETTEXT_PACKAGE).mo"; \ else \ $(INSTALL_DATA) $(srcdir)/$$lang.gmo $$dir/$(GETTEXT_PACKAGE).mo; \ echo "installing $(srcdir)/$$lang.gmo as" \ "$$dir/$(GETTEXT_PACKAGE).mo"; \ fi; \ if test -r $$lang.gmo.m; then \ $(INSTALL_DATA) $$lang.gmo.m $$dir/$(GETTEXT_PACKAGE).mo.m; \ echo "installing $$lang.gmo.m as $$dir/$(GETTEXT_PACKAGE).mo.m"; \ else \ if test -r $(srcdir)/$$lang.gmo.m ; then \ $(INSTALL_DATA) $(srcdir)/$$lang.gmo.m \ $$dir/$(GETTEXT_PACKAGE).mo.m; \ echo "installing $(srcdir)/$$lang.gmo.m as" \ "$$dir/$(GETTEXT_PACKAGE).mo.m"; \ else \ true; \ fi; \ fi; \ done # Empty stubs to satisfy archaic automake needs dvi info ctags tags CTAGS TAGS ID: # Define this as empty until I found a useful application. install-exec installcheck: uninstall: linguas="$(USE_LINGUAS)"; \ for lang in $$linguas; do \ rm -f $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo; \ rm -f $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo.m; \ done check: all $(GETTEXT_PACKAGE).pot rm -f missing notexist srcdir=$(srcdir) $(INTLTOOL_UPDATE) -m if [ -r missing -o -r notexist ]; then \ exit 1; \ fi mostlyclean: rm -f *.pox $(GETTEXT_PACKAGE).pot *.old.po cat-id-tbl.tmp rm -f .intltool-merge-cache clean: mostlyclean distclean: clean rm -f Makefile Makefile.in POTFILES stamp-it rm -f *.mo *.msg *.cat *.cat.m *.gmo maintainer-clean: distclean @echo "This command is intended for maintainers to use;" @echo "it deletes files that may require special tools to rebuild." rm -f Makefile.in.in distdir = ../$(PACKAGE)-$(VERSION)/$(subdir) dist distdir: $(DISTFILES) dists="$(DISTFILES)"; \ extra_dists="$(EXTRA_DISTFILES)"; \ for file in $$extra_dists; do \ test -f $(srcdir)/$$file && dists="$$dists $(srcdir)/$$file"; \ done; \ for file in $$dists; do \ test -f $$file || file="$(srcdir)/$$file"; \ ln $$file $(distdir) 2> /dev/null \ || cp -p $$file $(distdir); \ done update-po: Makefile $(MAKE) $(GETTEXT_PACKAGE).pot tmpdir=`pwd`; \ linguas="$(USE_LINGUAS)"; \ for lang in $$linguas; do \ echo "$$lang:"; \ result="`$(MSGMERGE) -o $$tmpdir/$$lang.new.po $$lang`"; \ if $$result; then \ if cmp $(srcdir)/$$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \ rm -f $$tmpdir/$$lang.new.po; \ else \ if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \ :; \ else \ echo "msgmerge for $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \ rm -f $$tmpdir/$$lang.new.po; \ exit 1; \ fi; \ fi; \ else \ echo "msgmerge for $$lang.gmo failed!"; \ rm -f $$tmpdir/$$lang.new.po; \ fi; \ done Makefile POTFILES: stamp-it @if test ! -f $@; then \ rm -f stamp-it; \ $(MAKE) stamp-it; \ fi stamp-it: Makefile.in.in $(top_builddir)/config.status POTFILES.in cd $(top_builddir) \ && CONFIG_FILES=$(subdir)/Makefile.in CONFIG_HEADERS= CONFIG_LINKS= \ $(SHELL) ./config.status # Tell versions [3.59,3.63) of GNU make not to export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: firewalld-1.1.1/po/POTFILES.in0000644000000000000000000002303614217345463015671 0ustar00rootroot00000000000000config/firewall-applet.desktop.in config/firewall-config.desktop.in config/icmptypes/address-unreachable.xml config/icmptypes/bad-header.xml config/icmptypes/beyond-scope.xml config/icmptypes/communication-prohibited.xml config/icmptypes/destination-unreachable.xml config/icmptypes/echo-reply.xml config/icmptypes/echo-request.xml config/icmptypes/failed-policy.xml config/icmptypes/fragmentation-needed.xml config/icmptypes/host-precedence-violation.xml config/icmptypes/host-prohibited.xml config/icmptypes/host-redirect.xml config/icmptypes/host-unknown.xml config/icmptypes/host-unreachable.xml config/icmptypes/ip-header-bad.xml config/icmptypes/neighbour-advertisement.xml config/icmptypes/neighbour-solicitation.xml config/icmptypes/network-prohibited.xml config/icmptypes/network-redirect.xml config/icmptypes/network-unknown.xml config/icmptypes/network-unreachable.xml config/icmptypes/no-route.xml config/icmptypes/packet-too-big.xml config/icmptypes/parameter-problem.xml config/icmptypes/port-unreachable.xml config/icmptypes/precedence-cutoff.xml config/icmptypes/protocol-unreachable.xml config/icmptypes/redirect.xml config/icmptypes/reject-route.xml config/icmptypes/required-option-missing.xml config/icmptypes/router-advertisement.xml config/icmptypes/router-solicitation.xml config/icmptypes/source-quench.xml config/icmptypes/source-route-failed.xml config/icmptypes/time-exceeded.xml config/icmptypes/timestamp-reply.xml config/icmptypes/timestamp-request.xml config/icmptypes/tos-host-redirect.xml config/icmptypes/tos-host-unreachable.xml config/icmptypes/tos-network-redirect.xml config/icmptypes/tos-network-unreachable.xml config/icmptypes/ttl-zero-during-reassembly.xml config/icmptypes/ttl-zero-during-transit.xml config/icmptypes/unknown-header-type.xml config/icmptypes/unknown-option.xml config/org.fedoraproject.FirewallD1.desktop.policy.in config/org.fedoraproject.FirewallD1.server.policy.in config/policies/allow-host-ipv6.xml config/services/afp.xml config/services/amanda-client.xml config/services/amanda-k5-client.xml config/services/amqps.xml config/services/amqp.xml config/services/apcupsd.xml config/services/audit.xml config/services/bacula-client.xml config/services/bacula.xml config/services/bb.xml config/services/bgp.xml config/services/bitcoin-rpc.xml config/services/bitcoin-testnet-rpc.xml config/services/bitcoin-testnet.xml config/services/bitcoin.xml config/services/bittorrent-lsd.xml config/services/ceph-mon.xml config/services/ceph.xml config/services/cfengine.xml config/services/cockpit.xml config/services/condor-collector.xml config/services/collectd.xml config/services/ctdb.xml config/services/dhcpv6-client.xml config/services/dhcpv6.xml config/services/dhcp.xml config/services/distcc.xml config/services/dns-over-tls.xml config/services/dns.xml config/services/docker-registry.xml config/services/docker-swarm.xml config/services/dropbox-lansync.xml config/services/elasticsearch.xml config/services/etcd-client.xml config/services/etcd-server.xml config/services/finger.xml config/services/foreman.xml config/services/foreman-proxy.xml config/services/freeipa-4.xml config/services/freeipa-ldaps.xml config/services/freeipa-ldap.xml config/services/freeipa-replication.xml config/services/freeipa-trust.xml config/services/ftp.xml config/services/galera.xml config/services/ganglia-client.xml config/services/ganglia-master.xml config/services/git.xml config/services/grafana.xml config/services/gre.xml config/services/high-availability.xml config/services/http3.xml config/services/https.xml config/services/http.xml config/services/imaps.xml config/services/imap.xml config/services/ipp-client.xml config/services/ipp.xml config/services/ipsec.xml config/services/ircs.xml config/services/irc.xml config/services/iscsi-target.xml config/services/isns.xml config/services/jellyfin.xml config/services/jenkins.xml config/services/kadmin.xml config/services/kdeconnect.xml config/services/kerberos.xml config/services/kibana.xml config/services/klogin.xml config/services/kpasswd.xml config/services/kprop.xml config/services/kshell.xml config/services/kube-api.xml config/services/kube-apiserver.xml config/services/kube-control-plane.xml config/services/kube-controller-manager.xml config/services/kube-scheduler.xml config/services/kubelet-worker.xml config/services/ldaps.xml config/services/ldap.xml config/services/libvirt-tls.xml config/services/libvirt.xml config/services/lightning-network.xml config/services/llmnr-tcp.xml config/services/llmnr-udp.xml config/services/llmnr.xml config/services/managesieve.xml config/services/matrix.xml config/services/mdns.xml config/services/memcache.xml config/services/minidlna.xml config/services/mongodb.xml config/services/mosh.xml config/services/mountd.xml config/services/mqtt-tls.xml config/services/mqtt.xml config/services/mssql.xml config/services/ms-wbt.xml config/services/murmur.xml config/services/mysql.xml config/services/nbd.xml config/services/netbios-ns.xml config/services/nfs3.xml config/services/nfs.xml config/services/nmea-0183.xml config/services/nrpe.xml config/services/ntp.xml config/services/nut.xml config/services/openvpn.xml config/services/ovirt-imageio.xml config/services/ovirt-storageconsole.xml config/services/ovirt-vmconsole.xml config/services/plex.xml config/services/pmcd.xml config/services/pmproxy.xml config/services/pmwebapis.xml config/services/pmwebapi.xml config/services/pop3s.xml config/services/pop3.xml config/services/postgresql.xml config/services/privoxy.xml config/services/prometheus.xml config/services/proxy-dhcp.xml config/services/ptp.xml config/services/pulseaudio.xml config/services/puppetmaster.xml config/services/quassel.xml config/services/radius.xml config/services/rdp.xml config/services/redis-sentinel.xml config/services/redis.xml config/services/RH-Satellite-6.xml config/services/RH-Satellite-6-capsule.xml config/services/rpc-bind.xml config/services/rquotad.xml config/services/rsh.xml config/services/rsyncd.xml config/services/rtsp.xml config/services/salt-master.xml config/services/samba-client.xml config/services/samba-dc.xml config/services/samba.xml config/services/sane.xml config/services/sips.xml config/services/sip.xml config/services/slp.xml config/services/smtp-submission.xml config/services/smtps.xml config/services/smtp.xml config/services/snmptrap.xml config/services/snmp.xml config/services/spideroak-lansync.xml config/services/spotify-sync.xml config/services/squid.xml config/services/ssdp.xml config/services/ssh.xml config/services/steam-streaming.xml config/services/svdrp.xml config/services/svn.xml config/services/syncthing-gui.xml config/services/syncthing.xml config/services/synergy.xml config/services/syslog-tls.xml config/services/syslog.xml config/services/telnet.xml config/services/tentacle.xml config/services/tftp.xml config/services/tile38.xml config/services/tinc.xml config/services/tor-socks.xml config/services/transmission-client.xml config/services/upnp-client.xml config/services/vdsm.xml config/services/vnc-server.xml config/services/wbem-https.xml config/services/wbem-http.xml config/services/wireguard.xml config/services/ws-discovery-client.xml config/services/ws-discovery-tcp.xml config/services/ws-discovery-udp.xml config/services/ws-discovery.xml config/services/wsmans.xml config/services/wsman.xml config/services/xdmcp.xml config/services/xmpp-bosh.xml config/services/xmpp-client.xml config/services/xmpp-local.xml config/services/xmpp-server.xml config/services/zabbix-agent.xml config/services/zabbix-server.xml config/services/zerotier.xml config/zones/block.xml config/zones/dmz.xml config/zones/drop.xml config/zones/external.xml config/zones/home.xml config/zones/internal.xml config/zones/public.xml config/zones/trusted.xml config/zones/work.xml src/firewall-applet.in src/firewall/client.py src/firewall-cmd.in src/firewall/command.py src/firewall-config.in src/firewall/config/dbus.py src/firewall-config.glade src/firewall/core/base.py src/firewall/core/ebtables.py src/firewall/core/fw_config.py src/firewall/core/fw_direct.py src/firewall/core/fw_helper.py src/firewall/core/fw_icmptype.py src/firewall/core/fw_ifcfg.py src/firewall/core/fw_ipset.py src/firewall/core/fw_nm.py src/firewall/core/fw_policies.py src/firewall/core/fw_policy.py src/firewall/core/fw.py src/firewall/core/fw_service.py src/firewall/core/fw_transaction.py src/firewall/core/fw_zone.py src/firewall/core/helper.py src/firewall/core/icmp.py src/firewall/core/__init__.py src/firewall/core/io/direct.py src/firewall/core/io/firewalld_conf.py src/firewall/core/io/functions.py src/firewall/core/io/helper.py src/firewall/core/io/icmptype.py src/firewall/core/io/ifcfg.py src/firewall/core/io/__init__.py src/firewall/core/io/io_object.py src/firewall/core/io/ipset.py src/firewall/core/io/lockdown_whitelist.py src/firewall/core/io/policy.py src/firewall/core/io/service.py src/firewall/core/io/zone.py src/firewall/core/ipset.py src/firewall/core/ipXtables.py src/firewall/core/logger.py src/firewall/core/modules.py src/firewall/core/nftables.py src/firewall/core/prog.py src/firewall/core/rich.py src/firewall/core/watcher.py src/firewalld.in src/firewall/dbus_utils.py src/firewall/errors.py src/firewall/functions.py src/firewall/fw_types.py src/firewall/__init__.py src/firewall-offline-cmd.in src/firewall/server/config_helper.py src/firewall/server/config_icmptype.py src/firewall/server/config_ipset.py src/firewall/server/config.py src/firewall/server/config_service.py src/firewall/server/config_zone.py src/firewall/server/config_policy.py src/firewall/server/dbus.py src/firewall/server/decorators.py src/firewall/server/firewalld.py src/firewall/server/__init__.py src/firewall/server/server.py firewalld-1.1.1/po/ar.po0000644000000000000000000020220714217342322015044 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Abdalrahim Fakhouri , 2010 # Abdalrahim Fakhouri , 2010 # Abdalrahim Fakhouri , 2010 # Alfakhori , 2010 # Maha Helwa , 2004 # Alfakhori , 2010 # Ossama M. Khayat , 2004 # Sherif Abdelgawad , 2004 # SuSE Linux Products GmbH, Nuernberg, 2018 # Eric Garver , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2018-11-16 08:20+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Arabic (http://www.transifex.com/projects/p/firewalld/" "language/ar/)\n" "Language: ar\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 " "&& n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "التطبيق الصغير للجدار الناري" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "الجدار النّاري" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "إعدادات الجدار النّاري" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "حدد منطقة للواجهة '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "المنطقة الاÙتراضية" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "حدد منطقة للاتصال '%s'" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Ùشل تعيين المنطقة {zone} للاتصال {connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "حدد منطقة للمصدر '%s'" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "تكوين مناطق ارتÙاع/انخÙاض الدروع" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "يمكنك هنا تحديد المناطق المستخدمة لرÙع الدروع وخÙضها." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "تعد هذه الميزة Ù…Ùيدة للأشخاص الذين يستخدمون المناطق الاÙتراضية على الأغلب. " "بالنسبة للمستخدمين الذين يغيرون مناطق الاتصالات، قد تكون محدودة الاستخدام." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "منطقة رÙع الدروع:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "إعادة تعيين للاÙتراضي" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "منطقة Ø®Ùض الدروع" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "حول %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "المؤلÙون" #: ../src/firewall-applet.in:393 msgid "License" msgstr "الترخيص" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "الدروع مرÙوعة" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "تمكين الإعلامات" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "تحرير إعدادات الجدار الناري..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "تغيير مناطق الاتصال..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "تكوين مناطق رÙع/Ø®Ùض الدروع..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "حظر كل مرور الشبكة" #: ../src/firewall-applet.in:492 msgid "About" msgstr "حول" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "الاتصالات" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "الواجهات" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "المصادر" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Ùشل التصديق." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "اسم غير صالح" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "الاسم موجود بالÙعل" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (المنطقة: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (المنطقة الاÙتراضية: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Ùشل الحصول على الاتصالات من NetworkManager" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "لا تتوÙر عمليات استيراد NetworkManager" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "لا يوجد اتصال ببرنامج محرك الجدار الناري" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "تم حظر كل مرور الشبكة." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "المنطقة الاÙتراضية: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "المنطقة الاÙتراضية '{default_zone}' نشطة للاتصال '{connection}' ÙÙŠ الواجهة " "'{interface}'" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "المنطقة '{zone}' نشطة للاتصال '{connection}' ÙÙŠ الواجهة '{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "المنطقة '{zone}' نشطة للواجهة '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "المنطقة '{zone}' نشطة للمصدر {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "لا توجد مناطق نشطة." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "تم تأسيس الاتصال مع FirewallD" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "تم Ùقدان الاتصال مع FirewallD." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "تمت إعادة تحميل FirewallD." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "تم تغيير المنطقة الاÙتراضية إلى '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "لم يعد مرور الشبكة محظورًا بعد الآن." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "تم التنشيط" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "تم إلغاء التنشيط" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "المنطقة الاÙتراضية '{default_zone}' {activated_deactivated} " "للاتصال'{connection}' ÙÙŠ الواجهة '{interface}'" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "المنطقة '{zone}' {activated_deactivated} للاتصال '{connection}' ÙÙŠ الواجهة " "'{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "المنطقة '{zone}' {activated_deactivated} للواجهة '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "تم تنشيط المنطقة '%s' للواجهة '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "المنطقة '{zone}' {activated_deactivated} للمصدر '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "تم تنشيط '%s' للمصدر '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "تم تأسيس اتصال مع firewalld." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "جار٠محاولة الاتصال مع firewalldØŒ جار٠الانتظار..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Ùشل الاتصال مع firewalld. الرجاء التأكد أن الخدمة بدأت بشكل صحيح ثم إعادة " "المحاولة." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "تم تطبيق التغييرات." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "مستخدم بواسطة اتصال الشبكة '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "المنطقة الاÙتراضية المستخدمة بواسطة اتصال الشبكة '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "تم التمكين" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "تم التعطيل" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Ùشل تحميل الأيقونات." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "السياق" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "سطر الأوامر" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "اسم المستخدم" #: ../src/firewall-config.in:244 msgid "User id" msgstr "معر٠المستخدم" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "الجدول" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "السلسلة" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "الأولوية" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "الوسيطات" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "وقت التشغيل" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "دائم" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Ø®Ùدمة" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Ù…ÙŽÙ†ÙØ°" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "ميÙاق" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "إلى المَنÙØ°" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "إلى العنوان" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "الروابط" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "الإدخال" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "نوع Icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "العائلة" #: ../src/firewall-config.in:826 msgid "Action" msgstr "الإجراء" #: ../src/firewall-config.in:828 msgid "Element" msgstr "العنصر" #: ../src/firewall-config.in:830 msgid "Src" msgstr "المصدر" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "الوجهة" #: ../src/firewall-config.in:834 msgid "log" msgstr "السجل" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "التدقيق" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "الواجهة" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "التعليق" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "المصدر" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "إنذار" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "خطأ" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "قبول" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "رÙض" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "إسقاط" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "علامة" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "الحد" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "الخدمة" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "المنÙØ°" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "البروتوكول" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "التنكر" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "كتلة icmp" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "نوع icmp" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "منÙØ° إعادة توجيه" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "المصدر-المنÙØ°" #: ../src/firewall-config.in:2097 msgid "level" msgstr "المستوى" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "نعم" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "المنطقة" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "المنطقة الاÙتراضية: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "المنطقة: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "المنطقة '%s': الخدمة '%s' غير متوÙرة." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "إزالة" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "تجاهل" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "المنطقة '%s': نوع ICMP '%s' غير متوÙر." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "منطقة مضمنة، إعادة التسمية غير مدعومة." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "ثانية" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "دقيقة" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ساعة" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "يوم" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "طوارئ" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "تنبيه" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "حرج" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "خطأ" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "تحذير" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "إخطار" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "معلومات" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "إزالة الأخطاء" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "تعد إعادة التوجيه إلى نظام آخر Ù…Ùيدة Ùقط إذا كانت الواجهة متنكرة.\n" "هل تريد أن تتنكر هذه المنطقة؟" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "خدمة مضمنة، إعادة التسمية غير مدعومة." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "الرجاء إدخال عنوان ipv4 بعنوان نموذج[/mask]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "قد يكون القناع، قناع شبكة أو رقمًا." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "الرجاء إدخال عنوان ipv6 بعنوان نموذج[/mask]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "القناع رقمًا." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "الرجاء إدخال عنوان ipv4 أو ipv6 بعنوان نموذج[/mask]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "قد يكون القناع، قناع شبكة أو رقمًا لـ ipv4.\n" "القناع رقم لـ ipv6." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "ipset مضمن، إعادة التسمية غير مدعومة." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "الرجاء تحديد ملÙ" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "الملÙات النصية" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "كل الملÙات" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "الكل" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "مساعد مضمن، إعادة التسمية غير مدعومة." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "icmp مضمن، إعادة التسمية غير مدعومة." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Ùشل قراءة المل٠'%s': %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "حدد المنطقة للمصدر %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "العنوان" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "المساعدون التلقائيون" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "الرجاء تحديد قيمة المساعدين التلقائيين:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "الرجاء إدخال سطر الأوامر." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "الرجاء إدخال السياق." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "الرجاء تحديد منطقة اÙتراضية من القائمة أدناه." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "سلسلة مباشرة" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "الرجاء تحديد ipv وجدول ثم إدخال اسم السلسلة." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "السلسلة:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "الأمان" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "الجدول:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "قاعدة المرور المباشر" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "الرجاء تحديد ipv ثم إدخال الوسيطات." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "الوسيطات:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "تحويل Ù…ÙŽÙ†ÙØ°" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "الرجاء تحديد المصدر وخيارات الوجهه ÙˆÙقا لحاجتك." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Ù…ÙŽÙ†ÙØ°/مدى المَنÙØ°" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "رقم العنوان عبر الشبكة" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "ميÙاق:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "الوجهة" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "اذا مكنت التحويل المحلي لديك لتحديد منÙØ°.هذا المنÙØ° قد يكون مختل٠عن المنÙØ° " "المصدر." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "تَحويل مَحلي" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "تَحويل لمنÙØ° اخر" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "إعدادات المساعد الأساسية" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "الرجاء تكوين إعدادات المساعد الأساسية:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "الإدخال بالتنسيق الغامق إلزامية، كل الأخرى اختيارية." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "الاسم:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "الإصدار:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "قصير:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "الوصÙ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "العائلة:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "الوحدة النمطية:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "المساعد" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "الرجاء تحديد مساعد:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "إعدادات نوع ICMP الأساسية" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "الرجاء تكوين إعدادات نوع ICMP الأساسي:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "نوع ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "الرجاء تحديد نوع ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "إضاÙØ© مدخلة" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "إضاÙØ© إدخالات من ملÙ" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "إزالة الإدخال المحدد" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "إزالة كل الإدخالات" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "إزالة الإدخالات من ملÙ" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_ملÙ" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_خيارات" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "إعادة تحميل Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "إعادة تحميل قواعد الجدار الناري. سيصبح التكوين الدائم الحالي هو تكوين وقت " "التشغيل الجديد، أي سيتم Ùقدان كل تغييرات وقت التشغيل Ùقط التي تمت حتى إعادة " "التحميل مع عملية إعادة التحميل إذا لم تتم ÙÙŠ التكوين الدائم أيضًا." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "تغيير المنطقة التي ينتمي إليها اتصال شبكة." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "تغيير المنطقة الاÙتراضية" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "تغيير المنطقة الاÙتراضية للاتصالات أو الواجهات." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "تم رÙض تغيير السجل" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "تغيير قيمة LogDenied." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "تكوين تعيين المساعد التلقائي" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "تكوين إعداد تعيين المساعد التلقائي." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "يعني وضع الÙزع أنه يتم إسقاط كل الحزم الصادرة والواردة." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "وضع الÙزع" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "يؤدي الإقÙال التام إلى إقÙال تكوين الجدار الناري بحيث يمكن للتطبيقات " "الموجودة ÙÙŠ القائمة البيضاء للإقÙال التام Ùقط تغييره." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "الإقÙال التام" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "جعل تكوين وقت التشغيل دائمًا" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "وقت التشغيل لدائم" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_عرض" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "أنواع ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "المساعدون" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "التكوين المباشر" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "القائمة البيضاء للإقÙال التام" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "الروابط النشطة" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_مساعدة" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "تغيير منطقة" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "تغيير منطقة الربط" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "إخÙاء روابط وقت التشغيل النشطة للاتصالات والواجهات والمصادر للمناطق" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "إظهار روابط وقت التشغيل النشطة للاتصالات والواجهات والمصادر للمناطق" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "التكوين:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "التكوين المرئي الحالي. تكوين وقت التشغيل هو التكوين الÙعلي النشط. سيكون " "التكوين الدائم نشطًا بعد إعادة تحميل الخدمة أو النظام أو إعادة البدء." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "تحدد منطقة firewalld مستوى الثقة لاتصالات الشبكة والواجهات وعناوين المصادر " "المربوطة بالمنطقة. تجمع المنطقة بين الخدمات والمناÙØ° والبروتوكولات والتنكر " "وإعادة توجيه المنÙØ°/الحزمة وعوامل تصÙية icmp والقواعد المنسقة. يمكن ربط " "المنطقة بالواجهات وعناوين المصادر." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "إضاÙØ© منطقة" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "تحرير منطقة" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "إزالة منطقة" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "تحميل الإعدادات الاÙتراضية لمنطقة" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "يمكنك هنا تعري٠الخدمات الموثوق بها ÙÙŠ المنطقة. يمكن الوصول للخدمات الموثوق " "بها من كل المضيÙين والشبكات الي يمكنها الوصول للجهاز من الاتصالات والواجهات " "والمصادر المربوطة بهذه المنطقة." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "الخدمات" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "إضاÙØ© مناÙØ° أو نطاقات مناÙØ° إضاÙية يجب الوصول إليها لكل المضيÙين أو الشبكات " "التي يمكنها الاتصال بالجهاز." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "إلى المَنÙØ°" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "تحرير منÙØ°" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "إزالة منÙØ°" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "المناÙØ°" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "إضاÙØ© بروتوكول يمكن الوصول إليه لكل المضيÙين أو الشبكات." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "إضاÙØ© بروتوكول" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "تحرير بروتوكول" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "إزالة بروتوكول" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "البروتوكولات" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "إضاÙØ© مناÙØ° مصادر أو نطاقات مناÙØ° يجب الوصول إليها لكل المضيÙين أو الشبكات " "التي يمكنها الاتصال بالجهاز." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "مناÙØ° المصدر" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "يسمح لك التقنيع أن تعدّ مضيÙاً أو موجّهاً ليوصل شبكتك المحلّية بالشبكة العالميّة. " "ستظهر جميع الأجهزة على هذه الشبكة كعنوان واحد على الإنترنت. التقنيع لـIPv4 " "Ùقط." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "منطقة التنكر" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "إذا قمت بتمكين التنكر، Ùسيتم تمكين إعادة توجيه IP لشبكة IPv4 الخاصة بك." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "تنكÙر" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "أض٠مÙدخلاً لتحويل منÙØ° إلى آخر محلّيّ أو إلى نظام آخر. التحويل إلى نظام آخر " "Ù…Ùيد إذا كانت الواجهة Ù…Ùقنّعة. تحويل المناÙØ° يعمل على IPv4 Ùقط." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "إضاÙØ© منÙØ° إعادة توجيه" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "تحرير منÙØ° إعادة توجيه" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "إزالة منÙØ° إعادة توجيه" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "يستخدم ميÙاق التحكم برسائل الشبكة (ICMP) لإرسال رسائل الأخطاء بين الأجهزة " "امزودة باتصال شبكيّ، ورسائل المعلومات، مثل طلب الرّد ورجع الصدى." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "علّم أنواع ICMP التي سترÙض ÙÙŠ القائمة. كلّ أنواع ICMP الأخرى سيسمح لها بالمرور " "عبر الجدار الناريّ. المبدئيّ هو عدم وجود قيود." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "عند تمكين عامل تصÙية العكس، يتم قبول إدخالات ICMP التي عليها علامة ورÙض " "الأخرى. ÙˆÙÙŠ منطقة بالهد٠DROPØŒ يتم إسقاطها." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "عامل تصÙية العكس" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Ù…Ùرشح ميÙاق رسائل مراقبة الشبكة -ICMP-" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "يمكنك هنا تعيين قواعد اللغة المنسقة للمنطقة." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "إضاÙØ© قاعدة منسقة" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "تحرير قاعدة منسقة" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "إزالة قاعدة منسقة" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "القواعد المنسقة" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "إضاÙØ© إدخالات لربط الواجهات بالمنطقة. إذا كانت المنطقة سيتم استخدامها بواسطة " "اتصال، Ùسيتم تعيين قيمة المنطقة على المنطقة المحددة ÙÙŠ الاتصال." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "إضاÙØ© واجهة" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "تحرير واجهة" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "إزالة واجهة" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "إضاÙØ© إدخالات لربط المناطق أو عناوين المصادر بالمنطقة. يمكنك أيضًا ربط عنوان " "مصدر MAC ولكن بحدود. لن يعمل التنكر وإعادة توجيه المنÙØ° لروابط مصدر MAC." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "إضاÙØ© مصدر" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "تحرير مصدر" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "إزالة مصدر" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "المناطق" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "خدمة firewalld هي مجموعة من المناÙØ° والبروتوكولات والوحدات النمطية وعناوين " "الوجهة." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "إضاÙØ© خدمة" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "تحرير خدمة" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "إزالة خدمة" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "تحميل الإعدادات الاÙتراضية للخدمة" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "إضاÙØ© مناÙØ° أو نطاقات مناÙØ° يجب الوصول إليها من كل المضيÙين أو الشبكات." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "تحرير مدخلة" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "حَذ٠المدخلة" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "إضاÙØ© مناÙØ° مصادر أو نطاقات مناÙØ° يجب الوصول إليها من كل المضيÙين أو الشبكات." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "منÙØ° مصدر" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "تحتاج بعض الخدمات إلى الوحدات النمطية المساعدة لـ Netfilter." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "الوحدات النمطية" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "إذا حددت عناوين وجهة، Ùسيتم تحديد إدخال الخدمة بعنوان الوجهة والنوع. وإذا " "كان الإدخالان Ùارغانن Ùلن توجد أي حدود." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "لا يمكن تغيير الخدمات إلا ÙÙŠ عرض التكوين الدائم. تكوين وقت تشغيل الخدمة ثابت." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "يمكن استخدام IPSet لإنشاء قوائم بيضاء أو سوداء ويمكنه تخزين على سبيل المثال، " "عناوين IP أو أعداد المناÙØ° أو عناوين MAC." #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "إضاÙØ© IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "تحرير IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "إزالة IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "تحميل الإعدادات الاÙتراضية لـ IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "إدخالات IPSet. لن تتمكن إلا من رؤية إدخالات ipsets التي لا تستخدم خيار " "انتهاء المهلة الزمنية، وكذلك الإدخالات التي تمت إضاÙتها بواسطة firewalld. لن " "يتم إدراج الإدخالات التي تمت إضاÙتها مباشرة بأمر ipset هنا." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "يستخدم IPSet هذا خيار انتهاء المهلة الزمنية، لذا لا توجد إدخالات مرئية هنا. " "يجب الاهتمام بالإدخالات مباشرة بأمر ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "إضاÙØ©" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "إدخالات" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "لا يمكن إنشاء IPSets أو حذÙÙ‡ إلا ÙÙŠ عرض التكوين الدائم." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "يوÙر نوع icmp ÙÙŠ firewalld معلومات لنوع بروتوكول رسائل تحكم الإنترنت (ICMP) " "لـ firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "إضاÙØ© نوع ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "تحرير نوع ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "إزالة نوع ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "تحميل الإعدادات الاÙتراضية لنوع ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "تحديد إذا كان نوع ICMP هذا متوÙرًا لـ IPv4 Ùˆ/أو IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "لا يمكن تغيير أنواع ICMP إلا ÙÙŠ عرض التكوين الدائم. تكوين وقت التشغيل لأنواع " "ICMP ثابت." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "يقوم مساعد تتبع الاتصال بالمساعدة ÙÙŠ عمل البروتوكولات التي تعمل باستخدام " "تدÙقات مختلÙØ© لنقل البيانات والإشارات. تستخدم عمليات نقل البيانات مناÙØ° غير " "متعلقة باتصال الإشارات لذا يحجبها الجدار الناري بدون المساعد." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "تعري٠المناÙØ° أو نطاقات المناÙØ° التي يراقبها المساعد." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "يوÙر التكوين المباشر وصولاً أكثر مباشرة إلى الجدار الناري. تتطلب هذه الخيارات " "من المستخدم معرÙØ© Ù…Ùاهيم iptables الأساسية وهي الجداول والسلاسل والأوامر " "والمعلمات والأهداÙ. يجب استخدام التكوين المباشر كملاذ أخير Ùقط عندما لا يمكن " "استخدام ميزات firewalld الأخرى." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "يجب أن تكون وسيطة ipv لكل خيار ipv4 أو ipv6 أو eb. مع ipv4 سيكون لـ " "iptablesØŒ ومع ipv6 لـ ip6tablesØŒ ومع eb لجسور الإيثيرنت (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "سلاسل إضاÙية للاستخدام باستخدام القواعد." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "إضاÙØ© سلسلة" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "تحرير سلسلة" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "إزالة سلسلة" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "السلاسل" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "إضاÙØ© قاعدة بالوسيطات args لسلسلة ÙÙŠ جدول بأولوية." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "يتم استخدام الأولوية لترتيب القواعد. تعني الأولوية 0 إضاÙØ© قاعدة ÙÙŠ أعلى " "السلسلة، ومع أولوية عالية تتم إضاÙØ© القاعدة ÙÙŠ مكان أقل. وتتم إضاÙØ© القواعد " "التي لها Ù†Ùس الأولوية على Ù†Ùس المستوى ولا يكون ترتيب هذه القواعد ثابتًا وقد " "يتغير. إذا كنت تريد التأكد من إضاÙØ© قاعدة بعد واحدة أخرى، استخدم أولوية أقل " "للأولى وأعلى للتالية." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "إضاÙØ© قاعدة" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "تحرير قاعدة" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "إزالة قاعدة" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "القواعد" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "يتم تمرير قواعد المرور للجدار الناري ولا يتم وضعها ÙÙŠ سلسلة خاصة. يمكن " "استخدام خيارات iptables Ùˆip6tables Ùˆebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "الرجاء الحذر ÙÙŠ التعامل مع قاعد المرور حتى لا يتم تدمير الجدار الناري." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "إضاÙØ© مرور" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "تحرير مرور" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "إزالة مرور" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "المرور" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "ميزة الإقÙال التام هي الإصدار الأصغر من سياسات التطبيقات والمستخدمين لـ " "firewalld. Ùهي تحد من تغييرات الجدار الناري. قد تحتوي القائمة البيضاء " "للإقÙال التام على الأوامر والسياقات والمستخدمين ومعرÙات المستخدمين." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "السياق هو سياق أمان (SELinux) لتطبيق أو خدمة تعمل. للوصول إلى تطبيق أو خدمة " "تعمل، استخدم ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "إضاÙØ© سياق" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "تحرير سياق" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "إزالة سياق" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "السياقات" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "إذا كان إدخال أمر ÙÙŠ القائمة البيضاء ينتهي بعلامة نجمية '*'ØŒ Ùستتطابق كل " "سطور الأوامر التي تبدأ بالأمر. إذا لم توجد '*'ØŒ يجب أن تطابق الوسيطة الشاملة " "الأمر المطلق." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "إضاÙØ© سطر أمر" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "تحرير سطر أمر" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "إزالة سطر أمر" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "سطور الأوامر" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "أسماء المستخدمين." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "إضاÙØ© اسم مستخدم" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "تحرير اسم مستخدم" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "إزالة اسم مستخدم" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "أسماء المستخدمين" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "معرÙات المستخدمين." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "إضاÙØ© معر٠مستخدم" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "تحرير معر٠مستخدم" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "إزالة معر٠مستخدم" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "معرÙات المستخدمين" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "المنطقة الاÙتراضية الحالية للنظام." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "تم رÙض السجل:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "وضع الÙزع:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "المساعدون التلقائيون:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "الإقÙال التام:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "المنطقة الاÙتراضية:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "الرجاء إدخال اسم واجهة:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "إعدادات IPSet الأساسية" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "الرجاء تكوين إعدادات ipset الأساسية:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "النوع:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "انتهاء المهلة الزمنية:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "حجم هاش:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "قيمة انتهاء المهلة الزمنية بالثواني" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "حجم هاش الأولي، الاÙتراضي 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "الحد الأقصى لعدد العناصر، الاÙتراضي 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "الرجاء تحديد ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "الرجاء توÙير إدخال ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "رÙض السجل" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "الرجاء تحديد قيمة رÙض السجل:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "علامة" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "الرجاء إدخال علامة بقناع اختياري." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "يصل عرض حقلي العلامة والقناع إلى 32 بت بأرقام غير موقعة." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "العلامة:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "القناع:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "الرجاء تحديد مساعد تتبع اتصال netfilter:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- تحديد -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "وحدة نمطية أخرى:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "المنÙØ° والميÙاق" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "الرجاء إدخال منÙØ° وبروتوكول." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "قاعدة مباشرة" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "الرجاء تحديد ipv وجدول وأولوية سلسلة وإدخال الوسيطات." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "الأولوية:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "الرجاء إدخال بروتوكول." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "بروتوكول أخر:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "قاعدة منسقة" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "الرجاء إدخال قاعدة منسقة." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "للقائمة البيضاء أو السوداء لمضي٠أو شبكة، قم بإلغاء تنشيط العنصر." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "المصدر:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "الوجهة:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "السجل:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "التدقيق:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 Ùˆipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "معكوس" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "لتمكين هذا، يجب أن يكون الإجراء 'رÙض' والعائلة إما 'ipv4' أو 'ipv6' (ليس " "كلاهما)" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "مع النوع:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "بالحد:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "البادئة:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "المستوى:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "العنصر:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "الإجراء:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "إعدادات الخدمة الأساسية" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "الرجاء تكوين إعدادات الخدمة الأساسية:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "الرجاء تحديد خدمة." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "الرجاء إدخال مصدر." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "معر٠المستخدم" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "الرجاء إدخال معر٠المستخدم." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "الرجاء إدخال اسم المستخدم." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "التسمية" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "إعدادات المنطقة الأساسية" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "الرجاء تكوين إعدادات المنطقة الأساسية:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "الهد٠الاÙتراضي" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "الهدÙ:" firewalld-1.1.1/po/as.po0000644000000000000000000021033214217342322015043 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Amitakhya Phukan , 2006 # Amitakhya Phukan , 2007-2010 # Amitakhya Phukan , 2007-2008,2010 # Nilamdyuti Goswami , 2013 # Nilamdyuti Goswami , 2013-2014 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2016-01-04 12:15+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Assamese (http://www.transifex.com/projects/p/firewalld/" "language/as/)\n" "Language: as\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "ফায়াৰৱাল à¦à¦ªà§à¦²à§‡à¦Ÿ" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ফায়াৰà§à§±à¦¾à¦²" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ফায়াৰà§à§±à¦¾à¦² বিনà§à¦¯à¦¾à¦¸" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦  '%s' ৰ বাবে অঞà§à¦šà¦² বাছক" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "অবিকলà§à¦ªà¦¿à¦¤ অঞà§à¦šà¦²" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "সংযোগ '%s' ৰ বাবে অঞà§à¦šà¦² বাছক" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "শিলà§à¦¡ আপ/ডাউন অঞà§à¦šà¦²à¦¬à§‹à§° সংৰূপণ কৰক" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "ইয়াত আপà§à¦¨à¦¿ শিলà§à¦¡ আপ আৰৠশিলà§à¦¡ ডাউনৰ বাবে বà§à¦¯à§±à¦¹à§ƒà¦¤ অঞà§à¦šà¦²à¦¬à§‹à§° বাছিব পাৰিব।" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "à¦à¦‡ বৈশিষà§à¦Ÿà§à¦¯ অবিকলà§à¦ªà¦¿à¦¤ অঞà§à¦šà¦²à¦¬à§‹à§° বà§à¦¯à§±à¦¹à¦¾à§° কৰা লোকৰ বাবে উপযোগী। বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€à¦¸à¦•à¦², " "যিসকলে সংযোগসমূহৰ অঞà§à¦šà¦²à¦¸à¦®à§‚হ পৰিবৰà§à¦¤à¦¨ কৰি আছে, ইয়াৰ বà§à¦¯à§±à¦¹à¦¾à§° সীমিত হব।" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "শিলà§à¦¡ আপ অঞà§à¦šà¦²:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "শিলà§à¦¡ ডাউন অঞà§à¦šà¦²:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "শিলà§à¦¡ আপ" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "অধিসূচনাসমূহ সামৰà§à¦¥à¦¬à¦¾à¦¨ কৰক" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "ফায়াৰৱাল সংহতিসমূহ সমà§à¦ªà¦¾à¦¦à¦¨à¦¾ কৰক..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "সংযোগসমূহৰ অঞà§à¦šà¦²à¦¬à§‹à§° পৰিবৰà§à¦¤à¦¨ কৰক..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "শিলà§à¦¡ আপ/ডাউন অঞà§à¦šà¦²à¦¬à§‹à§° সংৰূপণ কৰক..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "সকলো নেটৱাৰà§à¦• টà§à§°à¦¾à¦«à¦¿à¦• ৰোধ কৰক" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "সংযোগসমূহ" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "উৎসসমূহ" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "পà§à§°à¦®à¦¾à¦£à§€à¦•à§°à¦£ বà§à¦¯à§°à§à¦¥ হল।" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "অবৈধ তৰà§à¦• %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "নাম ইতিমধà§à¦¯à§‡ অসà§à¦¤à¦¿à¦¤à§à¦¬à¦¬à¦¾à¦¨" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "ফায়াৰৱাল ডিমনলৈ কোনো সংযোগ নাই" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "সকলো নেটৱাৰà§à¦• টà§à§°à¦¾à¦«à¦¿à¦• ৰোধ কৰা হৈছে।" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "অবিকলà§à¦ªà¦¿à¦¤ অঞà§à¦šà¦²: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦  '{interface}' ত সংযোগ '{connection}' ৰ বাবে সকà§à§°à¦¿à§Ÿ অঞà§à¦šà¦² '{zone}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦  '{interface}' ৰ বাবে সকà§à§°à¦¿à§Ÿ অঞà§à¦šà¦² '{zone}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "উৎস {source} ৰ বাবে সকà§à§°à¦¿à§Ÿ অঞà§à¦šà¦² '{zone}'" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "কোনো সকà§à§°à¦¿à§Ÿ অঞà§à¦šà¦² নাই।" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallD লৈ সংযোগ সà§à¦¥à¦¾à¦ªà¦¿à¦¤à¥¤" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallD লৈ সংযোগ বিচà§à¦›à¦¿à¦¨à§à¦¨ হৈছে।" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD ক পà§à¦¨à§° ল'ড কৰা হৈছে।" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "অবিকলà§à¦ªà¦¿à¦¤ অঞà§à¦šà¦²à¦• '%s' লৈ পৰিবৰà§à¦¤à¦¨ কৰা হৈছে।" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "নেটৱাৰà§à¦• টà§à§°à¦¾à¦«à¦¿à¦• আৰৠৰোধ কৰা হোৱা নাই।" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "সকà§à§°à¦¿à§Ÿ" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "নিষà§à¦•à§à§°à¦¿à§Ÿ" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦  '{interface}' ত সংযোগ '{connection}' ৰ বাবে অঞà§à¦šà¦² " "'{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦  '{interface}' ৰ বাবে অঞà§à¦šà¦² '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦  '%s' ৰ বাবে অঞà§à¦šà¦² '%s' সকà§à§°à¦¿à§Ÿ" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "উৎস '{source}' ৰ বাবে অঞà§à¦šà¦² '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "উৎস '%s' ৰ বাবে অঞà§à¦šà¦² '%s' সকà§à§°à¦¿à§Ÿ" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "পৰিবৰà§à¦¤à¦¨à¦¸à¦®à§‚হ পà§à§°à§Ÿà§‹à¦— কৰা হৈছে।" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "নেটৱাৰà§à¦• সংযোগ '%s' দà§à¦¬à¦¾à§°à¦¾ বà§à¦¯à§±à¦¹à§ƒà¦¤" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "সামৰà§à¦¥à¦¬à¦¾à¦¨" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "অসামৰà§à¦¥à¦¬à¦¾à¦¨" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "আইকনসমূহ ল'ড কৰিবলৈ বà§à¦¯à§°à§à¦¥à¥¤" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ নাম" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "চলনসময়" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "সà§à¦¥à¦¾à§Ÿà§€" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "সেৱা" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "প'ৰà§à¦Ÿ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "নিয়মনীতি" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "প'ৰà§à¦Ÿ" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "ঠিকনাৰ ধৰন:" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp ধৰণ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "পৰিয়াল" #: ../src/firewall-config.in:826 msgid "Action" msgstr "কাৰà§à¦¯à§à¦¯" #: ../src/firewall-config.in:828 msgid "Element" msgstr "উপাদান" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "লগ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "অডিট" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "উৎস" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "সà¦à¦•à¦¿à§Ÿà¦¨à¦¿" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "ভà§à¦²" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "গà§à§°à¦¹à¦£ কৰক" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "নাকচ কৰক" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "ডà§à§°à¦ª কৰক" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "সীমা" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "সেৱা" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "পৰà§à¦Ÿ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "পà§à§°à¦Ÿà§‹à¦•à¦²" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "ছদà§à¦®à¦¬à§‡à¦¶" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "সà§à¦¤à§°" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "হয়" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "অঞà§à¦šà¦²" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "অঞà§à¦šà¦² '%s': সেৱা '%s' উপলবà§à¦§ নহয়।" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "আতৰাওক" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "উপেকà§à¦·à¦¾ কৰক" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "অঞà§à¦šà¦² '%s': ICMP ধৰণ '%s' উপলবà§à¦§ নহয়।" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "বিলট-ইন অঞà§à¦šà¦², পà§à¦¨à§° নামকৰণ সমৰà§à¦¥à¦¿à¦¤ নহয়।" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "ছেকেণà§à¦¡" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "মিনিট" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ঘনà§à¦Ÿà¦¾" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "দিন" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "আপাতকালীন" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "সতৰà§à¦•" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "মাৰাতà§à¦®à¦•" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "তà§à§°à§à¦Ÿà¦¿" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "সতৰà§à¦•à¦¬à¦¾à§°à§à¦¤à¦¾" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "ঘোষণা" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "তথà§à¦¯" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ডিবাগ কৰক" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "অনà§à¦¯ চিসà§à¦Ÿà§‡à¦®à¦²à§ˆ ফৰৱাৰà§à¦¡ কৰাটো কেৱল তেতিয়াহে লাভদায়ক যেতিয়া আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦  মাসà§à¦•à§à§°à§‡à¦¡à§‡à¦¡ " "থাকে।\n" "আপà§à¦¨à¦¿ à¦à¦‡ অঞà§à¦šà¦²à¦Ÿà§‹ মাসà§à¦•à§à§°à§‡à¦¡ কৰিব বিচাৰে নে?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "বিলট-ইন সেৱা, পà§à¦¨à§° নামকৰণ সমৰà§à¦¥à¦¿à¦¤ নহয়।" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "বিলট-ইন icmp, পà§à¦¨à§° নামকৰণ সমৰà§à¦¥à¦¿à¦¤ নহয়।" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "উৎস %s ৰ বাবে অঞà§à¦šà¦² বাছক" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ঠিকনা" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "অনà§à¦—à§à§°à¦¹ কৰি কমানà§à¦¡ শাৰীলৈ যাওক।" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "অনà§à¦—à§à§°à¦¹ কৰি পৰিপà§à§°à§‡à¦•à§à¦·à¦¤à¦¿à¦¤ সà§à¦®à§à§±à¦¾à¦“ক।" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "অনà§à¦—à§à§°à¦¹ কৰি তলৰ তালিকাৰ পৰা অবিকলà§à¦ªà¦¿à¦¤ অঞà§à¦šà¦² বাছক।" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "পà§à§°à¦¤à§à¦¯à¦•à§à¦· শৃংখল" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "অনà§à¦—à§à§°à¦¹ কৰি ipv আৰৠটেবà§à¦² বাছক আৰৠশৃংখল নাম সà§à¦®à§à§±à¦¾à¦“ক।" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "শৃংখল:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "ৰ'" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "সà§à§°à¦•à§à¦·à¦¾" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "টেবà§à¦²:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "পà§à§°à¦¤à§à¦¯à¦•à§à¦· পাছথà§à§°à§ নিয়ম" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "অনà§à¦—à§à§°à¦¹ কৰি ipv বাছক আৰৠargs সà§à¦®à§à§±à¦¾à¦“ক।" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "প'ৰà§à¦Ÿ ফৰৱাৰà§à¦¡à¦¿à¦‚" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "আপোনাৰ পà§à§°à§Ÿà§‹à¦œà¦¨à§° মতে উৎস আৰৠগনà§à¦¤à¦¬à§à¦¯à§° বিকলà§à¦ª নিৰà§à¦¬à§à¦¬à¦¾à¦šà¦¨ কৰক ।" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "প'ৰà§à¦Ÿ / প'ৰà§à¦Ÿà§‡à§° সীমা:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP ঠিকনা:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "নিয়মনীতি:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "গনà§à¦¤à¦¬à§à¦¯" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "সà§à¦¥à¦¾à¦¨à§€à§Ÿ ভাবে আগবà§à§‹à§±à¦¾ সকà§à§°à¦¿à§Ÿ কৰিলে, আপà§à¦¨à¦¿ à¦à¦Ÿà¦¾ প'ৰà§à¦Ÿ নিৰà§à¦§à¦¾à§°à¦¿à¦¤ কৰিব লাগিব ।à¦à¦‡ প'ৰà§à¦Ÿ " "উৎসৰ প'ৰà§à¦Ÿà§° পৰা বেলেগ হ'ব লাগি ব ।" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "সà§à¦¥à¦¾à¦¨à¦¿à§Ÿ ফৰৱাৰà§à¦¡à¦¿à¦‚" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "অনà§à¦¯ à¦à¦Ÿà¦¾ প'ৰà§à¦Ÿà¦²à§ˆ আগবà§à§‹à§±à¦¾ হৈছে" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "ডাঠ ৰূপত থকা পà§à§°à§±à¦¿à¦·à§à¦Ÿà¦¿à¦¬à§‹à§° বাধà§à¦¯à¦¤à¦¾à¦®à§‚লক, অনà§à¦¯ সকলো বৈকলà§à¦ªà¦¿à¦•à¥¤" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "নাম:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "সংসà§à¦•à§°à¦£:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "সৰà§:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "বিৱৰণ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "পৰিয়াল:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "ভিতà§à¦¤à¦¿ ICMP ধৰণ সংহতিসমূহ" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "অনà§à¦—à§à§°à¦¹ কৰি ভিতà§à¦¤à¦¿ ICMP ধৰণ সংহতিসমূহ সংৰূপণ কৰক" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP ধৰণ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "অনà§à¦—à§à§°à¦¹ কৰি à¦à¦Ÿà¦¾ ICMP ধৰণ বাছক" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "নিবেশ যোগ কৰক" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "নথিপতà§à§° (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "বিবিধ বিকলà§à¦ª (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld পà§à¦¨à§° ল'ড কৰক" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ফায়াৰৱাল নিয়মসমূহ পà§à¦¨à§° ল'ড কৰে। বৰà§à¦¤à¦®à¦¾à¦¨ চলনসময় সংৰূপ নতà§à¦¨ চলনসময় অংৰূপ হ'ব, অৰà§à¦¥à¦¾à¦¤ " "পà§à¦¨à§° ল'ড হোৱালৈ সকলো কেৱল চলনসময় পৰিবৰà§à¦¤à¦¨à¦¸à¦®à§‚হ পà§à¦¨à§° ল'ডৰ সৈতে নহোৱা হব যদি সিহতো " "সà§à¦¥à¦¾à§Ÿà§€ সংৰূপত নাথাকিল হেতেন।" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "à¦à¦Ÿà¦¾ নেটৱাৰà§à¦• সংযোগ থকা অঞà§à¦šà¦² পৰিবৰà§à¦¤à¦¨ কৰক।" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "অবিকলà§à¦ªà¦¿à¦¤ অঞà§à¦šà¦² পৰিবৰà§à¦¤à¦¨ কৰক" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "সংযোগসমূহ অথবা আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦ à¦¸à¦®à§‚হৰ বাবে অবিকলà§à¦ªà¦¿à¦¤ অঞà§à¦šà¦² পৰিবৰà§à¦¤à¦¨ কৰক।" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "পেনিক অৱসà§à¦¥à¦¾à§° অৰà§à¦¥ সকলো অনà§à¦¤à§°à¦—ামী আৰৠবহিৰà§à¦—ামী পেকেটসমূহ ডà§à§°à¦ª কৰা হব।" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "আতঙà§à¦• অৱসà§à¦¥à¦¾" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "লকডাউনে ফায়াৰৱাল সংৰূপ লক কৰে যাতে কেৱল লকডাউন হোৱাইটলিসà§à¦Ÿà¦¤ থকা à¦à¦ªà§à¦²à¦¿à¦•à§‡à¦šà¦¨à¦¸à¦®à§‚হে " "ইয়াক পৰিবৰà§à¦¤à¦¨ কৰিব পাৰে।" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "লকডাউন" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "চলনসময় সংৰূপ চিৰসà§à¦¥à¦¾à§Ÿà§€ কৰক" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "চলনসময়ৰ পৰা চিৰসà§à¦¥à¦¾à§Ÿà§€" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "দৰà§à¦¶à¦¨ (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP ধৰণসমূহ" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "পà§à§°à¦¤à§à¦¯à¦•à§à¦· সংৰূপ" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "লকডাউন হোৱাইটলিসà§à¦Ÿ" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "সহায়তা (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "সংৰূপ:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "বৰà§à¦¤à¦®à¦¾à¦¨à§‡ দৃশà§à¦¯ সংৰূপ। চলনসময় সংৰূপ হল পà§à§°à¦•à§ƒà¦¤ সকà§à§°à¦¿à§Ÿ সংৰূপ। সà§à¦¥à¦¾à§Ÿà§€ সংৰূপ সেৱাৰ পিছত অথবা " "চিসà§à¦Ÿà§‡à¦® পà§à¦¨à§° ল'ড অথবা পà§à¦¨à¦¾à§°à¦®à§à¦­à§° পিছত সকà§à§°à¦¿à§Ÿ হব।" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "à¦à¦Ÿà¦¾ firewalld অঞà§à¦šà¦²à§‡ নেটৱাৰà§à¦• সংযোগসমূহ, আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦ à¦¸à¦®à§‚হ আৰৠঅঞà§à¦šà¦²à§° সৈতে সংযà§à¦•à§à¦¤ উৎস " "ঠিকনাসমূহৰ বাবে ভৰষাৰ সà§à¦¤à§°à§° বিৱৰণ দিয়ে। অঞà§à¦šà¦²à§‡ সেৱাসমূহ, পৰà§à¦Ÿà¦¸à¦®à§‚হ, পà§à§°à¦Ÿà§‹à¦•à¦²à¦¸à¦®à§‚হ, " "ছদà§à¦®à¦¬à§‡à¦¶, পৰà§à¦Ÿ/পেকেট ফৰৱাৰà§à¦¡à¦¿à¦‚, icmp, ফিলà§à¦Ÿà¦¾à§°à¦¸à¦®à§‚হ আৰৠসমৃদà§à¦§ নিয়মসমূহ à¦à¦•à¦¤à§à§°à¦¿à¦¤ কৰে। " "অঞà§à¦šà¦²à¦• আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦ à¦¸à¦®à§‚হ আৰৠউৎস ঠিকনাসমূহলৈ সংযà§à¦•à§à¦¤ কৰিব পাৰি।" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "অঞà§à¦šà¦² যোগ কৰক" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "অঞà§à¦šà¦² সমà§à¦ªà¦¾à¦¦à¦¨à¦¾ কৰক" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "অঞà§à¦šà¦² আতৰাওক" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "অঞà§à¦šà¦²à§° অবিকলà§à¦ªà¦¿à¦¤à¦¸à¦®à§‚হ ল'ড কৰক" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "ইয়াত আপà§à¦¨à¦¿ বিৱৰণ দিব পাৰিব কোন সেৱাসমূহ অঞà§à¦šà¦²à¦¤ ভৰষা কৰিব পাৰি। সকলো হসà§à¦Ÿ আৰৠ" "নেটৱাৰà§à¦•à¦¸à¦®à§‚হ যিসমূহে মেনিচক à¦à¦‡ অঞà§à¦šà¦²à§° সৈতে সংযà§à¦•à§à¦¤ সংযোগসমূহ, আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦ à¦¸à¦®à§‚হ আৰৠউৎসসমূহৰ " "পৰা পà§à§°à¦¾à¦ªà§à¦¤ কৰিব পাৰে সেইসমূহে ভৰষাবান সেৱাসমূহ অভিগম কৰিব পাৰে।" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "সেৱাসমূহ" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "অতিৰিকà§à¦¤ পৰà§à¦Ÿ অথবা পৰà§à¦Ÿ বিসà§à¦¤à¦¾à§°à¦¸à¦®à§‚হ যোগ কৰক, যি মেচিনৰ সৈতে সংযোগ কৰিব পৰা সকলো " "হসà§à¦Ÿ অথবা নেটৱাৰà§à¦•à§° বাবে অভিগমà§à¦¯ হব লাগে।" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "প'ৰà§à¦Ÿ" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "পৰà§à¦Ÿ সমà§à¦ªà¦¾à¦¦à¦¨à¦¾ কৰক" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "পৰà§à¦Ÿ আতৰাওক" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "পৰà§à¦Ÿà¦¸à¦®à§‚হ" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "সà§à¦¥à¦¾à¦¨à§€à§Ÿ নেটৱৰà§à¦•, ইনà§à¦Ÿà¦¾à§°à¦¨à§‡à¦Ÿà§‡à§° সৈতে সংযà§à¦•à§à¦¤ কৰাৰ বাবে গৃহসà§à¦¥ অথবা ৰাউটাৰ পà§à§°à¦¸à§à¦¤à§à¦¤à¦¿à§° সময় " "Masquerading সহয়াক । আপোনাৰ সà§à¦¥à¦¾à¦¨à§€à§Ÿ নেটৱৰà§à¦• পà§à§°à¦•à¦¾à¦¶à¦¿à¦¤ নহ'ব আৰৠইনà§à¦Ÿà¦¾à§°à¦¨à§‡à¦Ÿà§‡ à¦à¦Ÿà¦¾ গৃহসà§à¦¥ " "ৰূপে পà§à§°à¦¸à§à¦¤à§à¦¤ কৰা হ'ব । Masquerading অকল IPv4-ৰ কà§à¦·à§‡à¦¤à§à§°à¦¤ পà§à§°à¦¯à§‹à¦œà§à¦¯ ।" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "ছদà§à¦®à¦¬à§‡à¦¶ অঞà§à¦šà¦²" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "যদি আপà§à¦¨à¦¿ ছদà§à¦®à¦¬à§‡à¦¶ সামৰà§à¦¥à¦¬à¦¾à¦¨ কৰে, আপোনাৰ IPv4 নেটৱাৰà§à¦•à¦¸à¦®à§‚হৰ বাবে IP ফৰৱাৰà§à¦¡à¦¿à¦‚ " "সামৰà§à¦¥à¦¬à¦¾à¦¨ কৰা হব।" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ফৰৱাৰà§à¦¡ পৰà§à¦Ÿà¦¸à¦®à§‚হলৈ পà§à§°à§±à¦¿à¦·à§à¦Ÿà¦¿ সà§à¦¥à¦¾à¦¨à§€à§Ÿ চিসà§à¦Ÿà§‡à¦®à¦¤ অথবা সà§à¦¥à¦¾à¦¨à§€à§Ÿ চিসà§à¦Ÿà§‡à¦®à§° পৰা অনà§à¦¯ চিসà§à¦Ÿà§‡à¦®à¦²à§ˆ " "à¦à¦Ÿà¦¾ পৰà§à¦Ÿà§° পৰা অনà§à¦¯à¦²à§ˆ যোগ কৰক। আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦  মাসà§à¦•à§à§°à§‡à¦‡à¦¡à§‡à¦¡ থাকিলে অনà§à¦¯ চিসà§à¦Ÿà§‡à¦®à¦²à§ˆ ফৰৱাৰà§à¦¡à¦¿à¦‚ " "উপযোগী হয়। পৰà§à¦Ÿ ফৰৱাৰà§à¦¡à¦¿à¦‚ কেৱল IPv4।" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ফৰৱাৰà§à¦¡ পৰà§à¦Ÿ যোগ কৰক" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ফৰৱাৰà§à¦¡ পৰà§à¦Ÿ সমà§à¦ªà¦¾à¦¦à¦¨à¦¾ কৰক" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ফৰৱাৰà§à¦¡ পৰà§à¦Ÿ আতৰাওক" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ইনà§à¦Ÿà¦¾à§°à¦¨à§‡à¦Ÿ নিয়নà§à¦¤à§à§°à¦£ বাৰà§à¦¤à¦¾ পà§à§°à¦Ÿà§‹à¦•à¦² (ICMP) মূখà§à¦¯à¦­à¦¾à§±à§‡ নেটৱাৰà§à¦• কমপিউটাৰসমূহৰ মাজত তà§à§°à§à¦Ÿà¦¿ " "বাৰà§à¦¤à¦¾à¦¸à¦®à§‚হ পঠাবলৈ বà§à¦¯à§±à¦¹à¦¾à§° কৰা হয়, কিনà§à¦¤à§ অতিৰিকà§à¦¤à¦­à¦¾à§±à§‡ তথà§à¦¯à¦®à§‚লক বাৰà§à¦¤à¦¾à¦¸à¦®à§‚হ যেনে ping " "অনà§à§°à§‹à¦§ আৰৠউতà§à¦¤à§°à§° বাবেও বà§à¦¯à§±à¦¹à¦¾à§° কৰা হয়।" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "তালিকাত ICMP ৰ ধৰণ চিহà§à¦¨à¦¿à¦¤ কৰক, যাক গà§à§°à¦¹à¦£ কৰা ন'হ'ব । শেষ সকলো ICMP ধৰণক " "ফায়াৰà§à§±à¦¾à¦²à§° মাজেদি যাব দিয়া হ'ব । অবিকলà§à¦ªà¦¿à¦¤ মান হ'ল কোনো সীমা নাই ।" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ফিলà§à¦Ÿà¦¾à§°" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "ইয়াত আপà§à¦¨à¦¿ অঞà§à¦šà¦²à§° বাবে সমৃদà§à¦§ ভাষা নিয়মসমূহ সংহতি কৰিব পাৰিব।" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "সমৃদà§à¦§ নিয়ম যোগ কৰক" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "সমৃদà§à¦§ নিয়ম সমà§à¦ªà¦¾à¦¦à¦¨ কৰক" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "সমৃদà§à¦§ নিয়ম আতৰাওক" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "সমৃদà§à¦§ নিয়মসমূহ" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "অঞà§à¦šà¦²à§° সৈতে আনà§à¦¤à¦¹à¦ªà§ƒà¦·à§à¦ à¦¸à¦®à§‚হ সংযà§à¦•à§à¦¤ কৰিবলৈ পà§à§°à§±à¦¿à¦·à§à¦Ÿà¦¿à¦¸à¦®à§‚হ যোগ কৰক। যদি আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦ à¦• à¦à¦Ÿà¦¾ " "সংযোগে বà§à¦¯à§±à¦¹à¦¾à§° কৰিব, অঞà§à¦šà¦²à¦• সংযোগত ধাৰà§à¦¯à§à¦¯ কৰা অঞà§à¦šà¦²à¦²à§ˆ সংহতি কৰা হব।" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦  যোগ কৰক" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦  সমà§à¦ªà¦¾à¦¦à¦¨ কৰক" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "আনà§à¦¤à¦ƒà¦ªà§ƒà¦·à§à¦  আতৰাওক" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "উৎস যোগ কৰক" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "উৎস সমà§à¦ªà¦¾à¦¦à¦¨ কৰক" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "উৎস আতৰাওক" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "অঞà§à¦šà¦²à¦¬à§‹à§°" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "à¦à¦Ÿà¦¾ firewalld সেৱা হল পৰà§à¦Ÿà¦¸à¦®à§‚হ, পà§à§°à¦Ÿà§‹à¦•à¦²à¦¸à¦®à§‚হ, মডিউলসমূহ আৰৠগনà§à¦¤à¦¬à§à¦¯ ঠিকনাসমূহৰ à¦à¦Ÿà¦¾ " "সংযà§à¦•à§à¦¤à¦¿à¥¤" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "সেৱা যোগ কৰক" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "সেৱা সমà§à¦ªà¦¾à¦¦à¦¨à¦¾ কৰক" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "সেৱা আতৰাওক" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "সেৱাৰ অবিকলà§à¦ªà¦¿à¦¤à¦¸à¦®à§‚হ ল'ড কৰক" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "নিবেশ সমà§à¦ªà¦¾à¦¦à¦¨à¦¾" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "নিবেশ আà¦à¦¤à§°à¦¾à¦“ক" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "মডিউলসমূহ" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "যদি আপà§à¦¨à¦¿ গনà§à¦¤à¦¬à§à¦¯ ঠিকনাসমূহ ধাৰà§à¦¯à§à¦¯ কৰে, সেৱা পà§à§°à§±à¦¿à¦·à§à¦Ÿà¦¿ গনà§à¦¤à¦¬à§à¦¯ ঠিকনা আৰৠধৰণলৈ সীমিত " "থাকিব। যদি দà§à§Ÿà§‹à¦Ÿà¦¾ পà§à§°à§±à¦¿à¦·à§à¦Ÿà¦¿ ৰিকà§à¦¤ থাকে, তেনà§à¦¤à§‡ কোনো সীমা নাথাকিব।" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "সেৱাসমূহক কেৱল সà§à¦¥à¦¾à§Ÿà§€ সংৰূপ দৰà§à¦¶à¦¨à¦¤ পৰিবৰà§à¦¤à¦¨ কৰিব পাৰি। সেৱাসমূহৰ চলনসময় সংৰূপ " "নিৰà§à¦¦à¦¿à¦·à§à¦Ÿ কৰা আছে।" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "à¦à¦Ÿà¦¾ firewalld icmptype ঠfirewalld ৰ বাবে à¦à¦Ÿà¦¾ ইনà§à¦Ÿà¦¾à§°à¦¨à§‡à¦Ÿ নিয়নà§à¦¤à§à§°à¦£ বাৰà§à¦¤à¦¾ পà§à§°à¦Ÿà§‹à¦•à¦² " "(ICMP) ধৰণৰ তথà§à¦¯ পà§à§°à¦¦à¦¾à¦¨ কৰে।" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP ধৰণ যোগ কৰক" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP ধৰণ সমà§à¦ªà¦¾à¦¦à¦¨ কৰক" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP ধৰণ আতৰাওক" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP ধৰণ অবিকলà§à¦ªà¦¿à¦¤à¦¸à¦®à§‚হ ল'ড কৰক" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "à¦à¦‡ ICMP ধৰণ IPv4 আৰà§/অথবা IPv6 ৰ বাবে উপলবà§à¦§ আছে নে ধাৰà§à¦¯à§à¦¯ কৰক।" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP ধৰণসমূহক কেৱল সà§à¦¥à¦¾à§Ÿà§€ সংৰূপ দৰà§à¦¶à¦¨à¦¤ পৰিবৰà§à¦¤à¦¨ কৰিব পাৰি। ICMP ধৰণসমূহৰ চলনসময় " "সংৰূপ নিৰà§à¦¦à¦¿à¦·à§à¦Ÿ কৰা আছে।" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "পà§à§°à¦¤à§à¦¯à¦•à§à¦· সংৰূপে ফায়াৰৱাললৈ à¦à¦Ÿà¦¾ অধিক পà§à§°à¦¤à§à¦¯à¦•à§à¦· অভিগম পà§à§°à¦¦à¦¾à¦¨ কৰে। à¦à¦‡ বিকলà§à¦ªà¦¸à¦®à§‚হৰ বাবে " "বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ জনে মৌলিক iptables ধাৰণাবোৰ জানিব লাগিব, অৰà§à¦¥à¦¾à¦¤ টেবà§à¦²à¦¸à¦®à§‚হ, শৃংখলসমূহ, " "কমানà§à¦¡à¦¸à¦®à§‚হ, পà§à§°à¦¾à¦šà¦²à¦¸à¦®à§‚হ আৰৠলকà§à¦·à§à¦¯à¦¬à§‹à§°à¥¤ পà§à§°à¦¤à§à¦¯à¦•à§à¦· সংৰূপক কেৱল শেষ উপায় হিচাপে বà§à¦¯à§±à¦¹à¦¾à§° কৰিব " "লাগে যেতিয়া অনà§à¦¯ firewalld বৈশিষà§à¦Ÿà§à¦¯à¦¸à¦®à§‚হ বà§à¦¯à§±à¦¹à¦¾à§° কৰা সমà§à¦­à¦¬ নহয়।" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "পà§à§°à¦¤à§à¦¯à¦•à¦Ÿà§‹ বিকলà§à¦ªà§° বাবে ipv তৰà§à¦• ipv4 অথবা ipv6 অথবা eb হব লাগিব। ipv4 ৰ সৈতে ই " "iptables ৰ বাবে হব, ipv6 ৰ সৈতে ip6tables ৰ বাবে হব আৰৠeb ৰ সৈতে ইথাৰনেট " "বà§à§°à¦¿à¦œà¦¬à§‹à§° (ebtables) ৰ বাবে হব।" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "নিমৰ সৈতে বà§à¦¯à§±à¦¹à¦¾à§° কৰিবলৈ অতিৰিকà§à¦¤ শৃংখল।" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "শৃংখল যোগ কৰক" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "শৃংখল সমà§à¦ªà¦¾à¦¦à¦¨à¦¾ কৰক" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "শৃংখল আতৰাওক" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "শৃংখলসমূহ" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "à¦à¦Ÿà¦¾ পà§à§°à¦¾à¦¥à¦®à¦¿à¦•à¦¤à¦¾à§° সৈতে à¦à¦Ÿà¦¾ টেবà§à¦²à§° শৃংখললৈ তৰà§à¦•à¦¸à¦®à§‚হ args ৰ সৈতে à¦à¦Ÿà¦¾ নিয়ম যোগ কৰক।" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "পà§à§°à¦¾à¦¥à¦®à¦¿à¦•à¦¤à¦¾à¦• নিয়মসমূহক কà§à§°à¦® কৰিবলৈ বà§à¦¯à§±à¦¹à¦¾à§° কৰা হয়। পà§à§°à¦¾à¦¥à¦®à¦¿à¦•à¦¤à¦¾ 0 ৰ অৰà§à¦¥ হল শৃংখলৰ " "ওপৰত নিময় যোগ কৰা, উচà§à¦š পà§à§°à¦¾à¦¥à¦®à¦¿à¦•à¦¤à¦¾à§° সৈতে নিয়মক তলত যোগ কৰা হব। à¦à¦•à§‡ পà§à§°à¦¾à¦¥à¦®à¦¿à¦•à¦¤à¦¾à§° " "সৈতে নিয়মসমূহ à¦à¦•à§‡à¦Ÿà¦¾ সà§à¦¤à§°à¦¤ থাকে আৰৠà¦à¦‡ নিয়মসমূহৰ কà§à§°à¦® নিৰà§à¦¦à¦¿à¦·à§à¦Ÿ নহয় আৰৠসলনি হব পাৰে। " "যদি আপà§à¦¨à¦¿ সà§à¦¨à¦¿à¦¶à§à¦šà¦¿à¦¤ কৰিব বিচাৰে যে à¦à¦Ÿà¦¾ নিয়ম অনà§à¦¯ à¦à¦Ÿà¦¾à§° পিছত যোগ কৰা হব, পà§à§°à¦¥à¦®à¦Ÿà§‹à§° " "বাবে à¦à¦Ÿà¦¾ নিমà§à¦¨ পà§à§°à¦¾à¦¥à¦®à¦¿à¦•à¦¤à¦¾ বà§à¦¯à§±à¦¹à¦¾à§° কৰক আৰৠনিমà§à¦¨à¦²à¦¿à¦–িতৰ বাবে à¦à¦Ÿà¦¾ উচà§à¦š বà§à¦¯à§±à¦¹à¦¾à§° কৰক:" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "নিয়ম যোগ কৰক" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "নিয়ম সমà§à¦ªà¦¾à¦¦à¦¨ কৰক" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "নিয়ম আতৰাওক" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "নিয়মসমূহ" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "পাছথà§à§°à§ নিয়মসমূহ ফায়াৰৱাললৈ পà§à§°à¦¤à§à¦¯à¦•à§à¦·à¦­à¦¾à§±à§‡ পà§à§°à§‡à§°à¦£ কৰা হয় আৰৠবিশেষ শৃংখলত সà§à¦¥à¦¾à¦ªà¦¨ কৰা " "নহয়। সকলো iptables, ip6tables আৰৠebtables বিকলà§à¦ªà¦¸à¦®à§‚হ বà§à¦¯à§±à¦¹à¦¾à§° কৰিব পাৰি।" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "অনà§à¦—à§à§°à¦¹ কৰি পাছথà§à§°à§ নিয়মসমূহ বà§à¦¯à§±à¦¹à¦¾à§° কৰোতে সাৱধান হব যাতে ফায়াৰৱাল কà§à¦·à¦¤à¦¿à¦—à§à§°à¦¸à§à¦¥ নহয়।" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "পাছথà§à§°à§ যোগ কৰক" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "পাছথà§à§°à§ সমà§à¦ªà¦¾à¦¦à¦¨ কৰক" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "পাছথà§à§°à§ আতৰাওক" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "পাছথà§à§°à§" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "লকডাউন বৈশিষà§à¦Ÿà§à¦¯ firewalld ৰ বাবে বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ আৰৠà¦à¦ªà§à¦²à¦¿à¦•à§‡à¦šà¦¨ নীতিসমূহৰ à¦à¦Ÿà¦¾ লঘৠ" "সংসà§à¦•à§°à¦£à¥¤ ই ফায়াৰৱাললৈ কৰা পৰিবৰà§à¦¤à¦¨à¦¸à¦®à§‚হ সীমিত কৰে। লকডাউন হোৱাইটলিসà§à¦Ÿà¦¤ কমানà§à¦¡à¦¸à¦®à§‚হ, " "পৰিপà§à§°à§‡à¦•à§à¦·à¦¤à¦¿à¦¤, বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€à¦¸à¦•à¦² আৰৠবà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ আইডিসমূহ থাকিব পাৰে।" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "পৰিপà§à§°à§‡à¦•à§à¦·à¦¤à¦¿à¦¤ যোগ কৰক" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "পৰিপà§à§°à§‡à¦•à§à¦·à¦¤à¦¿à¦¤ সমà§à¦ªà¦¾à¦¦à¦¨ কৰক" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "পৰিপà§à§°à§‡à¦•à§à¦·à¦¤à¦¿à¦¤ আতৰাওক" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "পৰিপà§à§°à§‡à¦•à§à¦·à¦¤à¦¿à¦¤à¦¸à¦®à§‚হ" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "যদি ৱোহাইটলিসà§à¦Ÿà¦¤ à¦à¦Ÿà¦¾ কমানà§à¦¡ পà§à§°à§±à¦¿à¦·à§à¦Ÿà¦¿ à¦à¦Ÿà¦¾ à¦à¦•à¦¸à§à¦Ÿà§‡à§°à¦¿à¦•à§à¦¸ '*' ৰ সৈতে অনà§à¦¤ হয়, তেনà§à¦¤à§‡ " "কমানà§à¦¡à§° সৈতে আৰমà§à¦­ হোৱা সকলো কমানà§à¦¡ শাৰী মিল খাব। যদি '*' নাই সমà§à¦ªà§‚ৰà§à¦£ কমানà§à¦¡ " "অনà§à¦¤à§°à§à¦­à§à¦•à§à¦¤ তৰà§à¦•à¦¸à¦®à§‚হ মিল খাব লাগিব।" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "কমানà§à¦¡ শাৰী যোগ কৰক" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "কমানà§à¦¡ শাৰী সমà§à¦ªà¦¾à¦¦à¦¨ কৰক" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "কমানà§à¦¡ শাৰী আতৰাওক" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "কমানà§à¦¡ শাৰীসমূহ" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ নামসমূহ।" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ নাম যোগ কৰক" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ নাম সমà§à¦ªà¦¾à¦¦à¦¨ কৰক" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ নাম আতৰাওক" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ নামসমূহ" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ আইডিবোৰ।" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ আইডি যোগ কৰক" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ আইডি সমà§à¦ªà¦¾à¦¦à¦¨ কৰক" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ আইডি আতৰাওক" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ আইডিবোৰ" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "চিসà§à¦Ÿà§‡à¦®à§° বৰà§à¦¤à¦®à¦¾à¦¨ অবিকলà§à¦ªà¦¿à¦¤ অঞà§à¦šà¦²à¥¤" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "আতঙà§à¦• অৱসà§à¦¥à¦¾:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "লকডাউন:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "অবিকলà§à¦ªà¦¿à¦¤ অঞà§à¦šà¦²:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "প'ৰà§à¦Ÿ আৰৠনিয়মনীতি" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "অনà§à¦—à§à§°à¦¹ কৰি à¦à¦Ÿà¦¾ পৰà§à¦Ÿ অথবা পà§à§°à¦Ÿà§‹à¦•à¦² সà§à¦®à§à§±à¦¾à¦“ক।" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "পà§à§°à¦¤à§à¦¯à¦•à§à¦· নিয়ম" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "অনà§à¦—à§à§°à¦¹ কৰি ipv আৰৠটেবà§à¦², শৃংখল পà§à§°à¦¾à¦¥à¦®à¦¿à¦•à¦¤à¦¾ বাছক আৰৠargs সà§à¦®à§à§±à¦¾à¦“ক।" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "পà§à§°à¦¾à¦¥à¦®à¦¿à¦•à¦¤à¦¾:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "অনà§à¦—à§à§°à¦¹ কৰি à¦à¦Ÿà¦¾ পà§à§°à¦Ÿà§‹à¦•à¦² সà§à¦®à§à§±à¦¾à¦“ক।" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "অনà§à¦¯ পà§à§°à¦Ÿà§‹à¦•à¦²:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "সমৃদà§à¦§ নিয়ম" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "অনà§à¦—à§à§°à¦¹ কৰি à¦à¦Ÿà¦¾ সমৃদà§à¦§ নিয়ম সà§à¦®à§à§±à¦¾à¦“ক।" #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "হসà§à¦Ÿ অথবা নেটৱাৰà§à¦• হোৱাইট অথবা বà§à¦²à§‡à¦•à¦²à¦¿à¦¸à§à¦Ÿà¦¿à¦‚ৰ বাবে উপাদানক নিষà§à¦•à§à§°à¦¿à§Ÿ কৰক।" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "উৎস:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "গনà§à¦¤à¦¬à§à¦¯:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "লগ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "অডিট:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 আৰৠipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "উলোটা" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "ইয়াক সামৰà§à¦¥à¦¬à¦¾à¦¨ কৰিবলৈ কাৰà§à¦¯à§à¦¯ 'reject' আৰৠপৰিয়াল 'ipv4' অথবা 'ipv6' হব লাগিব " "(দà§à§Ÿà§‹ নহয়)।" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "চিহà§à¦¨à¦¿à¦¤ ধৰণৰ সৈতে:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "চিহà§à¦¨à¦¿à¦¤ সীমাৰ সৈতে:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "উপসৰà§à¦—:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "সà§à¦¤à§°:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "উপাদান:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "কাৰà§à¦¯à§à¦¯:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "ভিতà§à¦¤à¦¿ সেৱা সংহতিসমূহ" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "অনà§à¦—à§à§°à¦¹ কৰি ভিতà§à¦¤à¦¿ সেৱা সংহতিসমূহ সংৰূপণ কৰক:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "অনà§à¦—à§à§°à¦¹ কৰি à¦à¦Ÿà¦¾ সেৱা বাছক।" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "অনà§à¦—à§à§°à¦¹ কৰি বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ আইডি সà§à¦®à§à§±à¦¾à¦“ক।" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "অনà§à¦—à§à§°à¦¹ কৰি বà§à¦¯à§±à¦¹à¦¾à§°à¦•à¦¾à§°à§€ নাম সà§à¦®à§à§±à¦¾à¦“ক।" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "ভিতà§à¦¤à¦¿ অঞà§à¦šà¦² সংহতিসমূহ" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "অনà§à¦—à§à§°à¦¹ কৰি ভিতà§à¦¤à¦¿ অঞà§à¦šà¦² সংহতিসমূহ সংৰূপণ কৰক:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "অবিকলà§à¦ªà¦¿à¦¤ লকà§à¦·à§à¦¯" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "লকà§à¦·à§à¦¯:" firewalld-1.1.1/po/ast.po0000644000000000000000000012562614217342322015242 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Enol P. , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: Automatically generated\n" "Language-Team: none\n" "Language: ast\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-1.1.1/po/bg.po0000644000000000000000000014574614217342322015050 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Valentin Laskov , 2012-2014 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2015-02-26 09:43+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Bulgarian (http://www.transifex.com/projects/p/firewalld/" "language/bg/)\n" "Language: bg\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Ðплет на защитната Ñтена" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Защитна Ñтена" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Конфигуриране на защитната Ñтена" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Зона '%s' активирана за Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Зона по подразбиране" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Конфигуриране зоните за вдигане/ÑвалÑне на защитата" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Тук можете да изберете зоните, използвани за вдигане и ÑвалÑне на защитите." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Тази Ñ„ÑƒÐ½ÐºÑ†Ð¸Ñ Ðµ полезна оÑновно за хора, използващи подразбиращата Ñе зона. " "За потребители, ÑменÑщи зоните за връзки, използването може да е ограничено." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Зона Ñ Ð²Ð´Ð¸Ð³Ð½Ð°Ñ‚Ð¸ щитове:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Зона ÑÑŠÑ Ñвалени щитове:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Вдигни защитите" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Разреши уведомлениÑта" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Редактиране наÑтройките на защитната Ñтена..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "ПромÑна зоните на връзките..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Конфигуриране зоните за вдигане/ÑвалÑне на защитата..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Блокира Ñ†ÐµÐ»Ð¸Ñ Ð¼Ñ€ÐµÐ¶Ð¾Ð²Ð¸ трафик" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "ÐÑма връзка." #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Източници" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "УдоÑтоверÑването не уÑпÑ." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Ðевалиден аргумент %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Името вече ÑъщеÑтвува" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "ÐÑма връзка Ñ Ð´ÐµÐ¼Ð¾Ð½Ð° на защитната Ñтена" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "ЦелиÑÑ‚ мрежови трафик е блокиран." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Зона по подразбиране: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Зона '{zone}' е активна за връзка '{connection}' на Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ '{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Зона '{zone}' е активна за Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Зона '{zone}' активна за източник {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "ÐÑма активни зони." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Връзката Ñ FirewallD е оÑъщеÑтвена." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Връзката Ñ FirewallD е изгубена." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD беше презареден." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Подразбиращата Ñе зона е Ñменена на '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "МрежовиÑÑ‚ трафик вече не е блокиран." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "активиран" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "деактивиран" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Зона '{zone}' е {activated_deactivated} за връзка '{connection}' през " "Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Зона '{zone}' е {activated_deactivated} за Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Зона '%s' е активирана за Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Зона '{zone}' е {activated_deactivated} за източник '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Зона '%s' е активирана за източник '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ÐеуÑпех при зареждане на икони." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "УÑлуга" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Порт" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Протокол" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Към порт" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Към адреÑ" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp тип" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Източник" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Внимание" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Грешка" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Зона" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Зона '%s': УÑлуга '%s' е недоÑтъпна." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Премахване на зона" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Игнорирай" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Зона '%s': ICMP тип '%s' е недоÑтъпен." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Вградена зона, преименуване не Ñе поддържа." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Вградена уÑлуга, преименуване не Ñе поддържа." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Вграден icmp, преименуване не Ñе поддържа." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Избор на зона за източник %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ÐдреÑ" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "МолÑ, изберете подразбиращата Ñе зона от ÑпиÑъка по-долу." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "ПренаÑочване на порт" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "МолÑ, задайте наÑтройките за източник и цел, Ñпоред нуждите Ви." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Порт / Диапазон портове:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP адреÑ:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Протокол:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Ðазначение" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Ðко разрешите локалното пренаÑочване, ще Ñ‚Ñ€Ñбва да зададете порт. Той ще " "Ñ‚Ñ€Ñбва да е различен от Ð¿ÑŠÑ€Ð²Ð¾Ð½Ð°Ñ‡Ð°Ð»Ð½Ð¸Ñ Ð¿Ð¾Ñ€Ñ‚." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Локално пренаÑочване" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "ПренаÑочване към друг порт" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Почернените елементи Ñа задължителни, вÑички оÑтанали - не." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Име:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "ВерÑиÑ:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Кратко:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "ОпиÑание:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "ОÑновни наÑтройки на ICMP типове" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "МолÑ, конфигурирайте оÑновните наÑтройки на ICMP типове:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP тип" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "ДобавÑне на запиÑ" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Файл" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Опции" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Презареди " #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "СмÑна на подразбиращата Ñе зона." #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Помощ" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Текущо видима конфигурациÑ. Работната ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ Ðµ иÑтинÑки активната " "конфигурациÑ. ПоÑтоÑнната ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ Ñ‰Ðµ бъде активна Ñлед реÑтартиране на " "уÑлугата или ÑиÑтемата." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "ДобавÑне на зона" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Редактиране на зона" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Премахване на зона" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Зареждане на подразбиращото Ñе за зоната" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "УÑлуги" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Към порт" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Редактиране на зона" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Премахване на зона" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Портове" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "МаÑкирането позволÑва чрез хоÑÑ‚ или рутер да Ñвържете Вашата локална мрежа " "към Интернет. Вашата локална мрежа ще бъде невидима и хоÑтовете в Ð½ÐµÑ Ñ‰Ðµ Ñе " "предÑтавÑÑ‚ Ñ ÐµÐ´Ð¸Ð½ единÑтвен Ð°Ð´Ñ€ÐµÑ Ð² Интернет. МаÑкирането е Ñамо за IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Зона Ñ Ð¼Ð°Ñкиране" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Ðко разрешите маÑкирането, ще бъде разрешен и IP forwarding за Вашите IPv4 " "мрежи." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "МаÑкиране" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ДобавÑне на правила за пренаÑочване на портове от един порт към друг на " "локалната ÑиÑтема или от локалната към друга ÑиÑтема. ПренаÑочването към " "друга ÑиÑтема работи Ñамо ако интерфейÑÑŠÑ‚ е маÑкиран. ПренаÑочването е Ñамо " "за IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ДобавÑне пренаÑочване на порт" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Редактиране пренаÑочването на порт" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Премахване пренаÑочването на порт" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Протоколът Internet Control Message Protocol (ICMP) Ñе използва оÑновно за " "изпращане на ÑÑŠÐ¾Ð±Ñ‰ÐµÐ½Ð¸Ñ Ð·Ð° грешки между компютри в мрежата, както и за " "информационни ÑÑŠÐ¾Ð±Ñ‰ÐµÐ½Ð¸Ñ ÐºÐ°Ñ‚Ð¾ ping Ð·Ð°Ð¿Ð¸Ñ‚Ð²Ð°Ð½Ð¸Ñ Ð¸ отговори." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Маркирайте в ÑпиÑъка ICMP типовете, които да бъдат отхвърлÑни. За вÑички " "други ICMP типове преминаването през защитната Ñтена е разрешено. По " "подразбиране Ð¾Ð³Ñ€Ð°Ð½Ð¸Ñ‡ÐµÐ½Ð¸Ñ Ð½Ñма." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP филтър" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Зони" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "ДобавÑне на уÑлуга" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Редактиране на уÑлуга" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Премахване на уÑлуга" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Зарежда подразбиращото Ñе за уÑлугата" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Редактиране на запиÑ" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Премахване на запиÑ" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Модули" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Ðко зададете целеви адреÑи, уÑлугите ще бъдат ограничени Ñпоред Ñ†ÐµÐ»ÐµÐ²Ð¸Ñ " "Ð°Ð´Ñ€ÐµÑ Ð¸ тип. Ðко и двете Ñа празни, Ð¾Ð³Ñ€Ð°Ð½Ð¸Ñ‡ÐµÐ½Ð¸Ñ Ð½Ñма." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Ð”Ð¾Ð±Ð°Ð²Ñ ICMP тип" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Редактира ICMP типа" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Премахва ICMP типа" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Зарежда подразбиращите Ñе ICMP типове" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Текуща зона по подразбиране на ÑиÑтемата." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Зона по подразбиране:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Порт и Протокол" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "МолÑ, въведете порт и протокол." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Друг протокол:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "ОÑновни наÑтройки на уÑлугата" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "МолÑ, конфигурирайте оÑновните наÑтройки на уÑлугата:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "ОÑновни наÑтройки на зоната" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "МолÑ, конфигурирайте оÑновните наÑтройки на зоната:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Цел по подразбиране" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Цел:" firewalld-1.1.1/po/bn_IN.po0000644000000000000000000021254514217342322015435 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Saibal Ray, 2014 # Jamil Ahmed , 2003 # Runa Bhattacharjee , 2008 # runab , 2004-2010 # Saibal Ray, 2014 # Saibal Ray, 2014 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2015-02-26 09:43+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Bengali (India) (http://www.transifex.com/projects/p/" "firewalld/language/bn_IN/)\n" "Language: bn_IN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "ফায়ারওয়াল অà§à¦¯à¦¾à¦ªà§à¦²à§‡à¦Ÿ" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ফায়ারওয়াল" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ফায়ারওয়াল কনফিগারেশন" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸ '%s' à¦à¦° জনà§à¦¯ অঞà§à¦šà¦² নিরà§à¦¬à¦¾à¦šà¦¨ করà§à¦¨" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "ডিফলà§à¦Ÿ অঞà§à¦šà¦²" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "'%s' সংযোগের জনà§à¦¯ অঞà§à¦šà¦² নিরà§à¦¬à¦¾à¦šà¦¨ করà§à¦¨" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "শিলà§à¦¡ ঊরà§à¦§à§à¦¬à§‡/নিমà§à¦¨à§‡ অঞà§à¦šà¦² কনফিগার করà§à¦¨" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "শিলà§à¦¡ ঊরà§à¦§à§à¦¬ à¦à¦¬à¦‚ শিলà§à¦¡ নিমà§à¦¨à§‡à¦° জনà§à¦¯ বà§à¦¯à¦¬à¦¹à§ƒà¦¤ অঞà§à¦šà¦²à¦—à§à¦²à¦¿ অাপনি à¦à¦–ানে নিরà§à¦¬à¦¾à¦šà¦¨ করতে পারবেন।" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "অধিকাংশ কà§à¦·à§‡à¦¤à§à¦°à§‡ ডিফলà§à¦Ÿ অঞà§à¦šà¦² বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦¦à§‡à¦° কাছে à¦à¦‡ বৈশিষà§à¦Ÿà¦Ÿà¦¿ উপযোগী। " "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦¦à§‡à¦° জনà§à¦¯, যা সংযোগের পরিবরà§à¦¤à¦¨à¦¶à§€à¦² অঞà§à¦šà¦², বà§à¦¯à¦¬à¦¹à¦¾à¦° সীমাবদà§à¦§ হতে পারে।" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "শিলà§à¦¡ ঊরà§à¦§à§à¦¬ অঞà§à¦šà¦²:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "শিলà§à¦¡ নিমà§à¦¨ অঞà§à¦šà¦²:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "শিলà§à¦¡ ঊরà§à¦§à§à¦¬à§‡" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "বিজà§à¦žà¦ªà§à¦¤à¦¿ সকà§à¦°à¦¿à¦¯à¦¼ করà§à¦¨" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "ফায়ারওয়াল সেটিং সমà§à¦ªà¦¾à¦¦à¦¨ করà§à¦¨..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "সংযোগের অঞà§à¦šà¦² পরিবরà§à¦¤à¦¨ করà§à¦¨..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "শিলà§à¦¡ ঊরà§à¦§à§à¦¬à§‡/নিমà§à¦¨à§‡ অঞà§à¦šà¦² কনফিগার করà§à¦¨..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "সকল নেটওয়ারà§à¦• টà§à¦°à§à¦¯à¦¾à¦«à¦¿à¦• অবরà§à¦¦à§à¦§ করà§à¦¨" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "সংযোগ" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "উৎস" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "অনà§à¦®à§‹à¦¦à¦¨ বà§à¦¯à¦°à§à¦¥à¥¤" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "অবৈধ নাম" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "নাম ইতিমধà§à¦¯à§‡à¦‡ উপসà§à¦¥à¦¿à¦¤" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "ফায়ারওয়াল ডিমোনে কোনো সংযোগ নেই" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "সকল নেটওয়ারà§à¦• টà§à¦°à§à¦¯à¦¾à¦«à¦¿à¦• অবরà§à¦¦à§à¦§à¥¤" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "ডিফলà§à¦Ÿ অঞà§à¦šà¦²: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "অঞà§à¦šà¦² '{zone}' '{connection}' সংযোগের জনà§à¦¯ সকà§à¦°à¦¿à¦¯à¦¼, '{interface}' ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸à§‡" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "অঞà§à¦šà¦² '{zone}' '{interface}' ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸à§‡à¦° জনà§à¦¯ সকà§à¦°à¦¿à¦¯à¦¼" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "অঞà§à¦šà¦² '{zone}' {source} সোরà§à¦¸à§‡à¦° জনà§à¦¯ সকà§à¦°à¦¿à¦¯à¦¼" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "কোনো সকà§à¦°à¦¿à¦¯à¦¼ অঞà§à¦šà¦² নেই।" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallD ঠসংযোগ সà§à¦¥à¦¾à¦ªà¦¿à¦¤ হয়েছে।" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallD ঠসাথে সংযোগ বিচà§à¦›à¦¿à¦¨à§à¦¨ হয়েছে।" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD অাবার লোড করা হয়েছে।" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "ডিফলà§à¦Ÿ অঞà§à¦šà¦² '%s' ঠপরিবরà§à¦¤à¦¨ করা হয়েছে।" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "নেটওয়ারà§à¦• টà§à¦°à§à¦¯à¦¾à¦«à¦¿à¦• অার অবরà§à¦¦à§à¦§ নেই।" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "সকà§à¦°à¦¿à§Ÿ করা হয়েছে" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "নিষà§à¦•à§à¦°à¦¿à§Ÿ" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "অঞà§à¦šà¦² '{zone}' {activated_deactivated} '{connection}' সংযোগের জনà§à¦¯, " "'{interface}' ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸à§‡" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "অঞà§à¦šà¦² '{zone}' {activated_deactivated} '{interface}' ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸à§‡ জনà§à¦¯" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "অঞà§à¦šà¦² '%s' '%s' ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸à§‡à¦° জনà§à¦¯ সকà§à¦°à¦¿à¦¯à¦¼ করা হয়েছে" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "অঞà§à¦šà¦² '{zone}' {activated_deactivated} '{source}' সোরà§à¦¸à§‡à¦° জনà§à¦¯" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "অঞà§à¦šà¦² '%s' '%s' সোরà§à¦¸à§‡à¦° জনà§à¦¯ সকà§à¦°à¦¿à¦¯à¦¼ করা হয়েছে" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "পরিবরà§à¦¤à¦¨à¦—à§à¦²à¦¿ পà§à¦°à¦¯à§‹à¦œà§à¦¯ হয়েছে।" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "'%s' নেটওয়ারà§à¦• সংযোগের দà§à¦¬à¦¾à¦°à¦¾ বà§à¦¯à¦¬à¦¹à§ƒà¦¤" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "সকà§à¦°à¦¿à§Ÿ" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "নিষà§à¦•à§à¦°à¦¿à§Ÿ" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "অাইকনগà§à¦²à¦¿ লোড করতে বà§à¦¯à¦°à§à¦¥à¥¤" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦° নাম" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "রানটাইম" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "সà§à¦¥à¦¾à¦¯à¦¼à§€" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "পরিসেবা" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "পোরà§à¦Ÿ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "পà§à¦°à§‹à¦Ÿà§‹à¦•à¦²" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "উদà§à¦¦à¦¿à¦·à§à¦Ÿ পোরà§à¦Ÿ" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "উদà§à¦¦à¦¿à¦·à§à¦Ÿ ঠিকানা" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp ধরন" #: ../src/firewall-config.in:822 msgid "Family" msgstr "পরিবার" #: ../src/firewall-config.in:826 msgid "Action" msgstr "কাজ" #: ../src/firewall-config.in:828 msgid "Element" msgstr "উপাদান" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "লগ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "অডিট" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "উৎস" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "সতরà§à¦•à¦¬à¦¾à¦°à§à¦¤à¦¾" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "তà§à¦°à§à¦Ÿà¦¿" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "গà§à¦°à¦¹à¦£ করà§à¦¨" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "পà§à¦°à¦¤à§à¦¯à¦¾à¦–à§à¦¯à¦¾à¦¨ করà§à¦¨" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "ছাড়à§à¦¨" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "সীমা" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "পরিষেবা" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "পোরà§à¦Ÿ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "পà§à¦°à§‹à¦Ÿà§‹à¦•à¦²" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "masquerade" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "ফরোয়ারà§à¦¡-পোরà§à¦Ÿ" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "সà§à¦¤à¦°" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "হà§à¦¯à¦¾à¦" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "অঞà§à¦šà¦²" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "অঞà§à¦šà¦² '%s': '%s' পরিষেবা উপলবà§à¦§ নয়।" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "অপসারণ" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "অগà§à¦°à¦¾à¦¹à§à¦¯ করা হবে" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "অঞà§à¦šà¦² '%s': ICMP ধরন '%s' উপলবà§à¦§ নয়।" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "বিলà§à¦Ÿ-ইন অঞà§à¦šà¦², নাম পরিবরà§à¦¤à¦¨ সমরà§à¦¥à¦¿à¦¤ নয়।" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "দà§à¦¬à¦¿à¦¤à§€à§Ÿ" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "মিনিট" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ঘনà§à¦Ÿà¦¾" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "দিন" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "জরà§à¦°à¦¿" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "সাবধানবাণী" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "গà§à¦°à§à¦¤à§à¦¬à¦ªà§‚রà§à¦£" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "তà§à¦°à§à¦Ÿà¦¿" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "সতরà§à¦•à¦¬à¦¾à¦°à§à¦¤à¦¾" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "সূচনা" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "তথà§à¦¯" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ডিবাগ" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸ ছদà§à¦®à¦¬à§‡à¦¶ ধারণ করলে শà§à¦§à§à¦®à¦¾à¦¤à§à¦° তখনই অনà§à¦¯ সিসà§à¦Ÿà§‡à¦®à§‡ ফরোয়ারà§à¦¡à¦¿à¦‚ উপযোগী।\n" "অাপনি কি à¦à¦‡ অঞà§à¦šà¦²à¦•à§‡ ছদà§à¦®à¦¬à§‡à¦¶ পড়াতে চান?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "বিলà§à¦Ÿ-ইন পরিষেবা, নাম পরিবরà§à¦¤à¦¨ সমরà§à¦¥à¦¿à¦¤ নয়।" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "বিলà§à¦Ÿ-ইন icmp, নাম পরিবরà§à¦¤à¦¨ সমরà§à¦¥à¦¿à¦¤ নয়।" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "সোরà§à¦¸ '%s' à¦à¦° জনà§à¦¯ অঞà§à¦šà¦² নিরà§à¦¬à¦¾à¦šà¦¨ করà§à¦¨" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ঠিকানা" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "অনà§à¦—à§à¦°à¦¹ করে কমà§à¦¯à¦¾à¦¨à§à¦¡ লাইন উলà§à¦²à§‡à¦– করà§à¦¨à¥¤" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "অনà§à¦—à§à¦°à¦¹ করে পà§à¦°à¦¸à¦™à§à¦— উলà§à¦²à§‡à¦– করà§à¦¨à¥¤" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "অনà§à¦—à§à¦°à¦¹ করে নীচের তালিকা থেকে ডিফলà§à¦Ÿ অঞà§à¦šà¦² নিরà§à¦¬à¦¾à¦šà¦¨ করà§à¦¨à¥¤" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "সরাসারি চেন" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "অনà§à¦—à§à¦°à¦¹ করে ipv à¦à¦¬à¦‚ সারণী নিরà§à¦¬à¦¾à¦šà¦¨ করà§à¦¨ à¦à¦¬à¦‚ চেনের নাম লিখà§à¦¨à¥¤" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "চেন:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "নিরাপতà§à¦¤à¦¾" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "সারণী:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "ডাইরেকà§à¦Ÿ Passthrough নিয়ম" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "অনà§à¦—à§à¦°à¦¹ করে ipv নিরà§à¦¬à¦¾à¦šà¦¨ করà§à¦¨ à¦à¦¬à¦‚ args পà§à¦°à¦¬à§‡à¦¶ করান।" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "পোরà§à¦Ÿ ফরওয়ারà§à¦¡à¦¿à¦‚" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "পà§à¦°à§Ÿà§‹à¦œà¦¨ অনà§à¦¸à¦¾à¦°à§‡ উৎস ও গনà§à¦¤à¦¬à§à¦¯ সংকà§à¦°à¦¾à¦¨à§à¦¤ বিবিধ বিকলà§à¦ªà¦—à§à¦²à¦¿ নিরà§à¦¬à¦¾à¦šà¦¨ করà§à¦¨à¥¤" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "পোরà§à¦Ÿ / পোরà§à¦Ÿà§‡à¦° সীমা:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP ঠিকানা:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "পà§à¦°à§‹à¦Ÿà§‹à¦•à¦²:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "গনà§à¦¤à¦¬à§à¦¯à¦¸à§à¦¥à¦²" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "সà§à¦¥à¦¾à¦¨à§€à§Ÿà¦°à§‚পে ফরওয়ারà§à¦¡à¦¿à¦‚ করতে ইচà§à¦›à§à¦• হলে, à¦à¦•à¦Ÿà¦¿ পোরà§à¦Ÿ নিরà§à¦¦à§‡à¦¶ করা আবশà§à¦¯à¦•à¥¤ উদà§à¦¦à¦¿à¦·à§à¦Ÿ পোরà§à¦Ÿà¦Ÿà¦¿ " "উৎস পোরà§à¦Ÿà§‡à¦° থেকে পৃথক হওয়া আবশà§à¦¯à¦•à¥¤" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "সà§à¦¥à¦¾à¦¨à§€à§Ÿà¦°à§‚পে ফরওয়ারà§à¦¡à¦¿à¦‚" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "কোনো পৃথক পোরà§à¦Ÿà§‡ ফরওয়ারà§à¦¡ করা হবে" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "মোটা হরফে লেখা বাধà§à¦¯à¦¤à¦¾à¦®à§‚লক, বাকি সব বৈকলà§à¦ªà¦¿à¦•à¥¤" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "নাম:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "সংসà§à¦•à¦°à¦£:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "সংকà§à¦·à¦¿à¦ªà§à¦¤:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "বিবরণ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "পরিবার:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "পà§à¦°à¦¾à¦¥à¦®à¦¿à¦• ICMP ধরন সেটিং" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "অনà§à¦—à§à¦°à¦¹ করে পà§à¦°à¦¾à¦¥à¦®à¦¿à¦• ICMP ধরন সেটিং কনফিগার করà§à¦¨:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP পà§à¦°à¦•à§ƒà¦¤à¦¿" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "অনà§à¦—à§à¦°à¦¹ করে à¦à¦•à¦Ÿà¦¿ ICMP ধরন নিরà§à¦¬à¦¾à¦šà¦¨ করà§à¦¨" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "à¦à¦¨à¦Ÿà§à¦°à¦¿ যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ফাইল (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "বিবিধ বিকলà§à¦ª (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld পà§à¦¨à¦°à¦¾à§Ÿ লোড করà§à¦¨" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ফায়ারওয়াল নিয়ম পà§à¦¨à¦ƒà¦²à§‹à¦¡ করে। বরà§à¦¤à¦®à¦¾à¦¨ সà§à¦¥à¦¾à¦¯à¦¼à§€ কনফিগারেশন নতà§à¦¨ রানটাইম কনফিগারেশন " "হবে। অরà§à¦¥à¦¾à§Ž, পà§à¦¨à¦ƒà¦²à§‹à¦¡ পরà§à¦¯à¦¨à§à¦¤ হওয়া সমসà§à¦¤ শà§à¦§à§à¦®à¦¾à¦¤à§à¦° রানটাইম পরিবরà§à¦¤à¦¨à¦—à§à¦²à¦¿ পà§à¦¨à¦ƒà¦²à§‹à¦¡à§‡à¦° সাথে " "নষà§à¦Ÿ হয়ে যায়। যদি না তারা সà§à¦¥à¦¾à¦¯à¦¼à§€ কনফিগারেশনেও থেকে থাকে।" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "à¦à¦•à¦Ÿà¦¿ নেটওয়ারà§à¦• সংযোগ কোন অঞà§à¦šà¦²à§‡à¦° সংগে সংযà§à¦•à§à¦¤ তা পরিবরà§à¦¤à¦¨ করà§à¦¨à¥¤" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "ডিফলà§à¦Ÿ অঞà§à¦šà¦² পরিবরà§à¦¤à¦¨ করà§à¦¨" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "সংযোগ বা ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸à§‡à¦° জনà§à¦¯ ডিফলà§à¦Ÿ অঞà§à¦šà¦² পরিবরà§à¦¤à¦¨ করà§à¦¨à¥¤" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "পà§à¦¯à¦¾à¦¨à¦¿à¦• মোডের অরà§à¦¥ হল, সকল ইনকামিং à¦à¦¬à¦‚ অাউটগোয়িং পà§à¦¯à¦¾à¦•à§‡à¦Ÿ ডà§à¦°à¦ª করা হয়।" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "পà§à¦¯à¦¾à¦¨à¦¿à¦• মোড" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown ফায়ারওয়াল কনফিগারেশন লক করে, যাতে কিনা শà§à¦§à§à¦®à¦¾à¦¤à§à¦° lockdown whitelist ঠ" "অà§à¦¯à¦¾à¦ªà§à¦²à¦¿à¦•à§‡à¦¶à¦¨ তার পরিবরà§à¦¤à¦¨ করতে পারে।" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "লকডাউন" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "রানটাইম কনফিগারেশন সà§à¦¥à¦¾à§Ÿà§€ করà§à¦¨" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "রানটাইম থেকে সà§à¦¥à¦¾à§Ÿà§€" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "পà§à¦°à¦¦à¦°à§à¦¶à¦¨ (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP পà§à¦°à¦•à§ƒà¦¤à¦¿" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "ডাইরেকà§à¦Ÿ কনফিগারেশন" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "লকডাউন হোয়াইটলিসà§à¦Ÿ" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "সাহাযà§à¦¯ (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "কনফিগারেশন:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "বরà§à¦¤à¦®à¦¾à¦¨à§‡ দৃশà§à¦¯à¦®à¦¾à¦¨ কনফিগারেশন। রানটাইম কনফিগারেশন হল পà§à¦°à¦•à§ƒà¦¤ সকà§à¦°à¦¿à¦¯à¦¼ কনফিগারেশন। " "সà§à¦¥à¦¾à¦¯à¦¼à§€ কনফিগারেশন পরিষেবা বা সিসà§à¦Ÿà§‡à¦® পà§à¦¨à¦ƒà¦²à§‹à¦¡ বা বনà§à¦§ হয়ে চালৠহওয়ার পরে সকà§à¦°à¦¿à¦¯à¦¼ হবে।" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "à¦à¦•à¦Ÿà¦¿ ফায়ারওয়াল দিয়ে ঘেরা অঞà§à¦šà¦² তার মধà§à¦¯à¦¸à§à¦¤ নেটওয়ারà§à¦• সংযোগ, ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸ à¦à¦¬à¦‚ সোরà§à¦¸ " "ঠিকানার বিশà§à¦¬à¦¸à§à¦¤à§‡à¦° সà§à¦¤à¦°à¦•à§‡ নিরà§à¦§à¦¾à¦°à¦£ করে। অঞà§à¦šà¦²à§‡à¦° মধà§à¦¯à§‡ অনà§à¦¤à¦°à§à¦­à§à¦•à§à¦¤ হল পরিষেবাদি, পোরà§à¦Ÿ, " "পà§à¦°à§‹à¦Ÿà§‹à¦•à¦², মà§à¦¯à¦¾à¦¸à¦•à§‹à¦¯à¦¼à¦¾à¦°à¦¡à¦¿à¦‚, পোরà§à¦Ÿ/পà§à¦¯à¦¾à¦•à§‡à¦Ÿ ফরোয়ারà§à¦¡à¦¿à¦‚, icmp ফিলà§à¦Ÿà¦¾à¦° à¦à¦¬à¦‚ রিচ রà§à¦²à¥¤ অঞà§à¦šà¦² " "ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸ à¦à¦¬à¦‚ সোরà§à¦¸ ঠিকানার মধà§à¦¯à§‡ অাবদà§à¦§ থাকতে পারে।" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "অঞà§à¦šà¦² যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "অঞà§à¦šà¦² সমà§à¦ªà¦¾à¦¦à¦¨ করà§à¦¨" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "অঞà§à¦šà¦² সরান" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "অঞà§à¦šà¦² ডিফলà§à¦Ÿ লোড করà§à¦¨" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "অঞà§à¦šà¦²à§‡ কোন পরিষেবাগà§à¦²à¦¿ বিশà§à¦¬à¦¸à§à¦¤ তা অাপনি à¦à¦–ানে নিরà§à¦¦à¦¿à¦·à§à¦Ÿ করতে পারবেন। à¦à¦‡ অঞà§à¦šà¦²à§‡à¦° " "সংযোগ, ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸ à¦à¦¬à¦‚ সোরà§à¦¸ থেকে মেশিনে পৌà¦à¦›à¦¾à¦¤à§‡ পারে à¦à¦®à¦¨ সকল হোসà§à¦Ÿ à¦à¦¬à¦‚ নেটওয়ারà§à¦• " "থেকে বিশà§à¦¬à¦¸à§à¦¤ পরিষেবাগà§à¦²à¦¿ অà§à¦¯à¦¾à¦•à§à¦¸à§‡à¦¸à¦¯à§‹à¦—à§à¦¯à¥¤" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "পরিষেবা" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "অতিরিকà§à¦¤ পোরà§à¦Ÿ বা পোরà§à¦Ÿ রেঞà§à¦œ যোগ করà§à¦¨, যা মেশিনের সংগে সংযà§à¦•à§à¦¤ করা যায় à¦à¦®à¦¨ সকল " "হোসà§à¦Ÿ বা নেটওয়ারà§à¦•à§‡à¦° জনà§à¦¯ অà§à¦¯à¦¾à¦•à§à¦¸à§‡à¦¸ হওয়া পà§à¦°à¦¯à¦¼à§‹à¦œà¦¨à¥¤" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "পোরà§à¦Ÿ যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "পোরà§à¦Ÿ সমà§à¦ªà¦¾à¦¦à¦¨à¦¾ করà§à¦¨" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "পোরà§à¦Ÿ অপসারণ করà§à¦¨" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "পোরà§à¦Ÿ" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "সà§à¦¥à¦¾à¦¨à§€à§Ÿ নেটওয়ারà§à¦•, ইনà§à¦Ÿà¦¾à¦°à¦¨à§‡à¦Ÿà§‡à¦° সাথে সংযà§à¦•à§à¦¤ করার জনà§à¦¯ হোসà§à¦Ÿ অথবা রাউটার পà§à¦°à¦¸à§à¦¤à§à¦¤à¦¿à¦° সময় " "Masquerading সহয়াক। আপনার সà§à¦¥à¦¾à¦¨à§€à§Ÿ নেটওয়ারà§à¦• পà§à¦°à¦•à¦¾à¦¶à¦¿à¦¤ হবে না ও ইনà§à¦Ÿà¦¾à¦°à¦¨à§‡à¦Ÿà§‡ à¦à¦•à¦Ÿà¦¿ " "হোসà§à¦Ÿ রূপে পà§à¦°à¦¸à§à¦¤à§à¦¤ করা হবে। Masquerading শà§à¦§à§à¦®à¦¾à¦¤à§à¦° IPv4-র কà§à¦·à§‡à¦¤à§à¦°à§‡ পà§à¦°à¦¯à§‹à¦œà§à¦¯à¥¤" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Masquerade অঞà§à¦šà¦²" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "অাপনি মà§à¦¯à¦¾à¦¸à¦•à¦¿à¦‰à¦°à§‡à¦¡à¦¿à¦‚ সকà§à¦°à¦¿à¦¯à¦¼ করলে, IP ফরোয়ারà§à¦¡à¦¿à¦‚ অাপনার IPv4 নেটওয়ারà§à¦•à¦—à§à¦²à¦¿à¦° জনà§à¦¯ " "সকà§à¦°à¦¿à¦¯à¦¼ করা হবে।" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "সà§à¦¥à¦¾à¦¨à§€à§Ÿ সিসà§à¦Ÿà§‡à¦®à§‡à¦° মধà§à¦¯à§‡ অনà§à¦¯ পোরà§à¦Ÿà§‡ অথবা সà§à¦¥à¦¾à¦¨à§€à§Ÿ সিসà§à¦Ÿà§‡à¦® থেকে অনà§à¦¯ সিসà§à¦Ÿà§‡à¦®à§‡ পোরà§à¦Ÿ " "ফরওয়ারà§à¦¡ করার জনà§à¦¯ মান লিখà§à¦¨à¥¤ ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸ masquerade করা থাকলে পৃথক সিসà§à¦Ÿà§‡à¦®à§‡ পোরà§à¦Ÿ " "ফরওয়ারà§à¦¡ করা উপকারী হবে। পোরà§à¦Ÿ ফরওয়ারà§à¦¡à¦¿à¦‚ বà§à¦¯à¦¬à¦¸à§à¦¥à¦¾ শà§à¦§à§à¦®à¦¾à¦¤à§à¦° IPv4-র কà§à¦·à§‡à¦¤à§à¦°à§‡ পà§à¦°à¦¯à§‹à¦œà§à¦¯à¥¤" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ফরোয়ারà§à¦¡ পোরà§à¦Ÿ যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ফরোয়ারà§à¦¡ পোরà§à¦Ÿ সমà§à¦ªà¦¾à¦¦à¦¨à¦¾ করà§à¦¨" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ফরোয়ারà§à¦¡ পোরà§à¦Ÿ অপসারণ করà§à¦¨" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ইনà§à¦Ÿà¦¾à¦°à¦¨à§‡à¦Ÿ কনà§à¦Ÿà§à¦°à§‹à¦² মেসেজ পà§à¦°à§‹à¦Ÿà¦•à¦² (ICMP) পà§à¦°à§Ÿà§‹à¦— করে নেটওয়ারà§à¦•à§‡à¦° মধà§à¦¯à§‡ উপসà§à¦¥à¦¿à¦¤ " "কমà§à¦ªà¦¿à¦‰à¦Ÿà¦¾à¦°à¦—à§à¦²à¦¿à¦° মধà§à¦¯à§‡ তà§à¦°à§à¦Ÿà¦¿ বারà§à¦¤à¦¾ আদান পà§à¦°à¦¦à¦¾à¦¨ করা হয়। উপরনà§à¦¤à§, বিবিধ তথà§à¦¯ যেমন ping-র " "অনà§à¦°à§‹à¦§ ও উতà§à¦¤à¦° পà§à¦°à¦­à§ƒà¦¤à¦¿à¦“ বিনিময় করার জনà§à¦¯ à¦à¦Ÿà¦¿ বà§à¦¯à¦¬à¦¹à§ƒà¦¤ হয়।" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "পà§à¦°à¦¤à§à¦¯à¦¾à¦–à§à¦¯à¦¾à¦¨à§‡à¦° উদà§à¦¦à§‡à¦¶à§à¦¯à§‡, তালিকার মধà§à¦¯à§‡ ICMP-র ধরনগà§à¦²à¦¿ চিহà§à¦¨à¦¿à¦¤ করà§à¦¨à¥¤ অনà§à¦¯à¦¾à¦¨à§à¦¯ সকল ICMP-" "র ধরনগà§à¦²à¦¿ ফায়ারওয়ালের মধà§à¦¯à§‡ পà§à¦°à¦¬à§‡à¦¶ করতে সকà§à¦·à¦® হবে। ডিফলà§à¦Ÿà¦°à§‚পে কোনো পà§à¦°à¦¤à¦¿à¦°à§‹à¦§ করা হয় " "না।" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ফিলà§à¦Ÿà¦¾à¦°" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "à¦à¦–ানে অাপনি অঞà§à¦šà¦²à§‡à¦° জনà§à¦¯ সমৃদà§à¦§ ভাষা নিয়ম নিরà§à¦¦à¦¿à¦·à§à¦Ÿ করতে পারবেন।" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "সমৃদà§à¦§ নিয়ম যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "সমৃদà§à¦§ নিয়ম সমà§à¦ªà¦¾à¦¦à¦¨à¦¾ করà§à¦¨" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "সমৃদà§à¦§ নিয়ম সরান" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "সমৃদà§à¦§ নিয়মগà§à¦²à¦¿" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "অঞà§à¦šà¦²à§‡ ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸à¦—à§à¦²à¦¿ অাবদà§à¦§ করতে à¦à¦¨à§à¦Ÿà§à¦°à¦¿à¦—à§à¦²à¦¿ যোগ করà§à¦¨à¥¤ ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸ à¦à¦•à¦Ÿà¦¿ সংযোগের দà§à¦¬à¦¾à¦°à¦¾ " "বà§à¦¯à¦¬à¦¹à§ƒà¦¤ হলে, অঞà§à¦šà¦² সংযোগের দà§à¦¬à¦¾à¦°à¦¾ নিরà§à¦¦à¦¿à¦·à§à¦Ÿ অঞà§à¦šà¦²à§‡ নিরà§à¦¦à¦¿à¦·à§à¦Ÿ হবে।" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸ যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸ সমà§à¦ªà¦¾à¦¦à¦¨ করà§à¦¨" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ইনà§à¦Ÿà¦¾à¦°à¦«à§‡à¦¸ সরান" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "সোরà§à¦¸ যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "সোরà§à¦¸ সমà§à¦ªà¦¾à¦¦à¦¨ করà§à¦¨" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "সোরà§à¦¸ সরান" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "অঞà§à¦šà¦²" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "à¦à¦•à¦Ÿà¦¿ firewalld পরিষেবা হল পোরà§à¦Ÿ, পà§à¦°à§‹à¦Ÿà§‹à¦•à¦², মডিউল à¦à¦¬à¦‚ গনà§à¦¤à¦¬à§à¦¯ ঠিকানার সমনà§à¦¬à¦¯à¦¼à¥¤" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "পরিষেবা যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "পরিষেবা সমà§à¦ªà¦¾à¦¦à¦¨ করà§à¦¨" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "পরিষেবা অপসারণ করà§à¦¨" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "পরিষেবা ডিফলà§à¦Ÿ লোড করà§à¦¨" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "à¦à¦¨à¦Ÿà§à¦°à¦¿ সমà§à¦ªà¦¾à¦¦à¦¨à¦¾" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "à¦à¦¨à¦Ÿà§à¦°à¦¿ অপসারণ" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "মডিউল" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "অাপনি গনà§à¦¤à¦¬à§à¦¯ ঠিকানাগà§à¦²à¦¿ নিরà§à¦¦à¦¿à¦·à§à¦Ÿ করলে, পরিষেবা à¦à¦¨à§à¦Ÿà§à¦°à¦¿ গনà§à¦¤à¦¬à§à¦¯ ঠিকানা à¦à¦¬à¦‚ ধরনের " "মধà§à¦¯à§‡à¦‡ সীমাবদà§à¦§ থাকবে। উভয় à¦à¦¨à§à¦Ÿà§à¦°à¦¿à¦‡ খালি থাকলে, কোনো সীমাবদà§à¦§à¦¤à¦¾ থাকে না।" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "পরিষেবাগà§à¦²à¦¿ শà§à¦§à§à¦®à¦¾à¦¤à§à¦° সà§à¦¥à¦¾à¦¯à¦¼à§€ কনফিগারেশন রূপে পরিবরà§à¦¤à¦¨ করা যেতে পারে। পরিষেবাগà§à¦²à¦¿à¦° " "রানটাইম কনফিগারেশন নিরà§à¦¦à¦¿à¦·à§à¦Ÿà¥¤" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "à¦à¦•à¦Ÿà¦¿ firewalld icmptype, firewalld à¦à¦° জনà§à¦¯ à¦à¦•à¦Ÿà¦¿ ইনà§à¦Ÿà¦¾à¦°à¦¨à§‡à¦Ÿ কনà§à¦Ÿà§à¦°à§‹à¦² মেসেজ পà§à¦°à§‹à¦Ÿà§‹à¦•à¦² " "(ICMP) ধরনের জনà§à¦¯ তথà§à¦¯ পà§à¦°à¦¦à¦¾à¦¨ করে।" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP ধরন যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP ধরন সমà§à¦ªà¦¾à¦¦à¦¨ করà§à¦¨" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP ধরন অপসারণ করà§à¦¨" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP ধরন ডিফলà§à¦Ÿ যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "IPv4 à¦à¦¬à¦‚/অথবা IPv6 à¦à¦° জনà§à¦¯ à¦à¦‡ ICMP ধরন উপলবà§à¦§ কিনা তা নিরà§à¦¦à¦¿à¦·à§à¦Ÿ করà§à¦¨à¥¤" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP ধরনগà§à¦²à¦¿ শà§à¦§à§à¦®à¦¾à¦¤à§à¦° সà§à¦¥à¦¾à¦¯à¦¼à§€ কনফিগারেশন রূপে পরিবরà§à¦¤à¦¨ করা যেতে পারে। ICMP ধরনগà§à¦²à¦¿à¦° " "রানটাইম কনফিগারেশন নিরà§à¦¦à¦¿à¦·à§à¦Ÿà¥¤" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "ডাইরেকà§à¦Ÿ কনফিগারেশন ফায়ারওয়ালে অারো সরাসারি অà§à¦¯à¦¾à¦•à§à¦¸à§‡à¦¸ দেয়। à¦à¦‡ বিকলà§à¦ªà§‡à¦° কà§à¦·à§‡à¦¤à§à¦°à§‡ " "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦•à§‡ পà§à¦°à¦¾à¦¥à¦®à¦¿à¦• iptables কনসেপà§à¦Ÿ, অরà§à¦¥à¦¾à§Ž সারণী, চেন, কমà§à¦¯à¦¾à¦¨à§à¦¡, পà§à¦¯à¦¾à¦°à¦¾à¦®à¦¿à¦Ÿà¦¾à¦° " "à¦à¦¬à¦‚ টারà§à¦—েট জানতে হবে। অনà§à¦¯à¦¾à¦¨à§à¦¯ firewalld বৈশিষà§à¦Ÿà§à¦¯ বà§à¦¯à¦¬à¦¹à¦¾à¦° করা সমà§à¦­à¦¬ না হলে, " "শà§à¦§à§à¦®à¦¾à¦¤à§à¦° তখনই শেষ মাধà§à¦¯à¦® হিসাবে ডাইরেকà§à¦Ÿ কনফিগারেশন বà§à¦¯à¦¬à¦¹à¦¾à¦° করা হবে।" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "পà§à¦°à¦¤à§à¦¯à§‡à¦• বিকলà§à¦ªà§‡à¦° ipv অারà§à¦—à§à¦®à§‡à¦¨à§à¦Ÿ ipv4 বা ipv6 বা eb হতে হবে। ipv4 à¦à¦° কà§à¦·à§‡à¦¤à§à¦°à§‡ à¦à¦Ÿà¦¿ " "হবে iptables, ipv6 à¦à¦° কà§à¦·à§‡à¦¤à§à¦°à§‡ ip6tables à¦à¦¬à¦‚ eb à¦à¦° কà§à¦·à§‡à¦¤à§à¦°à§‡ ইথারনেট বà§à¦°à¦¿à¦œ " "(ebtables)।" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "নিয়মের সংগে বà§à¦¯à¦¬à¦¹à¦¾à¦° করার অতিরিকà§à¦¤ চেন।" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "চেন যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "চেন সমà§à¦ªà¦¾à¦¦à¦¨à¦¾ করà§à¦¨" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "চেন সরান" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "চেন" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "অগà§à¦°à¦¾à¦§à¦¿à¦•à¦¾à¦° বিশিষà§à¦Ÿ à¦à¦•à¦Ÿà¦¿ সারণীতে à¦à¦•à¦Ÿà¦¿ চেনে অারà§à¦—à§à¦®à§‡à¦¨à§à¦Ÿ args সমেত à¦à¦•à¦Ÿà¦¿ নিয়ম যোগ করà§à¦¨à¥¤" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "অগà§à¦°à¦¾à¦§à¦¿à¦•à¦¾à¦° নিয়ম অরà§à¦¡à¦¾à¦° করতে বà§à¦¯à¦¬à¦¹à¦¾à¦° করা হয়। অগà§à¦°à¦¾à¦§à¦¿à¦•à¦¾à¦° 0 à¦à¦° অরà§à¦¥ হল, চেনের উপরে " "নিয়ম যোগ করà§à¦¨, অপেকà§à¦·à¦¾à¦•à§ƒà¦¤ বেশি অগà§à¦°à¦¾à¦§à¦¿à¦•à¦¾à¦°à§‡à¦° কà§à¦·à§‡à¦¤à§à¦°à§‡ নিয়ম অারো নীচের দিকে যোগ হতে " "থাকবে। à¦à¦•à¦‡ অগà§à¦°à¦¾à¦§à¦¿à¦•à¦¾à¦°à§‡à¦° নিয়মগà§à¦²à¦¿ à¦à¦•à¦‡ লেবেলে থাকে à¦à¦¬à¦‚ à¦à¦‡ নিয়মগà§à¦²à¦¿à¦° কà§à¦°à¦® নিরà§à¦¦à¦¿à¦·à§à¦Ÿ " "নয় à¦à¦¬à¦‚ পরিবরà§à¦¤à¦¿à¦¤ হতে পারে। à¦à¦•à¦Ÿà¦¿à¦° পরে অার à¦à¦•à¦Ÿà¦¿ নিয়ম যোগ হোক তা অাপনি নিশà§à¦šà¦¿à¦¤ " "করতে চাইলে, পà§à¦°à¦¥à¦®à¦Ÿà¦¿à¦° জনà§à¦¯ à¦à¦•à¦Ÿà¦¿ কম অগà§à¦°à¦¾à¦§à¦¿à¦•à¦¾à¦° বà§à¦¯à¦¬à¦¹à¦¾à¦° করà§à¦¨ à¦à¦¬à¦‚ নিমà§à¦¨à¦²à¦¿à¦–িতের জনà§à¦¯ " "অপেকà§à¦·à¦¾à¦•à§ƒà¦¤ বেশি।" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "নিয়ম যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "নিয়ম সমà§à¦ªà¦¾à¦¦à¦¨ করà§à¦¨" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "নিয়ম সরান" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "নিয়ম" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "passthrough নিয়ম ফায়ারওয়াল দিয়ে সরাসারি চালনা করা হয় à¦à¦¬à¦‚ বিশেষ চেনে রাখা হয় " "না। সকল iptables, ip6tables à¦à¦¬à¦‚ ebtables বিকলà§à¦ª বà§à¦¯à¦¬à¦¹à¦¾à¦° করা যেতে পারে।" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "ফায়ারওয়াল যাতে কà§à¦·à¦¤à¦¿à¦—সà§à¦¥ না হয় তার জনà§à¦¯ অনà§à¦—à§à¦°à¦¹ করে passthrough নিয়মের কà§à¦·à§‡à¦¤à§à¦°à§‡ " "যতà§à¦¨à¦¬à¦¾à¦¨ হোন।" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Passthrough যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Passthrough সমà§à¦ªà¦¾à¦¦à¦¨à¦¾ করà§à¦¨" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Passthrough সরান" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Passthrough" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "লকডাউন বৈশিষà§à¦Ÿà§à¦¯ firewalld à¦à¦° জনà§à¦¯ বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€ à¦à¦¬à¦‚ অà§à¦¯à¦¾à¦ªà§à¦²à¦¿à¦•à§‡à¦¶à¦¨ নীতির à¦à¦•à¦Ÿà¦¿ কà§à¦·à§à¦¦à§à¦° " "সংসà§à¦•à¦°à¦£à¥¤ à¦à¦Ÿà¦¿ ফায়ারওয়ালের পরিবরà§à¦¤à¦¨à¦—à§à¦²à¦¿à¦•à§‡ সীমাবদà§à¦§ করে। লকডাউন হোয়াইটলিসà§à¦Ÿà§‡à¦° মধà§à¦¯à§‡ " "কমà§à¦¯à¦¾à¦¨à§à¦¡, কনটেকà§à¦¸, বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€ à¦à¦¬à¦‚ বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€ অাইডি থাকতে পারে।" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "কনটেকà§à¦¸à¦Ÿ যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "কনটেকà§à¦¸à¦Ÿ সমà§à¦ªà¦¾à¦¦à¦¨à¦¾ করà§à¦¨" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "কনটেকà§à¦¸à¦Ÿ সরান" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "কনটেকà§à¦¸à¦Ÿ" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "whitelist ঠকোনো কমà§à¦¯à¦¾à¦¨à§à¦¡ à¦à¦¨à§à¦Ÿà§à¦°à¦¿ তারকা চিহà§à¦¨ '*' দিয়ে সমাপà§à¦¤ হলে, কমà§à¦¯à¦¾à¦¨à§à¦¡ দিয়ে শà§à¦°à§ " "হওয়া সমসà§à¦¤ কমà§à¦¯à¦¾à¦¨à§à¦¡ লাইন মিলবে। '*' উপসà§à¦¥à¦¿à¦¤ না থাকলে, অারà§à¦—à§à¦®à§‡à¦¨à§à¦Ÿ সমেত চরম কমà§à¦¯à¦¾à¦¨à§à¦¡ " "অবশà§à¦¯à¦‡ মিলতে হবে।" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "কমানà§à¦¡-লাইন যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "কমানà§à¦¡-লাইন সমà§à¦ªà¦¾à¦¦à¦¨ করà§à¦¨" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "কমানà§à¦¡-লাইন সরান" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "কমà§à¦¯à¦¾à¦¨à§à¦¡ লাইন" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦° নাম‌।" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦° নাম যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦° নাম সমà§à¦ªà¦¾à¦¦à¦¨ করà§à¦¨" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦° নাম সরান" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦° নাম" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦° অাইডি।" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€ অাইডি যোগ করà§à¦¨" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦° অাইডি সমà§à¦ªà¦¾à¦¦à¦¨ করà§à¦¨" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦° অাইডি সরান" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦° অাইডি" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "সিসà§à¦Ÿà§‡à¦®à§‡à¦° বরà§à¦¤à¦®à¦¾à¦¨ ডিফলà§à¦Ÿ অঞà§à¦šà¦²à¥¤" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "পà§à¦¯à¦¾à¦¨à¦¿à¦• মোড:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "লকডাউন:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "ডিফলà§à¦Ÿ অঞà§à¦šà¦²:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "পোরà§à¦Ÿ à¦à¦¬à¦‚ পà§à¦°à§‹à¦Ÿà§‹à¦•à¦²" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "অনà§à¦—à§à¦°à¦¹ করে à¦à¦•à¦Ÿà¦¿ পোরà§à¦Ÿ à¦à¦¬à¦‚ পà§à¦°à§‹à¦Ÿà§‹à¦•à¦² দিন।" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "ডাইরেকà§à¦Ÿ নিয়ম" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "অনà§à¦—à§à¦°à¦¹ করে ipv à¦à¦¬à¦‚ সারণী, চেন অগà§à¦°à¦¾à¦§à¦¿à¦•à¦¾à¦° নিরà§à¦¬à¦¾à¦šà¦¨ করà§à¦¨ à¦à¦¬à¦‚ args পà§à¦°à¦¬à§‡à¦¶ করান।" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "অগà§à¦°à¦¾à¦§à¦¿à¦•à¦¾à¦°:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "অনà§à¦—à§à¦°à¦¹ করে à¦à¦•à¦Ÿà¦¿ পà§à¦°à§‹à¦Ÿà§‹à¦•à¦² দিন।" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "অনà§à¦¯ পà§à¦°à§‹à¦Ÿà§‹à¦•à¦²:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "সমৃদà§à¦§ নিয়ম" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "অনà§à¦—à§à¦°à¦¹ করে à¦à¦•à¦Ÿà¦¿ সমৃদà§à¦§ নিয়ম দিন।" #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "" "হোসà§à¦Ÿ বা নেটওয়ারà§à¦• হোয়াইট বা কালো তালিকাভà§à¦•à§à¦¤à¦•à¦°à¦£à§‡à¦° কà§à¦·à§‡à¦¤à§à¦°à§‡ উপাদান নিষà§à¦•à§à¦°à¦¿à¦¯à¦¼ করà§à¦¨à¥¤" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "উৎসসà§à¦¥à¦²:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "গনà§à¦¤à¦¬à§à¦¯:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "লগ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "অডিট:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 à¦à¦¬à¦‚ ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "উলà§à¦Ÿà¦¾à¦¨à§‹" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "à¦à¦Ÿà¦¿à¦•à§‡ সকà§à¦·à¦® করতে হলে, অà§à¦¯à¦¾à¦•à¦¶à¦¨ 'রিজেকà§à¦Ÿ' হতে হবে à¦à¦¬à¦‚ ফà§à¦¯à¦¾à¦®à¦¿à¦²à¦¿ হয় 'ipv4' বা " "'ipv6' (উভয়ই নয়) হতে হবে।" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "ধরন সমেত:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "সীমা সমেত:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "পà§à¦°à§‡à¦«à¦¿à¦•à§à¦¸:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "সà§à¦¤à¦°:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "উপাদান:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "কাজ:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "পà§à¦°à¦¾à¦¥à¦®à¦¿à¦• পরিষেবা সেটিং" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "অনà§à¦—à§à¦°à¦¹ করে পà§à¦°à¦¾à¦¥à¦®à¦¿à¦• পরিষেবা সেটিং কনফিগার করà§à¦¨:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "অনà§à¦—à§à¦°à¦¹ করে à¦à¦•à¦Ÿà¦¿ পরিষেবা নিরà§à¦¬à¦¾à¦šà¦¨ করà§à¦¨à¥¤" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦° ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "অনà§à¦—à§à¦°à¦¹ করে বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦° অাইডি লিখà§à¦¨à¥¤" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "অনà§à¦—à§à¦°à¦¹ করে বà§à¦¯à¦¬à¦¹à¦¾à¦°à¦•à¦¾à¦°à§€à¦° নাম লিখà§à¦¨à¥¤" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "পà§à¦°à¦¾à¦¥à¦®à¦¿à¦• অঞà§à¦šà¦² সেটিং" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "অনà§à¦—à§à¦°à¦¹ করে পà§à¦°à¦¾à¦¥à¦®à¦¿à¦• অঞà§à¦šà¦² সেটিং কনফিগার করà§à¦¨:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "ডিফলà§à¦Ÿ টারà§à¦—েট" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "টারà§à¦—েট:" firewalld-1.1.1/po/ca.po0000644000000000000000000017200114217342322015023 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Angels Sala , 2004 # Josep Puigdemont , 2004-2006 # Josep Sànchez , 2010 # Josep Sànchez , 2010 # Pedro , 2005 # Robert Antoni Buj i Gelonch, 2014 # Xavier Conde Rueda , 2009 # Robert Antoni Buj Gelonch , 2015. #zanata # Robert Antoni Buj Gelonch , 2016. #zanata # Eric Garver , 2017. #zanata # Robert Antoni Buj Gelonch , 2017. #zanata # Robert Antoni Buj Gelonch , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2018-08-20 10:43+0000\n" "Last-Translator: Robert Antoni Buj Gelonch \n" "Language-Team: Catalan (http://www.transifex.com/projects/p/firewalld/" "language/ca/)\n" "Language: ca\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Miniaplicació del tallafoc" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Tallafoc" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuració del tallafoc" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "tallafoc;xarxa;seguretat;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Selecciona la zona per a la interfície «%s»" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona predeterminada" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Selecciona la zona per a la connexió «%s»" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" "No s'ha pogut establir la zona {zone} per a la connexió {connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Selecciona la zona per a l'origen «%s»" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Configura les zones d'escuts aixecats/baixats" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Aquí podeu seleccionar les zones utilitzades per als escuts aixecats i " "escuts abaixats." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Aquesta funció és útil per a la gent que utilitza majoritàriament les zones " "predeterminades. Per als usuaris que canvien les zones de les connexions " "haurien de fer-ne un ús limitat." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Zona d'escuts aixecats:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Restableix al predeterminat" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Zona d'escuts abaixats:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Quant a %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Autors" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Llicència" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Escuts aixecats" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Habilita les notificacions" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Edita els ajusts del tallafoc..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Canvia les zones de les connexions..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Configura les zones d'escuts aixecats/baixats..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Bloqueja tot el trànsit de xarxa" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Quant a" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Connexions" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfícies" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Orígens" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autentificació fallida." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "El nom no és vàlid" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "El nom ja existeix" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (zona predeterminada: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "No s'ha pogut obtenir les connexions de NetworkManager" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Sense importacions disponibles de NetworkManager" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Sense connexió al dimoni del tallafoc" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Tot el trànsit de xarxa està bloquejat." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Zona predeterminada: «%s»" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "La zona predeterminada '{default_zone}' està activa per a la connexió " "'{connection}' en la interfície '{interface}'" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "La zona '{zone}' es troba activa per a la connexió '{connection}' en la " "interfície '{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "La zona '{zone}' es troba activa per a la interfície '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "La zona '{zone}' es troba activa per a l'origen {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Sense zones actives." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "S'ha establert la connexió amb FirewallD." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "S'ha perdut la connexió amb FirewallD." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "S'ha tornat a carregar FirewallD." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "La zona predeterminada ha estat canviada a «%s»." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "El trànsit de xarxa ja no està bloquejat." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "activat" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "desactivat" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "La zona predeterminada '{default_zone}' {activated_deactivated} per a la " "connexió '{connection}' en la interfície '{interface}'" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} per a la connexió '{connection}' en la " "interfície '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} per a la interfície '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "La zona «%s» es va activar per a la interfície «%s»" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zona '{zone}' {activated_deactivated} per a l'origen '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "La zona «%s» es va activar per a l'origen «%s»" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "S'ha establert la connexió amb firewalld." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "S'està intentant connectar amb firewalld, a l'espera..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "No s'ha pogut connectar a firewalld. Assegureu-vos que el servei s'ha " "iniciat correctament i torneu-ho a intentar." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "S'han aplicat els canvis." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "És utilitzat en la connexió de xarxa «%s»" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "La zona predeterminada que s'utilitza en la connexió de xarxa «%s»" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "habilitat" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "inhabilitat" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "S'ha produït un error en la càrrega de les icones." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Context" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Línia d'ordres" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nom d'usuari" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Id. d'usuari" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Taula" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Encadenament" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioritat" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Arguments" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Temps d'execució" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Servei" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Cap al port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Cap a l'adreça" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Vincles" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Entrada" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Tipus d'icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Família" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Acció" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Origen" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Destí" #: ../src/firewall-config.in:834 msgid "log" msgstr "enregistra" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Revisa" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interfície" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Comentari" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Origen" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Advertència" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Error" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accepta" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "rebutja" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "descarta" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "marca" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "límit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "servei" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "emmascarament" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "bloqueig-icmp" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "reenviament-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "port-origen" #: ../src/firewall-config.in:2097 msgid "level" msgstr "nivell" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "sí" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Zona predeterminada: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zona: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona «%s»: El servei «%s» no està disponible." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Suprimeix" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ignora" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona «%s»: El tipus d'ICMP «%s» no està disponible." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Zona integrada, no es permet el canvi de nom." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "segons" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuts" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hores" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dies" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergència" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alerta" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "crític" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "error" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "advertència" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "notificació" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "informació" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "depuració" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "El reenviament a un altre sistema tan sols és útil si la interfície de xarxa " "està emmascarada.\n" "Voleu emmascarar aquesta zona?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Servei integrat, no es permet el canvi de nom." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Si us plau, introduïu una adreça ipv4 de la forma adreça[/màscara]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "La màscara pot ser una màscara de xarxa o un número." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Si us plau, introduïu una adreça ipv6 de la forma adreça[/màscara]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "La màscara és un número." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" "Si us plau, introduïu una adreça ipv4 o ipv6 de la forma adreça[/màscara]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "La màscara pot ser una màscara de xarxa o un número per a ipv4.\n" "La màscara és un número per a ipv6." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "ipset integrat, no es permet el canvi de nom." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Seleccioneu un fitxer" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Fitxers de text" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Tots els fitxers" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Tot" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Ajudant incrustat, el canvi de nom no està admès." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "ICMP integrat, no es permet el canvi de nom." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "No s'ha pogut llegir el fitxer «%s»: %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Selecciona la zona per a l'origen %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adreça" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Ajudants automàtics" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Ajusts dels ajudants automàtics:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Introduïu la línia d'ordres." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Introduïu el context." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Seleccioneu la zona predeterminada de la llista de sota." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Encadenament directe" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Seleccioneu l'ipv i la taula i introduïu el nom de l'encadenament." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Encadenament:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "en cru" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "seguretat" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Taula:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Regla de traspàs directe" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Seleccioneu l'ipv i introduïu els arguments." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Arguments:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Reenviament de ports" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Seleccioneu les opcions d'origen i de destí segons les vostres necessitats." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port o interval de ports:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Adreça IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destinació" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Si habiliteu el reenviament local, heu d'especificar un port. Aquest port ha " "de ser diferent del port origen." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Reenviament local" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Reenvia a un altre port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Ajusts de l'ajudant automàtic" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Configureu els ajusts de l'ajudant automàtic:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Les entrades en negreta són obligatòries, i les altres són opcionals." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nom:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versió:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Resum:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Descripció:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Família:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Mòdul:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Ajudant" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Seleccioneu un ajudant:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Base dels ajusts del tipus d'ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Configureu la base dels ajusts del tipus d'ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Tipus d'ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Seleccioneu un tipus d'ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Afegeix una entrada" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Afegeix entrades des d'un fitxer" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Suprimeix l'entrada seleccionada" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Suprimeix totes les entrades" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Suprimeix entrades des d'un fitxer" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fitxer" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opcions" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Recarrega Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Recarrega les regles del tallafoc. La configuració permanent actual es " "convertirà en la nova configuració temps d'execució. P. ex. tots els canvis " "que s'hagin fet en el temps d'execució fins a la nova recàrrega es perdran, " "sí no s'han fet també en la configuració permanent." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Canvia la zona a la qual pertany una connexió de xarxa." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Canvia la zona predeterminada" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" "Canvia la zona predeterminada per a les connexions o per a les interfícies." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Canvia la denegació de l'enregistrament" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Canvia el valor de la denegació de l'enregistrament." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Configura l'assignació de l'ajudant automàtic" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Configura l'establiment de l'assignació de l'ajudant automàtic." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "El mode pànic significa que tots els paquets d'entrada i de sortida són " "descartats." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Mode pànic" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "El confinament bloqueja la configuració del tallafoc, d'aquesta manera " "únicament les aplicacions en la llista blanca del confinament poden canviar-" "ho." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Confinament" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Fes permanent la configuració temps d'execució" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Temps d'execució a permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Visualitza" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Tipus d'ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Ajudants" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Configuració directa" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Llista blanca de confinaments" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Vincles actius" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "A_juda" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Canvia la zona" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "canvia la zona del vincle" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Oculta els vincles actius en temps d'execució a les zones, de les " "connexions, de les interfícies i dels orígens." #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Mostra els vincles actius en temps d'execució a les zones, de les " "connexions, de les interfícies i dels orígens." #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuració:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "La configuració actualment visible. La configuració en temps d'execució és " "la configuració que realment està activa. La configuració permanent serà la " "configuració activa després que el servei o el sistema es torni a carregar o " "iniciar." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Una zona firewalld defineix el nivell de confiança per a les connexions de " "xarxa, les interfícies i les adreces enllaçades a la zona. La zona combina " "serveis, ports, protocols, emmascarament, reenviament de ports/paquets, " "filtres icmp i regles d'enriquiment. La zona pot ser enllaçada a interfícies " "i adreces d'origen." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Afegeix una zona" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Edita la zona" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Suprimeix la zona" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Carrega els valors predeterminats de la zona" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Aquí podeu definir quins són els serveis de confiança de la zona. Els " "serveis de confiança són accessibles des de tots els amfitrions i xarxes que " "puguin aconseguir connectar-se amb la màquina, les interfícies i els orígens " "enllaçats en aquesta zona." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Serveis" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Afegiu els ports o els intervals de ports addicionals que hagin de ser " "accessibles per a tots els amfitrions o xarxes perquè es puguin connectar " "amb la màquina." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Afegeix un port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Edita el port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Suprimeix el port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Ports" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Afegiu els protocols que hagin de ser accessibles per a tots els amfitrions " "o xarxes." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Afegeix un protocol" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Afegeix el protocol" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Suprimeix el protocol" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protocols" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Afegiu els ports o els intervals de ports addicionals d'origen que hagin de " "ser accessibles per a tots els amfitrions o xarxes perquè es puguin " "connectar amb la màquina." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Ports d'origen" # translation auto-copied from project firewalld, version RHEL-7, document po/firewalld, author Robert Antoni Buj Gelonch #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "L'emmascarament us permet configurar un amfitrió o encaminador que connecta " "la vostra xarxa local a Internet. La vostra xarxa local no serà visible i " "els amfitrions apareixeran com una simple adreça en Internet. " "L'emmascarament únicament es pot utilitzar amb IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zona emmascarada" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Si habiliteu l'emmascarament, el reenviament IP estarà habilitat en les " "vostres xarxes IPv4." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Emmascarament" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Afegiu entrades per reenviar ports o bé des d'un port cap a un altre del " "sistema local o bé des del sistema local cap a un altre sistema. El " "reenviament a un altre sistema és útil només si la interfície està " "emmascarada. El reenviament de ports únicament es pot utilitzar amb IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Afegeix un reenviament de port" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Edita el reenviament de port" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Suprimeix el reenviament de port" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ICMP (Internet Control Message Protocol) s'utilitza principalment per enviar " "els missatges d'error entre ordinadors en xarxa, però addicionalment per als " "missatges d'informació com ara sol·licituds i respostes del ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Marqueu a la llista els tipus d'ICMP que han de rebutjar-se. Tots els altres " "tipus d'ICMP tenen permès passar pel tallafoc. Per defecte no hi ha cap " "limitació." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Si s'habilita Inverteix el filtre, s'accepten les entrades ICMP marcades i " "es rebutgen les altres. En una zona amb l'objectiu DROP, es deixen caure." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Inverteix el filtre" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtre ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" "Aquí podeu establir les regles del llenguatge d'enriquiment per a la zona." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Afegeix una regla d'enriquiment" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Edita la regla d'enriquiment" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Suprimeix la regla d'enriquiment" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Regles d'enriquiment" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Afegiu entrades per crear un vincle entre les interfícies i la zona. Si la " "interfície serà utilitzada per una connexió, la zona s'establirà a la zona " "indicada en la connexió." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Afegeix una interfície" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Edita la interfície" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Suprimeix la interfície" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Afegiu entrades per crear un vincle entre les adreces d'origen o àrees amb " "la zona. Podeu crear un vincle a una adreça d'origen MAC, però amb " "limitacions. El reenviament de ports i l'emmascarat no funcionarà per als " "vincles d'origen MAC." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Afegeix un origen" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Edita l'origen" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Suprimeix l'origen" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zones" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Un servei firewalld és una combinació de ports, protocols, mòduls i adreces " "de destinació." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Afegeix un servei" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Edita el servei" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Suprimeix el servei" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Carrega els valors predeterminats del servei" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Afegiu els ports o els intervals de ports addicionals que hagin de ser " "accessibles per a tots els amfitrions o xarxes." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Edita l'entrada" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Suprimeix l'entrada" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Afegiu els ports o els intervals de ports addicionals d'origen que hagin de " "ser accessibles per a tots els amfitrions o xarxes." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Port d'origen" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Alguns serveis necessiten els mòduls de l'ajudant de Netfilter." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Mòduls" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Si especifiqueu una adreça de destinació, l'entada del servei estarà " "limitada a l'adreça de destinació i al tipus. Si ambdues entrades estan " "buides, aleshores no hi ha cap limitació." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Els serveis es poden canviar únicament en la vista de configuració " "permanent. La configuració en temps d'execució dels serveis és fixa." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Un IPSet pot utilitzar-se per crear llistes blanques o negres, és capaç " "d'emmagatzemar per exemple les adreces IP, els números dels ports o les MAC." #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Afegeix un IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Edita l'IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Suprimeix l'IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Carrega els valors predeterminats d'IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Les entrades de l'IPSet. Únicament podreu veure les entrades dels ipsets que " "no estiguin utilitzant l'opció de temps d'expiració, i també únicament " "aquelles entrades que hagin estat afegides amb firewalld. Aquí no es " "llistaran aquelles entrades que s'hagin afegit directament amb l'ordre ipset." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Aquest IPSet utilitza l'opció de temps d'expiració, per tant aquí no hi ha " "cap entrada visible. Les entrades s'han de supervisar directament amb " "l'ordre ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Afegeix" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Entrades" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "Els IPSets únicament es poden crear en la vista de configuració permanent." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Un firewalld icmptype proporciona la informació per un tipus d'ICMP " "(Internet Control Message Protocol) per a firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Afegeix un tipus d'ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Edita el tipus d'ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Suprimeix el tipus d'ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Carrega els valor predeterminats d'ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Especifiqueu si aquest tipus d'ICMP està disponible per IPv4 i/o IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Els tipus d'ICMP únicament es poden canviar en la vista de configuració " "permanent. La configuració dels tipus d'ICMP en temps d'execució és fixa." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Un ajudant de seguiment de connexió ajuda a fer que funcionin els protocols " "que utilitzen diferents fluxos per a la senyalització i les transferències " "de dades. Les transferències de dades utilitzen ports que no estan " "relacionats amb la senyalització de la connexió, per tant, sense l'ajudant " "són bloquejades pel tallafoc." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Defineix els ports o els intervals de ports els quals estan monitorats per " "l'ajudant." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "La configuració directa dóna un accés més directe al tallafoc. Aquestes " "opcions requereixen que l'usuari conegui conceptes bàsics d'iptables, com " "taules, encadenaments, ordres, paràmetres i destinacions. La configuració " "directa ha d'utilitzar-se únicament com a últim recurs quan no és possible " "utilitzar les altres funcions de firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "L'argument ipv de cada opció ha de ser ipv4, ipv6 o eb. Amb ipv4 " "s'utilitzarà en iptables, amb ipv6 en ip6tables, i amb eb per als ponts de " "xarxa (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Encadenaments addicionals per utilitzar amb regles." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Afegeix un encadenament" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Edita l'encadenament" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Suprimeix l'encadenament" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Encadenament" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Afegiu una regla amb arguments a un encadenament en una taula amb una " "prioritat." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "La prioritat s'utilitza per ordenar les regles. Una prioritat 0 significa " "que s'afegeix al principi de l'encadenament, amb una prioritat superior la " "regla serà afegida per sota. Les regles amb la mateixa prioritat estan en el " "mateix nivell i l'ordre d'aquestes regles no es fixa i pot canviar. Si voleu " "assegurar-vos que una regla sigui afegida després d'una altra, utilitzeu una " "prioritat inferior per a la primera i superior per a la següent." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Afegeix una regla" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Edita la regla" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Suprimeix la regla" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regles" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Les regles de traspàs passen directament a través tallafoc i no es " "col·loquen en encadenaments especials. Es poden fer ús de totes les opcions " "d'iptables, d'ip6tables i d'ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "Aneu amb compte amb les regles de traspàs per no danyar el tallafoc." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Afegeix un traspàs" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Edita el traspàs" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Suprimeix el traspàs" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Traspàs" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "La funció de confinament és una versió lleugera de les polítiques d'usuari i " "aplicació per a firewalld. Limita els canvis al tallafoc. La llista blanca " "de confinaments pot contenir ordres, contexts, usuaris i id. d'usuaris." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Aquest context és el context de seguretat (SELinux) d'una aplicació o servei " "en execució. Per obtenir el context d'una aplicació en execució, utilitzeu " "ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Afegeix un context" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Edita el context" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Suprimeix el context" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contexts" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Si l'entrada d'una ordre en una llista blanca acaba amb '*', aleshores totes " "les línies d'ordres que comencin amb la comanda coincidiran. Si no hi ha '*' " "els arguments inclusius de la comanda absoluta han de coincidir." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Afegeix una línia d'ordres" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Edita la línia d'ordres" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Suprimeix la línia d'ordres" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Línies d'ordres" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Els noms d'usuaris." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Afegeix un nom d'usuari" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Edita el nom d'usuari" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Suprimeix el nom d'usuari" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Noms d'usuaris" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Id. d'usuaris" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Afegeix un Id. d'usuari" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Edita l'Id. d'usuari" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Suprimeix l'Id. d'usuari" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Id. d'usuaris" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "L'actual zona predeterminada del sistema." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Denegació de l'enregistrament:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Mode pànic:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Ajudants automàtics:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Confinament:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zona predeterminada:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Introduïu el nom d'una interfície:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Base dels ajusts d'IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Configureu la base dels ajusts d'ipset:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tipus:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Temps d'expiració:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Mida del hash:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Nombre màxim d'elements:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Valor del temps d'expiració en segons" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "mida del hash inicial, per defecte és 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Nombre màxim d'elements, per defecte és 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Seleccioneu un ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Introduïu una entrada ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Denegació de l'enregistrament" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Seleccioneu el valor de la denegació de l'enregistrament:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Marca" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Introduïu una marca amb una màscara opcional." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "El camp de la marca i el camp de la màscara són nombres sense signe de 32 " "bits d'amplada." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Marca:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Màscara:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Seleccioneu un ajudant conntrack de netfilter:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Selecciona -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Altres mòduls:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port i protocol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Introduïu el port i el protocol." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Regla directa" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Seleccioneu l'ipv i la taula, la prioritat de l'encadenament i introduïu els " "arguments." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioritat:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Introduïu un protocol." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Un altre protocol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Regla d'enriquiment" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Introduïu una regla d'enriquiment." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "" "Per a l'amfitrió o la xarxa en la llista blanca o en la llista negra " "desactiva l'element." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Origen:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destinació:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Enregistra:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Revisa:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 i ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "inverteix" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Per habilitar-ho l'acció ha de ser «rebutja» i la família «ipv4» o " "«ipv6» (no ambdós)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "amb tipus:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Amb un límit de:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Nivell:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Acció:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Base dels ajusts del servei" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Configureu la base dels ajusts del servei:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Seleccioneu un servei." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Introduïu un origen." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Id. d'usuari" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Especifiqueu l'id. d'usuari." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Introduïu el nom d'usuari." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etiqueta" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Base dels ajusts de la zona" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Configureu la base dels ajusts de la zona:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Destinació predeterminada" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Destinació:" firewalld-1.1.1/po/cs.po0000644000000000000000000017003114217342322015046 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Adam Pribyl , 2007-2010 # zdenek , 2013 # zdenek , 2015 # Jan Varta , 2012 # Jiří Popelka , 2013 # Jiří Popelka , 2013 # Jiří Popelka , 2013 # Michal Procházka , 2013 # Milan Kerslager , 2009-2010 # Miloslav TrmaÄ , 2002-2005,2008 # Nikola Å tohanzl , 2006 # zdenek , 2013 # zdenek , 2013 # zdenek , 2013 # Josef HruÅ¡ka , 2016. #zanata # Zdenek , 2016. #zanata # Zdenek , 2017. #zanata # Eric Garver , 2018. #zanata # Robert Chudý , 2018. #zanata # Pavel Borecki , 2019. #zanata, 2020, 2021. # Eric Garver , 2020. # Tomáš Doležal , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2021-12-03 22:16+0000\n" "Last-Translator: Pavel Borecki \n" "Language-Team: Czech \n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" "X-Generator: Weblate 4.9.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Aplet brány firewall" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Brána firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Nastavení brány firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;síť;zabezpeÄení;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Vyberte zónu pro rozhraní „%s“" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Výchozí zóna" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Vyberte zónu pro pÅ™ipojení „%s“" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "NepodaÅ™ilo se nastavit zónu {zone} pro pÅ™ipojení {connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Vyberte zónu pro zdroj „%s“" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Nastavit zóny zapnutých/vypnutých Å¡títů" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Zde můžete vybrat zóny použité pro zapnuté Å¡títy a vypnuté Å¡títy." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Tato funkce je užiteÄná pro ty, kteří využívají pÅ™evážnÄ› výchozí zóny. Pro " "uživatele, kteří mÄ›ní zóny pÅ™ipojení, může být toto použití omezující." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Zóna zapnutých Å¡títů:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Obnovit výchozí nastavení" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Zóna vypnutých Å¡títů:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "O %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "AutoÅ™i" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licence" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Zapnout Å¡títy" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Povolit upozornÄ›ní" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Upravit nastavení brány firewall…" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Nastavení zón pÅ™ipojení…" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Nastavit zóny zapnutých/vypnutých Å¡títů…" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Blokovat veÅ¡kerý síťový provoz" #: ../src/firewall-applet.in:492 msgid "About" msgstr "O aplikaci" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "PÅ™ipojení" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Rozhraní" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Zdroje" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Ověření se nezdaÅ™ilo." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Neplatný název" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Název už existuje" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zóna: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Výchozí zóna: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "NepodaÅ™ilo se získat spojení z NetworkManager" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "K dispozici nejsou žádné importy NetworkManager" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Není spojení s procesem služby brány firewall" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "VeÅ¡kerý síťový provoz je blokován." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Základní zóna: „%s“" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Výchozí zóna „{default_zone}“ je aktivní pro pÅ™ipojení „{connection}“ na " "rozhraní „{interface}“" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zóna „{zone}“ aktivní pro spojení „{connection}“ pÅ™es rozhraní „{interface}“" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zóna „{zone}“ aktivní pro rozhraní „{interface}“" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zóna „{zone}“ aktivní pro zdroj {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Žádné aktivní zóny." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Komunikace s FirewallD aktivní." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Komunikace s FirewallD ztracena." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "Nastavení FirewallD byla znovunaÄtena ze souboru." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Základní zóna se zmÄ›nila na „%s“." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Síťový provoz už není blokován." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "aktivováno" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "deaktivováno" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Základní zóna „{default_zone} {activated_deactivated}“ pro pÅ™ipojení " "„{connection}“ na rozhraní „{interface}“" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zóna „{zone}“ {activated_deactivated} pro spojení „{connection}“ na rozhraní " "„{interface}“" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zóna „{zone}“ {activated_deactivated} pro rozhraní „{interface}“" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zóna „%s“ aktivována pro rozhraní „%s“" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zóna „{zone}“ {activated_deactivated} pro zdroj „{source}“" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zóna „%s“ aktivována pro zdroj „%s“" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Spojení s bránou firewalld navázáno." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Pokus o spojení se službou firewalld, Äeká se…" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "NepodaÅ™ilo se spojit se službou firewalld. Zkontrolujte, zda byla služba " "správnÄ› spuÅ¡tÄ›na, a zkuste to znovu." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "ZmÄ›ny uplatnÄ›ny." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Využíváno síťovým pÅ™ipojením „%s“" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Výchozí zóna je využívána síťovým pÅ™ipojením „%s“" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "povolen" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "zakázán" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Nahrání ikon se nezdaÅ™ilo." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Kontext" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Příkazový řádek" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Uživatelské jméno" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Identif. uživatele" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabulka" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "ŘetÄ›zec" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priorita" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumenty" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Provozovaná" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Trvalá" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Služba" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Cílový port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Cílová adresa" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Vazby" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Položka" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp typ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Generace" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Akce" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Prvek" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Zdroj" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Cíl" #: ../src/firewall-config.in:834 msgid "log" msgstr "záznam" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Rozhraní" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Komentář" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Zdroj" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Varování" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Chyba" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "pÅ™ijmout" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "odmítnout" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "zahodit" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "oznaÄit" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "služba" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "IP maÅ¡karáda" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp typ" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "pÅ™esmÄ›rování-portu" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "port zdroje" #: ../src/firewall-config.in:2097 msgid "level" msgstr "úroveň" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ano" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zóna" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Výchozí zóna: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zóna: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zóna „%s“: Služba „%s“ není dostupná." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Odebrat" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ignorovat" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zóna „%s“: ICMP typ „%s“ není dostupný." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "VestavÄ›ná zóna, pÅ™ejmenování není možné." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekunda" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuta" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hodina" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "den" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "nouze" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "výstraha" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritický" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "chyba" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "varovaní" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "poznámka" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "informace" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ladit" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "PÅ™eposílání na jiný systém je užiteÄné pouze pokud je rozhraní " "maÅ¡karádované.\n" "PÅ™ejete si zamaÅ¡karádovat tuto zónu?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "VestavÄ›ná služba, pÅ™ejmenování není možné." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Zadejte IPv4 adresu podobÄ› adresa[/maska]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "Maska může být síťová maska nebo Äíslo." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Zadejte IPv6 adresu v podobÄ› adresa[/maska]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "Maska je Äíslo." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Zadejte IPv4 nebo IPv6 adresu v podobÄ› adresa[/maska]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Maska může být v případÄ› IPv4 síťová maska nebo Äíslo.\n" "U IPv6 jen Äíslo." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "VestavÄ›ný IPset, pÅ™ejmenování není podporováno." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Vyberte soubor" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Textové soubory" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "VÅ¡echny soubory" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "VÅ¡e" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "VestavÄ›ný pomocník, pÅ™ejmenování nepodporováno." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "VestavÄ›né Icmp, pÅ™ejmenování není možné." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "NepodaÅ™ilo se naÄíst soubor „%s“: %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Vyberte zónu pro zdroj %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresa" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "AutomatiÄtí pomocníci" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Vyberte hodnotu automatických pomocníků:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "PÅ™ejdÄ›te na příkazový řádek." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Zadejte kontext." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Z níže uvedeného seznamu vyberte výchozí zónu." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Přímý Å™etÄ›zec" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Vyberte IPv a tabulku a zadejte název Å™etÄ›zce." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "ŘetÄ›zec:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "zabezpeÄení" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabulka:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Pravidlo Přímého Průchodu" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Vyberte IPv a zadejte argumenty." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumenty:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "PÅ™esmÄ›rování portů" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Zvolte zdrojové a cílové volby podle svých potÅ™eb." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / rozsah portů:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP adresa:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Cíl" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Pokud zapnete lokální pÅ™eposílání, je tÅ™eba urÄit port. U toho je tÅ™eba, aby " "byl odliÅ¡ný od zdrojového portu." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Místní pÅ™eposílání" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "PÅ™eposlat na jiný port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Nastavení základního pomocníka" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "ProveÄte nastavení základního pomocníka:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "TuÄnÄ› psané je povinné, ostatní je volitelné." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Název:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Verze:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Krátce:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Popis:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Generace:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modul:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Pomocník" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Vyberte pomocníka:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Nastavení hlavního typu ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Nastavte hlavní nastavení typu ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP typ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Vyberte typ ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "PÅ™idat položku" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "PÅ™idat položky ze souboru" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Odebrat oznaÄenou položku" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Odebrat vÅ¡echny položky" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Odebrat položky ze souboru" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Soubor" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "M_ožnosti" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Znovu naÄíst Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Provede znovunaÄtení pravidel pro bránu firewall ze souboru s nastaveními. " "TÄ›mi bude nahrazeno nastavení, se kterým byla brána doposud provozována " "(bÄ›hové). Pokud pÅ™edtím byly v provozovaném nastavení brány provedeny nÄ›jaké " "zmÄ›ny za chodu, ale nebyly uloženy zpÄ›t do souboru s nastaveními, budou " "ztraceny." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ZmÄ›ní zónu, do které síťové pÅ™ipojení spadá." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "ZmÄ›nit výchozí zónu" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "ZmÄ›nit výchozí zónu pro pÅ™ipojení nebo rozhraní." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Přístup k záznamu zamítnutí" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "ZmÄ›ní hodnotu záznamu zamítnutí." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Nastavit pÅ™iÅ™azení automatického pomocníka" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Provést nastavení pÅ™iÅ™azení automatického pomocníka." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Režim paniky znamená, že veÅ¡keré příchozí a odchozí pakety budou zahozeny." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Režim paniky" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "UzamÄení zablokuje zmÄ›ny nastavení brány firewall tak, že ho budou moci " "mÄ›nit pouze aplikace, které se nacházejí na seznamu povolených." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "UzamÄení" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" "Uložit nastavení, se kterým je nyní provozováno, do souboru s nastaveními " "(stanou se trvalými)" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Provozované do trvalého" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Zobrazit" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPsety" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Typy ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Pomocníci" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Přímé nastavení" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Seznam výjimek z uzamÄení" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktivní vazby" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_NápovÄ›da" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "ZmÄ›nit zónu" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "ZmÄ›nit zónu vazby" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "Skrýt aktivní běžící vazby pÅ™ipojení, rozhraní a zdrojů k zónám" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "Zobrazit aktivní běžící vazby pÅ™ipojení, rozhraní a zdrojů k zónám" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Nastavení:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Nyní viditelné nastavení. Nastavení, se kterým je nyní provozováno, je to " "nyní aktivní. Trvalé nastavení (to v souboru s nastaveními) zaÄne platit po " "znovunaÄtení služby nebo restartu služby/systému." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Firewalld zóna definuje úroveň důvÄ›ryhodnosti pro pÅ™ipojení k sítím, " "rozhraním a zdrojovým adresám vázaných na zóny. Zóna kombinuje servisy, " "porty, protokoly, maÅ¡karádování, pÅ™esmÄ›rování portů a paketů, filtrování " "icmp a bohatá pravidla. Zóna může být vázána na rozhraní a zdrojové adresy." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "PÅ™idat zónu" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Upravit zónu" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Smazat zónu" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "NaÄíst výchozí nastavení zóny" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Zde lze nadefinovat, které servisy budou v zónÄ› důvÄ›ryhodné. DůvÄ›ryhodné " "servisy jsou přístupné ze vÅ¡ech poÄítaÄů a sítí, které mohou dosáhnout stroj " "z pÅ™ipojení, rozhraní a zdrojů vázaných na tuto zónu." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Služby" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "PÅ™idat další porty nebo rozsahy portů, které je nutné ponechat přístupné pro " "vÅ¡echny poÄítaÄe a poÄítaÄové sítÄ›, které se mohou pÅ™ipojit ke stroji." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "PÅ™idat port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Upravit port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Smazat port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Porty" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "PÅ™idat protokoly, které musí být přístupné pro vÅ¡echny stroje a sítÄ›." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "PÅ™idat protokol" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Upravit protokol" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Odebrat protokol" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokoly" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "PÅ™idat další zdrojové porty nebo rozsahy portů, které je nutné ponechat " "přístupné pro vÅ¡echny stroje a sítÄ›, které se mohou pÅ™ipojit ke stroji." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Zdrojové porty" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "MaÅ¡karádování je užiteÄné, pokud nastavujete poÄítaÄ nebo smÄ›rovaÄ, který " "spojuje vaÅ¡i lokální síť s internetem. VaÅ¡e lokální síť nebude z internetu " "dostupná a vÅ¡echny vnitÅ™ní poÄítaÄe budou vystupovat jako jedna IP adresa " "jednoho poÄítaÄe. MaÅ¡karádování funguje pouze pro IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Povolit maÅ¡karádu v zónÄ›" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Pokud povolíte maÅ¡karádu, IP forwarding bude povolen pro vaÅ¡e IPv4 sítÄ›." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "MaÅ¡karádování" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "PÅ™idat záznamy pro pÅ™eposílání portů buÄ z jednoho portu na druhý na " "lokálním systému nebo z lokálního portu do portu na jiném systému. " "PÅ™eposílání na jiný systém je užiteÄné pouze pokud je rozhraní " "maÅ¡karádované. PÅ™eposílání portů funguje pouze na IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "PÅ™idat pÅ™esmÄ›rování portu" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Upravit pÅ™esmÄ›rování portu" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Odebrat pÅ™esmÄ›rování portu" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ICMP protokol (Internet Control Message Protocol) je používán pÅ™edevším pro " "posílání chybových zpráv mezi poÄítaÄi v síti, ale také pro informaÄní " "zprávy typ požadavek a odpovÄ›Ä (ping)." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "OznaÄte v seznamu typy ICMP zpráv, které mají být odmítnuty. VÅ¡echny ostatní " "ICMP typy budou procházet firewallem. ImplicitnÄ› jsou zprávy vpouÅ¡tÄ›ny bez " "omezení." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Pokud je invertní filtr povolen, jsou oznaÄené položky ICMP pÅ™ijímány a " "ostatní jsou odmítnuty. V zónÄ› s cílem DROP jsou upuÅ¡tÄ›ny." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Invertní filtr" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP filtr" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Zde můžete získat bohatá jazyková pravidla pro zónu." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "PÅ™idat bohaté pravidlo" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Upravit bohaté pravidlo" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Odebrat bohaté pravidlo" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Bohatá pravidla" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "PÅ™idat položky pro provázání rozhraní do zóny. V případÄ›, že bude rozhraní " "využito spojením, bude zóna nastavena na zónu uvedenou v pÅ™ipojení." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "PÅ™idat rozhraní" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Upravit rozhraní" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Odebrat rozhraní" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "PÅ™idat položky k provázání zdrojové adresy nebo oblastí k zónÄ›. Provázat lze " "také zdrojovou MAC adresu, ale jen s omezením. PÅ™esmÄ›rování portu a " "maskování nebude fungovat pro vázáné zdrojové MAC adresy." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "PÅ™idat zdroj" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Upravit zdroj" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Odebrat zdroj" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zóny" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Služba firewalld je kombinací portů, protokolů, modulů a cílových adres." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "PÅ™idat službu" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Upravit službu" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Odstranit službu" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "NaÄíst výchozí nastavení služby" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "PÅ™idejte další porty nebo rozsahy portů, které mají být přístupné pro " "vÅ¡echny stroje a sítÄ›." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Upravit položku" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Odstranit položku" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "PÅ™idat další zdrojové porty nebo rozsahy portů, které je nutné ponechat " "přístupné pro vÅ¡echny poÄítaÄe a poÄítaÄové sítÄ›." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Zdrojový port" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Pomocné moduly netfilteru jsou nutné pro nÄ›které služby." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduly" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Pokud urÄíte cílové adresy, vložené služby jsou vztaženy k cílové adrese a " "typu. Pokud nejsou obÄ› položky vyplnÄ›né, nejsou uplatňována žádná omezení." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Služby lze zmÄ›nit jen v trvalém konfiguraÄním rozhraní. Běžící konfigurace " "servisů je fixní." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet lze využít k vytvoÅ™ení povolených nebo zakázaných seznamů a je schopen " "uložit například IP adresy, Äísla portů nebo MAC adresy." #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "PÅ™idat IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Upravit IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Odebrat IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Nahrát výchozí IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Položky v IPSetu. Je možné vidÄ›t jen ty položky IPSetu, které nepoužívají " "volbu Äasového limitu a které pÅ™idal firewalld. Položky pÅ™idané příkazem " "ipset se zde nezobrazí." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Tento IPSet používá volbu Äasového limitu a díky tomu zde nejsou vidÄ›t žádné " "položky. O položky by se mÄ›lo postarat přímo pomocí příkazu ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "PÅ™idat" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Položky" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSet lze vytvoÅ™it nebo odstranit pouze v trvalém konfiguraÄním rozhraní." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Typ firewalld icmptype poskytuje informace pro Internet Control Message " "Protocol (ICMP)." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "PÅ™idat typ ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Upravit typ ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Odstranit typ ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "NaÄíst výchozí typ ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "UrÄit, zda je typ ICMP dostupný pro IPv4 nebo IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Typy ICMP lze zmÄ›nit pouze v trvalém konfiguraÄním rozhraní. Běžící " "konfigurace ICMP typů je fixní." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Pomocník sledování spojení napomáhá ve fungování protokolů, které používají " "různé toky pro signalizaci a pÅ™enosy dat. PÅ™enosy dat využívají porty, které " "nesouvisí se signalizací spojení, a proto jsou bez pomocníka firewallem " "blokovány." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "UrÄit porty nebo rozsah portů, které jsou sledovány pomocníkem." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Přímé nastavení poskytuje přímÄ›jší přístup k bránÄ› firewall. Tyto možnosti " "vyžadují, aby uživatel znal základní koncepty iptables, napÅ™. tabulky, " "Å™etÄ›zy, příkazy, parametry a cíle. Přímé nastavení by mÄ›lo být použito pouze " "jako poslední možnost, kdy už není možné použít jiné funkce firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Argument ipv každé volby musí být IPv4 nebo IPv6 nebo eb. S IPv4 bude pro " "iptables, s IPv6 pro ip6tables a s eb pro ethernetové mosty (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "DodateÄné Å™etÄ›zy pro použití s pravidly." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "PÅ™idat Å™etÄ›zec" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Editovat Å™etÄ›zec" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Odebrat Å™etÄ›zec" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "ŘetÄ›zce" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "PÅ™idat pravidlo s argumenty args k Å™etÄ›zu v tabulce s prioritou." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Priorita se používá k urÄení poÅ™adí pravidla. Priorita 0 znamená pÅ™idání " "pravidla do horní Äásti Å™etÄ›zce, s vyšší prioritou bude pravidlo pÅ™iÅ™azováno " "dále dolů. Pravidla se stejnou prioritou budou na stejné úrovni a poÅ™adí " "tÄ›chto pravidel není fixní a může se mÄ›nit. Pokud se má pravidlo pÅ™iÅ™adit za " "jiné, je nutné použít nižší prioritu pro první a vyšší prioritu pro " "následující pravidlo." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "PÅ™idat pravidlo" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Upravit pravidlo" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Odebrat pravidlo" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Pravidla" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Pravidla přímého průchodu prochází přímo k firewallu a nejsou umístÄ›na ve " "speciálních Å™etÄ›zcích. Lze použít vÅ¡echny volby pro iptables, ip6tables a " "ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "S pravidly přímého průchodu buÄte opatrní, abyste bránu firewall celou " "neúmyslnÄ› nevyÅ™adili." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "PÅ™idat přímý průchod" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Upravit přímý průchod" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Odebrat přímý průchod" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Přímý průchod" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Funkce uzamÄení je odlehÄená verze uživatelských a aplikaÄních politik pro " "firewalld. Omezuje zmÄ›ny na firewallu. Seznam povolených výjimek uzamÄení " "může obsahovat příkazy, kontext, uživatele a identif. uživatelů." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Kontext je kontext zabezpeÄení (SELinux) spuÅ¡tÄ›né aplikace nebo služby. Pro " "získání kontextu běžící aplikace je nutné použít ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "PÅ™idat kontext" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Upravit kontext" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Odebrat kontext" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Kontexty" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Pokud položka příkazu na seznamu povolených vyjímek konÄí hvÄ›zdiÄkou '*', " "pak se vÅ¡echny příkazové řádky zaÄínající příkazem budou shodovat. Pokud tam " "'*' není, musí se absolutní příkaz zahrnující argumenty shodovat." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "PÅ™idat příkazový řádek" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Upravit příkazový řádek" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Odebrat příkazový řádek" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Příkazové řádky" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Uživatelská jména." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "PÅ™idat uživatelské jméno" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Upravit uživatelské jméno" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Odebrat uživatelské jméno" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Uživatelská jména" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Identif. uživatelů." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "PÅ™idat identif. uživatele" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Upravit identif. uživatele" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Odebrat identif. uživatele" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Identif. uživatelů" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Stávající výchozí zóna systému." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Záznam zamítnutí:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Režim paniky:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "AutomatiÄtí pomocníci:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "UzamÄení:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Výchozí zóna:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Zadejte název rozhraní:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Nastavení základního IPSetu" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Nakonfigurujte základní nastavení ipsetu:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Typ:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "ÄŒasový limit:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Délka otisku:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Hodnota Äasového limitu v sekundách" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "PoÄáteÄní délka otisku, výchozí hodnota 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maximální poÄet prvků, výchozí 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Vyberte IPSet:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Zadejte položku ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Záznam zamítnutí" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Vyberte hodnotu záznamu zamítnutí:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "OznaÄení" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Zadejte oznaÄení s volitelnou maskou." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Kolonky oznaÄení a masky jsou obÄ› 32 bitů dlouhá Äísla bez znaménka." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "OznaÄení:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maska:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Vyberte pomocníka netfilter conntrack:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Vybrat -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Jiný modul:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port a protokol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Zadejte port a protokol." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Přímé pravidlo" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Vyberte ipv a tabulku, prioritu Å™etÄ›zce a zadejte argumenty." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priorita:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Zadejte protokol." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Další protokol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "KoÅ¡até pravidlo" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Zadejte bohaté pravidlo." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" "Pokud chcete povolovat nebo odpírat přístup do sítÄ› na základÄ› seznamu, " "deaktivujte tento prvek." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Zdroj:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Cíl:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Záznam událostí:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 a IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "obrácený" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "K povolení tohoto musí být Akce nastavena na „odmítnout“ a generace buÄ " "„IPv4“ nebo „IPv6“ (ne obojí)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "s Typem:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "S Limitem:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "PÅ™edpona:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Úroveň:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Prvek:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Akce:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Nastavení hlavní služby" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Nastavte základní službu:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Vyberte službu." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Zadejte zdroj." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Identif. uživatele" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Zadejte identif. uživatele." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Zadejte uživatelské jméno." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "Å¡títek" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Nastavení hlavní zóny" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Zadejte nastavení hlavní zóny:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Výchozí cíl" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Cíl:" firewalld-1.1.1/po/da.po0000644000000000000000000016462114217342322015035 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Christian Rose , 2002 # Keld Simonsen , 2002-2005 # Keld Simonsen , 2005-2006 # Kris Thomsen , 2009-2010 # scootergrisen , 2017. #zanata, 2020. # scootergrisen , 2018. #zanata, 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-07-05 10:53+0000\n" "Last-Translator: scootergrisen \n" "Language-Team: Danish \n" "Language: da\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.1.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Firewall-applet" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Konfiguration af firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" "firewall;network;security;iptables;netfilter;netværk;sikkerhed;iptabeller;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Vælg zone til grænseflade '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Standardzone" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Vælg zone for forbindelse '%s'" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Kunne ikke sætte zonen {zone} til forbindelsen {connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Vælg zone for kilde '%s'" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Konfigurer skjolde op/-ned-zoner" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Her kan du vælge zonerne som bruges til skjolde op og skjolde ned." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Denne facilitet er nyttig for personer som mest bruger standardzonerne. Den " "kan have begrænset anvendelse for brugere som skifter zoner af forbindelser." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Skjolde op-zone:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Nulstil til standard" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Skjolde ned-zone:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Om %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Forfattere" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licens" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Skjolde op" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Aktivér notifikationer" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Rediger firewallindstillinger..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Skift zoner af forbindelser..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Konfigurer skjolde op/-ned-zoner..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Bloker al netværkstrafik" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Om" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Forbindelser" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Grænseflader" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Kilder" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autentifikation mislykkedes." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Ugyldigt navn" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Navn findes allerede" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (zone: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (standardzone: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Kunne ikke hente forbindelser fra NetworkManager" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Ingen NetworkManager-importeringer tilgængelige" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Ingen forbindelse til firewall-dæmon" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Al netværkstrafik er blokeret." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Standardzone: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Standardzone '{default_zone}' aktiv for forbindelse '{connection}' pÃ¥ " "grænseflade '{interface}'" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zone '{zone}' aktiv for forbindelse '{connection}' pÃ¥ grænseflade " "'{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zone '{zone}' aktiv for grænseflade '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zone '{zone}' aktiv for kilde {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Ingen aktive zoner." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Forbindelse til FirewallD etableret." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Forbindelse til FirewallD tabt." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD er blevet genindlæst." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Standardzone ændret til '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Netværkstrafik er ikke længere blokeret." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "aktiveret" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "deaktiveret" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Standardzone '{default_zone}' {activated_deactivated} for forbindelse " "'{connection}' pÃ¥ grænseflade '{interface}'" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zone '{zone}' {activated_deactivated} for forbindelse '{connection}' pÃ¥ " "grænseflade '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zone '{zone}' {activated_deactivated} for grænseflade '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zone '%s' aktiveret for grænseflade '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zone '{zone}' {activated_deactivated} for kilde '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zone '%s' aktiveret for kilde '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Forbindelse til firewalld etableret." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Prøver at oprette forbindelse til firewalld, venter..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Kunne ikke oprette forbindelse til firewalld. Sørg venligst for at tjenesten " "er blevet startet korrekt og prøv igen." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Ændringer anvendt." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Brugt af netværksforbindelse '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Standardzone brugt af netværksforbindelse '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "aktiveret" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "deaktiveret" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Kunne ikke indlæse ikoner." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Sammenhæng" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Kommandolinje" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Brugernavn" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Bruger-id" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabel" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Kæde" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioritet" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumenter" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Kørselstid" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Tjeneste" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Til port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Til adresse" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Bindinger" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Punkt" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "ICMP-type" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Familje" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Handling" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Kilde" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Grænseflade" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Kommentar" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Kilde" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Advarsel" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Fejl" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accepter" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "afvis" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "drop" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "mærk" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "grænse" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "tjeneste" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maskerade" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-blok" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "videresendelsesport" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "kilde-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "niveau" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ja" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zone" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Standardzone: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zone: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zone '%s': Tjeneste '%s' er ikke tilgængelig." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Fjern" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ignorer" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zone '%s': ICMP-type '%s' er ikke tilgængelig." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Indbygget zone, omdøbning understøttes ikke." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekund" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minut" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "time" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dag" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "nødstilfælde" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alarm" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritisk" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "fejl" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "advarsel" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "notits" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "fejlret" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Videresending til et andet system er kun nyttigt hvis grænsefladen er " "maskeret.\n" "Vil du maskere denne zone?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Indbygget tjeneste, omdøbning understøttes ikke." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Indtast venligst en ipv4-adresse med formadressen[/mask]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "Masken kan være en netværksmaske eller et nummer." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Indtast venligst en ipv6-adresse med formadressen[/mask]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "Masken er et nummer." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Indtast venligst en ipv4- eller ipv6-adresse med formadressen[/mask]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Masken kan være en netværksmaske eller et nummer for ipv4.\n" "Masken er et nummer for ipv6." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "Indbygget IP-sæt, omdøbning understøttes ikke." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Vælg venligst en fil" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Tekstfiler" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Alle filer" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Alle" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Indbygget hjælper, omdøbning understøttes ikke." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Indbygget ICMP, omdøbning understøttes ikke." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Kunne ikke læse fil '%s': %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Vælg zone for kilde %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresse" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatiske hjælpere" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Vælg venligst automatisk hjælperværdien:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Indtast venligst kommandolinjen." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Indtast venligst sammenhænget." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Vælg venligst standardzone fra listen nedenfor." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Direkte kæde" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Vælg venligst ipv og tabel og indtast kædenavnet." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Kæde:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "rÃ¥" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "sikkerhed" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabel:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Direkte videregivelsesregel" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Vælg venligst ipv og indtast argumenterne." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumenter:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Videresendelse af port" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Vælg venligst kilden og destinationsindstillingerne som passer til dine " "behov." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port/portinterval:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP-adresse:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destination" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Hvis du aktiverer lokal videresendelse, skal du angive en port. Denne port " "skal være forskellig fra kildeporten." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokal videresendelse" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Videresend til en anden port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Grundlæggende hjælperindstillinger" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Konfigurer venligst grundlæggende hjælperindstillinger:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Punkter med fed skrift er obligatoriske, alle andre er valgfrie." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Navn:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Version:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Kort:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Beskrivelse:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Familje:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modul:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Hjælper" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Vælg venligst en hjælper:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Grundlæggende ICMP-type-indstillinger" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Konfigurer venligst grundlæggende ICMP-type-indstillinger:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP-type" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Vælg venligst en ICMP-type" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Tilføj punkt" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Tilføj punkter fra fil" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Fjern valgte punkter" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Fjern alle punkter" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Fjern punkter fra fil" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fil" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Valgmuligheder" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Genindlæs firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Genindlæser firewall-regler. Nuværende permanent konfiguration vil blive til " "ny kørselstidskonfiguration. Dvs. alle ændringer som kun er foretaget for " "kørselstid op til genindlæsning mistes ved genindlæsning hvis de ikke ogsÃ¥ " "har været i permanent konfiguration." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Vælg hvilken zone en netværksforbindelse tilhører." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Skift standardzone" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Skift standardzone for forbindelser eller grænseflader." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Skift lognægtelse" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Skift lognægtelsesværdi." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Konfigurer automatisk hjælper tildeling" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Konfigurer automatisk hjælper tildelingsindstilling." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "Paniktilstand betyder at alle indkommende og udgÃ¥ende pakker droppes." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Paniktilstand" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Nedlukning lÃ¥ser firewall-konfiguration sÃ¥ kun programmer pÃ¥ " "nedlukningshvidliste kan ændre den." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Lukning" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Gør kørselstidskonfiguration permanent" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Kørselstid til permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Vis" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IP-sæt" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP-typer" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Hjælpere" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Direkte konfiguration" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Lukningshvidliste" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktive bindinger" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Hjælp" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Skift zone" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Skift zone af binding" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Skjul aktive kørselstidsbindinger af forbindelser, grænseflader og kilder " "til zoner" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Vis aktive kørselstidsbindinger af forbindelser, grænseflader og kilder til " "zoner" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Konfiguration:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Nuværende synlige konfiguration. Kørselstidskonfiguration er den faktiske " "aktive konfiguration. Permanent konfiguration vil være aktiv efter tjeneste " "eller system bliver genindlæst eller genstartet." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "En firewalld-zone angiver niveauet af betroelse for netværksforbindelser, " "grænseflader og kildeadresser bundet til zonen. Zonen kombinerer tjenester, " "porte, protokoller, maskeringer, port-/pakkevideresendelse, ICMP-filtre og " "rigregler. Zonen kan bindes til grænseflader og kildeadresser." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Tilføj zone" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Rediger zone" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Fjern zone" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Indlæs zonestandarder" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Her kan du definere hvilke tjeneser der er betroet i zonen. Betroet tjeneser " "er tilgængelige fra alle værter og netværk der kan nÃ¥s fra maskinen fra " "forbindelser, grænseflader og kilder bundet til denne zone." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Tjenester" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Tilføj yderligere porte eller portintervaller som skal være tilgængelige for " "alle værter eller netværk som kan oprette forbindelse til maskinen." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Tilføj port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Rediger port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Fjern port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Porte" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Tilføj protokoller som skal være tilgængelig for alle værter eller netværker." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Tilføj protokol" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Rediger protokol" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Fjern protokol" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokoller" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Tilføj yderligere kildeporte eller portintervaller som skal være " "tilgængelige for alle værter eller netværk som kan oprette forbindelse til " "maskinen." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Kildeporte" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Maskering tillader dig at sætte en vært eller en ruter op, som forbinder til " "dit lokale netværk til internettet. Dit lokale netværk vil ikke blive " "synligt og værterne vises som en enkelt adresse pÃ¥ internettet. Maskering er " "kun for IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Maskeradezone" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Hvis du aktiverer maskering vil IP-videresending kun blive aktiveret for " "IPv4-netværk." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskerede" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Tilføj indgange til videresendelsesporte, enten fra en port til en anden pÃ¥ " "det lokale system eller fra det lokale system til et andet system. " "Videresendelse til et anden system er kun brugbart, hvis grænsefladen er " "maskeret. Videresendelse af port er kun for IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Tilføj videresendelsesport" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Rediger videresendelsesport" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Fjern videresendelsesport" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internet Control Message Protocol (ICMP) er hovedsageligt brugt til at sende " "fejlmeddelser mellem computere pÃ¥ netværk, men ogsÃ¥ til " "informationsmeddelser, som for eksempel, ping-forespørgsler og svar." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Markér de ICMP-typer i listen, der skal afvises. Alle andre ICMP-typer er " "tilladt at passere firewallen. Som standard er der ingen begrænsninger." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Hvis omvendt filter er aktiveret, accepteres mærket ICMP-punkter og andre " "afvises. I en zone med mÃ¥let DROP, droppes de." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Omvend filter" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP-filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Her kan du sætte rige sprogregler for zonen." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Tilføj rigregel" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Rediger rigregel" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Fjern rigregel" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Rigregler" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Tilføj punkter at binde grænseflader til zonen. Hvis grænsefladen bruges af " "en forbindelse, vil zonen blive sat til zonen som er angivet i forbindelsen." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Tilføj grænseflade" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Rediger grænseflade" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Fjern grænseflade" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Tilføj punkter for at binde kildeadresser eller omrÃ¥der til zonen. Du kan " "ogsÃ¥ binde til en MAC-kildeadresse, men uden begrænsninger. Videresendelse " "af port og maskering virker ikke for MAC-kildebindinger." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Tilføj kilde" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Rediger kilde" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Fjern kilde" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zoner" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "En firewalld-tjeneste er en kombination af porte, protokoller, moduler og " "andre distinationsadresser." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Tilføj tjeneste" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Rediger tjeneste" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Fjern tjeneste" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Indlæs tjenestestandarder" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Tilføj yderligere porte eller portintervaller som skal være tilgængelige for " "alle værter eller netværk." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Rediger punkt" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Fjern punkt" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Tilføj yderligere kildeporte eller portintervaller som skal være " "tilgængelige for alle værter eller netværk." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Kildeport" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Netfilter-hjælpermoduler kræves af nogle tjenester." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduler" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Hvis du angiver destinationsadresser, vil tjenestepunktet blive begrænset " "til destinationsadressen og typen. Hvis begge punkter er tomme er der ingen " "grænse." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Tjenester kan kun ændres i den permanente konfigurationsvisning. " "Kørselstidskonfigurationen af tjenester er fast." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Et IP-sæt kan bruges til at oprette hvid- og sortlister og er i stand til at " "lagre f.eks. IP-adresser, portnumre eller MAC-adresser. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IP-sæt" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Tilføj IP-sæt" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Rediger IP-sæt" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Fjern IP-sæt" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Indlæs IP-sæt-standarder" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Punkter af IP-sættet. Du vil kun være i stand til at se punkterne af IP-sæt " "som ikke bruger timeout-valgmuligheden, og kun punkter der er blevet " "tilføjet af firewalld. Punkter som er blevet tilføjet direkte med ipset-" "kommandoen vil ikke være listet her." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Dette IP-sæt bruger timout-valgmuligheden, sÃ¥ derfor er der ingen synlige " "punkter her. Punkterne skal tages af direkte men ipset-kommandoen." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Tilføj" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Punkter" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IP-sæt kan kun oprettes eller slettes i den permanente konfigurationsvisning." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "En firewalld icmptype leverer informationen fra en Internet Control Message " "Protocol-type (ICMP) for firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Tilføj ICMP-type" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Rediger ICMP-type" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Fjern ICMP-type" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Indlæs ICMP-typestandarder" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Angiv hvorvidt denne ICMP-type er tilgængelig til IPv4 og/eller IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP-typer kan kun ændres i den permanente konfigurationsvisning. " "Kørselstidskonfiguration af ICMP-typer er fast." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "En forbindelsessporingshjælper assisterer med at fÃ¥ protokoller til at virke " "som bruger andre flows til signalering og dataoverførsler. Dataoverførslerne " "bruger porte som ikke har relation til den signalerende forbindelse og " "derfor er blokeret af firewallen uden hjælperen." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Definer porte eller portintervaller som overvÃ¥ges af hjælperen." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Den direkte konfiguration giver en mere direkte adgang til firewallen. Disse " "valgmuligheder kræver at brugeren kender til grundlæggende iptables-" "koncepter, dvs. tabeller, kæder, kommandoer, parametre og mÃ¥l. Direkte " "konfiguration bør kun bruges som en sidste mulighed nÃ¥r det ikke er muligt " "at bruge andre firewalld-faciliteter." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Ipv-argumentet for hver valgmulighed skal være ipv4, ipv6 eller eb. Med ipv4 " "vil den være for iptables, med ipv6 for ip6tables og med eb for ethernet-" "broer (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Yderligere kæder til brug med regler." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Tilføj kæde" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Rediger kæde" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Fjern kæde" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Kæder" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Tilføj en regel med argumenternes argumenter til en kæde i en tabel med en " "prioritet." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Prioriteten bruges til at sætte regler i rækkefølge. Prioritet 0 betyder " "tilføj regel øverst i kæden, med en højere prioritet tilføjes reglen længere " "nede. Regler med den samme prioritet er pÃ¥ samme niveau og rækkefølgen for " "disse regler er ikke fast og kan skifte. Hvis du vil sørge for at en regel " "vil blive tilføjet efter en anden, sÃ¥ bruge en lav prioritet til den første " "og en højere til den efterfølgende." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Tilføj regel" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Rediger regel" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Fjern regel" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regler" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Videregivelsesreglerne videresendes direkte til firewallen og placeres ikke " "i specielle kæder. Alle iptables-, ip6tables- og ebtables-valgmuligheder kan " "bruges." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "Pas pÃ¥ med ikke at skade firewallen med videregivelsesregler." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Tilføj videregivelse" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Rediger videregivelse" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Fjern videregivelse" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Videregivelse" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Nedlukningsfaciliteten er en letvægtsversion af bruger- og programpolitikker " "til firewalld. Den begrænser ændringer til firewallen. Nedlukningshvidlisten " "kan indeholde kommandoer, sammenhæng og bruger-ID'er." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Sammenhænget er sikkerhedenssammenhænget (SELinux) af et kørende program " "eller tjeneste. Brug ps -e --context for at fÃ¥ sammenhænget af et " "kørende program." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Tilføj sammenhæng" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Rediger sammenhæng" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Fjern sammenhæng" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Sammenhæng" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Hvis et kommandopunkt pÃ¥ hvidlisten slutter med en stjerne '*', sÃ¥ matches " "alle kommandolinjer som starte med kommandoen. Hvis ikke '*' er der, sÃ¥ skal " "den absolutte kommando matche, inklusiv argumenter." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Tilføj kommandolinje" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Rediger kommandolinje" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Fjern kommandolinje" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Kommandolinjer" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Brugernavne." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Tilføj brugernavn" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Rediger brugernavn" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Fjern brugernavn" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Brugernavne" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Bruger-ID'er." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Tilføj bruger-ID" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Rediger bruger-ID" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Fjern bruger-ID" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Bruger-ID'er" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Systemets nuværende standardzone." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Lognægtelse:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Paniktilstand:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatiske hjælpere:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Lukning:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Standardzone:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Indtast venligst et grænsefladenavn:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Grundlæggende IP-sæt-indstillinger" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Konfigurer venligst grundlæggende IP-sæt-indstillinger:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Type:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Timeout:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hashstørrelse:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maks. elem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Timeoutværdi i sekunder" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Indledende hashstørrelse, standard 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maks. antal elementer, standard 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Vælg venligst et IP-sæt:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Indtast venligst et ipset-punkt:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Lognægtelse" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Vælg venligst en lognægtelsesværdi:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Mærk" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Indtast venligst et mærke med en valgfri maske." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Mærket og maskefeltet er begge 32 bit brede numre uden fortegn." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Mærke:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maske:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Vælg venligst en netfilter conntrack-hjælper:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Vælg -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Andet module:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port og protokol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Indtast venligst en port eller protokol." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Direkte regel" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Vælg venligst ipv og tabel, kæde, prioritet og indtast argumenterne." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioritet:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Indtast venligst en protokol." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Anden protokol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Rigregel" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Indtast venligst en rigregel." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" "Deaktivér elementet for hvidlistning eller sortlisting af vært eller netværk." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Kilde:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destination:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 og ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "omvendt" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "For at aktivere, skal denne handling være 'afvis' og familje skal enten være " "'ipv4' eller 'ipv6' (ikke begge)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "med type:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Med grænse:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Præfiks:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Niveau:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Handling:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Grundlæggende tjenesteindstillinger" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Konfigurer venligst grundlæggende tjenesteindstillinger:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Vælg venligst en tjeneste." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Indtast venligst en kilde." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Bruger-ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Indtast venligst bruger-ID'et." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Indtast venligst brugernavnet." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etiket" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Grundlæggende zoneindstillinger" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Konfigurer venligst grundlæggende zoneindstillinger:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "StandardmÃ¥l" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "MÃ¥l:" firewalld-1.1.1/po/de.po0000644000000000000000000017253714217342322015046 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Andreas Müller , 2003 # Bernd Bartmann , 2004 # Bernd Groh , 2002-2004 # tbull , 2010 # Daniela Kugelmann , 2008 # Dominik Sandjaja , 2008 # Fabian Affolter , 2008-2009 # Florian Festi , 2008 # hpeters , 2009 # hpeters , 2009,2014 # hpeters , 2014 # Marcus Gloeckner , 2006 # Marcus Nitzschke , 2009-2010 # Michael Schönitzer , 2007 # Michael Schönitzer , 2007 # Nadine Reissle , 2006 # Roman Spirgi , 2012-2013 # Ronny Buchmann , 2005-2006 # sknirT omiT , 2010 # tbull , 2010 # Thomas Woerner , 2008-2009,2012 # Thomas Woerner , 2012 # Thomas Woerner , 2012 # Verena , 2004 # Roman Spirgi , 2015. #zanata # Hedda Peters , 2016. #zanata # Lisa Stemmler , 2016. #zanata # Roman Spirgi , 2016. #zanata # Thomas Woerner , 2016. #zanata # Robert Scheck , 2017. #zanata # Roman Spirgi , 2017. #zanata # Eric Garver , 2018. #zanata # Fabian Affolter , 2018. #zanata # Phil Sutter , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-01-14 14:02+0000\n" "Last-Translator: Phil Sutter \n" "Language-Team: German \n" "Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 3.10.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Firewall-Applet" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Firewall-Konfiguration" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "Firewall;Netzwerk;Sicherheit;Iptables;Netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Wählen Sie die Zone für die Schnittstelle »%s«" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Standardzone" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Zone für Verbindung »%s« auswählen" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Fehler beim Angeben der Zone {zone} für Verbindung {connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Zone für Quelle »%s« auswählen" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Konfiguriere geschützte/ offene Zonen" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Hier können Sie die Bereiche für aktive und offene Schutzschild-Zonen " "auswählen." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Diese Funktion ist besonders nützlich für Benutzer, die hauptsächlich die " "Standardzonen verwenden. Für Benutzer, die Verbindungs-Zonen ändern, ist es " "möglicherweise nur bedingt nützlich." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Aktive Schutzschild-Zone:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Auf Standardeinstellung zurücksetzen" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Offene Schutzschild-Zone:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Ãœber %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Autoren" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Lizenz" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Schutzschilde aktivieren" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Meldungen aktivieren" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Firewall-Einstellungen bearbeiten..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Verbindungszonen ändern..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Konfiguriere geschützte/offene Schutzschild-Zonen..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Sämtlichen Netzwerk-Verkehr blocken" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Info" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Verbindungen" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Schnittstellen" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Quellen" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autorisierung fehlgeschlagen." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Ungültiger Name" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Name ist bereits vorhanden" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zone: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Standardzone: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Abrufen der Verbindungen von NetworkManager fehlgeschlagen" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Keine Importe von NetworkManager verfügbar" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Keine Verbindung zum Firewalldämon" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Sämtlicher Netzwerkverkehr wird geblockt." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Standardzone: »%s«" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Standardzone '{default_zone}' aktiv für Verbindung '{connection}' auf " "Schnittstelle '{interface}'" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "'{zone}'-Zone aktiv für '{connection}'-Verbindung auf '{interface}'-" "Schnittstelle" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "'{zone}'-Zone aktiv für '{interface}'-Schnittstelle" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zone '{zone}' aktiv für Quelle {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Keine aktiven Zonen" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Verbindung zu FirewallD hergestellt." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Verbindung zu FirewallD verloren." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD neu geladen." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Standardzone geändert auf »%s«." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Netzwerkverkehr wird nicht mehr geblockt." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "aktiviert" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "deaktiviert" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Standardzone '{default_zone}' {activated_deactivated} für Verbindung " "'{connection}' auf Schnittstelle '{interface}'" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "'{zone}'-Zone {activated_deactivated} für '{connection}'-Verbindung auf " "'{interface}'-Schnittstelle" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "'{zone}'-Zone {activated_deactivated} für '{interface}'-Schnittstelle" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "»%s«-Zone aktiviert für »%s«-Schnittstelle" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zone '{zone}' {activated_deactivated} für Quelle '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zone »%s« aktiviert für Quelle »%s«" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Verbindung zu firewalld hergestellt." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Verbindungsversuch zu firewalld, warten..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Verbindung mit Firewall fehlgeschlagen. Stellen Sie sicher, dass der Dienst " "korrekt gestartet wurde, und versuchen Sie es erneut." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Änderungen angewendet." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Wird von der Netzwerkverbindung »%s« benutzt" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Standardzone benutzt von Netzwerkverbindung '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "aktiviert" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "deaktiviert" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Symbole konnten nicht geladen werden." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Kontext" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Befehlszeile" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Benutzername" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Benutzer-ID" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabelle" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Kette" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priorität" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumente" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Runtime" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Dienst" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokoll" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "An Port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Zu Adresse" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Zuordnungen" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Eintrag" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp-Typ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Familie" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Aktion" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "Log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Schnittstelle" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Kommentar" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Quelle" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Warnung" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Fehler" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "akzeptieren" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "ablehnen" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "abwählen" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "markieren" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "begrenzen" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "Dienst" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "Port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "Protokoll" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "Maskierung" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-Blockierung" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "ICMP-Typ" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "Weiterleitungsport" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "Quell-Port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "Stufe" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "Ja" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zone" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Standardzone: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zone: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zone »%s«: Dienst »%s« ist nicht verfügbar." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Zone entfernen" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ignorieren" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zone »%s«: ICMP-Typ »%s« ist nicht verfügbar." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Integrierte Zone, das Umbenennen wird nicht unterstützt." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "Sekunde" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "Minute" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "Stunde" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "Tag" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "Gefahr" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "Warnung" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritisch" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "Fehler" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "Warnung" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "Notiz" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "Info" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "Debug" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Die Weiterleitung an ein anderes System ist nur dann sinnvoll, wenn die " "Schnittstelle maskiert ist.\n" "Wollen Sie diese Zone maskieren?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Integrierter Dienst, das Umbenennen wird nicht unterstützt." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Bitte geben Sie eine ipv4 Adresse im Format Adresse[/mask] ein." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "Die Maske kann eine Netzwerkmaske oder eine Zahl sein." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Bitte geben Sie eine ipv6 Adresse im Format Adresse[/mask] ein." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "Die Maske ist eine Zahl." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Bitte geben Sie eine ipv4 Adresse im Format Adresse[/mask] ein." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Die Maske kann eine Netzwerkmaske für ipv4 sein.\n" "Die Maske ist eine Zahl für ipv6." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "Integriertes Ipset, Umbenennen wird nicht unterstützt." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Bitte wählen Sie eine Datei" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Textdateien" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Alle Dateien" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Alle" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Enthaltene Helfer, Umbenennen nicht unterstützt." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Integriertes Icmp, das Umbenennen wird nicht unterstützt." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Lesen der Datei »%s« fehlgeschlagen: %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Zone für Quelle %s auswählen" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresse" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatische Helfer" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Bitte den Wert für automatische Helfer wählen:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Bitte die Befehlszeile eingeben." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Bitte den Kontext eingeben." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Bitte wählen Sie die Standardzone aus der unteren Liste." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Direkte Kette" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" "Bitte wählen Sie IP-Version sowie die Tabelle und geben Sie den Ketten-Namen " "ein." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Kette:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "Sicherheit" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabelle:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Direkte Weiterleitungsregel" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Bitte wählen Sie IP-Version und geben Sie die Argumente ein." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumente:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Port-Weiterleitung" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Bitte wählen Sie die Quell- und Ziel-Einstellungen nach Ihren Bedürfnissen " "aus." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port/ Port-Bereich:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP-Adresse:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokoll:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Ziel" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Wenn Sie lokales Weiterleiten aktivieren, müssen Sie einen Port angeben. " "Dieser Port darf nicht mit dem Quell-Port übereinstimmen." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokales Weiterleiten" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "An einen anderen Port weiterleiten" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Basis-Helfer Einstellungen" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Bitte Basis-Helfer Einstellungen konfigurieren:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Fett markierte Einträge sind zwingend, alle anderen optional." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Name:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Version:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Kurzbeschreibung:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Beschreibung:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Familie:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Module:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Helfer" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Bitte einen Helfer wählen:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Grundlegende ICMP Typ-Einstellungen" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Bitte konfigurieren Sie die grundlegenden Einstellungen des ICMP-Typs:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP-Typ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Einen ICMP-Typ auswählen" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Eintrag hinzufügen" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Einträge von Datei hinzufügen" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Ausgewählten Eintrag entfernen" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Alle Einträge entfernen" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Einträge aus Datei entfernen" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Datei" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Optionen" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld neu laden" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Firewall-Regeln neu laden. Die aktuelle permanente Konfiguration wird als " "neue Runtime-Konfiguration gesetzt, dadurch z.B. werden alle »Nur-Runtime«-" "Änderungen beim Neuladen verloren gehen, falls sich diese nicht auch in der " "permanenten Konfiguration befinden." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" "Wählen Sie zu welcher Zone eine Netzwerkverbindung zugeordnet werden soll." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Standardzone ändern" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Standardzone für Verbindungen oder Schnittstellen ändern." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "LogDenied ändern" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Wert für LogDenied ändern." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Konfigurieren der automatischen Helferzuweisung" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Konfigurieren der Einstellung für die automatische Helferzuweisung." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Sperrmodus bedeutet, dass sämtliche eingehende und ausgehende Pakete " "verworfen werden." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Panik-Modus" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown sperrt die Firewall-Konfiguration, so dass nur Anwendungen auf der " "Sperr-Positivliste diese ändern können." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Sperrung" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Runtime-Konfiguration dauerhaft speichern" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Runtime auf dauerhaft" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Ansicht" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP-Typen" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Helfer" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Direkte Konfiguration" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Sperr-Positivliste" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktive Zuordnungen" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Hilfe" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Zone ändern" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Zone der Zuordnung ändern" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Ausblenden aktiver Laufzeit-Zuordnungen der Verbindungen, Schnittstellen und " "Quellen für Zonen" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Anzeigen aktiver Laufzeit-Zuordnungen der Verbindungen, Schnittstellen und " "Quellen für Zonen" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Konfiguration:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Aktuell einsehbare Konfiguration. Die Runtime-Konfiguration ist die " "derzeitig aktive Konfiguration. Die dauerhafte Konfiguration wird nach dem " "erneuten Laden des Dienstes oder Systems aktiv sein." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Ein firewalld-Zone definiert die Vertrauensstufe für Netzwerkverbindungen, " "Schnittstellen und Quell-Adressen. Die Zone kombiniert Dienste, Ports, " "Protokolle, Maskierungen, Port-/ Paket-Weiterleitung, ICMP-Filter und " "umfassende Regeln. Die Zone kann mit Schnittstellen und Quelladressen " "verknüpft werden." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Zone hinzufügen" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Zone bearbeiten" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Zone entfernen" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Standardwerte der Zone laden" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Hier können Sie definieren, welche Dienste in der Zone vertrauenswürdig " "sind. Vertrauenswürdige Dienste sind zugänglich von allen Hosts und " "Netzwerken, die den Rechner über mit dieser Zone verbundenen Verbindungen, " "Schnittstellen und Quellen erreichen können." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Dienste" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Zusätzliche Ports oder Portbereiche hinzufügen, welche von allen Rechnern " "oder Netzwerken erreichbar sein müssen, die sich mit dem Gerät verbinden " "können." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Port hinzufügen" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Zone bearbeiten" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Zone entfernen" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Ports" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Protokolle hinzufügen, die für alle Hosts oder Netzwerke erreichbar sein " "müssen." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Protokoll hinzufügen" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Protokoll bearbeiten" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Protokoll entfernen" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokolle" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Zusätzliche Ports oder Portbereiche hinzufügen, welche von allen Rechnern " "oder Netzwerken erreichbar sein müssen, die sich mit dem Gerät verbinden " "können." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Quellports" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Masquerading erlaubt es, einen Rechner oder Router einzurichten, der Ihr " "lokales Netzwerk mit dem Internet verbindet. Ihr lokales Netzwerk ist nicht " "sichtbar und erscheint als ein Rechner vom Internet aus betrachtet. " "Masquerading kann nur für IPv4 benutzt werden." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Maskierte Zone" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Wenn Sie Masquerading aktivieren, wird IP Forwarding für Ihre IPv4-Netzwerke " "aktiviert." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Fügen Sie Einträge hinzu, um entweder einen Port auf einen anderen lokalen " "Port weiterzuleiten oder vom lokalen System auf ein anderes. Das " "Weiterleiten eines Ports auf ein anderes System ist nur dann sinnvoll, wenn " "die Schnittstelle maskiert ist. Port-Weiterleitung kann nur für IPv4 benutzt " "werden." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Weiterleitungs-Port hinzufügen" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Weiterleitungs-Port bearbeiten" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Weiterleitungs-Port entfernen" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Das Internet Control Message Protocol (ICMP) wird hauptsächlich dazu " "verwendet, um Fehlermeldungen zwischen vernetzten Computern zu senden und " "zusätzlich zu Informationszwecken wie z.B. Ping-Anfragen und -Antworten." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Markieren Sie die ICMP-Typen in der Liste, die abgelehnt werden sollen. Alle " "anderen ICMP-Typen dürfen die Firewall passieren. Der Standardwert hat keine " "Beschränkung." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Falls Filter invertieren aktiviert ist, werden markierte ICMP-Einträge " "akzeptiert und andere zurückgewiesen. In einer Zone mit dem Ziel DROP, " "werden diese verworfen." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Filter invertieren" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP-Filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Hier können umfassende Sprachregeln für die Zone definiert werden" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Umfassende Regel hinzufügen" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Umfassende Regel bearbeiten" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Umfassende Regel entfernen" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Umfassende Regeln" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Einträge hinzufügen, um Schnittstellen mit der Zone zu verknüpfen. Falls die " "Schnittstelle von einer Verbindung verwendet wird, wird die Zone in der " "Verbindung angegebenen Zone gesetzt." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Schnittstelle hinzufügen" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Schnittstelle bearbeiten" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Schnittstelle entfernen" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Einträge hinzufügen, um Quelladressen oder Bereiche mit der Zone zu " "verbinden. Sie können sie auch mit einer MAC-Quelladresse verbinden, " "allerdings mit Einschränkungen. Weiterleiten und Maskieren des Ports wird " "für MAC-Quellbindungen nicht funktionieren." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Quelle hinzufügen" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Quelle bearbeiten" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Quelle entfernen" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zonen" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Ein firewalld-Dienst ist eine Kombination aus Ports, Protokollen, Modulen " "und Zieladressen." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Dienst hinzufügen" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Dienst bearbeiten" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Dienst entfernen" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Standard-Dienst-Einstellungen laden" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Zusätzliche Ports oder Port-Bereiche hinzufügen, die für alle Hosts oder " "Netzwerke erreichbar sein müssen." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Eintrag bearbeiten" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Eintrag entfernen" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Zusätzliche Ports oder Port-Bereiche hinzufügen, die für alle Rechner oder " "Netzwerke erreichbar sein müssen." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Quell-Port" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Netfilter-Helfer-Module werden für einige Dienste benötigt." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Module" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Wenn Sie Zieladressen angeben, wird der Dienst-Eintrag auf die Zieladresse " "und den Typ beschränkt. Wenn beide Einträge leer sind, gibt es keine " "Einschränkung." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Dienste können nur in der permanenten Konfigurationsansicht geändert werden. " "Die Runtime-Konfiguration der Dienste ist unveränderlich." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Ein IPSet kann verwendet werden, um White- oder Blacklists zu erstellen, und " "es kann zum Beispiel IP-Adressen, Portnummern oder MAC-Adressen speichern. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "IPSet hinzufügen" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "IPSet bearbeiten" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "IPSet entfernen" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "IPSet Standardeinstellungen laden" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Einträge von IPSet. Sie werden nur Einträge von IPSet sehen können, die " "nicht die Timeout-Option verwenden, außerdem nur Einträge, die von firewalld " "hinzugefügt wurden. Einträge, die direkt mit dem IPSet Befehl hinzugefügt " "wurden, werden hier nicht angeführt." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Dieses IPSet benutzt die Timeout-Option, deswegen sind hier keine Einträge " "sichtbar. Die Einträge sollten direkt mit dem IPSet-Befehl verarbeitet " "werden." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Hinzufügen" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Einträge" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSets können nur in der dauerhaften Konfigurationsansicht erstellt oder " "gelöscht werden." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Ein firewalld-icmp-Typ stellt die Information für einen »Internet Control " "Message Protocol«-Typ (ICMP) für firewalld bereit." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP-Typ hinzufügen" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP-Typ bearbeiten" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP-Typ entfernen" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP Typ-Standardwerte laden" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Definieren, ob dieser ICMP-Typ für IPv4 und/ oder IPv6 verfügbar ist." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP-Typen können nur in der permanenten Konfigurationsansicht geändert " "werden. Die Runtime-Konfiguration der ICMP-Typen ist unveränderlich." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Ein Verbindungsüberwachungs-Helfer unterstützt Protokolle, die " "unterschiedliche Ströme für Signalisierung und Datenübertragungen verwenden. " "Die Datenübertragungen verwenden Ports, die nicht mit der " "Signalisierungsverbindung verknüpft sind und daher von der Firewall ohne " "Helfer blockiert würden." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Ports oder Portbereiche definieren, welche vom Helfer überwacht werden." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Die direkte Konfiguration ergibt einen direkteren Zugang zum Firewall. Diese " "Optionen verlangen vom Benutzer grundlegende Kenntnisse über iptables-" "Konzepte, z.B. Tabellen, Ketten, Befehle, Parameter und Ziele. Direkte " "Konfiguration sollte nur als letzter Ausweg eingesetzt werden, wenn es nicht " "möglich ist, andere firewalld Funktionen zu verwenden." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Das ipv Argument jeder Option hat ipv4 oder ipv6 oder eb zu sein. Bei ipv4 " "wird es für iptables, mit ipv6 für ip6tables und mit eb für Ethernet-Brücken " "(ebtables) sein." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Weitere Ketten für den Einsatz mit Regeln." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Kette Hinzufügen" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Kette Bearbeiten" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Kette Entfernen" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Ketten" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Fügen Sie eine Regel mit den Argumenten args zu einer Kette in einer Tabelle " "mit einer Priorität hinzu." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Die Priorität wird verwendet, um Regeln zu reihen. Priorität 0 bedeutet die " "Regel oben auf der Kette einzufügen, mit einer höheren Priorität wird die " "Regel weiter unten hinzugefügt werden. Regeln mit der gleichen Priorität " "sind auf der gleichen Ebene und die Reihenfolge dieser Regeln ist nicht " "festgelegt und kann sich ändern. Wenn Sie sicherstellen wollen, dass eine " "Regel nach einer anderen hinzugefügt werden soll, verwenden Sie eine " "niedrige Priorität für die erste und eine höhere für die folgende." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Regel hinzufügen" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Regel bearbeiten" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Regel löschen" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regeln" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Die Durchgangsregeln werden direkt durch die Firewall gelassen und werden " "nicht in Spezialketten gegeben. Alle iptables, ip6tables und ebtables " "Optionen können verwendet werden." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Bitte seien Sie vorsichtig mit Durchgangsregeln damit Sie nicht den Firewall " "beschädigen." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Durchgang Hinzufügen" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Durchgang Bearbeiten" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Durchgang Entfernen" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Durchgang" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Die Sperroption ist eine einfache Version von Benutzer- und " "Anwendungsrichtlinien für firewalld. Sie begrenzt Änderungen an der " "Firewall. Die Sperr-Positivliste kann Befehle, Kontexte, Benutzer und " "Benutzer-IDs enthalten." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Der Kontext ist der (SELinux-) Sicherheitskontext einer laufenden Anwendung " "oder eines Dienstes. Um den Kontext einer laufenden Anwendung einzusehen, " "verwenden Sie ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Kontext hinzufügen" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Kontext bearbeiten" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Kontext entfernen" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Kontexte" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Falls ein Befehlseintrag der Positivliste mit einem Sternsymbol »*« endet, " "werden alle Kommandozeilen, die mit dem Befehl beginnen ausgewertet. Falls " "das »*«-Symbol nicht vorhanden ist, muss der absolute Befehl inklusive " "Argumenten übereinstimmen." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Kommandozeile hinzufügen" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Kommandozeile bearbeiten" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Kommandozeile entfernen" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Kommandozeilen" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Benutzernamen." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Benutzernamen hinzufügen" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Benutzernamen bearbeiten" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Benutzernamen entfernen" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Benutzernamen" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Benutzerkennungen." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Benutzer-ID hinzufügen" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Benutzer-ID bearbeiten" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Benutzer-ID entfernen" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Benutzerkennungen" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Aktuelle Standardzone des Systems" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Log Denied:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Panik-Modus:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatische Helfer:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Sperrung:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Standardzone:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Geben Sie einen Schnittstellennamen ein:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Grundlegende IPSet Einstellungen" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Bitte konfigurieren Sie die grundlegenden IPSet-Einstellungen:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Typ:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Timeout:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hashgröße:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Timeout in Sekunden" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Ursprüngliche Hashgröße, Standard 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Max Anzahl von Elementen, Standard 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Bitte wählen Sie ein IPSet:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Geben Sie einen Ipset-Eintrag ein:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Log Denied" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Bitte wählen Sie einen Wert für LogDenied:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Markieren" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Bitte geben Sie eine Markierung mit optionaler Maske ein" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "Die Felder für Markierung und Maske sind beides 32bit-breite, vorzeichenlose " "Zahlen." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Markieren:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maskieren:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Bitte einen Netfilter Conntrack Helfer wählen:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Auswählen -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Andere Module:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port und Protokoll" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Bitte einen Port und ein Protokoll eingeben." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Direkte Regel" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Bitte wählen Sie ipv und table, " #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priorität:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Bitte ein Protokoll angeben." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Anderes Protokoll:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Umfassende Regel" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Bitte eine umfassende Regel eingeben." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "" "Element deaktivieren, um Positiv- oder Negativlisten für Host oder Netzwerk " "zu verwenden." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Quelle:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Ziel:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 und ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "invertiert" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Zum Aktivieren muss diese Aktion 'reject' sein und die Familie muss entweder " "'ipv4' oder 'ipv6' sein (nicht beides)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "mit Typ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Mit Begrenzung:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Präfix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Stufe:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Aktion:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Dienst-Grundeinstellungen" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Bitte konfigurieren Sie Dienst-Grundeinstellungen:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Bitte einen Dienst auswählen." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Geben Sie eine Quelle ein." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Benutzerkennung" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Bitte die Benutzerkennung eingeben." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Bitte Benutzername eingeben." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "Kennung" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Grundlegende Zone-Einstellungen" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Bitte konfigurieren Sie die grundlegenden Zone-Einstellungen:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Standard-Ziel" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Ziel:" firewalld-1.1.1/po/el.po0000644000000000000000000014713314217342322015050 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # ioza1964, 2013 # ioza1964, 2013 # Kranias Orestis , 2013 # mitzie , 2013 # mitzie , 2013 # Vasilis , 2012 # Vasilis , 2012 # ΑικατεÏίνη Χ. Καταπόδη , 2013 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2016-01-04 12:27+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Greek (http://www.transifex.com/projects/p/firewalld/language/" "el/)\n" "Language: el\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "ΜικÏοεφαÏμογή τείχους Ï€Ïοστασίας" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Τείχος Ï€Ïοστασίας" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ΡÏθμιση τείχους Ï€Ïοστασίας" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Ζώνη '%s' ενεÏγοποιήθηκε για την διεπαφή '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "ΕπεξεÏγασία ζωνών ασπίδων πάνω/κάτω" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Εδώ μποÏείτε να επιλέξετε τις ζώνες που χÏησιμοποιοÏνται για τις ασπίδες " "πάνω και ασπίδες κάτω." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Αυτό το χαÏακτηÏιστικό είναι χÏήσιμο για τους ανθÏώπους που χÏησιμοποιοÏν " "τις Ï€Ïοεπιλεγμένες ζώνες πεÏισσότεÏο. Για χÏήστες, που αλλάζουν ζώνες από " "συνδέσεις, μποÏεί να είναι πεÏιοÏισμένης χÏήσης." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Ζώνη ασπίδων πάνω:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Ζώνη ασπίδων κάτω:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Ασπίδες πάνω" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "ΕνεÏγοποίηση ειδοποιήσεων" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "ΕπεξεÏγασία Ïυθμίσεων τείχους Ï€Ïοστασίας..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Αλλάξτε τις Ζώνες ΣÏνδεσης " #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "ΕπεξεÏγασία ζωνών ασπίδων πάνω/κάτω..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "ΦÏαγή όλης της κίνησης δικτÏου" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Δεν υπάÏχει σÏνδεση." #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "<πεÏιβάλλον>" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Η εξουσιοδότηση απέτυχε." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Το ÏŒÏισμα %s είναι λάθος." #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Το όνομα ήδη υπάÏχει " #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Δεν υπάÏχει σÏνδεση στον δαίμονα του Firewall" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Όλη η κίνηση δικτÏου είναι φÏαγμένη." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Ζώνη '{zone}' ενεÏγή για σÏνδεση '{connection}' στην διεπαφή '{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Ζώνη '{zone}' ενεÏγή για την διεπαφή '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Δεν υπάÏχουν ενεÏγές ζώνες" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Η σÏνδεση στο FirewallD επιτεÏχθηκε." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Η σÏνδεση στο FirewallD χάθηκε." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "Έγινε επανεκκίνηση του FirewallD" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Η Ï€Ïοεπιλεγμένη ζώνη άλλαξε σε '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Η κίνηση δικτÏου δεν είναι άλλο φÏαγμένη." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "ενεÏγοποιήθηκε" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "απενεÏγοποιήθηκε" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Ζώνη '{zone}' {activated_deactivated} για σÏνδεση '{connection}' στην " "διεπαφή '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Ζώνη '{zone}' {activated_deactivated} για την διεπαφή '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Ζώνη '%s' ενεÏγοποιήθηκε για την διεπαφή '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Απέτυχε η φόÏτωση εικονιδίων." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "ΥπηÏεσία" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "ΠόÏτα" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "ΠÏωτόκολλο" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Στην πόÏτα" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Στην διεÏθυνση" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "ΤÏπος Icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Πηγή" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Ï€Ïοσοχή" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Σφάλμα" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Ζώνη" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Ζώνη '%s'. Η υπηÏεσία '%s' δεν είναι διαθέσιμη " #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "ΑφαίÏεσε την Ζώνη" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Αγνοήστε " #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Ζώνη '%s'. Ο Ï„Ïπος ICMP '%s' δεν είναι διαθέσιμος." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Ενσωματωμένη ζώνη, η μετονομασία δεν υποστηÏίζεται." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Ενσωματωμένη υπηÏεσία, η μετονομασία δεν υποστηÏίζεται." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Ενσωματωμένος icmp, η μετονομασία δεν υποστηÏίζεται." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ΔιεÏθυνση" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "ΠÏοώθηση πόÏτας" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "ΠαÏακαλώ επιλέξτε τις επιλογές πηγής και Ï€ÏοοÏÎ¹ÏƒÎ¼Î¿Ï Î²Î¬ÏƒÎ· των αναγκών σας." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "ΠόÏτα / Εμβέλεια πόÏτων:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "ΔιεÏθυνση IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "ΠÏωτόκολλο" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "ΠÏοοÏισμός" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Αν ενεÏγοποιήσετε την τοπική Ï€Ïοώθηση, Ï€Ïέπει να καθοÏίσετε μια πόÏτα. Αυτή " "η πόÏτα Ï€Ïέπει να είναι διαφοÏετική από την πηγαία πόÏτα." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Τοπική Ï€Ïοώθηση" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "ΠÏοώθηση σε άλλη πόÏτα" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" "Οι καταχωÏήσεις στα έντονα είναι απαÏαίτητες, όλες οι άλλες Ï€ÏοαιÏετικές." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Ονομασία:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Έκδοση:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Ταξηνόμηση:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "ΠεÏιγÏαφή:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Ρυθμίσεις βάσης Ï„Ïπου ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "ΠαÏακαλώ διαμοÏφώστε τις Ïυθμίσεις βάσης Ï„Ïπου ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ΤÏπος ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "ΠÏοσθήκη καταχώÏησης" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_ΑÏχείο" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Επιλογές" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Επανεκκίνηση Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Αλλαγή Ï€Ïοεπιλεγμένης ζώνης" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Βοήθεια" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "ΤÏέχουσες οÏατές Ïυθμίσεις. Οι διαμόÏφωση κατά την εκκίνηση είναι η " "Ï€Ïαγματικά ενεÏγή διαμόÏφωση. Η επίμονη διαμόÏφωση θα είναι ενεÏγή μετά από " "επανεκκίνηση της υπηÏεσίας ή του συστήματος." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "ΠÏοσθήκη ζώνης" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "ΕπεξεÏγασία ζώνης" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "ΑφαίÏεση ζώνης" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "ΦόÏτωση Ï€Ïοεπιλεγμένων ζώνης" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "ΥπηÏεσίες" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Στην πόÏτα" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "ΕπεξεÏγασία της Ζώνης" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "ΑφαίÏεσε την Ζώνη" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "ΠόÏτες" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Το μασκάÏισμα σας επιτÏέπει να στίσετε έναν υπολογιστή ή ÏοÏÏ„ÎµÏ Ï€Î¿Ï… συνδέει " "το τοπικό σας δίκτυο στο ίντεÏνετ. Το τοπικό σας δίκτυο δεν θα είναι οÏατό " "και οι υπολογιστές θα εμφανίζονται ως μια μοναδική διεÏθυνση στο ίντεÏνετ. " "Το μασκάÏισμα είναι IPv4 μόνο." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Ζώνη μασκαÏίσματος" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Αν ενεÏγοποιήσετε το μασκάÏισμα, Η Ï€Ïοώθηση IP θα ενεÏγοποιηθεί για τα IPv4 " "δίκτυα σας." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "ΜασκάÏισμα" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ΠÏοσθήκη καταχωÏίσεων για την Ï€Ïοώθηση ποÏτών είτε από μια πόÏτα σε άλλη στο " "τοπικό σÏστημα ή από το τοπικό σÏστημα σε άλλο σÏστημα. Η Ï€Ïοώθηση σε άλλο " "σÏστημα είναι χÏήσιμη μόνο αν η διεπαφή είναι μασκαÏισμένη. Η Ï€Ïοώθηση " "ποÏτών είναι IPv4 μόνο." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ΠÏόσθεση της ΠÏλης ΠÏοώθησης " #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Εκδοση της ΠÏλης ΠÏοώθησης " #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ΑφαιÏέστε την ΠÏλη Εισόδου ΠÏοώθησης " #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Το Internet Control Message Protocol (ICMP) χÏησιμοποιείται κυÏίως για την " "αποστολή μηνυμάτων σφαλμάτων Î¼ÎµÏ„Î±Î¾Ï Ï…Ï€Î¿Î»Î¿Î³Î¹ÏƒÏ„Î­Ï‚ του δικτÏου, αλλά επιπλέον " "για ενημεÏωτικά μηνÏματα όπως αιτήματα ping και απαντήσεις." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Σημειώστε όλους τους Ï„Ïπους ICMP στη λίστα, η οποία θα Ï€Ïέπει να αποÏÏιφθεί. " "Όλοι οι άλλοι Ï„Ïποι ICMP επιτÏέπονται να πεÏάσουν το τείχος Ï€Ïοστασίας. Η " "Ï€Ïοεπιλογή είναι να μην υπάÏχει κανένας πεÏιοÏισμός." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ΦίλτÏο ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "ΠÏοσθήκη υπηÏεσίας" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "ΕπεξεÏγασία υπηÏεσίας" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "ΑφαίÏεση υπηÏεσίας" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "ΦόÏτωση Ï€Ïοεπιλεγμένων υπηÏεσίας" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "ΕπεξεÏγασία καταχώÏησης" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "ΑφαίÏεση καταχώÏησης" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "ΑÏθÏώματα" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Εάν καθοÏίσετε τις διευθÏνσεις Ï€ÏοοÏισμοÏ, η έναÏξη παÏοχής υπηÏεσιών θα " "Ï€Ïέπει να πεÏιοÏίζεται στη διεÏθυνση Ï€ÏοοÏÎ¹ÏƒÎ¼Î¿Ï ÎºÎ±Î¹ το είδος. Αν και οι δÏο " "καταχωÏίσεις είναι κενές, δεν υπάÏχει πεÏιοÏισμός." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ΠÏοσθήκη Ï„Ïπου ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ΕπεξεÏγασία Ï„Ïπου ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ΑφαίÏεση Ï„Ïπου ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ΦόÏτωση Ï€Ïοεπιλεγμένων Ï„Ïπου ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "ΤÏέχουσα Ï€Ïοεπιλεγμένη ζώνη συστήματος." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "ΠÏοεπιλεγμένη ζώνη:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "ΠόÏτα και Ï€Ïωτόκολλο" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ΠαÏακαλώ εισάγετε μια πόÏτα και Ï€Ïωτόκολλο" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Άλλο Ï€Ïωτόκολλο" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Ρυθμίσεις υπηÏεσίας βάσης" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "ΠαÏακαλώ διαμοÏφώστε τις Ïυθμίσεις υπηÏεσίας βάσης" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Ρυθμίσεις βάσης ζώνης" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "ΠαÏακαλώ διαμοÏφώστε τις Ïυθμίσεις υπηÏεσίας ζώνης" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "ΠÏοεπιλεγμένος στόχος" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Στόχος:" firewalld-1.1.1/po/en_GB.po0000644000000000000000000014042414217342322015416 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Automatically generated, 2004 # Bruce Cowan , 2010 # Robert Readman , 2013 # Robert Readman , 2013 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2015-02-26 09:44+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: English (United Kingdom) (http://www.transifex.com/projects/p/" "firewalld/language/en_GB/)\n" "Language: en_GB\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Firewall Applet" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Firewall Configuration" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Select zone for interface '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Configure Shields Up/Down Zones" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Here you can select the zones used for Shields Up and Shields Down." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Shields Up Zone:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Shields Down Zone:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Shields Up" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Enable Notifications" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Edit Firewall Settings..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Change Zones of Connections..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Configure Shields UP/Down Zones..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Block all network traffic" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Connections" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Sources" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Authorisation failed." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Invalid argument %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Name already exists" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "No connection to firewall daemon" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "All network traffic is blocked." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Default Zone: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zone '{zone}' active for interface '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zone '{zone}' active for source {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "No Active Zones." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Default zone changed to '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Network traffic is not blocked anymore." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "activated" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "deactivated" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zone '{zone}' {activated_deactivated} for interface '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zone '%s' activated for interface '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zone '{zone}' {activated_deactivated} for source '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zone '%s' activated for source '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Used by network connection '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "enabled" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "disabled" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Failed to load icons." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "User name" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Service" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "To Port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "To Address" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp Type" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Family" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Action" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Source" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Warning" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Error" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accept" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "reject" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "drop" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "service" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "masquerade" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "level" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "yes" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zone" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zone '%s': Service '%s' is not available." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Remove" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ignore" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zone '%s': ICMP type '%s' is not available." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Built-in zone, rename not supported." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "second" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minute" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hour" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "day" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergency" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alert" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "critical" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "error" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "warning" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "notice" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Built-in service, rename not supported." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Built-in icmp, rename not supported." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Select zone for source %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Address" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Please enter the command line." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Please enter the context." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Port Forwarding" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Please select the source and destination options according to your needs." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / Port Range:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP address:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destination" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Local forwarding" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Forward to another port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Bold entries are mandatory, all others are optional." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Name:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Version:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Short:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Description:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Family:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Base ICMP Type Settings" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Please configure base ICMP type settings:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP Type" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Please select an ICMP type" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Add Entry" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_File" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Options" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Change Default Zone" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Panic Mode" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP Types" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Help" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Add Zone" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Edit Zone" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Remove Zone" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Load Zone Defaults" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Services" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "To Port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Edit Port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Remove Port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Ports" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Add Forward Port" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Edit Forward Port" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Remove Forward Port" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP Filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Here you can set rich language rules for the zone." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Rich Rules" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zones" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Add Service" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Edit Service" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Remove Service" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Load Service Defaults" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Edit Entry" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Remove Entry" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modules" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Add ICMP Type" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Edit ICMP Type" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Remove ICMP Type" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Load ICMP Type Defaults" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contexts" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Command lines" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "User names." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "User names" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "User ids." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "User Ids" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Current default zone of the system." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Panic Mode:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Lockdown:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Default Zone:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port and Protocol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Please enter a port and protocol." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Please enter a protocol." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Other Protocol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Rich Rule" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Please enter a rich rule." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "For host or network white or blacklisting deactivate the element." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Source:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destination:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 and ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "inverted" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "with Type:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "With limit:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Level:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Action:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Base Service Settings" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Please configure base service settings:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Please select a service." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "User ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Please enter the user id." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Please enter the user name." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Base Zone Settings" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Please configure base zone settings:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Default Target" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Target:" firewalld-1.1.1/po/en_US.po0000644000000000000000000015572314217342322015465 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Eric Garver , 2020. msgid "" msgstr "" "Project-Id-Version: firewalld\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-01-14 14:02+0000\n" "Last-Translator: Eric Garver \n" "Language-Team: English (United States) \n" "Language: en_US\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 3.10.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Firewall Applet" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Firewall Configuration" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Select zone for interface '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Default Zone" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Select zone for connection '%s'" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Failed to set zone {zone} for connection {connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Select zone for source '%s'" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Configure Shields Up/Down Zones" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Here you can select the zones used for Shields Up and Shields Down." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Shields Up Zone:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Reset To Default" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Shields Down Zone:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "About %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Authors" #: ../src/firewall-applet.in:393 msgid "License" msgstr "License" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Shields Up" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Enable Notifications" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Edit Firewall Settings..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Change Zones of Connections..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Configure Shields UP/Down Zones..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Block all network traffic" #: ../src/firewall-applet.in:492 msgid "About" msgstr "About" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Connections" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaces" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Sources" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Authorization failed." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Invalid name" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Name already exists" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Failed to get connections from NetworkManager" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "No NetworkManager imports available" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "No connection to firewall daemon" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "All network traffic is blocked." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Default Zone: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zone '{zone}' active for interface '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zone '{zone}' active for source {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "No Active Zones." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Connection to FirewallD established." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Connection to FirewallD lost." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD has been reloaded." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Default zone changed to '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Network traffic is not blocked anymore." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "activated" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "deactivated" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zone '{zone}' {activated_deactivated} for interface '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zone '%s' activated for interface '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zone '{zone}' {activated_deactivated} for source '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zone '%s' activated for source '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Connection to firewalld established." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Trying to connect to firewalld, waiting..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Changes applied." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Used by network connection '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Default zone used by network connection '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "enabled" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "disabled" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Failed to load icons." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Context" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Command line" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "User name" #: ../src/firewall-config.in:244 msgid "User id" msgstr "User id" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Table" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Chain" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priority" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Args" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Runtime" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Service" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "To Port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "To Address" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Bindings" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Entry" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp Type" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Family" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Action" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interface" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Comment" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Source" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Warning" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Error" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accept" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "reject" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "drop" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "mark" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "service" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "masquerade" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "level" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "yes" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zone" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Default Zone: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zone: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zone '%s': Service '%s' is not available." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Remove" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ignore" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zone '%s': ICMP type '%s' is not available." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Built-in zone, rename not supported." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "second" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minute" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hour" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "day" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergency" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alert" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "critical" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "error" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "warning" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "notice" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Built-in service, rename not supported." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Please enter an ipv4 address with the form address[/mask]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "The mask can be a network mask or a number." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Please enter an ipv6 address with the form address[/mask]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "The mask is a number." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Please enter an ipv4 or ipv6 address with the form address[/mask]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Built-in icmp, rename not supported." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Select zone for source %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Address" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Please enter the command line." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Please enter the context." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Please select default zone from the list below." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Direct Chain" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Please select ipv and table and enter the chain name." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Chain:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "security" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Table:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Direct Passthrough Rule" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Please select ipv and enter the args." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Port Forwarding" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Please select the source and destination options according to your needs." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / Port Range:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP address:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destination" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Local forwarding" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Forward to another port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Bold entries are mandatory, all others are optional." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Name:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Version:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Short:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Description:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Family:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Base ICMP Type Settings" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Please configure base ICMP type settings:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP Type" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Please select an ICMP type" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Add Entry" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_File" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Options" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Reload Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Change which zone a network connection belongs to." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Change Default Zone" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Change default zone for connections or interfaces." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "Panic mode means that all incoming and outgoing packets are dropped." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Panic Mode" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Lockdown" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Make runtime configuration permanent" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Runtime To Permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_View" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP Types" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Direct Configuration" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Lockdown Whitelist" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Help" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuration:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Add Zone" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Edit Zone" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Remove Zone" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Load Zone Defaults" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Services" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Add Port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Edit Port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Remove Port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Ports" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Masquerade zone" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Add Forward Port" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Edit Forward Port" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Remove Forward Port" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP Filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Here you can set rich language rules for the zone." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Add Rich Rule" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Edit Rich Rule" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Remove Rich Rule" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Rich Rules" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Add Interface" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Edit Interface" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Remove Interface" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Add Source" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Edit Source" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Remove Source" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zones" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Add Service" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Edit Service" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Remove Service" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Load Service Defaults" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Edit Entry" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Remove Entry" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modules" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Add ICMP Type" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Edit ICMP Type" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Remove ICMP Type" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Load ICMP Type Defaults" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Specify whether this ICMP Type is available for IPv4 and/or IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Additional chains for use with rules." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Add Chain" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Edit Chain" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Remove Chain" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Chains" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Add a rule with the arguments args to a chain in a table with a priority." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Add Rule" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Edit Rule" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Remove Rule" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Rules" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "Please be careful with passthrough rules to not damage the firewall." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Add Passthrough" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Edit Passthrough" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Remove Passthrough" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Passthrough" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Add Context" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Edit Context" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Remove Context" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contexts" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Add Command Line" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Edit Command Line" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Remove Command Line" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Command lines" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "User names." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Add User Name" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Edit User Name" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Remove User Name" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "User names" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "User ids." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Add User Id" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Edit User Id" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Remove User Id" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "User Ids" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Current default zone of the system." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Panic Mode:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Lockdown:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Default Zone:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port and Protocol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Please enter a port and protocol." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Direct Rule" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Please select ipv and table, chain priority and enter the args." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priority:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Please enter a protocol." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Other Protocol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Rich Rule" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Please enter a rich rule." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "For host or network white or blacklisting deactivate the element." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Source:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destination:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 and ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "inverted" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "with Type:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "With limit:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Level:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Action:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Base Service Settings" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Please configure base service settings:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Please select a service." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "User ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Please enter the user id." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Please enter the user name." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Base Zone Settings" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Please configure base zone settings:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Default Target" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Target:" #~ msgid "Please enter the module name." #~ msgstr "Please enter the module name." #~ msgid "You need to be root to run %s." #~ msgstr "You need to be root to run %s." #~ msgid "Fork #1 failed: %d (%s)" #~ msgstr "Fork #1 failed: %d (%s)" #~ msgid "Not starting FirewallD, already running." #~ msgstr "Not starting FirewallD, already running." #~ msgid "Unexpected element '%s'" #~ msgstr "Unexpected element '%s'" #~ msgid "Element '%s': missing '%s' attribute" #~ msgstr "Element '%s': missing '%s' attribute" #~ msgid "Element '%s': unexpected attribute '%s'" #~ msgstr "Element '%s': unexpected attribute '%s'" #~ msgid "Connected." #~ msgstr "Connected." #~ msgid "No connection." #~ msgstr "No connection." #~ msgid "Waiting ..." #~ msgstr "Waiting ..." #~ msgid "Retrying ..." #~ msgstr "Retrying ..." #~ msgid "Add entries to bind source addresses or areas to the zone." #~ msgstr "Add entries to bind source addresses or areas to the zone." #~ msgid "" #~ "Add additional ports or port ranges, which need to be accessible for all " #~ "hosts or networks. You can also add protocols without specific ports." #~ msgstr "" #~ "Add additional ports or port ranges, which need to be accessible for all " #~ "hosts or networks. You can also add protocols without specific ports." #~ msgid "Ports and Protocols" #~ msgstr "Ports and Protocols" #~ msgid "Port and/or Protocol" #~ msgstr "Port and/or Protocol" #~ msgid "Please enter a port and/or a protocol." #~ msgstr "Please enter a port and/or a protocol." #~ msgid "PANIC MODE" #~ msgstr "PANIC MODE" #~ msgid "Firewall-applet" #~ msgstr "Firewall-applet" firewalld-1.1.1/po/es.po0000644000000000000000000017044514217342322015061 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # beckerde , 2013 # Claudio Rodrigo Pereyra Diaz , 2012-2013 # Daniel Cabrera , 2010 # beckerde , 2007-2008 # beckerde , 2013 # Eduardo Villagrán , 2006 # Francisco M.S. , 2004 # Francisco Muñoz Santoyo , 2004 # Gerardo Rosales , 2014 # Gladys Guerrero , 2010,2014 # Gladys Guerrero , 2010 # Daniel Cabrera , 2010 # Hernan Mendez , 2005 # Manuel Ospina , 2006 # Rodolfo M. Raya , 2004 # Yelitza Louze , 2003 # Alex Puchades , 2015. #zanata # Máximo Castañeda Riloba , 2015. #zanata # Brian Curtich , 2016. #zanata # Máximo Castañeda Riloba , 2016. #zanata # William Moreno Reyes , 2016. #zanata # Máximo Castañeda Riloba , 2017. #zanata # Eric Garver , 2018. #zanata # Máximo Castañeda Riloba , 2018. #zanata # Emilio Herrera , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-10-17 11:14+0000\n" "Last-Translator: Emilio Herrera \n" "Language-Team: Spanish \n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.3\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Applet del cortafuegos" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Cortafuegos" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuración del cortafuegos" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "cortafuegos;red;seguridad;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Seleccione la zona para la interfaz '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona Predeterminada" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Seleccione la zona para la conexión '%s'" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" "No se pudo establecer la zona {zone} para la conexión {connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Seleccione la zona para el origen '%s'" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Configurar zonas protegidas/desprotegidas" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Aquí puede seleccionar las zonas protegidas/desprotegidas." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Esta característica es útil para las personas que usan principalmente las " "zonas predeterminadas. Para los usuarios que cambian las zonas de las " "conexiones, puede tener un uso limitado." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Zona protegida:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Restablecer a Predeterminado" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Zona desprotegida:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Acerca de %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Autores" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licencia" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Levantar escudos" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Habilitar notificaciones" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Editar la configuración del cortafuegos..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Cambiar zonas de las conexiones..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Configurar zonas protegidas/desprotegidas..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Bloquear todo el tráfico de red" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Acerca de" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Conexiones" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaces" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Orígenes" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Falló la autorización." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Nombre inválido" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "El nombre ya existe" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Zona predeterminada: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "No se pudieron obtener las conexiones de NetworkManager" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "No se pudo importar el módulo NetworkManager" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "No hay conexión al demonio del cortafuegos" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Todo el tráfico de red bloqueado." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Zona predeterminada: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona predeterminada '{default_zone}' activa para la conexión '{connection}' " "en la interfaz '{interface}'" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zona '{zone}' activa para conexión '{connection}' en interfaz '{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zona '{zone}' activa para interfaz '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zona '{zone}' activa para la fuente {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "No hay zonas activas." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Conexión a FirewallD establecida." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Conexión a FirewallD perdida." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD se ha recargado." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Zona por defecto cambiada a '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Tráfico de red desbloqueado." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "activada" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "desactivada" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Zona predeterminada '{default_zone}' {activated_deactivated} para la " "conexión '{connection}' en la interfaz '{interface}'" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} para conexión '{connection}' en " "interfaz '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zona '{zone}' {activated_deactivated} para interfaz '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zona '%s' activada para interfaz '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zona '{zone}' {activated_deactivated} para la fuente '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zona '%s' activada para el origen '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Conexión con firewalld establecida." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Intentando conectar con firewalld, en espera..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Error al conectar con firewalld. Asegúrese de que el servicio se ha iniciado " "correctamente y vuelva a intentarlo." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Cambios aplicados." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Usada por la conexión de red '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Zona predeterminada en uso por la conexión de red '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "activado" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "desactivado" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Falló la carga de iconos." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Contexto" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Línea de comandos" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nombre de usuario" #: ../src/firewall-config.in:244 msgid "User id" msgstr "ID de usuario" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabla" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Cadena" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioridad" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumentos" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Tiempo de ejecución" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanente" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Servicio" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Puerto" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocolo" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Al puerto" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "A la dirección" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Vinculaciones" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Entrada" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Tipo ICMP" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Familia" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Acción" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elemento" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Origen" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Destino" #: ../src/firewall-config.in:834 msgid "log" msgstr "registrar" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Auditar" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interfaz" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Comentario" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Fuente" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Advertencia" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Error" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "aceptar" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "rechazar" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "descartar" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "marcar" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limitar" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "servicio" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "puerto" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocolo" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "enmascarar" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "bloqueo de ICMP" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "tipo de ICMP" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "reenvío de puerto" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "puerto de origen" #: ../src/firewall-config.in:2097 msgid "level" msgstr "nivel" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "sí" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Zona predeterminada: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zona: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona '%s': El servicio '%s' no está disponible." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Eliminar" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ignorar" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona '%s': El tipo ICMP '%s' no está disponible." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Zona incorporada, no se puede renombrar." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "segundo" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuto" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hora" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "día" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergencia" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alerta" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "crítico" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "error" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "advertencia" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "aviso" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "depurar" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "El reenvío a otro sistema sólo es útil si la interfaz es enmascarada.\n" "¿Quiere enmascarar esta zona?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Servicio incorporado, no se puede renombrar." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" "Por favor introduzca una dirección ipv4 con el formato dirección[/máscara]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "La máscara puede ser una máscara de red o un número." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" "Por favor ingresar una dirección ipv6 con el formato dirección[/máscara]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "La máscara es un número." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" "Por favor introduzca una dirección ipv4 o ipv6 con la forma dirección[/" "máscara]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "La máscara puede ser una máscara de red o un número para ipv4.\n" "La máscara es un número para ipv6." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "IPset incorporado, no se puede renombrar." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Elija un archivo" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Archivos de texto" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Todos los archivos" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Todas" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Agente incorporado, no se puede renombrar." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Tipo ICMP incorporado, no se puede renombrar." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "No se pudo leer el archivo '%s': %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Seleccione la zona para el origen %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Dirección" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Agentes automáticos" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Por favor selecciones el valor de los auxiliares automáticos:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Introduzca la línea de comandos." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Introduzca el contexto." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Seleccione la zona por defecto de la lista siguiente." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Cadena directa" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Seleccione la versión IP y la tabla e ingrese el nombre de la cadena." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Cadena:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "crudo" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "seguridad" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabla:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Regla de paso directo" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Seleccione versión IP e ingrese los argumentos." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumentos:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Reenvío de puertos" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Seleccione las opciones de origen y destino según sus necesidades." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Puerto / Rango de puertos:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Dirección IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocolo:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destino" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Si habilita el reenvío local, debe especificar un puerto. Este puerto debe " "ser diferente del puerto de origen." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Reenvío local" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Reenviar a otro puerto" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Ajustes básicos de los agentes" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Configure los ajustes básicos de agentes:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Las entradas en negrita son obligatorias, el resto son opcionales." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nombre:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versión:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Nombre corto:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Descripción:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Familia:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Módulo:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Agente" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Elija un agente:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Configuración de tipos ICMP base" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Configure los tipos ICMP base:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Tipo ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Seleccione un tipo ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Agregar entrada" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Añadir entradas desde archivo" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Eliminar la entrada seleccionada" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Eliminar todas las entradas" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Eliminar entradas desde archivo" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Archivo" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opciones" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Recargar FirewallD" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Recargar las reglas del cortafuegos. La configuración permanente actual se " "convertirá en la nueva configuración de tiempo de ejecución. Es decir, todos " "los cambios realizados en la configuración de tiempo de ejecución se " "perderán al recargar si no fueron realizados también en la configuración " "permanente." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Cambiar a qué zona pertenece la conexión de red." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Cambiar zona por defecto" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Cambiar la zona por defecto para conexiones o interfaces." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Cambiar el registro de rechazos" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" "Cambiar el valor de LogDenied, con el que se decide qué rechazos registrar." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Configurar la asignación automática de agentes" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Configuración de la asignación automática de agentes." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "El modo pánico significa que todas los paquete entrantes y salientes serán " "descartados." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Modo pánico" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown bloquea la configuración del cortafuegos para que sólo las " "aplicaciones en la lista blanca lockdown sean capaces de cambiarla." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Bloquear" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Hacer la configuración de tiempo de ejecución permanente" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Tiempo de ejecución a permanente" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Ver" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Tipos ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Agentes" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Configuración directa" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Lista blanca de bloqueo" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Vinculaciones activas" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "Ay_uda" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Cambiar zona" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Cambiar zona de la vinculación" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Ocultar las vinculaciones activas de tiempo de ejecución de conexiones, " "interfaces y orígenes a zonas" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Mostrar las vinculaciones activas de tiempo de ejecución de conexiones, " "interfaces y orígenes a zonas" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuración:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Configuración visible actual. La configuración de tiempo de ejecución es la " "configuración activa ahora mismo. La configuración persistente será activada " "después de que se recargue o reinicie el servicio o el sistema." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Una zona de firewalld define un nivel de confianza para conexiones de red, " "interfaces y direcciones fuente asociadas a la zona. La zona combina " "servicios, puertos, protocolos, enmascarados, re-envíos puerto/paquete, " "filtros icmp y reglas ricas. La zona puede ser asociada a interfaces y " "direcciones fuente." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Agregar zona" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Editar zona" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Eliminar zona" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Cargar zonas por defecto" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Aquí puede definir qué servicios son confiables en la zona. Los servicios " "confiables son accesibles desde todos los equipos y redes que pueden " "alcanzar a la máquina desde las conexiones, interfaces y fuentes unidas a " "esta zona." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Servicios" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Agregue puertos o rangos de puertos adicionales que necesiten ser accesibles " "por todos los equipos o redes que puedan conectarse al sistema." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Añadir puerto" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Editar puerto" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Eliminar puerto" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Puertos" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Añadir protocolos que deben ser accesibles para todos los servidores o redes." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Agregar Protocolo" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Editar Protocolo" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Eliminar Protocolo" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protocolos" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Añadir puertos o rangos de puertos a los que se deba poder acceder desde " "todos los equipos o redes que puedan conectarse al sistema." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Puertos de origen" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "El enmascaramiento le permite configurar un equipo o router que conectará su " "red local a Internet. Su red local no será visible y aparecerá como un solo " "equipo conectado a Internet. El enmascaramiento sólo puede hacerse en IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zona enmascarada" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Si habilita el enmascaramiento, se activará el reenvío de IP para sus redes " "IPv4." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Enmascaramiento" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Añadir entradas para el reenvío desde un puerto a otro en el sistema local o " "desde el sistema local hacia otro sistema. El reenvío de puertos hacia otro " "sistema solo es útil cuando la interfaz está enmascarada. El reenvío de " "puertos sólo funciona para IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Agregar puerto de reenvío" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Editar puerto de reenvío" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Quitar puerto de reenvío" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "El Protocolo de Mensajes de Control de Internet (ICMP) se usa principalmente " "para mandar mensajes de error entre computadoras en la red, así como " "información adicional como solicitudes de ping y sus respuestas." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Marcar los tipos ICMP de la lista que deberán ser rechazados. Los demás " "tipos ICMP podrán pasar a través del cortafuego. Por defecto, no hay " "limitación." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Con 'Invertir filtro' activo, los elementos ICMP marcados se aceptan y los " "otros se rechazan. En las zonas con destino DROP, se descartan." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Invertir filtro" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtro ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Aquí puede establecer reglas ricas para la zona." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Agregar regla rica" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Editar regla rica" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Eliminar regla rica" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Reglas ricas" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Añadir entradas para enlazar interfaces a la zona. Si la interfaz fuera " "usada por una conexión, la zona será la especificada por la conexión." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Añadir interfaz" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Editar interfaz" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Eliminar interfaz" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Añada entradas para enlazar direcciones de origen o áreas a la zona. También " "puede enlazar una dirección origen MAC, pero con limitaciones: no funcionará " "el reenvío ni el enmascaramiento de puertos." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Añadir origen" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Editar origen" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Eliminar origen" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zonas" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Un servicio firewalld es una combinación de puertos, protocolos, módulos y " "direcciones destino." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Agregar servicio" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Editar servicio" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Eliminar servicio" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Cargar servicios por defecto" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Añadir puertos adicionales o rangos de puertos, que necesiten ser accesibles " "desde todos los equipos o redes." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Editar entrada" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Eliminar entrada" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Añadir puertos o rangos de puertos de origen, que necesiten ser accesibles " "desde todos los equipos o redes." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Puerto de origen" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Algunos servicios necesitan módulos de agentes de netfilter." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Módulos" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Si especifica una dirección de destino, la entrada del servicio estará " "limitada al tipo y la dirección de destino. Si las dos entradas están " "vacías, no hay limitaciones." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Los servicios sólo se pueden cambiar en la vista de configuración " "permanente. La configuración de tiempo de ejecución de los servicios es fija." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Se puede usar un IPSet para crear listas blancas o negras, y puede contener " "direcciones IP o MAC, o números puertos. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Agregar IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Editar IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Eliminar IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Cargar IPSet predeterminados" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Entradas del IPSet. Sólo verá las que no estén usando la opción de tiempo de " "espera (timeout) y que hayan sido añadidas por firewalld. Si se han añadido " "directamente con el comando ipset no saldrán en esta lista." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Este IPSet usa la opción de tiempo de espera, por lo que no hay entradas " "visible. El mantenimiento de las mismas debe hacerse directamente con el " "comando ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Añadir" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Entradas" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "Los IPSets sólo se pueden crear y eliminar desde la vista de configuración " "permanente." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Un icmptype de firewalld provee la información para el tipo de Protocolo de " "Control de Mensajes de Internet (ICMP en inglés) para firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Agregar un tipo ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Editar un tipo ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Eliminar un tipo ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Cargar tipo ICMP por defecto" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Especifique si este tipo ICMP está disponible para IPv4 y/o IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Los tipos ICMP sólo se pueden cambiar en la vista de configuración " "permanente. La configuración de tiempo de ejecución de los tipos ICMP es " "fija." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Hay un agente de seguimiento de conexiones ayudando con los protocolos que " "usan diferentes flujos para la señalización y para la transferencia de " "datos. Los datos se envían por puertos que no están relacionados con la " "conexión de control y el cortafuegos los bloquearía sin la ayuda del agente " "de seguimiento." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Defina los puertos o rangos que monitorizará el agente." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "La configuración directa da mas acceso directo al cortafuegos. Estas " "opciones requieren que el usuario conozca conceptos básicos de iptables, es " "decir, tablas, cadenas, comandos, parámetros y objetivos. La configuración " "directa solo debe ser usada como último recurso cuando no es posible " "utilizar otra característica del cortafuegos." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "El argumento ipv de cada opción debe ser ipv4 o ipv6 o eb. Con ipv4, este " "será para iptables; con ipv6, para ip6tables y con eb, para puentes de red " "(ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Cadenas adicionales para usar con las reglas." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Añadir cadena" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Editar cadena" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Eliminar cadena" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Cadenas" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "Añadir regla con argumentos a la cadena en una tabla con prioridad." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "La prioridad es usada para ordenar reglas. Prioridad 0 significa agregar la " "regla al inicio de la cadena, con una prioridad más alta la regla será " "añadida más adelante. Las reglas con misma prioridad son del mismo nivel y " "el orden de estas reglas no es fijo y puede cambiar. Si quiere estar seguro " "de que una regla se agrega después de otra, use una prioridad baja para la " "primera, y una prioridad mayor para la siguiente." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Añadir regla" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Editar regla" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Eliminar regla" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Reglas" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Las reglas passthrough se pasan directamente a través del cortafuegos y no " "son puestas en cadenas especiales. Pueden usarse las opciones iptables, " "ip6tables y ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "Tenga cuidado con las reglas passthrough para no dañar el cortafuegos." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Añadir regla passthrough" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Editar regla passthrough" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Eliminar regla passthrough" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Reglas passthrough" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "La característica de bloqueo es una versión simple de políticas de usuario y " "aplicación para firewalld. Limita los cambios al cortafuego. La lista blanca " "de bloqueo puede contener comandos, contextos, usuarios e id de usuarios." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "El contexto es el contexto de seguridad (SELinux) de una aplicación o " "servicio en ejecución. Para obtener el contexto de una aplicación use ps " "-e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Agregar contexto" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Editar contexto" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Eliminar contexto" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contextos" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Si una entrada de comando en la lista blanca finaliza con un asterisco '*', " "entondes todas las líneas de comando que inicien con el comando dado " "concidirán. Si el '*' no está ahí, entonces el comando y sus argumentos " "dados deben coincidir tal como fueron dados." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Agregar línea de comandos" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Editar línea de comandos" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Eliminar línea de comandos" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Línea de comandos" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Nombres de usuario." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Agregar nombre de usuario" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Editar nombre de usuario" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Eliminar nombre de usuario" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Nombres de usuario" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Identificadores de usuario." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Agregar Id de usuario" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Editar Id de usuario" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Eliminar Id de usuario" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Identificadores de usuario" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Zona por defecto actual del sistema." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Registro de rechazos:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Modo pánico:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Agentes automáticos:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Bloqueo:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zona por defecto:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Introduzca un nombre de interfaz:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Ajustes básicos de IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Configure los ajustes básicos de ipset:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tipo:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Tiempo de espera:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Tamaño de hash:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Número máximo de elementos:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Tiempo de espera en segundos" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Tamaño inicial del hash (valor predeterminado: 1024)" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Máximo número de elementos; valor predeterminado: 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Por favor elija un IPSet:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Introduzca una entrada de ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Registro de rechazos" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Elija un valor para el registro de rechazos:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Marca" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Introduzca una marca con una máscara opcional." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Tanto la marca como la máscara son enteros de 32 bits sin signo." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Marca:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Máscara:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Por favor elija un agente netfilter de seguimiento de conexiones:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Elija -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Otro módulo:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Puerto y protocolo" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Introduzca el puerto y protocolo." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Regla directa" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Seleccione ipv, tabla y cadena de prioridad e ingrese los argumentos." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioridad:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Introduzca un protocolo." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Otro protocolo:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Reglas ricas" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Introduzca una regla rica." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" "Para permitir o denegar el listado de host o red desactive el elemento." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Origen:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destino:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Aviso:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 e ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "invertido" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Para activar ésto, Acción debe ser 'reject' y Familia 'ipv4' o 'ipv6' (no " "ambas)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "con tipo:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Con límite:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefijo:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Nivel:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Elemento:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Acción:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Configuración de servicios base" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Configure los servicios base:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Seleccione un servicio." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Introduzca un origen." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ID de usuario" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Introduzca un id de usuario." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Introduzca un nombre de usuario." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etiqueta" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Configuración de zona base" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Por favor configure la zona base:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Objetivo por defecto" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Objetivo:" firewalld-1.1.1/po/et.po0000644000000000000000000013127714217342322015062 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # mihkel , 2012 # mihkel , 2012 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2016-01-04 12:21+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Estonian (http://www.transifex.com/projects/p/firewalld/" "language/et/)\n" "Language: et\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Tulemüüri aplett" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Tulemüür" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Tulemüüri seadistamine" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Kilp peale tsoon:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Kilp maha tsoon:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Kilp peale" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Võimalda teated" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Muuda tulemüüri sätteid..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Blokeeri kogu võrguliiklus" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Ãœhendus puudub." #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autentimine nurjus." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Vigane argument %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Tulemüüri teenusega ühendus puudub" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Kogu võrguliiklus on blokeeritud." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Puudub aktiivne tsoon." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Ãœhendus FirewallD-ga loodi." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Ãœhendus FirewallD-ga kaotati." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirrewallD on uuesti laaditud." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Vaikimisi tsoon muudeti '%s'-ks" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Võrguliiklus ei ole enam blokeeritud." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "aktiveeritud" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "deaktiveeritud" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Ikoonide laadimine nurjus." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Teenus" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokoll" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Porti" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Aadressile" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp tüüp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Allikas" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Hoiatus" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Viga" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Tsoon" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Eemalda tsoon" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Sisse ehitatud tsoon, ümbernimetamine pole toetatud." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Sisse ehitatud teenus, ümbernimetamine pole toetatud." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Sisse ehitatud icmp, ümbernimetamine pole toetatud." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Aadress" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Pordi edasisuunamine" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / Portide vahemik:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP aadress:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokoll:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Sihtkoht" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Kohalik edasisuunamine" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Suuna teise porti" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Rasvased kirjed on kohustuslikud, kõik teised aga valikulised." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nimi:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versioon:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Lühike:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Kirjeldus:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP tüüp" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Lisa kirje" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fail" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Valikud" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Laadi FirewallD uuesti" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Muuda vaikimisi tsooni" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Abi" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Lisa tsoon" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Muuda tsooni" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Eemalda tsoon" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Laadi vaikimisi tsoon" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Teenused" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Porti" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Muuda tsooni" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Eemalda tsoon" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Pordid" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Maskeerimine tsoon" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskeerimine" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Lisa teenus" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Muuda teenust" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Eemalda teenus" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Laadi teenuse vaikeväärtused" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Muuda kirjet" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Eemalda kirje" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moodulid" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Lisa ICMP tüüp" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Muuda ICMP tüüpe" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Eemalda ICMP tüüp" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Süsteemi aktiivne vaikimisi tsoon" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Vaikimisi tsoon:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port ja protokoll" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Palun sisesta port ja protokoll." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Teine protokoll:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Baasteenuste sätted" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Baas tsoonide sätted" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Vaikimisi sihtmärk" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Sihtmärk:" firewalld-1.1.1/po/eu.po0000644000000000000000000013013114217342322015047 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Asier Iturralde Sarasola , 2012 # Mikel Olasagasti Uranga , 2013 # Mikel Olasagasti Uranga , 2013 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2015-02-26 09:43+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Basque (http://www.transifex.com/projects/p/firewalld/" "language/eu/)\n" "Language: eu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Suhesiaren applet-a" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Suhesia" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Suhesiaren konfigurazioa" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Gaitu jakinarazpenak" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Editatu suhesiaren ezarpenak..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Blokeatu sareko trafiko guztia" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Konexiorik ez." #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autentikazioak huts egin du." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "argumentu baliogabea %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "aktibatuta" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "desaktibatuta" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Huts egin du ikonoak kargatzean." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Zerbitzua" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Ataka" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokoloa" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Atakara:" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Helbidera:" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp mota" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Iturburua" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Abisua" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Errorea" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "ezikusi" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Helbidea" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Ataka birbidalketa" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP helbidea:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokoloa:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Helburua" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Birbidalketa lokala" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Birbidali beste ataka batera" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Izena:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Bertsioa:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Laburra:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Deskribapena:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP mota" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Gehitu sarrera" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fitxategia" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Aukerak" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Birkargatu Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Laguntza" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Zerbitzuak" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Atakara" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Atakak" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP iragazkia" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Gehitu zerbitzua" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Editatu zerbitzua" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Kendu zerbitzua" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Kargatu zerbitzu lehenetsiak" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Editatu sarrera" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Kendu sarrera" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduluak" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Gehitu ICMP mota" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Editatu ICMP mota" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Kendu ICMP mota" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Kargatu ICMP mota lehenetsiak" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Ataka eta protokoloa" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Mesedez sartu ataka bat eta protokoloa." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Beste protokolo bat:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Helburu lehenetsia" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Helburua" firewalld-1.1.1/po/fa.po0000644000000000000000000012620014217342322015026 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Ahmad Haghighi , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-01-14 14:02+0000\n" "Last-Translator: Ahmad Haghighi \n" "Language-Team: Persian \n" "Language: fa\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n > 1;\n" "X-Generator: Weblate 3.10.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "دیوار آتش" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "پیکربندی دیوار آتش" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-1.1.1/po/fi.po0000644000000000000000000016572114217342322015051 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Juhani Numminen , 2012-2013 # Lauri Nurmi , 2004 # Lauri Nurmi , 2004 # Mikko Ikola , 2004 # Juhani Numminen , 2016. #zanata # Jiri Grönroos , 2017. #zanata, 2020. # Toni Rantala , 2017. #zanata # Jiri Grönroos , 2018. #zanata, 2020. # Jan Kuparinen , 2021. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2021-02-17 19:40+0000\n" "Last-Translator: Jan Kuparinen \n" "Language-Team: Finnish \n" "Language: fi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.4.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Palomuurisovelma" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Palomuuri" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Palomuuriasetukset" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" "palomuuri;verkko;tietoturva;suojaus;turva;firewall;network;security;iptables;" "netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Valitse alue liitännälle '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Oletusalue" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Valitse alue yhteydelle '%s'" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Alueen {zone} asettaminen yhteydelle {connection_name} epäonnistui" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Valitse alue lähteelle '%s'" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Määritä Kilvet ylös/alas -alueet" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Täällä voit valita millä alueilla kilvet-ylös ja kilvet-alas käytetään." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Tämä ominaisuus on hyödyllinen ihmisille, jotka käyttävät enimmäkseen " "oletusvyöhykkeitä. Käyttäjille, jotka muuttavat yhteysvyöhykkeitä, siitä voi " "olla vähemmän hyötyä." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Kilvet ylös -alue:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Palauta oletukset" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Kilvet alas -alue:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Tietoja – %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Tekijät" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Lisenssi" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Kilvet ylös" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Ota ilmoitukset käyttöön" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Muokkaa palomuurin asetuksia…" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Muuta yhteyksien alueita..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Määritä Kilvet ylös/alas -alueet..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Estä kaikki verkkoliikenne" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Tietoja" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Yhteydet" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Verkkoliitännät" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Lähteet" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Tunnistautuminen epäonnistui." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Virheellinen nimi" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Nimi on jo olemassa" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Alue: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Oletusalue: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Yhteyksien haku NetworkManagerilta epäonnistui" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "NetworkManager-tuonteja ei ole saatavilla" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Ei yhteyttä palomuurin taustaprosessiin" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Kaikki verkkoliikenne on estetty." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Oletusalue: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Oletusalue '{default_zone}' aktiivisena yhteydelle '{connection}' " "liitännällä '{interface}'" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Alue '{zone}' aktiivisena yhteydelle '{connection}' liitännällä '{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Alue '{zone}' käytössä verkkoliitännälle '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Alue '{zone}' aktiivisena lähteelle {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Ei aktiivisia alueita." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Yhteys FirewallD:hen muodostettu." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Yhteys FirewallD:hen kadotettu." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD on ladattu uudelleen." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Oletusalueeksi asetettu '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Verkkoliikennettä ei enää estetä." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "käytössä" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "ei käytössä" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Oletusalue '{default_zone}' {activated_deactivated} yhteydellä " "'{connection}' liitännällä '{interface}'" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Alue '{zone}' {activated_deactivated} yhteydellä '{connection}' liitännällä " "'{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Alue '{zone}' {activated_deactivated} liitännällä '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Alue '%s' aktivoitu liitännälle '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Alue '{zone}' {activated_deactivated} lähteelle '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Alue '%s' aktivoitu lähteelle '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Yhteys firewalld:hen muodostettu." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Yritetään muodostaa yhteys firewalld:hen, odotetaan…" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Yhteys firewalld:hen epäonnistui. Varmista että palvelu on päällä ja yritä " "uudelleen." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Muutokset otettu käyttöön." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Yhteyden â€%s†käytössä" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Verkkoyhteyden '%s' käyttämä oletusalue" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "käytössä" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "pois käytöstä" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Kuvakkeiden lataus ei onnistunut." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Konteksti" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Komentorivi" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Käyttäjänimi" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Käyttäjätunniste" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Taulu" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Ketju" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioriteetti" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumentit" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Ajonaikainen" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Pysyvä" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Palvelu" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Portti" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokolla" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Porttiin" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Osoitteeseen" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Sidokset" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Tietue" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp-tyyppi" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Perhe" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Toiminto" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elementti" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Lähde" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Kohde" #: ../src/firewall-config.in:834 msgid "log" msgstr "kirjaa" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Auditointi" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Liitäntä" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Kommentti" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Lähde" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Varoitus" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Virhe" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "hyväksy" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "hylkää" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "pudota" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "merkitse" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "rajoita" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "palvelu" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "portti" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokolla" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maskeeraa" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-esto" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "välitysportti" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "lähdeportti" #: ../src/firewall-config.in:2097 msgid "level" msgstr "taso" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "kyllä" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Alue" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Oletusalue: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Alue: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Alue '%s': Palvelu '%s' ei ole käytettävissä." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Poista" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Älä huomioi" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Alue '%s': ICMP-tyyppi '%s' ei ole saatavilla." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Sisäänrakennettu alue, nimen muuttaminen ei ole tuettu." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekunti" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuutti" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "tunti" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "vuorokausi" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "hätätila" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "hälytys" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kriittinen" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "virhe" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "varoitus" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "huomautus" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "tiedoksi" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "virheenjäljitys" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Välittäminen toiseen järjestelmään on hyödyllistä vain jos verkkoliitäntä on " "maskeerattu. \n" "Haluatko maskeerata tämän alueen?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Sisäänrakennettu palvelu, ei voi uudelleennimetä." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Syötä ipv4-osoite muodossa osoite[/maski]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "Maski voi olla verkkomaski tai numero." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Syötä ipv6-osoite muodossa osoite[/maski]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "Maski on numero." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Syötä ipv4- tai ipv6-osoite muodossa osoite[/maski]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Ipv4:n maski voi olla verkkomaski tai numero.\n" "Ipv6:n maski on numero." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "Sisäänrakennettu ipset, uudelleennimeäminen ei ole tuettu." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Valitse tiedosto" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Tekstitiedostot" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Kaikki tiedostot" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Kaikki" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Sisäänrakennettu avustin, nimen muuttaminen ei ole tuettu." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Sisäänrakennettu icmp, nimen muuttaminen ei ole tuettu." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Tiedoston â€%s†lukeminen epäonnistui: %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Valitse alue lähteelle %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Osoite" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automaattiset apurit" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Valitse automaattisen apurin arvo:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Syötä komento." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Syötä konteksti." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Valitse oletusalue alapuolella olevasta listasta." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Suora ketju" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Valitse ipv ja taulu ja anna ketjunimi." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Ketju:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raakamuoto" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "turvallisuus" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Taulu:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Suora läpikulkusääntö" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Valitse ipv ja anna argumentit." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumentit:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Porttien edelleenohjaus (forwarding)" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Valitse lähde- ja kohdeasetukset tarpeen mukaan." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Portti tai porttialue:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP-osoite:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokolla:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Kohde" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Jos paikallinen edelleenohjaus otetaan käyttöön, on määritettävä portti. " "Tämä portti on oltava eri kuin lähdeportti." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Paikallinen edelleenohjaus" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Edelleenohjaa toiseen porttiin" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Perus avustaja-asetukset" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Määrittele perusavustajan asetukset:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Lihavoidut kohdat ovat pakollisia, muut ovat vapaaehtoisia." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nimi:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versio:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Lyhyt:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Kuvaus:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Perhe:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Moduuli:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Apuri" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Valitse apuri:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Perus ICMP tyypin asetukset" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Määrittele perus ICMP tyypin asetukset:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP-tyyppi" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Valitse ICMP-tyyppi" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Lisää merkintä" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Lisää tietueet tiedostosta" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Poista valittu merkintä" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Poista kaikki tietueet" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Poista tietueet tiedostosta" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Tiedosto" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Valinnat" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Lataa Firewalld uudelleen" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Lataa palomuurin uudelleen. Tämän hetkiset pysyvät asetukset tulevat uusiksi " "ajonaikaisiksi asetuksiksi, toisin sanoen, kaikki ajonaikaiset muutokset " "jotka teit ennen uudelleenlatausta häviävät elleivät ne olleet myös " "pysyvissä asetuksissa." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Vaihda mille alueelle verkkoyhteys kuuluu." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Muuta oletusaluetta" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Vaihda oletusalue yhteyksille ja verkkoliitännöille." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Vaihda lokin kieltotasoa" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Muuta LogDenied-arvoa." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Määritä automaattisten apurien työnjako" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Muokkaa Automatic Helper Assignment -asetusta." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Paniikkitilassa kaikki sisään tulevat ja ulos menevät paketit pudotetaan." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Paniikkitila" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lukitus lukitsee palomuurin asetukset siten, että vain sallittujen listalla " "olevat sovellukset voivat muuttaa palomuurin asetuksia." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Lukitus" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Tee ajonaikaisista asetuksista pysyviä" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Ajonaikaisesta pysyväksi" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Näytä" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSetit" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP-tyypit" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Apurit" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Suoramääritys" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Lukituksen sallittujen lista" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktiiviset sidokset" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Ohje" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Vaihda alue" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Vaihda sidoksen alue" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Piilota yhteyksien, rajapintojen ja lähteiden aktiiviset ajonaikaiset " "sidokset vyöhykkeisiin" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Näytä yhteyksien, rajapintojen ja lähteiden aktiiviset ajonaikaiset sidokset " "vyöhykkeisiin" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Kokoonpano:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Tällä hetkellä näkyvät asetukset. Ajonaikaiset asetukset on todellinen " "aktiivinen asetus. Pysyvät asetukset tulevat voimaan huollon tai " "järjestelmän uudelleenlatauksen tai uudelleenkäynnistyksen jälkeen." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Firewalld-alue määrittää luottosuhteen siihen sidottuihin verkkoyhteyksiin, " "liitäntöihin ja lähdeosoitteisiin. Alue yhdistää palvelut, protokollat, NAT-" "ominaisuudet (osoitteenmuunnos/masquerading), portti- tai pakettikohtaiset " "välityssäännöt, icmp-suodattimet ja muut monipuoliset säännöt. Alue voidaan " "määrittää liitäntöihin ja lähdeosoitteisiin." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Lisää alue" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Muokkaa aluetta" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Poista alue" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Lataa alueen oletukset" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Täällä voit määrittää mitkä palvelut ovat luotetulla alueella. Luotetut " "palvelut ovat kaikkien verkon koneiden ja verkkojen käytettävissä, jotka " "tavoittavat tämän koneen mistä tahansa yhteydestä, verkkoliitännästä tai " "lähteestä, jotka tähän alueeseen kuuluvat." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Palvelut" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Lisää muita portteja tai porttialueita, joiden on oltava kaikkien koneeseen " "yhdistettävissä olevien isäntien tai verkkojen käytettävissä." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Lisää portti" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Muokkaa porttia" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Poista portti" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portit" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Lisää protokolla jonka pitää olla kaikkien koneiden tai verkkojen " "käytettävissä." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Lisää protokolla" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Muokkaa protokollaa" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Poista protokolla" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokollat" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Lisää muita lähdeportteja tai lähdeporttialueita, joiden on oltava kaikkien " "koneeseen yhdistettävissä olevien isäntien tai verkkojen käytettävissä." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Lähdeportit" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Osoitteenmuunnos mahdollistaa paikallisen verkon Internetiin yhdistävän " "koneen tai reitittimen pystyttämisen. Paikallinen verkko näkyy yhtenä " "osoitteena Internetiin päin. Osoitteenmuunnos toimii vain IPv4:ssä." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Maskeerausalue" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Jos otat maskeerauksen käyttöön, IP-edelleenlähetystä on mahdollista käyttää " "IPv4-verkoissasi." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Osoitteenmuunnos" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Lisää tietueita porttien edelleenohjaamiseksi joko portista toiseen " "paikallisessa järjestelmässä tai paikallisesta järjestelmästä toiseen " "järjestelmään. Edelleenohjaaminen toiseen järjestelmään on hyödyllistä vain " "jos liitännässä on käytössä osoitteenmuunnos. Porttien edelleenohjaaminen on " "mahdollista vain IPv4:ssä." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Lisää välitysportti" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Muokkaa välitysporttia" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Poista välitysportti" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internet Control Message -protokollaa (ICMP) käytetään yleensä virheviestien " "lähettämiseksi verkotettujen tietokoneiden välillä, mutta sitä voidaan " "käyttää myös tietoviesteihin, kuten ping-pyyntöihin ja -vastauksiin." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Merkitse hylättävät ICMP-tyypit luettelosta. Kaikki muut ICMP-tyypit " "päästetään läpi palomuurista. Oletuksena ei ole rajoituksia." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Jos käänteinen maskeeraus on käytössä, merkityt ICMP-merkinnät hyväksytään " "ja muut hylätään. Vyöhykkeellä, jolla on DROP-tavoite, ne pudotetaan." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Käännä suodatin päinvastoin" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP-suodin" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Täällä voit asettaa monipuoliset kielisäännöt vyöhykkeelle." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Lisää monipuolinen sääntö" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Muokkaa monipuolista sääntöä" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Poista monipuolinen sääntö" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Monipuoliset säännöt" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Lisää merkinnät liittääksesi rajapinnat vyöhykkeeseen. Jos yhteys käyttää " "liitäntää, vyöhyke asetetaan yhteydelle määritettyyn vyöhykkeeseen." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Lisää liitäntä" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Muokkaa liitäntää" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Poista liitäntä" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Lisää merkinnät sitomaan lähdeosoitteet tai -alueet vyöhykkeeseen. Voit myös " "sitoa MAC-lähdeosoitteeseen, mutta rajoituksin. Porttien edelleenlähetys ja " "maskeeraus ei toimi MAC-lähdesidonnassa." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Lisää lähde" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Muokkaa lähdettä" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Poista lähde" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Alueet" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "firewalld-palvelu on yhdistelmä portteja, protokollia, moduuleita ja " "kohdeosoitteita." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Lisää palvelu" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Muokkaa palvelua" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Poista palvelu" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Lataa palvelun oletusarvot" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Lisää muita portteja tai porttialueita, joiden on oltava kaikkien isäntien " "tai verkkojen käytettävissä." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Muokkaa merkintää" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Poista merkintä" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Lisää muita lähdeportteja tai -porttialueita, joiden on oltava kaikkien " "isäntien tai verkkojen käytettävissä." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Lähdeportti" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Netfilter-apumoduuleja tarvitaan joihinkin palveluihin." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduulit" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Jos määrität kohdeosoitteet, palvelutietue rajoitetaan kohdeosoitteseen ja " "tyyppiin. Jos molemmat tietueet jätetään tyhjäksi, rajoitteita ei ole." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Palveluita voi muuttaa vain pysyvän kokoonpanon asetusnäkymässä. Palvelujen " "ajonaikaista kokoonpanoa ei voi muuttaa." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSettiä voidaan käyttää sallittujen listojen (white) ja estolistojen " "(black) luomiseen. Se voi sisältää esimerkiksi IP-osoitteita, " "porttinumeroita tai MAC-osoitteita. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Lisää IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Muokkaa IPSet:iä" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Poista IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Lataa IPSet-oletukset" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "IPSetin merkinnät. Näet vain niiden ipsetin merkinnät, jotka eivät käytä " "aikakatkaisua, ja vain palomuurin lisäämät merkinnät. Suoraan ipset-" "komennolla lisättyjä merkintöjä ei luetella tässä." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Tämä IPSet käyttää aikakatkaisuvaihtoehtoa, joten tässä ei ole näkyvissä " "merkintöjä. Merkinnät tulisi hoitaa suoraan ipset-komennolla." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Lisää" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Tietueet" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPS-setit voidaan luoda tai poistaa vain pysyvän kokoonpanon näkymässä." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Palomuuri icmptype antaa tietoja palomuurin Internet Control Message " "Protocol (ICMP) -tyypistä." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Lisää ICMP-tyyppi" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Muokkaa ICMP-tyyppiä" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Poista ICMP-tyyppi" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Lataa ICMP tyypin oletusarvot" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Määritä, onko tämä ICMP-tyyppi käytettävissä IPv4:lle ja/tai IPv6:lle." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP tyyppejä voi muuttaa vain pysyvän kokoonpanon asetusnäkymässä. ICMP " "tyyppien ajonaikaista kokoonpanoa ei voi muuttaa." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Yhteyden seuranta-apulainen auttaa tekemään toimivia protokollia, jotka " "käyttävät erilaisia virtauksia signalointiin ja tiedonsiirtoon. " "Tiedonsiirrot käyttävät portteja, jotka eivät liity merkinantoyhteyteen ja " "jotka palomuuri siten estää ilman auttajaa." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Määritä portit tai porttialueet, joita auttaja valvoo." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Suora määritys antaa suoremman pääsyn palomuuriin. Nämä vaihtoehdot " "edellyttävät käyttäjän tuntevan iptables-peruskäsitteet, eli taulukot, " "ketjut, komennot, parametrit ja kohteet. Suoraa määritystä tulisi käyttää " "vain viimeisenä keinona, kun muita palomuuriominaisuuksia ei ole mahdollista " "käyttää." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Kunkin vaihtoehdon ipv-argumentin on oltava ipv4 tai ipv6 tai eb. IPv4: n " "kanssa se on tarkoitettu iptauluille, ipv6 ip6taululle ja eb ethernet-" "siltojen (ebtables) kanssa." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Lisäketjut käytettäväksi sääntöjen kanssa." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Lisää ketju" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Muokkaa ketju" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Poista ketju" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Ketjut" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Lisää sääntö, joka sisältää argumentit args prioriteettitaulukon ketjuun." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Prioriteettia käytetään sääntöjen tilaamiseen. Prioriteetti 0 tarkoittaa " "säännön lisäämistä ketjun päälle, korkeammalla prioriteetilla sääntö " "lisätään alemmas. Säännöt, joilla on sama prioriteetti, ovat samalla " "tasolla, eikä näiden sääntöjen järjestys ole kiinteä ja saattaa muuttua. Jos " "haluat varmistaa, että sääntö lisätään toisen jälkeen, käytä ensimmäiseen " "matalaa prioriteettia ja seuraavaan korkeampaa." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Lisää sääntö" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Muokkaa sääntöä" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Poista sääntö" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Säännöt" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Läpikulkusäännöt menevät suoraan palomuurin läpi, eikä niitä sijoiteta " "erityisiin ketjuihin. Kaikkia iptaulu-, ip6taulu- ja ebtaulu-asetuksia " "voidaan käyttää." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "Ole varovainen läpikulkusääntöjen kanssa, ettet vahingoita palomuuria." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Lisää läpikulku" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Muokkaa läpikulkua" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Poista läpikulku" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Läpikulku" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Lukitusominaisuus on kevyt versio palomuurin käyttäjä- ja " "sovelluskäytännöistä. Se rajoittaa palomuuriin tehtäviä muutoksia. " "Lukituksen sallittujen luettelo voi sisältää komentoja, asiayhteyksiä, " "käyttäjiä ja käyttäjätunnuksia." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Konteksti on käynnissä olevan sovelluksen tai palvelun suojauskonteksti " "(SELinux). Saadaksesi käynnissä olevan sovelluksen konteksti käytä ps -" "e --context ." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Lisää konteksti" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Muokkaa kontekstia" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Poista konteksti" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Kontekstit" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Jos sallittujen luettelon komentomerkintä päättyy tähdellä \"*\", kaikki " "komennolla alkavat komentorivit vastaavat. Jos \"*\" ei ole siellä, " "absoluuttinen komento argumentteineen on vastattava merkintää." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Lisää komentorivi" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Muokkaa komentoriviä" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Poista komentorivi" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Komentorivit" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Käyttäjänimet." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Lisää käyttäjänimi" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Muokkaa käyttäjänimeä" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Poista käyttäjänimi" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Käyttäjänimet" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Käyttäjä-ID:t." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Lisää käyttäjä-ID" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Muokkaa käyttäjä-ID:tä" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Poista käyttäjä-ID" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Käyttäjä-ID:t" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Järjestelmän nykyinen oletusalue." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Loki kielletty:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Paniikkitila:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automaattiset apurit:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Lukitus:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Oletusalue:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Anna liitännän nimi:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Perus IPSet-asetukset" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Määrittele perus ipsetin asetukset:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tyyppi:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Aikakatkos:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hash-koko:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelementti:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Aikakatkaisun arvo sekunneissa" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Aloitus hash koko, oletuksena 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Elementtien suurin määrä, oletuksena 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Valitse ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Anna ipset-merkintä:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Loki kielletty" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Valitse log denied -arvo:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Merkitse" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Anna merkintä mahdollisen peitteen kanssa." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "Merkki- ja peitekentät ovat molemmat 32 bitin levyisiä etumerkittömiä " "numeroita." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Merkitse:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Peite:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Valitse netfilter conntrack-avustaja:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Valitse -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Muu moduuli:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Portti ja protokolla" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Syötä portti ja protokolla." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Suora sääntö" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Valitse ipv ja taulukko, ketjuprioriteetti ja anna argumentit." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioriteetti:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Syötä protokolla." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Muu protokolla:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Monipuolinen sääntö" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Kirjoita monipuolinen sääntö." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" "Jotta isäntä tai verkko sallimis- tai estolistat toimisivat, deaktivoi " "elementti." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Lähde:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Kohde:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Loki:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Auditointi:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 ja ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "käänteinen" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Jotta tämä toiminto toiminnon on oltava 'hylkää' ja perheen joko 'ipv4' tai " "'ipv6' (ei molempia)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "tyypin kanssa:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "rajoituksen kanssa:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Etuliite:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Taso:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Elementti:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Toiminto:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Perus palvelun asetukset" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Määrittele perus palvelun asetukset:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Valitse palvelu." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Anna lähde." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Käyttäjä ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Syötä käyttäjä ID." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Syötä käyttäjänimi." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "nimiö" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Perus alue asetukset" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Määrittele perus alue asetukset:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Oletuskohde" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Kohde:" firewalld-1.1.1/po/fr.po0000644000000000000000000017470614217342322015065 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # <>, 2006 # Alain PORTAL , 2007 # Audrey Simons , 2003-2005 # Damien Durand , 2006 # Decroux Fabien , 2006 # Gé Baylard , 2013 # Gauthier Ancelin , 2007-2008 # Gé Baylard , 2013 # Jean-Paul Aubry , 2004 # Jérôme Fenal , 2012-2013 # Martin-Gomez Pablo , 2009 # Michael Ughetto , 2008 # Martin-Gomez Pablo , 2009 # Sam Friedmann , 2009-2010,2014 # Samuel Mutel , 2005-2006 # Stephane Raimbault , 2004 # Thomas Canniot , 2006,2008-2010 # Jean-Baptiste Holcroft , 2015. #zanata # Jean-Baptiste Holcroft , 2016. #zanata # Julie Carbone , 2016. #zanata # Thomas Woerner , 2016. #zanata # corina roe , 2016. #zanata # Eric Garver , 2017. #zanata # Jean-Baptiste Holcroft , 2017. #zanata # Laurent Bigonville , 2017. #zanata # Eric Garver , 2018. #zanata # Jean-Baptiste Holcroft , 2018. #zanata # Julien Humbert , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-07-09 09:27+0000\n" "Last-Translator: Julien Humbert \n" "Language-Team: French \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n > 1;\n" "X-Generator: Weblate 4.1.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Appliquette pare-feu" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Pare-feu" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuration du pare-feu" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "pare-feu;réseau;sécurité;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Sélectionner la zone pour l’interface « %s »" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zone par défaut" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Sélectionner la zone pour la connexion « %s »" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "N’a pas pu définir la zone {zone} pour la connexion {connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Sélectionner la zone pour la source « %s »" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Configurer des zones à protection active/inactive" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Vous pouvez choisir ici les zones avec protections active ou inactive." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Cette fonctionnalité est pratique pour ceux qui utilisent essentiellement le " "zonage par défaut. Pour les utilisateurs, qui changent de zones de " "connexion, son intérêt pourrait se révéler limité." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Zone à protection active :" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Réinitialiser aux paramètres par défaut" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Zone à protection inactive :" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "À propos %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Auteurs" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licence" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Protections activées" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Activer les notifications" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Modifier les paramètres du pare-feu…" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Modifier les zones de connexions…" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Configurer des zones à protection active/inactive…" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Bloquer tout trafic réseau" #: ../src/firewall-applet.in:492 msgid "About" msgstr "À propos" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Connexions" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaces" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Sources" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Échec de l’autorisation." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Nom non valide" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Le nom existe déjà" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zone : {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (zone par défaut : {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "N’a pas pu obtenir les connexions de NetworkManager" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Aucune importation de NetworkManager n’est disponible" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Pas de connexion au démon du pare-feu" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Tout trafic réseau est bloqué." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Zone par défaut : « %s »" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zone par défaut « {default_zone} » active pour connexion « {connection} » " "sur l’interface « {interface} »" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zone « {zone} » active pour la connexion « {connection} » sur l’interface " "« {interface} »" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zone « {zone} » active pour l’interface « {interface} »" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zone « {zone} » active pour la source « {source} »" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Aucune zone active." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "La connexion à FirewallD est établie." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "La connexion à FirewallD a été perdue." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD a été rechargé." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "La zone par défaut devient « %s »." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Le trafic réseau n’est plus bloqué." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "activé" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "désactivé" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Zone par défaut « {default_zone} » {activated_deactivated} pour connexion " "« {connection} » sur l’interface « {interface} »" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zone « {zone} » {activated_deactivated} pour la connexion « {connection} » " "sur l’interface « {interface} »" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "Zone « {zone} » {activated_deactivated} pour l’interface « {interface} »" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "La zone « %s » est activée pour l’interface « %s »" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zone « {zone} » {activated_deactivated} pour la source « {source} »" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zone « %s » activée pour la source « %s »" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "La connexion à FirewallD est établie." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Tentative de connexion à FirewallD, veuillez patientez…" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Impossible de se connecter à FirewallD. Vérifiez que le service a été " "démarré correctement, puis réessayez." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Modifications appliquées." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Utilisé par la connexion réseau « %s »" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Zone par défaut utilisée par la connexion réseau « %s »" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "activé(e)" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "désactivé(e)" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Impossible de charger les icônes." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Contexte" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Ligne de commande" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nom d’utilisateur" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Identifiant utilisateur" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Table" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Chaine" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priorité" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Arguments" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Temps d’exécution" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Service" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocole" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Vers le port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Vers l’adresse" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Liaisons" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Entrée" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Type ICMP" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Famille" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Action" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Élément" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "journal" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interface" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Commentaire" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Source" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Avertissement" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Erreur" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accept" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "reject" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "drop" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "marque" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "service" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "masquer" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "level" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "oui" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zone" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Zone par défaut : %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zone : %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zone « %s » : le service « %s » n’est pas disponible." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Supprimer une zone" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ignorer" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zone « %s » : le type ICMP « %s » n’est pas disponible." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Zone intégrée, le renommage n’est pas pris en charge." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "seconde" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minute" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "heure" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "jour" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergency" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alerte" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "critical" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "error" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "warning" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "notice" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Rediriger vers un autre système est utile seulement si l’interface est " "masquée.\n" "Voulez-vous masquer cette zone ?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Service intégré, le renommage n’est pas pris en charge." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Veuillez saisir une adresse ipv4 avec l’adresse du formulaire [/mask]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "Le masque peut être un masque de réseau ou un numéro." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Veuillez saisir une adresse ipv6 avec l’adresse du formulaire [/mask]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "Le masque est un numéro." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" "Veuillez saisir une adresse ipv4 ou ipv6 avec l’adresse du formulaire [/" "mask]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Le masque peut être un masque de réseau ou un numéro pour ipv4.\n" "Le masque est un numéro pour ipv6." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "Ipset intégré, le renommage n’est pas pris en charge." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Sélectionner un fichier" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Fichier texte" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Tous les fichiers" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Tout" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Assistant intégré, le renommage n’est pas pris en charge." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Icmp intégré, le renommage n’est pas pris en charge." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "impossible de lire le fichier « %s » : %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Sélectionner la zone pour la source « %s »" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresse" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Assistants automatiques" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Veuillez sélectionner la valeur des assistants automatiques :" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Veuillez saisir la ligne de commande." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Veuillez saisir le contexte." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Veuillez sélectionner la zone par défaut dans la liste ci-dessous." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Chaine directe" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Veuillez sélectionner l’ipv et la table, et saisir le nom de chaine." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv :" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Chaine :" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "sécurité" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Table :" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Règle Passthrough directe" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Veuillez sélectionner l’ipv et saisir les arguments." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Arguments :" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Réacheminement de port" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Veuillez sélectionner les options de source et de destination en fonction de " "vos besoins." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / Intervalle de ports :" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Adresse IP :" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocole :" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destination" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Si vous activez un réacheminement local, vous devez définir un port. Celui-" "ci doit être différent du port source." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Réacheminement local" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Réacheminer vers un autre port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Paramètres de l’assistant de base" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Veuillez configurer les paramètres de l’assistant de base :" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Les entrées en gras sont obligatoires, les autres sont optionnelles." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nom :" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Version :" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Court :" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Description :" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Famille :" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Module :" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Assistant" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Veuillez sélectionner un assistant :" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Paramètres de base de type ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Veuillez configurer les paramètres de base de type ICMP :" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Type ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Veuillez sélectionner un type ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Ajouter une entrée" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Ajouter les entrées en provenance du fichier" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Supprimer l’entrée sélectionnée" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Supprimer toutes les entrées" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Supprimer les entrées du fichier" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fichier" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Options" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Recharger Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Recharger les règles du pare-feu. La configuration permanente actuelle " "deviendra la nouvelle configuration d’exécution. Par exemple toutes les " "modifications d’exécution faite avant le rechargement seront perdues si " "elles n’ont pas été aussi dans la configuration permanente." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Modifier la zone à laquelle la connexion réseau appartient." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Modifier la zone par défaut" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Modifier la zone par défaut pour les connexions ou interfaces." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Changer DéniDeLog" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Changer la valeur du DéniDeLog." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Configurer les assignations de l’assistant automatique" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Configurer les paramètres d’assignations de l’assistant automatique." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Le mode panique signifie que tous les paquets entrants et sortants sont " "supprimés." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Mode panique" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown verrouille la configuration du pare-feu afin que seules les " "applications de la liste blanche puissent la modifier." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Verrouillage" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Rendre la configuration d’exécution permanente" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Exécution sur Permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Affichage" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Types ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Assistants" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Configuration directe" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Liste blanche" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Liaisons actives" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Aide" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Modifier la zone" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Modifier la zone de liaison" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Cacher les liaisons de runtime actives de connexions, interfaces et sources " "à des zones" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Afficher les liaisons de runtime actives de connexions, interfaces et " "sources à des zones" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuration :" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Configuration visible actuellement. La configuration d’exécution est la " "configuration active en fait. La configuration persistante deviendra active " "après avoir rechargé ou redémarré le service ou le système." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Une zone FirewallD définit le niveau de confiance pour les connexions " "réseau, les interfaces et les adresses de sources liées à cette zone. La " "zone combine les services, ports, protocoles, translations d’adresse, port " "ou paquet réacheminés, filtres ICMP et règles riches. La zone peut être liée " "aux interfaces et aux adresses de source." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Ajouter une zone" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Modifier une zone" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Supprimer une zone" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Charger les zones par défaut" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Vous pouvez définir ici quels services sont de confiance dans la zone. Les " "services de confiance sont accessibles depuis tous les hôtes et réseaux qui " "peuvent accéder à la machine depuis les connexions, interfaces et sources " "liées à cette zone." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Services" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Ajouter des ports ou des plages de ports supplémentaires, qui doivent être " "accessibles à tous les hôtes ou réseaux qui peuvent se connecter à la " "machine." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Vers le port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Modifier une zone" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Supprimer une zone" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Ports" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Ajoutez des protocoles qu’il faut rendre accessibles à tous les hôtes ou " "réseaux." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Ajouter un protocole" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Modifier un protocole" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Supprimer un protocole" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protocoles" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Ajouter des ports sources ou des plages de ports supplémentaires, qui " "doivent être accessibles à tous les hôtes ou réseaux qui peuvent se " "connecter à la machine." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Ports sources" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "La translation d’adresses est très utile si vous configurez un hôte ou un " "routeur qui connecte votre réseau local à Internet. Votre réseau local ne " "sera pas visible et vos hôtes apparaitront sous une adresse unique sur " "Internet. La translation d’adresse est une spécificité d’IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zone de translation d’adresse" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Si vous activez la translation d’adresse, la redirection IP sera activée " "pour votre réseau IPV4." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Translation d’adresses" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Ajouter des entrées pour rediriger les ports soit d’un port à un autre sur " "le système local, soit du système local vers un autre. Rediriger vers un " "autre système n’est utile que si l’interface est masquée. La redirection de " "port est une spécificité d’IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Ajouter une transmission de port" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Modifier une transmission de port" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Supprimer une transmission de port" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Le protocole de message de contrôle Internet (ICMP, pour « Internet Control " "Message Protocol ») est utilisé essentiellement pour envoyer des messages " "d’erreurs vers les ordinateurs d’un réseau, mais également pour envoyer des " "messages d’information, comme les requêtes « ping » et leurs réponses." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Marquez les types ICMP de la liste qui doivent être rejetés. Tous les autres " "types ICMP sont autorisés à traverser le pare-feu. Par défaut, il n’y a " "aucune restriction." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Si Filtrage Inversion est actif, les saisies marquées ICMP seront acceptées " "et les autres seront rejetées. Dans une zone ayant pour cible « DROP », " "elles seront rejetées." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Filtrage Inversion" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtre ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Vous pouvez définir ici les règles linguistiques riches pour la zone." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Ajouter une règle riche" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Afficher une règle riche" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Supprimer une règle riche" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Règles riches" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Ajouter des entrées pour lier des interfaces à la zone. Si l’interface est " "utilisée par une connexion, la zone sera définie sur la zone indiquée dans " "la connexion." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Ajouter une interface" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Quitter l’interface" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Supprimer l’interface" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Ajouter des entrées pour lier les adresses ou zones source à la zone. Vous " "pouvez également les lier à une adresse source MAC mais avec certaines " "limites. Le transfert et masquage ne fonctionneront pas pour les liaisons " "sources de MAC." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Ajouter une source" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Afficher la source" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Supprimer une source" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zones" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Un service FirewallD est une combinaison de ports, de protocoles, de modules " "et d’adresses de destination." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Ajouter un service" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Éditer un service" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Supprimer un service" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Charger les services par défaut" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Ajoutez les ports ou intervalles de ports supplémentaires qu’il faut rendre " "accessibles à tous les hôtes ou réseaux." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Modifier une entrée" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Supprimer une entrée" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Ajoutez les ports source ou intervalles de ports supplémentaires qu’il faut " "rendre accessibles à tous les hôtes ou réseaux." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Port source" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" "Les modules d’assistance Netfilter sont nécessaires pour certains services." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modules" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Si vous spécifiez une adresse de destination, l’entrée de service sera " "limitée au type et à l’adresse de destination. Si ces deux entrées sont " "vides, il n’y a pas de limitation." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4 :" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6 :" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Les services ne peuvent être modifiés que dans la fenêtre de configuration " "permanente. La configuration d’exécution des services est fixée." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Un IPSet peut être utilisé pour créer des listes noires ou blanches et peut " "stocker des adresses IP, numéros de port ou adresses MAC. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Ajouter IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Modifier IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Supprimer IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Charger IPSet par défaut" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Entrées de l’IPSet. Vous ne pourrez voir que des entrées d’IPSets qui " "n’utilisent pas l’option timeout et uniquement les entrées qui ont été " "ajoutées par FirewallD. Les entrées qui ont été ajoutées directement avec la " "commande IPSet n’apparaissent pas ici." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Cet IPSet utilise l’option timeout, donc aucune entrée n’est visible ici. " "Les entrées doivent être utilisées avec la commande IPSet directement." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Ajouter" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Entrées" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "Les IPSets peuvent uniquement être créés ou supprimés dans l’affichage de " "configuration permanent." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "L’icmptype de FirewallD fournit les informations pour le type de protocole " "de contrôle du réseau Internet (ICMP) pour FirewallD." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Ajoute un type d’ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Modifier le type d’ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Supprimer le type d’ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Charger le type ICMP par défaut" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Précisez si ce type d’ICMP est disponible pour IPv4 et/ou IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Les types d’ICMP ne peuvent être modifiés que dans la fenêtre de " "configuration permanente. La configuration en cours d’exécution des types " "d’ICMP est fixée." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Un assistant de suivi de connexion aide à faire fonctionner les protocoles " "qui utilisent différents flux pour signaler et transférer des données. Les " "transferts de données utilisent des ports qui ne sont pas liés à la " "connexion signalée et sont en conséquence bloqués par le pare-feu sans cet " "assistant." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Définir les ports ou plages de port, surveillés par l’assistant." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "La configuration directe donne un accès plus direct au pare-feu. Ces options " "exigent que l’utilisateur connaisse les concepts de base de iptables, c.-à-" "d. tables chaines, commandes, paramètres et cibles. La configuration directe " "devrait être utilisée qu’en dernier ressort, quand il n’est pas possible " "d’utiliser les autres fonctionnalités de FirewallD." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "L’argument ipv de chaque option doit être ipv4 ou ipv6 ou eb. ipv4 pour " "iptables, ipv6 pour ip6tables et eb pour une passerelle Ethernet (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Chaines supplémentaires à utiliser avec les règles." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Ajouter une chaine" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Afficher une chaine" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Supprimer une chaine" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Chaines" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Ajoutez une règle avec les arguments « args » à une chaine dans une table " "avec une priorité." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "La priorité est utilisée pour ordonner les règles. La priorité 0 signifie " "ajouter la règle en début de chaine, avec une priorité plus élevée la règle " "sera ajoutée plus bas. Les règles avec le même niveau de priorité sont sur " "le même niveau et l’ordre de ces règles n’est pas fixé et peut être modifié. " "Si vous voulez être sûr qu’une règle est ajoutée après une autre, utilisez " "une priorité basse pour la première et une plus élevée pour les suivantes." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Ajouter une règle" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Afficher une règle" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Supprimer une règle" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Règles" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Les règles passthrough sont directement répercutées sur le pare-feu et ne " "sont pas placées dans les chaines particulières. Toutes les options " "iptables, ip6tables et ebtables peuvent être utilisées." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Veuillez être prudent avec les règles passthrough pour ne pas endommager le " "pare-feu." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Ajouter le Passthrough" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Afficher le Passthrough" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Supprimer le Passthrough" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Passthrough" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "La fonction verrouillage est une version allégée de l’utilisateur et des " "politiques d’application pour FirewallD. Elle limite les modifications au " "pare-feu. La liste blanche peut comprendre des commandes, des contextes, des " "utilisateurs et des identifiants d’utilisateur." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Le contexte est le contexte de sécurité (SELinux) d’une application en cours " "d’exécution ou d’un service. Pour obtenir le contexte d’une application en " "cours d’exécution utilisez ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Ajouter un contexte" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Modifier un contexte" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Supprimer un contexte" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contextes" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Si une commande de la liste blanche se termine par un astérisque « * », " "alors toutes les lignes de commande commençant par cette commande seront " "prises en compte. Si « * » est absent alors la commande seule sera prise en " "compte." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Ajouter une ligne de commande" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Afficher une ligne de commande" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Supprimer une ligne de commande" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Lignes de commande" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Noms d’utilisateur" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Ajouter un nom d’utilisateur" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Modifier un nom d’utilisateur" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Supprimer un nom d’utilisateur" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Noms d’utilisateur" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Identifiants d’utilisateur" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Ajouter un identifiant utilisateur" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Afficher un identifiant utilisateur" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Supprimer un identifiant utilisateur" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Identifiants d’utilisateur" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Zone actuelle par défaut du système." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "DéniDeLog :" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Mode panique :" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Assistants automatiques :" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Verrouiller :" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zone par défaut :" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Veuillez saisir un nom d’interface :" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Paramètres IPSet de base" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Veuillez configurer les paramètres de l’IPSet de base :" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Type :" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Timeout :" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Taille du hachage :" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem :" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Valeur du timeout en secondes" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Taille du hachage initial, valeur par défaut : 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Nombre maximal d’éléments, valeur par défaut : 65 536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Veuillez sélectionner un IPSet :" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Veuillez saisir une entrée IPSet :" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "DéniDeLog" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Veuillez sélectionner la valeur du DéniDeLog :" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Marque" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Veuillez saisir une marque avec un masque en option." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "Les champs marque et masque sont tous les deux des nombres non signés de 32 " "octets de largeur." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Marque :" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Masque :" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Veuillez sélectionner un assistant conntrack netfilter :" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Sélectionner -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Autre module :" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port et protocole" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Veuillez saisir un port et un protocole." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Règle directe" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Veuillez sélectionner l’ipv et la table, la chaine prioritaire et saisissez " "las arguments." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priorité :" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Veuillez saisir un protocole." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Autres protocoles :" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Règle riche" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Veuillez saisir une règle riche." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "Pour l’hôte ou le réseau, autorisez ou désactivez l’élément." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Source :" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destination :" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Journal :" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit :" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 et ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "inversé" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Pour activer ceci, Action doit être paramétré sur « reject » et Famille soit " "sur « Ipv4 » ou « Ipv6 » (pas les deux)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "avec le type :" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "avec la limite :" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Préfixe :" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Niveau :" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Élément :" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Action :" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Paramètres du service de base" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Veuillez configurer les paramètres du service de base :" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Veuillez sélectionner un service." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Veuillez saisir une source." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ID utilisateur" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Veuillez saisir l’ID de l’utilisateur." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Veuillez saisir le nom d’utilisateur." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "étiquette" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Paramètres de la zone de base" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Veuillez configurer les paramètres de la zone de base :" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Cible par défaut" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Cible :" firewalld-1.1.1/po/gl.po0000644000000000000000000013502514217342322015047 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Xosé , 2013 # Xosé , 2013 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2015-02-26 09:45+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Galician (http://www.transifex.com/projects/p/firewalld/" "language/gl/)\n" "Language: gl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Applet de devasa" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Devasa" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuración da devasa" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Escolla a zona para a interface «%s»" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Esta funcionalidade é útil para quen empregue principalmente as zonas por " "omisión. Par quen ande a cambiar as zonas das conexións podería ter pouco " "uso." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Activar as notificacións" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Editar a configuración da devasa..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Cambiar as zonas das conexións..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Bloquear todo o tráfico da rede" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Conexións" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaces" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Fallou a autorización." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "O nome non é válido" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Xa existe ese nome" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Non hai ningunha conexión co daemon da devasa" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Todo o tráfico da rede está bloqueado." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "A zona «{zone}» está activa para a conexión «{connection}» na interface " "«{interface}»" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "A zona '{zone}' está activa para a interface '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Non hai ningunha zona activa." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Estabeleceuse unha conexión a FirewallD." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Perdeuse a conexión a FirewallD." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "Cargouse FirewallD de novo." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "A zona por omisión cambiou a «%s»." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "O tráfico da rede xa non está bloqueado." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "activado" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "desactivado" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "A zona «{zone}» está {activated_deactivated} para a conexión «{connection}» " "na interface «{interface}»" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "A zona «{zone}» está {activated_deactivated} na interface «{interface}»" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "A zona «%s» está acivada na interface «%s»" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Fallou a carga das iconas." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Servizo" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Porto" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocolo" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Ao porto" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Ao enderezo" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Tipo de ICMP" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Orixe" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Aviso" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Erro" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona «%s»: O servizo «%s» non está dispoñíbel." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Retirar" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ignorar" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona «%s»: O tipo de ICMP «%s» non está dispoñíbel." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Enderezo" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Encamiñamento dos portos" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Escolla as opcións de orixe e destino segundo as súas necesidades." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Porto / Intervalo de portos:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Enderezo de IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocolo:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destino" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Para activar o encamiñamento local hai que indicar un porto. Este porto ten " "que ser diferente do porto de orixe." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Encamiñamento local" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Encamiñar a outro porto" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "A entradas en negra son obrigatorias; todas as demais son opcionais." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nome:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versión:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Curto:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Descrición:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Configuración dos tipos de ICMP de base" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Configure os tipos de ICMP de base:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Tipo de ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Engadir unha entrada" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Ficheiro" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opcións" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Cargar Firewalld de novo" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Cambiar a zona por omisión" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "A_xuda" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Configuración visíbel actualmente. A configuración do tempo de execución é a " "configuración activa real. A configuración permanente estará activa despois " "de recargar ou reiniciar o servizo ou o sistema." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Engadir unha zona" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Editar a zona" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Retirar a zona" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Servizos" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Engadir un porto" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Edita o porto" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Retirar o porto" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portos" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Engadir un porto de encamiñamento" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Editar un porto de encamiñamento" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Retirar un porto de encamiñamento" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "O Protocolo de Mensaxes de Control da Internet (ICMP) emprégase " "principalmente para enviar mensaxes de erro entre os computadores dunha " "rede, mais, alén disto, tamén para mensaxes informativos como solicitudes e " "respostas de ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Marque os tipos de ICMP da lista que desexe que sexan rexeitados. O resto " "dos tipos de ICMP terán permitido pasar a devasa. Por omisión non hai " "limitación." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtro de ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Engadir un servizo" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Editar o servizo" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Retirar o servizo" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Editar a entrada" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Retirar a entrada" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Módulos" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Se se indican enderezos de destino, a entrada do servizo limítase ao " "enderezo e tipo de destino. Se ambas as dúas entradas estiveren baleiras non " "hai limitación." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Engadir un tipo de ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Editar o tipo de ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Retirar o tipo de ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Zona por omisión actual do sistema." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zona por omisión" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Porto e protocolo" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Introduza un porto e un protocolo." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Outro protocolo:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Configuración dos servizos de base" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Configure as opcións dos servizos de base:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Configuración das zonas de base" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Configure as opcións das zonas de base:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Destino por omisión" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Destino:" firewalld-1.1.1/po/gu.po0000644000000000000000000020657414217342322015070 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Ankit Patel , 2014 # Ankit Patel , 2004-2008 # Sweta Kothari , 2008 # sweta , 2008-2011 # sweta , 2013 # sweta , 2013 # sweta , 2013-2014 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2015-02-26 09:45+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Gujarati (http://www.transifex.com/projects/p/firewalld/" "language/gu/)\n" "Language: gu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "ફાયરવોલ àªàªªàª²à«‡àªŸ" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ફાયરવોલ" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ફાયરવોલ રૂપરેખાંકન" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "ફાયરવોસ;નેટવરà«àª•;સà«àª°àª•à«àª·àª¾;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "ઇનà«àªŸàª°àª«à«‡àª¸ '%s' માટે વિસà«àª¤àª¾àª°àª¨à«‡ પસંદ કરો" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "મૂળભૂત વિસà«àª¤àª¾àª°" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "જોડાણ '%s' માટે વિસà«àª¤àª¾àª°àª¨à«‡ પસંદ કરો" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "શીલà«àª¡ અપ/ડાઉન વિસà«àª¤àª¾àª°à«‹àª¨à«‡ રૂપરેખાંકિત કરો" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "શીલà«àª¡ અપ અને શીલà«àª¡ ડાઉન માટે વાપરેલ વિસà«àª¤àª¾àª°à«‹àª¨à«‡ તમે અહિંયા પસંદ કરી શકો છો." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "આ લકà«àª·àª£ મોટેભાગે મૂળભૂત વિસà«àª¤àª¾àª°à«‹àª¨à«€ મદદથી લોકો માટે ઉપયોગી છે. વપરાશકરà«àª¤àª¾àª“ માટે, જોડાણો " "માટે વિસà«àª¤àª¾àª°à«‹àª¨à«‡ બદલી રહà«àª¯àª¾ છે, તે મરà«àª¯àª¾àª¦àª¿àª¤ વપરાશ હોઇ શકે છે." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "શીલà«àª¡ અપ વિસà«àª¤àª¾àª°:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "શીલà«àª¡ ડાઉન વિસà«àª¤àª¾àª°:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "શીલà«àª¡ અપ" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "નોંધણીઓને સકà«àª°àª¿àª¯ કરો" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "ફાયરવોલ સà«àª¯à«‹àªœàª¨à«‹àª®àª¾àª‚ ફેરફાર કરો..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "જોડાણોનાં વિસà«àª¤àª¾àª°à«‹àª¨à«‡ બદલો..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "શીલà«àª¡ અપ/ડાઉન વિસà«àª¤àª¾àª°à«‹àª¨à«‡ રૂપરેખાંકિત કરો..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "બધા નેટવરà«àª• ટà«àª°àª¾àª«àª¿àª•àª¨à«‡ બà«àª²à«‹àª• કરો" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "જોડાણો" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "સà«àª¤à«àª°à«‹àª¤à«‹" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "સતà«àª¤àª¾àª§àª¿àª•àª°àª£ નિષà«àª«àª³." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "અયોગà«àª¯ દલીલ %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "નામ પહેલેથી જ અસà«àª¤àª¿àª¤à«àªµ ધરાવે છે" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "ફાયરવોલ ડિમન માટે જોડાણ નથી" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "બધા નેટવરà«àª• ટà«àª°àª¾àª«àª¿àª• બà«àª²à«‹àª• થયેલ છે." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "મૂળભૂત વિસà«àª¤àª¾àª°: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "ઇનà«àªŸàª°àª«à«‡àª¸ '{interface}' પર જોડાણ '{connection}' માટે વિસà«àª¤àª¾àª° '{zone}' સકà«àª°àª¿àª¯" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "ઇનà«àªŸàª°àª«à«‡àª¸ '{interface}' માટે વિસà«àª¤àª¾àª° '{zone}' સકà«àª°àª¿àª¯" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "સà«àª¤à«àª°à«‹àª¤ {source} માટે વિસà«àª¤àª¾àª° '{zone}' સકà«àª°àª¿àª¯" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "સકà«àª°àª¿àª¯ વિસà«àª¤àª¾àª°à«‹ નથી." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallD માં જોડાણને સà«àª¥àª¾àªªàª¿àª¤ કરેલ છે." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallD માં જોડાણ ગà«àª® થયેલ છે." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD ને પà«àª¨:લાવી દેવામાં આવà«àª¯à« છે." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "'%s' માં મૂળભૂત વિસà«àª¤àª¾àª°àª¨à«‡ બદલેલ છે." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "નેટવરà«àª• ટà«àª°àª¾àª«àª¿àª• હવે બà«àª²à«‹àª• થયેલ નથી." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "સકà«àª°àª¿àª¯" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "નિષà«àª•à«àª°àª¿àª¯" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "ઇનà«àªŸàª°àª«à«‡àª¸ '{interface}' પર જોડાણ '{connection}' માટે વિસà«àª¤àª¾àª° " "'{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "ઇનà«àªŸàª°àª«à«‡àª¸ '{interface}' માટે વિસà«àª¤àª¾àª° '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "ઇનà«àªŸàª°àª«à«‡àª¸ '%s' માટે સકà«àª°àª¿àª¯ થયેલ વિસà«àª¤àª¾àª° '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "સà«àª¤à«àª°à«‹àª¤ '{source}' માટે વિસà«àª¤àª¾àª° '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "સà«àª¤à«àª°à«‹àª¤ '%s' માટે સકà«àª°àª¿àª¯ થયેલ વિસà«àª¤àª¾àª° '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "લાગૠથયેલ ફેરફારો." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "નેટવરà«àª• જોડાણ '%s' દà«àª¦àª¾àª°àª¾ વાપરેલ છે" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "સકà«àª°àª¿àª¯" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "નિષà«àª•à«àª°àª¿àª¯" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ચિહà«àª¨à«‹àª¨à«‡ લાવવામાં નિષà«àª«àª³àª¤àª¾." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "વપરાશકરà«àª¤àª¾ નામ" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "રનટાઇમ" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "કાયમી" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "સેવા" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "પોરà«àªŸ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "પà«àª°à«‹àªŸà«‹àª•à«‹àª²" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "પોરà«àªŸ પà«àª°àª¤àª¿" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "સરનામા પà«àª°àª¤àª¿" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp પà«àª°àª•àª¾àª°" #: ../src/firewall-config.in:822 msgid "Family" msgstr "કà«àªŸà«àª‚બ" #: ../src/firewall-config.in:826 msgid "Action" msgstr "કà«àª°àª¿àª¯àª¾" #: ../src/firewall-config.in:828 msgid "Element" msgstr "ઘટક" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "અંતિમ મà«àª•àª¾àª®" #: ../src/firewall-config.in:834 msgid "log" msgstr "લૉગ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ઓડિટ" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "સà«àª¤à«àª°à«‹àª¤" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "ચેતવણી" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "ભૂલ" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "સà«àªµà«€àª•àª¾àª°à«‹" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "રદ કરો" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "છોડી દો" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "મરà«àª¯àª¾àª¦àª¾" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "સેવા" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "પોરà«àªŸ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "પà«àª°à«‹àªŸà«‹àª•à«‹àª²" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "માસà«àª•àª°à«‡àª¡" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "સà«àª¤àª°" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "હાં" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "વિસà«àª¤àª¾àª°" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "વિસà«àª¤àª¾àª° '%s': સેવા '%s' ઉપલબà«àª§ નથી." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "દૂર કરો" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "અવગણો" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "વિસà«àª¤àª¾àª° '%s': ICMP પà«àª°àª•àª¾àª° '%s' ઉપલબà«àª§ નથી." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "બિલà«àªŸ-ઇન વિસà«àª¤àª¾àª°, નામ બદલવાનà«àª‚ આધારભૂત નથી." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "સેકંડ" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "મિનિટ" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "કલાક" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "દિવસ" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "તતà«àª•àª¾àª²" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "સાવધાન" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "જટિલ" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "ભૂલ" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "ચેતવણી" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "સૂચના" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "જાણકારી" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ડિબગ" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "ફોરà«àªµàª¡à«€àª‚ગ ઠફકà«àª¤ બીજી સિસà«àªŸàª® માટે ઉપયોગી છે જો ઇનà«àªŸàª°àª«à«‡àª¸ માસà«àª•àª°à«‡àª¡ છે. " #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "બિલà«àªŸ-ઇન સેવા, નામ બદલવાનà«àª‚ આધારભૂત નથી." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "બિલà«àªŸ-ઇન icmp, નામ બદલવાનà«àª‚ આધારભૂત નથી." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "સà«àª¤à«àª°à«‹àª¤ %s માટે વિસà«àª¤àª¾àª°àª¨à«‡ પસંદ કરો" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "સરનામà«àª‚" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "મહેરબાની કરીને આદેશ વાકà«àª¯àª¨à«‡ દાખલ કરો." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "મહેરબાની કરીને સંદરà«àª­àª¨à«‡ દાખલ કરો." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "મહેરબાની કરીને નીચેની યાદીમાંથી મૂળભૂત વિસà«àª¤àª¾àª°àª¨à«‡ પસંદ કરો." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "સીધી કતાર" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "મહેરબાની કરીને ipv અને કોષà«àªŸàª•àª¨à«‡ પસંદ કરો અને કતાર નામને દાખલ કરો." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "કતાર:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "કાચà«" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "સà«àª°àª•à«àª·àª¾" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "કોષà«àªŸàª•:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "સીધા પાસથà«àª°à« નિયમ" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "મહેરબાની કરીને ipv ને પસંદ કરો અને દલીલોને દાખલ કરો." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "દલીલો:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "પોરà«àªŸ ફોરવરà«àª¡à«€àª‚ગ" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "મહેરબાની કરીને તમારી જરૂરીયાત અનà«àª¸àª¾àª° સà«àª°à«‹àª¤ અને અંતિમ મà«àª•àª¾àª® વિકલà«àªªà«‹ પસંદ કરો." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "પોરà«àªŸ / પોરà«àªŸ વિસà«àª¤àª¾àª°:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP સરનામà«àª‚:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "પà«àª°à«‹àªŸà«‹àª•à«‹àª²:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "લકà«àª·à«àª¯" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "જો તમે સà«àª¥àª¾àª¨àª¿àª¯ આગળ ધપાવવાનà«àª‚ સકà«àª°àª¿àª¯ કરો, તો તમારે પોરà«àªŸ સà«àªªàª·à«àªŸ કરવો પડે. આ પોરà«àªŸ સà«àª°à«‹àª¤ " "પોરà«àªŸàª¥à«€ અલગ હોવો જોઈàª." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "સà«àª¥àª¾àª¨àª¿àª¯ આગળ ધપાવવાનà«àª‚" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "અનà«àª¯ પોરà«àªŸ આગળ ધપાવો" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "બોલà«àª¡ પà«àª°àªµà«‡àª¶à«‹ ફરજિયાત છે, બધૠબીજૠવૈકલà«àªªàª¿àª• છે." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "નામ:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "આવૃતà«àª¤àª¿:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "ટૂંકà«:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "વરà«àª£àª¨:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "કà«àªŸà«àª‚બ:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "મૂળભૂત ICMP પà«àª°àª•àª¾àª° સà«àª¯à«‹àªœàª¨à«‹" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "મહેરબાની કરીને મૂળભૂત ICMP પà«àª°àª•àª¾àª° સà«àª¯à«‹àªœàª¨à«‹àª¨à«‡ રૂપરેખાંકિત કરો:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP પà«àª°àª•àª¾àª°" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "મહેરબાની કરીને ICMP પà«àª°àª•àª¾àª°àª¨à«‡ પસંદ કરો" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "નોંધણીને ઉમેરો" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ફાઈલ (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "વિકલà«àªªà«‹ (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld ને પà«àª¨:લાવો" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ફાયરવોલ નિયમોને પà«àª¨:લાવો. વરà«àª¤àª®àª¾àª¨ કાયમી રૂપરેખાંકન ઠનવી રનટાઇમ રૂપરેખાંકન બનાવશે. àªàªŸàª²à«‡ " "કે બધી રનટાઇમ ઠફકà«àª¤ ફેરફારો પૂરà«àª£ કરà«àª¯àª¾ જà«àª¯àª¾àª‚ સà«àª§à«€ ફરી લાવવાનà«àª‚ ઠફરી લાવવા સાથે ગà«àª® થઇ " "જાય જો તેઓ કાયમી રૂપરેખાંકનમાં પણ ન આવà«àª¯àª¾ હોય." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "બદલો કે જે વિસà«àª¤àª¾àª° જે નેટવરà«àª• જોડાણ સાથે સંકળાય છે." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "મૂળભૂત વિસà«àª¤àª¾àª°àª¨à«‡ બદલો" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "જોડાણો અથવા ઇનà«àªŸàª°àª«à«‡àª¸ માટે મૂળભૂત વિસà«àª¤àª¾àª°àª¨à«‡ બદલો." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "પેનિક સà«àª¥àª¿àª¤àª¿ àªàª¨à«‹ મતલબ ઠથાય કે આવતા અને જતા પેકેટો ઠતૂટી જાય છે." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "પેનિક સà«àª¥àª¿àª¤àª¿" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "લૉકડાઉન ફાયરવોલ રૂપરેખાંકનને તાળૠમારે છે તેથી ફકà«àª¤ લૉકડાઉન સફેદયાદી પર ફકà«àª¤ કારà«àª¯àª•à«àª°àª®à«‹ ઠ" "તેને બદલવા સકà«àª·àª® છે." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "લોકડાઉન" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "કાયમ માટે રનટાઇમ રૂપરેખાંકનને બનાવો" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "કાયમ કરવા માટે રનટાઇમ" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "દૃશà«àª¯ (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP પà«àª°àª•àª¾àª°à«‹" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "સીધૠરૂપરેખાંકન" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "લોકડાઉન વાઇટલીસà«àªŸ" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "મદદ (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "રૂપરેખાંકન:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "હાલમાં દૃશà«àª¯àª®àª¾àª¨ રૂપરેખાંકન. રનટાઇમ રૂપરેખાંકન ઠચોકà«àª•àª¸ સકà«àª°àª¿àª¯ રૂપરેખાંકન છે. કાયમી રૂપરેખાંકન " "સેવા પછી સકà«àª°àª¿àª¯ થશે અથવા સિસà«àªŸàª® રિલોડ અથવા પà«àª¨:શરૂ થાય છે." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld વિસà«àª¤àª¾àª° ઠનેટવરà«àª• જોડાણો, ઇનà«àªŸàª°àª«à«‡àª¸ અને વિસà«àª¤àª¾àª°àª®àª¾àª‚ સરનામાં બાઉનà«àª¡ માટે " "વિસà«àª¤àª¾àª°àª¨àª¾àª‚ સà«àª¤àª°àª¨à«‡ વà«àª¯àª¾àª–à«àª¯àª¾àª¯àª¿àª¤ કરે છે. વિસà«àª¤àª¾àª° ઠસેવાઓ, પોરà«àªŸ, પà«àª°à«‹àªŸà«‹àª•à«‹àª², માસà«àª•àª°à«‡àª¡à«€àª‚ગ, પોરà«àªŸ/" "પેકેટ ફોરà«àªµàª¡à«€àª‚ગ, icmp ફિલà«àªŸàª°à«‹ અને કિંમતી નિયમોને બેગૠકરે છે. વિસà«àª¤àª¾àª° ઇનà«àªŸàª°àª«à«‡àª¸ અને સà«àª¤à«àª°à«‹àª¤ " "સરનામાંને બાઉનà«àª¡ કરી શકે છે." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "વિસà«àª¤àª¾àª°àª¨à«‡ ઉમેરો" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "વિસà«àª¤àª¾àª°àª®àª¾àª‚ ફેરફાર કરો" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "વિસà«àª¤àª¾àª°àª¨à«‡ દૂર કરો" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "મૂળભૂત વિસà«àª¤àª¾àª°à«‹àª¨à«‡ લાવો" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "અહિંયા તમે વà«àª¯àª¾àª–à«àª¯àª¾àª¯àª¤ કરી શકો છો કે જે સેવાઓ વિસà«àª¤àª¾àª°àª®àª¾àª‚ વિશà«àª°à«àªµàª¾àª¸àªªàª¾àª¤à«àª° છે. વિશà«àª°à«àªµàª¾àª¸àªªàª¾àª¤à«àª° " "સેવાઓ બધા યજમાનો અને નેટવરà«àª•à«‹àª®àª¾àª‚થી વાપરી શકાય છે કે જે જોડાણો, ઇનà«àªŸàª°àª«à«‡àª¸ અને આ વિસà«àª¤àª¾àª°àª®àª¾àª‚ " "સà«àª¤à«àª°à«‹àª¤ બાઉનà«àª¡ સà«àª§à«€ પહોંચી શકાય છે." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "સેવાઓ" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "વધારાનાં પોરà«àªŸ અને પોરà«àªŸ સીમાઓને ઉમેરો, કે જે બધા યજમાનો અથવા નેટવરà«àª•à«‹ માટે વાપરવાની " "જરૂર છે કે જે મશીન માટે જોડાઇ શકે છે." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "પોરà«àªŸ પà«àª°àª¤àª¿" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "પોરà«àªŸàª®àª¾àª‚ ફેરફાર કરો" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "પોરà«àªŸàª¨à«‡ દૂર કરો" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "પોરà«àªŸ" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "માસà«àª•àª°à«‡àª¡à«€àª‚ગ તમને યજમાન અથવા રાઉટર સà«àª¯à«‹àªœà«€àª¤ કરવા માટે પરવાનગી આપે છે કે જે તમારા સà«àª¥àª¾àª¨àª¿àª• " "નેટવરà«àª•àª¨à«‡ ઈનà«àªŸàª°àª¨à«‡àªŸ સાથે જોડે. તમારà«àª‚ સà«àª¥àª¾àª¨àª¿àª• નેટવરà«àª• દૃશà«àª¯àª®àª¾àª¨ હશે નહિં અને ઈનà«àªŸàª°àª¨à«‡àªŸ માટે àªàª• " "યજમાન તરીકે દેખાશે. માસà«àª•àª°à«‡àª¡à«€àª‚ગ ઠમાતà«àª° IPv4 હોય છે." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "માસà«àª•àª°à«‡àª¡ વિસà«àª¤àª¾àª°" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "જો તમે માસà«àª•àª°à«‡àª¡à«€àª‚ગને સકà«àª°àª¿àª¯ કરો તો, IP ફોરà«àªµàª¡à«€àª‚ગ ઠતમારાં IPv4 નેટવરà«àª•à«‹ માટે સકà«àª°àª¿àª¯ થશે." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "માસà«àª•àª°à«‡àª¡à«€àª‚ગ" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "સà«àª¥àª¾àª¨àª¿àª• સિસà«àªŸàª® પર àªàª• પોરà«àªŸàª®àª¾àª‚થી અનà«àª¯ પર પોરà«àªŸà«‹ આગળ ધપાવવા માટે કે સà«àª¥àª¾àª¨àª¿àª• સિસà«àªŸàª®àª®àª¾àª‚થી " "અનà«àª¯ સિસà«àªŸàª® પર આગળ ધપાવવા માટે પà«àª°àªµà«‡àª¶à«‹ ઉમેરો. અનà«àª¯ સિસà«àªŸàª®àª®àª¾àª‚ આગળ ધપાવવાનà«àª‚ ઠમાતà«àª° તà«àª¯àª¾àª°à«‡ " "જ ઉપયોગી છે જો ઈનà«àªŸàª°àª«à«‡àª¸ માસà«àª•àª°à«‡àª¡ થયેલ હોય. પોરà«àªŸ આગળ ધપાવવાનà«àª‚ ઠમાતà«àª° IPv4 છે." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ફોરà«àªµàª¡ પોરà«àªŸàª¨à«‡ ઉમેરો" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ફોરà«àªµàª¡ પોરà«àªŸàª®àª¾àª‚ ફેરફાર કરો" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ફોરà«àªµàª¡ પોરà«àªŸàª¨à«‡ દૂર કરો" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internet Control Message Protocol (ICMP) ઠમà«àª–à«àª¯àª¤à«àªµà«‡ નેટવરà«àª• કમà«àªªà«àª¯à«‚ટરો વચà«àªšà«‡ ભૂલ સંદેશાઓ " "મોકલવા માટે વપરાય છે, પરંતૠવધà«àª®àª¾àª‚ જાણકારી સંદેશાઓ માટે જેમ કે પીંગ અરજીઓ અને પà«àª°àª¤à«àª¯à«àª¤à«àª¤àª°à«‹ " "માટે." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "ICMP પà«àª°àª•àª¾àª°à«‹àª¨à«‡ યાદીમાં ચિહà«àª¨àª¿àª¤ કરો, કે જેઓ નકારાવા જોઈàª. બાકીના બધા ICMP પà«àª°àª•àª¾àª°à«‹ " "ફાયરવોલ પસાર કરવા માટે માનà«àª¯ છે. મૂળભૂત ઠકોઈ મરà«àª¯àª¾àª¦àª¾ નથી." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ગાળક" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "અહિંયા તમે વિસà«àª¤àª¾àª° માટે કિંમતી ભાષા નિયમોને સà«àª¯à«‹àªœàª¿àª¤ કરી શકાય છે." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "મજબૂત નિયમ ઉમેરો" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "મજબૂત નિયમમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "મજબૂત નિયમને દૂર કરો" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "કિંમતી નિયમો" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "વિસà«àª¤àª¾àª°àª®àª¾àª‚ ઇનà«àªŸàª°àª«à«‡àª¸àª¨à«‡ બાઇનà«àª¡ કરવા માટે નોંધણીને ઉમેરો. જો ઇનà«àªŸàª°àª«à«‡àª¸ ઠજોડાણ દà«àª¦àª¾àª°àª¾ વાપરેલ " "હશે, વિસà«àª¤àª¾àª° ઠજોડાણનાં ખાસ વિસà«àª¤àª¾àª°àª®àª¾àª‚ સà«àª¯à«‹àªœàª¿àª¤ હશે." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ઇનà«àªŸàª°àª«à«‡àª¸àª¨à«‡ ઉમેરો" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ઇનà«àªŸàª°àª«à«‡àª¸àª®àª¾àª‚ ફેરફાર કરો" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ઇનà«àªŸàª°àª«à«‡àª¸àª¨à«‡ દૂર કરો" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "સà«àª¤à«àª°à«‹àª¤àª¨à«‡ ઉમેરો" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "સà«àª¤à«àª°à«‹àª¤àª®àª¾àª‚ ફેરફાર કરો" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "સà«àª¤à«àª°à«‹àª¤àª¨à«‡ દૂર કરો" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "વિસà«àª¤àª¾àª°à«‹" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld સેવા àªàª° પોરà«àªŸ, પà«àª°à«‹àªŸà«‹àª•à«‹àª², મોડà«àª¯à«àª²à«‹ અને લકà«àª·à«àª¯ સરનામાંનà«àª‚ સંયોજન છે." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "સેવાને ઉમેરો" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "સેવામાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "સેવાને દૂર કરો" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "સિસà«àªŸàª® મૂળભૂતને લાવો" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "નોંધણી માં પà«àª°àªµà«‡àª¶ કરો" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "નોંધણી દૂર કરો" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "મોડà«àª¯à«àª²à«‹" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "જો તમે લકà«àª·à«àª¯ સરનામાંને સà«àªªàª·à«àªŸ કરો તો, સેવા પà«àª°àªµà«‡àª¶ ઠલકà«àª·à«àª¯ સરનામાં અને પà«àª°àª•àª¾àª°àª¨à«‡ મરà«àª¯àª¾àª¦àª¿àª¤ " "કરશે. જો બંને નોંધણી ખાલી હોય તો, તà«àª¯àª¾àª‚ મરà«àª¯àª¾àª¦àª¾ નથી." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "સેવાઓ ફકà«àª¤ કાયમી રૂપરેખાંકન દૃશà«àª¯àª®àª¾àª‚ બદલી શકાય છે. સેવાઓની રનટાઇમ રૂપરેખાંકન સà«àª§àª¾àª°à«‡àª² છે." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld icmptype ઠfirewalld માટે Internet Control Message Protocol (ICMP) " "પà«àª°àª•àª¾àª° માટે જાણકારીને પૂરૠપાડે છે." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP પà«àª°àª•àª¾àª°àª¨à«‡ ઉમેરો" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP પà«àª°àª•àª¾àª°àª®àª¾àª‚ ફેરફાર કરો" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP પà«àª°àª•àª¾àª°àª¨à«‡ દૂર કરો" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP પà«àª°àª•àª¾àª° મૂળભૂતોને લાવો" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "સà«àªªàª·à«àªŸ કરો શà«àª‚ આ ICMP પà«àª°àª•àª¾àª° ઠIPv4 અને/અથવા IPv6 માટે ઉપલબà«àª§ છે." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP પà«àª°àª•àª¾àª°à«‹ ફકà«àª¤ કાયમી રૂપરેખાંકન દૃશà«àª¯àª®àª¾àª‚ બદલી શકાય છે. ICMP પà«àª°àª•àª¾àª°à«‹àª¨à«€ રનટાઇમ " "રૂપરેખાંકન સà«àª§àª¾àª°à«‡àª² છે." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "સીધૠરૂપરેખાંકન ઠfirewall માં સીધો વપરાશ આપે છે. આ વિકલà«àªªà«‹ ઠમૂળ iptables ખà«àª¯àª¾àª²à«‹àª¨à«‡ " "જાણવા વપરાશકરà«àª¤àª¾àª¨à«‡ જરૂરી છે àªàªŸàª²à«‡ કે કોષà«àªŸàª•à«‹, કતારો, આદેશો, પરિમાણો અને લકà«àª·à«àª¯à«‹. સીધૠ" "રૂપરેખાંકન ઠછેલà«àª²àª¾ પà«àª¨:કà«àª°àª®àª¾àª‚કિત તરીકે ફકà«àª¤ વાપરવૠજોઇઠજà«àª¯àª¾àª°à«‡ તે બીજા firewalld લકà«àª·àª£à«‹àª¨à«‡ " "વાપરવા શકà«àª¯ નથી." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "દરેક વિકલà«àªªàª¨à«€ ipv દલીલ ઠipv4 અથવા ipv6 અથવા eb હોવી જ જોઇàª. ipv4 સાથે તે " "iptables માટે હશે, ipv6 સાથે ip6tables માટે હશે અને eb સાથે ઇથરનેટ બà«àª°àª¿àªœ માટે હશે " "(ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "નિયમો સાથે વાપરવા માટે વધારાની કતારો." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "કતાર ઉમેરો" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "કતારમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "કતારને દૂર કરો" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "કતારો" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "પà«àª°àª¾àª§àª¾àª¨à«àª¯ સાથે કોષà«àªŸàª•àª®àª¾àª‚ કતાર માટે દલીલો સાથે નિયમને ઉમેરો." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "પà«àª°àª¾àª§àª¾àª¨à«àª¯ નિયમોને કà«àª°àª®àª¾àª‚કિત કરવા વાપરેલ છે. પà«àª°àª¾àª§àª¾àª¨à«àª¯ 0 નો મતલબ થાય કે કતારની ટોચ પર " "નિયમને ઉમેરો, ઉચà«àªš પà«àª°àª¾àª§àª¾àª¨à«àª¯ સાથે નિયમ આગળ ઉમેરાશે. àªàªœ પà«àª°àª¾àª§àª¾àª¨à«àª¯ સાથે નિયમો àªàªœ સà«àª¤àª° પર છે " "અને આ નિયમોનો કà«àª°àª® સà«àª§àª¾àª°à«‡àª² નથી અને બદલી શકાય છે. જો તમે ખાતરી કરવા માંગો તો નિયમ " "બીજા àªàª• પછી ઉમેરાશે, પહેલી માટે નીચા પà«àª°àª¾àª§àª¾àª¨à«àª¯àª¨à«‡ વાપરો અને નીચેનાં માટે ઉચà«àªš." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "નિયમને ઉમેરો" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "નિયમમાં ફેરફાર કરો" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "નિયમને દૂર કરો" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "નિયમો" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "પાસથà«àª°à« નિયમો ઠસીધૠfirewall મારફતે પસાર થયેલ છે અને ખાસ કતારોમાં સà«àª¥àª¿àª¤ થયેલ છે. બધા " "iptables, ip6tables અને ebtables વિકલà«àªªà«‹àª¨à«‡ વાપરી શકાય છે." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "મહેરબાની કરીને પાસથà«àª°à« નિયમો ઠફાયરવોલને ઇજા પહોંચાડે નહિં તે રીતે સાચવો." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "પાસથà«àª°à«àª¨à«‡ ઉમેરો" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "પાસથà«àª°à«àª®àª¾àª‚ ફેરફાર કરો" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "પાસથà«àª°à«àª¨à«‡ દૂર કરો" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "પાસથà«àª°à«" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "લોકડાઉન લકà«àª·àª£ ઠfirewalld માટે વપરાશકરà«àª¤àª¾ અને કારà«àª¯àª•à«àª°àª® પોલિસીઓની આવૃતà«àª¤àª¿ છે. તે " "ફાયરવોલ માટે ફેરફારોને મરà«àª¯àª¾àª¦àª¿àª¤ કરે છે. લોકડાઉન વાઇટલીસà«àªŸ ઠઆદેશો, સંદરà«àª­à«‹, વપરાશકરà«àª¤àª¾ " "અને વપરાશકરà«àª¤àª¾ ids ને સમાવે છે." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "સંદરà«àª­ ઉમેરો" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "સંદરà«àª­àª®àª¾àª‚ ફેરફાર કરો" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "સંદરà«àª­ દૂર કરો" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "સંદરà«àª­" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "જો વાઇટલીસેટ પર આદેશ પà«àª°àªµà«‡àª¶ ઠàªàª¸à«àªŸà«àª°à«€àª‚ક '*' સાથે અંત થાય તો, પછી બધા આદેશ સાથે શરૂ થતા " "આદેશ વાકà«àª¯à«‹ ઠબંધબેસશે. જો '*' તà«àª¯àª¾àª‚ ન હોય તો ખાસ આદેશ સમાવતી દલીલો બંધબેસવી જ જોઇàª." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "આદેશ વાકà«àª¯àª¨à«‡ ઉમેરો" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "આદેશ વાકà«àª¯àª®àª¾àª‚ ફેરફાર કરો" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "આદેશ વાકà«àª¯àª¨à«‡ દૂર કરો" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "આદેશ વાકà«àª¯à«‹" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "વપરાશકરà«àª¤àª¾ નામો." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "વપરાશકરà«àª¤àª¾ નામને ઉમેરો" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "વપરાશકરà«àª¤àª¾àª¨àª¾àª®àª®àª¾àª‚ ફેરફાર કરો" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "વપરાશકરà«àª¤àª¾àª¨àª¾àª®àª¨à«‡ દૂર કરો" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "વપરાશકરà«àª¤àª¾ નામો" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "વપરાશકરà«àª¤àª¾ ids." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "વપરાશકરà«àª¤àª¾ Id ને ઉમેરો" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "વપરાશકરà«àª¤àª¾ Id માં ફેરફાર કરો" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "વપરાશકરà«àª¤àª¾ Id ને દૂર કરો" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "વપરાશકરà«àª¤àª¾ ids" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "સિસà«àªŸàª®àª¨à«‹ વરà«àª¤àª®àª¾àª¨ મૂળભૂત વિસà«àª¤àª¾àª°." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "પેનિક સà«àª¥àª¿àª¤àª¿:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "લોકડાઉન:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "મૂળભૂત વિસà«àª¤àª¾àª°:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "પોરà«àªŸ અને પà«àª°à«‹àªŸà«‹àª•à«‹àª²" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "મહેરબાની કરીને પોરà«àªŸ અને પà«àª°à«‹àªŸà«‹àª•à«‹àª²àª¨à«‡ દાખલ કરો." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "સીધો નિયમ" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "મહેરબાની કરીને ipv અને કોષà«àªŸàª•àª¨à«‡ પસંદ કરો, કતાર પà«àª°àª¾àª§àª¾àª¨à«àª¯ અને દલીલોને દાખલ કરો." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "પà«àª°àª¾àª§àª¾àª¨à«àª¯:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "મહેરબાની કરીને પà«àª°à«‹àªŸà«‹àª•à«‹àª²àª¨à«‡ દાખલ કરો." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "બીજા પà«àª°à«‹àªŸà«‹àª•à«‹àª²:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "કિંમતી નિયમ" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "કિંમતી નિયમ દાખલ કરો." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "યજમાન માટે અથવા નેટવરà«àª• સફેદ અથવા કાળી યાદી ઘટકને નિષà«àª•à«àª°àª¿àª¯ કરે છે." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "સà«àª¤à«àª°à«‹àª¤:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "લકà«àª·à«àª¯:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "લૉગ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ઓડિટ:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 અને ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "ઉલટૠકરાયેલà«àª‚" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "આને સકà«àª°àª¿àª¯ કરવા માટે કà«àª°àª¿àª¯àª¾ 'રદ કરો' હોવી જોઇઠઅને પરિવાર પà«àª°àª•àª¾àª° 'ipv4' અથવા " "'ipv6' (બંને નહિ) હોવો જોઇàª." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "પà«àª°àª•àª¾àª° સાથે:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "મરà«àª¯àª¾àª¦àª¾ સાથે:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "પૂરà«àªµàª—:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "સà«àª¤àª°:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "ઘટક:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "કà«àª°àª¿àª¯àª¾:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "મૂળભૂત સેવા સà«àª¯à«‹àªœàª¨à«‹" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "મહેરબાની કરીને મૂળભૂત સેવા સà«àª¯à«‹àªœàª¨à«‹àª¨à«‡ રૂપરેખાંકિત કરો:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "મહેરબાની કરીને સેવાને પસંદ કરો." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "વપરાશકરà«àª¤àª¾ ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "મહેરબાની કરીને વપરાશકરà«àª¤àª¾ id ને દાખલ કરો." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "મહેરબાની કરીને વપરાશકરà«àª¤àª¾ નામને દાખલ કરો." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "મૂળભૂત વિસà«àª¤àª¾àª° સà«àª¯à«‹àªœàª¨à«‹" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "મહેરબાની કરીને મૂળભૂત વિસà«àª¤àª¾àª° સà«àª¯à«‹àªœàª¨à«‹àª¨à«‡ રૂપરેખાંકિત કરો:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "મૂળભૂત લકà«àª·à«àª¯" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "લકà«àª·à«àª¯:" firewalld-1.1.1/po/hi.po0000644000000000000000000020514314217342322015044 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Rajesh Ranjan , 2009 # Rajesh Ranjan , 2004-2010,2014 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2016-01-04 12:28+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Hindi (http://www.transifex.com/projects/p/firewalld/language/" "hi/)\n" "Language: hi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "फ़ायरवॉल à¤à¤ªà¥à¤²à¥‡à¤Ÿ" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "फायरवाल" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "फायरवाल विनà¥à¤¯à¤¾à¤¸ " #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "अंतरफलक '%s' के लिठकà¥à¤·à¥‡à¤¤à¥à¤° चà¥à¤¨à¥‡à¤‚." #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "तयशà¥à¤¦à¤¾ कà¥à¤·à¥‡à¤¤à¥à¤°" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "'%s' कनेकà¥à¤¶à¤¨ के लिठकà¥à¤·à¥‡à¤¤à¥à¤° चà¥à¤¨à¥‡à¤‚" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "शीलà¥à¤¡ अप/डाउन कà¥à¤·à¥‡à¤¤à¥à¤° विनà¥à¤¯à¤¸à¥à¤¤ करें" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "यहाठआप शीलà¥à¤¡ अप और शीलà¥à¤¡ डाउन कà¥à¤·à¥‡à¤¤à¥à¤° चà¥à¤¨ सकते हैं." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "यह फीचर उन लोगों के लिठउपयोगी है जो तयशà¥à¤¦à¤¾ कà¥à¤·à¥‡à¤¤à¥à¤° अधिकतर उपयोग करते हैं. उपयोकà¥à¤¤à¤¾à¤“ं के " "लिà¤, वह कनेकà¥à¤¶à¤¨ का बदलता कà¥à¤·à¥‡à¤¤à¥à¤° है, यह सीमित उपयोग का हो सकता है." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° शीलà¥à¤¡ अप करता है:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° शीलà¥à¤¡ डाउन करता है:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "रकà¥à¤·à¤¾ करें" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "अधिसूचना सकà¥à¤°à¤¿à¤¯ करें" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "फ़ायरवॉल सेटिंग संपादित करें..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "कनेकà¥à¤¶à¤¨ के कà¥à¤·à¥‡à¤¤à¥à¤° बदलें..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "शीलà¥à¤¡ अप/डाउन कà¥à¤·à¥‡à¤¤à¥à¤° विनà¥à¤¯à¤¸à¥à¤¤ करें..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "सारे संजाल टà¥à¤°à¥ˆà¤«à¤¿à¤• रोकें" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "कनेकà¥à¤¶à¤¨" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "अंतरफलक" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "सà¥à¤°à¥‹à¤¤" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "पà¥à¤°à¤¾à¤§à¤¿à¤•à¤°à¤£ विफल" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "अवैध नाम" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "नाम पहले से मौज़ूद है" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "फ़ायरवॉल डेमॉन में कोई कनेकà¥à¤¶à¤¨ नहीं" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "सभी संजाल टà¥à¤°à¥ˆà¤«à¤¿à¤• बà¥à¤²à¥‰à¤• किठगà¤." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "तयशà¥à¤¦à¤¾ कà¥à¤·à¥‡à¤¤à¥à¤°: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "कà¥à¤·à¥‡à¤¤à¥à¤° '{zone}' सकà¥à¤°à¤¿à¤¯ है '{connection}' कनेकà¥à¤¶à¤¨ के लिठ'{interface}' अंतरफलक पर" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° '{zone}' सकà¥à¤°à¤¿à¤¯ है '{interface}' अंतरफलक के लिà¤" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° '{zone}' सकà¥à¤°à¤¿à¤¯ है {source} सà¥à¤°à¥‹à¤¤ के लिà¤" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "कोई सकà¥à¤°à¤¿à¤¯ कà¥à¤·à¥‡à¤¤à¥à¤° नहीं" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallD में कनेकà¥à¤¶à¤¨ सà¥à¤¥à¤¾à¤ªà¤¿à¤¤ हो गया." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallD लॉसà¥à¤Ÿ में कनेकà¥à¤¶à¤¨." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD को फिर लोड किया गया." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "तयशà¥à¤¦à¤¾ कà¥à¤·à¥‡à¤¤à¥à¤° '%s' में बदला गया." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "संजाल टà¥à¤°à¥ˆà¤«à¤¿à¤• अब बà¥à¤²à¥‰à¤• नहीं हैं." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "सकà¥à¤°à¤¿à¤¯à¤•à¥ƒà¤¤" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "निषà¥à¤•à¥à¤°à¤¿à¤¯à¤•à¥ƒà¤¤" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "कà¥à¤·à¥‡à¤¤à¥à¤° '{zone}' {activated_deactivated} है '{connection}' कनेकà¥à¤¶à¤¨ के लिठ" "'{interface}' अंतरफलक पर" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° '{zone}' {activated_deactivated} है '{interface}' अंतरफलक के लिà¤" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° '%s' सकà¥à¤°à¤¿à¤¯ है अंतरफलक '%s' के लिà¤" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° '{zone}' {activated_deactivated} है '{source}' सà¥à¤°à¥‹à¤¤ के लिà¤" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° '%s' सकà¥à¤°à¤¿à¤¯ है सà¥à¤°à¥‹à¤¤ '%s' के लिà¤" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "बदलाव लागू." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "संजाल कनेकà¥à¤¶à¤¨ '%s' दà¥à¤µà¤¾à¤°à¤¾ पà¥à¤°à¤¯à¥à¤•à¥à¤¤" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "सकà¥à¤°à¤¿à¤¯à¤•à¥ƒà¤¤" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "निषà¥à¤•à¥à¤°à¤¿à¤¯à¤•à¥ƒà¤¤" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "चिहà¥à¤¨ लोड करने में असमरà¥à¤¥." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "उपयोकà¥à¤¤à¤¾ नाम" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "रनटाइम" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "सà¥à¤¥à¤¾à¤¯à¥€" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "सेवा" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "पोरà¥à¤Ÿ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤²" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "पोरà¥à¤Ÿ में:" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "पता में:" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp पà¥à¤°à¤•à¤¾à¤°" #: ../src/firewall-config.in:822 msgid "Family" msgstr "परिवार" #: ../src/firewall-config.in:826 msgid "Action" msgstr "कà¥à¤°à¤¿à¤¯à¤¾" #: ../src/firewall-config.in:828 msgid "Element" msgstr "ततà¥à¤µ" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "लॉग" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ऑडिट" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "सà¥à¤°à¥‹à¤¤" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "चेतावनी" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "तà¥à¤°à¥à¤Ÿà¤¿" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "सà¥à¤µà¥€à¤•à¤¾à¤°à¥‡à¤‚" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "असà¥à¤µà¥€à¤•à¤¾à¤°à¥‡à¤‚" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "छोड़ें" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "सीमित करें" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "सेवा" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "पोरà¥à¤Ÿ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤²" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "मà¥à¤–ौटा" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "सà¥à¤¤à¤°" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "हाà¤" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤°" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° '%s': सेवा '%s' उपलबà¥à¤§ नहीं है." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "हटाà¤à¤" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "अनदेखा करें" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° '%s': ICMP पà¥à¤°à¤•à¤¾à¤° '%s' उपलबà¥à¤§ नहीं है." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "बिलà¥à¤Ÿ इन कà¥à¤·à¥‡à¤¤à¥à¤°, नाम बदलना समरà¥à¤¥à¤¿à¤¤ नहीं." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "सेकेंड" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "मिनट" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "घंटा" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "दिन" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "आपातकाल" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "चेतावनी" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "गंभीर" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "तà¥à¤°à¥à¤Ÿà¤¿" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "चेतावनी" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "सूचना" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "सूचना" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "डिबग" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "किसी दूसरे तंतà¥à¤° में अगà¥à¤°à¤¸à¤¾à¤°à¤£ तभी उपयोगी है जब अंतरफलक छदà¥à¤® होता है.\n" "कà¥à¤¯à¤¾ आप इस कà¥à¤·à¥‡à¤¤à¥à¤° का वेष लेना चाहते हैं?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "बिलà¥à¤Ÿ इन सेवा, नाम बदलना समरà¥à¤¥à¤¿à¤¤ नहीं." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "बिलà¥à¤Ÿ इन icmp, नाम बदलना समरà¥à¤¥à¤¿à¤¤ नहीं." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "सà¥à¤°à¥‹à¤¤ '%s' के लिठकà¥à¤·à¥‡à¤¤à¥à¤° चà¥à¤¨à¥‡à¤‚." #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "पता" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "कृपया कमांड लाइन दरà¥à¤œ करें." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "कृपया संदरà¥à¤­ दरà¥à¤œ करें." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "कृपया नीचे दिठगठसूची से तयशà¥à¤¦à¤¾ कà¥à¤·à¥‡à¤¤à¥à¤° चà¥à¤¨à¥‡à¤‚." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "पà¥à¤°à¤¤à¥à¤¯à¤•à¥à¤· शृंखला" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "कृपया ipv चà¥à¤¨à¥‡à¥‡à¤‚ और शृंखला नाम सारणी दरà¥à¤œ करें." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "शृंखला:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "कचà¥à¤šà¤¾" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "सà¥à¤°à¤•à¥à¤·à¤¾" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "सारणीः" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "पà¥à¤°à¤¤à¥à¤¯à¤•à¥à¤· पासथà¥à¤°à¥‚ नियम" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "कृपया ipv चà¥à¤¨à¥‡à¤‚ और args दरà¥à¤œ करें." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "पोरà¥à¤Ÿ अगà¥à¤°à¤¸à¤¾à¤°à¤£" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "अपनी जरूरत मà¥à¤¤à¤¾à¤¬à¤¿à¤• सà¥à¤°à¥‹à¤¤ व गंतवà¥à¤¯ चà¥à¤¨à¥‡à¤‚." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "पोरà¥à¤Ÿ / पोरà¥à¤Ÿ परिसर:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "आईपी पता:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤²:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "गंतवà¥à¤¯" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "यदि आप सà¥à¤¥à¤¾à¤¨à¥€à¤¯ अगà¥à¤°à¤¸à¤¾à¤°à¤£ सकà¥à¤°à¤¿à¤¯ करते हैं, आपको à¤à¤• पोरà¥à¤Ÿ को निरà¥à¤¦à¤¿à¤·à¥à¤Ÿ करना है. इस पोरà¥à¤Ÿ " "को सà¥à¤°à¥‹à¤¤ पोरà¥à¤Ÿ से भिनà¥à¤¨ होना है." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "सà¥à¤¥à¤¾à¤¨à¥€à¤¯ अगà¥à¤°à¤¸à¤¾à¤°à¤£" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "दूसरे पोरà¥à¤Ÿ में अगà¥à¤°à¤¸à¤¾à¤°à¤¿à¤¤ करें" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "बोलà¥à¤¡ पà¥à¤°à¤µà¤¿à¤·à¥à¤Ÿà¤¿ अनिवारà¥à¤¯ हैं, सभी अनà¥à¤¯ वैकलà¥à¤ªà¤¿à¤• हैं." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "नाम:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "संसà¥à¤•à¤°à¤£:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "छोटा:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "वरà¥à¤£à¤¨à¤ƒ" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "परिवारः" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "बेस ICMP पà¥à¤°à¤•à¤¾à¤° सेटिंग" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "कृपया बेस ICMP पà¥à¤°à¤•à¤¾à¤° सेटिंग विनà¥à¤¯à¤¸à¥à¤¤ करें:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP पà¥à¤°à¤•à¤¾à¤°" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "à¤à¤• आईसीà¤à¤®à¤ªà¥€ पà¥à¤°à¤•à¤¾à¤° चà¥à¤¨à¥‡à¤‚" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "पà¥à¤°à¤µà¤¿à¤·à¥à¤Ÿà¤¿ जोड़ें" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "फ़ाइल (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "विकलà¥à¤ª (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld फिर लोड करें" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "फायरवॉल नियम फिर लोड करता है. मौजूदा सà¥à¤¥à¤¾à¤¯à¥€ विनà¥à¤¯à¤¾à¤¸ à¤à¤• नया रनटाइम विनà¥à¤¯à¤¾à¤¸ बन " "जाà¤à¤—ा. यानी सभी रनटाइम केवल तभी लोड होता है जब वे सà¥à¤¥à¤¾à¤¯à¥€ विनà¥à¤¯à¤¾à¤¸ में होते हैं." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "बदलें कि कौन से कà¥à¤·à¥‡à¤¤à¥à¤° में संजाल कनेकà¥à¤¶à¤¨ का अवयव है." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "तयशà¥à¤¦à¤¾ कà¥à¤·à¥‡à¤¤à¥à¤° बदलें" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "कनेकà¥à¤¶à¤¨ या अंतरफलक के लिठतयशà¥à¤¦à¤¾ कà¥à¤·à¥‡à¤¤à¥à¤° बदलें." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "पैनिक अवसà¥à¤¥à¤¾ का अरà¥à¤¥ है कि सभी इनकमिंग और आउटगोइंग पैकेट छोड़े जाते हैं." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "पैनिक अवसà¥à¤¥à¤¾" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "लॉकडाउन फ़ायरवॉल विनà¥à¤¯à¤¾à¤¸ लॉक करता है ताकि लॉकडाउन हà¥à¤µà¤¾à¤‡à¤Ÿà¤²à¤¿à¤¸à¥à¤Ÿ पर केवल अनà¥à¤ªà¥à¤°à¤¯à¥‹à¤— इसे " "बदल सकें." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "लॉकडाउन" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "रनटाइम विनà¥à¤¯à¤¾à¤¸ सà¥à¤¥à¤¾à¤ˆ बनाà¤à¤" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "कारà¥à¤¯à¤¸à¤®à¤¯ से सà¥à¤¥à¤¾à¤ˆ" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "देखें (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP पà¥à¤°à¤•à¤¾à¤°" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "सीधा विनà¥à¤¯à¤¾à¤¸" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "लॉकडाउन वà¥à¤¹à¤¾à¤‡à¤Ÿà¤²à¤¿à¤¸à¥à¤Ÿ" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "मदद (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "विनà¥à¤¯à¤¾à¤¸:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "मौजूदा दृशà¥à¤¯ विनà¥à¤¯à¤¾à¤¸. रनटाइम विनà¥à¤¯à¤¾à¤¸ à¤à¤• वासà¥à¤¤à¤µà¤¿à¤• विनà¥à¤¯à¤¾à¤¸ है. सà¥à¤¥à¤¾à¤¯à¥€ विनà¥à¤¯à¤¾à¤¸ सेवा या तंतà¥à¤° " "रिलोड या फिर आरंभ करने के बाद सकà¥à¤°à¤¿à¤¯ होगा." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld कà¥à¤·à¥‡à¤¤à¥à¤° संजाल कनेकà¥à¤¶à¤¨, अंतरफलक, और कà¥à¤·à¥‡à¤¤à¥à¤° से जà¥à¤¡à¤¼à¤¾ सà¥à¤°à¥‹à¤¤ पता के लिठभरोसे का सà¥à¤¤à¤° " "परिभाषित करता है. यह कà¥à¤·à¥‡à¤¤à¥à¤° सेवा, पोरà¥à¤Ÿ, पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤², पà¥à¤°à¤šà¥à¤›à¤¨à¥à¤¨, पोरà¥à¤Ÿ/पैकेट अगà¥à¤°à¤¸à¤¾à¤°à¤£, icmp " "फिलà¥à¤Ÿà¤° और रिच नियम को à¤à¤•à¥€à¤•à¥ƒà¤¤ करता है. यह कà¥à¤·à¥‡à¤¤à¥à¤° अंतरफलक और सà¥à¤°à¥‹à¤¤ पता से बंधा रहता है." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° जोड़ें" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° संपादित करें" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° हटाà¤à¤" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "तयशà¥à¤¦à¤¾ कà¥à¤·à¥‡à¤¤à¥à¤° लोड करें" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "यहां आप परिभाषित कर सकते हैं कि कौन सी सेवाà¤à¤ इस कà¥à¤·à¥‡à¤¤à¥à¤° के लिठविशà¥à¤µà¤¸à¤¨à¥€à¤¯ हैं. विशà¥à¤µà¤¸à¤¨à¥€à¤¯ " "सेवाओं को सभी मेजबान या संजाल से अभिगम योगà¥à¤¯ होता है जो मशीन तक इस कà¥à¤·à¥‡à¤¤à¥à¤° में कनेकà¥à¤¶à¤¨, " "अंतरफलक और सà¥à¤°à¥‹à¤¤ बाउंड से पहà¥à¤à¤š सकता है." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "सेवाà¤à¤" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "अतिरिकà¥à¤¤ पोरà¥à¤Ÿ व पोरà¥à¤Ÿ परिसर को जोड़ें, जो सभी मेजबान या संजाल के लिठअभिगम योगà¥à¤¯ होना " "चाहिठदो मशीन से कनेकà¥à¤Ÿ कर सकता है." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "पोरà¥à¤Ÿ जोड़ें" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "पोरà¥à¤Ÿ संपादित करें" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "पोरà¥à¤Ÿ हटाà¤à¤" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "पोरà¥à¤Ÿ" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "मà¥à¤–ौटा आपको à¤à¤• मेजबान या रॉटर सेटअप करने की सà¥à¤µà¥€à¤•à¥ƒà¤¤à¤¿ देता है जो इंटरनेट से अपने सà¥à¤¥à¤¾à¤¨à¥€à¤¯ " "संजाल को कनेकà¥à¤Ÿ करता है. आपका सà¥à¤¥à¤¾à¤¨à¥€à¤¯ संजाल दृशà¥à¤¯ नहीं होगा और इंटरनेट के लिठà¤à¤• मेजबान के " "रूप में पà¥à¤°à¤•à¤Ÿ होगा. मà¥à¤–ौटा सिरà¥à¤« IPv4 है." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "पà¥à¤°à¤šà¥à¤›à¤¨à¥à¤¨ कà¥à¤·à¥‡à¤¤à¥à¤°" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "यदि आप पà¥à¤°à¤šà¥à¤›à¤¨à¥à¤¨ सकà¥à¤°à¤¿à¤¯ कर रहे हैं, IP को आपको IPv4 के लिठसकà¥à¤°à¤¿à¤¯ किया जाà¤à¤—ा." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "मà¥à¤–ौटा" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "à¤à¤• पोरà¥à¤Ÿ से दूसरे से पोरà¥à¤Ÿ को अगà¥à¤°à¤¸à¤¾à¤°à¤¿à¤¤ करने के लिठपà¥à¤°à¤µà¤¿à¤·à¥à¤Ÿà¤¿ जोड़ें सà¥à¤¥à¤¾à¤¨à¥€à¤¯ सिसà¥à¤Ÿà¤® पर या " "सà¥à¤¥à¤¾à¤¨à¥€à¤¯ सिसà¥à¤Ÿà¤® से दूसरे सिसà¥à¤Ÿà¤® में. दूसरे सिसà¥à¤Ÿà¤® में अगà¥à¤°à¤¸à¤¾à¤°à¤£ सिरà¥à¤« तभी उपयोगी है यदि अंतरफलक " "को मà¥à¤–ौटा दिया जाता है. पोरà¥à¤Ÿ अगà¥à¤°à¤¸à¤¾à¤°à¤£ सिरà¥à¤« IPv4 है." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "फॉरवॉरà¥à¤¡ पोरà¥à¤Ÿ जोड़ें" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "फॉरवॉरà¥à¤¡ पोरà¥à¤Ÿ संपादित करें" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "फॉरवॉरà¥à¤¡ पोरà¥à¤Ÿ हटाà¤à¤" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "इंटरनेट कंटà¥à¤°à¥‹à¤² मेसेज पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤² (ICMP) को तà¥à¤°à¥à¤Ÿà¤¿ संदेश भेजने के लिठपà¥à¤°à¤¯à¥à¤•à¥à¤¤ किया जाता है " "संजालित कंपà¥à¤¯à¥‚टर के बीच, लेकिन सूचनातà¥à¤®à¤• संदेश के लिठअतिरिकà¥à¤¤ रूप से जैसे कि पिंग आगà¥à¤°à¤¹ और " "जवाब के लिà¤." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "सूची में ICMP पà¥à¤°à¤•à¤¾à¤° चिहà¥à¤¨à¤¿à¤¤ करें, जो असà¥à¤µà¥€à¤•à¥ƒà¤¤ किया जाना चाहिà¤. सभी दूसरे ICMP पà¥à¤°à¤•à¤¾à¤° को " "फायरवाल भेज देने की सà¥à¤µà¥€à¤•à¥ƒà¤¤à¤¿ है. तयशà¥à¤¦à¤¾ में कोई सीमा नहीं है." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP फिलà¥à¤Ÿà¤°" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "यहाठआप कà¥à¤·à¥‡à¤¤à¥à¤° से जà¥à¤¡à¤¼à¤¾ रिच भाषा नियम सेट कर सकते हैं." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "रिच नियम जोड़ें" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "रिच नियम का संपादन करें" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "रिच नियम मिटाà¤à¤" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "रिच नियम" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "कà¥à¤·à¥‡à¤¤à¥à¤° में अंतरफलक बाइंड करने के लिठपà¥à¤°à¤µà¤¿à¤·à¥à¤Ÿà¤¿ बाइंड करें. यदि अंतरफलक किसी कनेकà¥à¤¶à¤¨ के दà¥à¤µà¤¾à¤°à¤¾ " "पà¥à¤°à¤¯à¥‹à¤— किया जाता है, तो इस कà¥à¤·à¥‡à¤¤à¥à¤° को निरà¥à¤¦à¤¿à¤·à¥à¤Ÿ कà¥à¤·à¥‡à¤¤à¥à¤° में कनेकà¥à¤¶à¤¨ में सेट किया जाà¤à¤—ा." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "अंतरफलक जोड़ें" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "अंतरफलक का संपादन करें" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "अंतरफलक हटाà¤à¤" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "सà¥à¤¤à¥à¤°à¥‹à¤¤ जोड़ें" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "शà¥à¤°à¥‹à¤¤ संपादित करें" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "सà¥à¤°à¥‹à¤¤ हटाà¤à¤" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤°" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld सेवा पोरà¥à¤Ÿ, पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤², मॉडà¥à¤¯à¥‚ल, और गंतवà¥à¤¯ पता का संयोग है." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "सेवा जोड़ें" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "सेवा का संपादन करें" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "सेवा हटाà¤à¤" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "सेवा तयशà¥à¤¦à¤¾ लोड करें" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "पà¥à¤°à¤µà¤¿à¤·à¥à¤Ÿà¤¿ संपादित करें" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "पà¥à¤°à¤µà¤¿à¤·à¥à¤Ÿà¤¿ हटाà¤à¤" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "मॉडà¥à¤¯à¥‚ल" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "यदि आप गंतवà¥à¤¯ पता को निरà¥à¤¦à¤¿à¤·à¥à¤Ÿ करते हैं, तो सेवा पà¥à¤°à¤µà¤¿à¤·à¥à¤Ÿ गंतवà¥à¤¯ पता और पà¥à¤°à¤•à¤¾à¤° में सीमित " "होगी. यदि दोनों पà¥à¤°à¤µà¤¿à¤·à¥à¤Ÿà¤¿ रिकà¥à¤¤ है, तो कोई सीमा नहीं है." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "सेवा को सà¥à¤¥à¤¾à¤¯à¥€ विनà¥à¤¯à¤¾à¤¸ दृशà¥à¤¯ में केवल बदला जा सकता है. सेवा का रनटाइम विनà¥à¤¯à¤¾à¤¸ फिकà¥à¤¸à¥à¤¡ है." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld icmptype इंटरनेट कंटà¥à¤°à¥‹à¤² मैसेज पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤² (ICMP) पà¥à¤°à¤•à¤¾à¤° के लिठfirewalld के " "लिठसूचना पà¥à¤°à¤¦à¤¾à¤¨ करता है." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP पà¥à¤°à¤•à¤¾à¤° जोड़ें" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP पà¥à¤°à¤•à¤¾à¤° संपादित करें" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP पà¥à¤°à¤•à¤¾à¤° हटाà¤à¤" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP पà¥à¤°à¤•à¤¾à¤° तयशà¥à¤¦à¤¾ लोड करें" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "निरà¥à¤¦à¤¿à¤·à¥à¤Ÿ करें कि यह ICMP पà¥à¤°à¤•à¤¾à¤° IPv4 और/या IPv6 के लिठउपलबà¥à¤§ है." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP पà¥à¤°à¤•à¤¾à¤° को सà¥à¤¥à¤¾à¤¯à¥€ विनà¥à¤¯à¤¾à¤¸ दृशà¥à¤¯ में केवल बदला जा सकता है. ICMP पà¥à¤°à¤•à¤¾à¤° का रनटाइम " "विनà¥à¤¯à¤¾à¤¸ फिकà¥à¤¸à¥à¤¡ है." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "सीधा विनà¥à¤¯à¤¾à¤¸ फायरवॉल में सीधा पहà¥à¤à¤š देता है. ये विकलà¥à¤ª मौलिक iptables संबोध, यानी " "सारणी, शृंखला, कमांड, पैरामीटर और लकà¥à¤·à¥à¤¯ को उपयोकà¥à¤¤à¤¾ जाने इसकी जरूरत बताता है. सीधा " "विनà¥à¤¯à¤¾à¤¸ केवल अंतिम हल के रूप में पà¥à¤°à¤¯à¥‹à¤— किया जा सकता है जबकि दूसरे फ़ायरवॉल किठफीचर संभव " "नहीं हैं." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "हर विकलà¥à¤ª का ipv तरà¥à¤• को ipv4 या ipv6 या eb होना चाहिà¤. ipv4 के साथ, यह " "iptables के लिठहोगा, ip6tables के लिठipv6 के साथ और इथरनेट बà¥à¤°à¤¿à¤œ के लिठeb " "(ebtables) के साथ." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "नियम के साथ उपयोग के लिठअतिरिकà¥à¤¤ शृंखला." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "शृंखला जोड़ें" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "शृंखला संपादित करें" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "शृंखला हटाà¤à¤" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "शृंखला" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "args वितरà¥à¤• के साथ कोई नियम शृंखला में जोड़ें पà¥à¤°à¤¾à¤¥à¤®à¤¿à¤•à¤¤à¤¾ के साथ à¤à¤• सारणी में." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "पà¥à¤°à¤¾à¤¥à¤®à¤¿à¤•à¤¤à¤¾ नियम को आदेश देने के लिठपà¥à¤°à¤¯à¥‹à¤— किया जा सकता है. पà¥à¤°à¤¾à¤¥à¤®à¤¿à¤•à¤¤à¤¾ 0 का अरà¥à¤¥ है " "शृंखला के शीरà¥à¤· पर नियम को जोड़ना, उचà¥à¤šà¤¤à¤° पà¥à¤°à¤¾à¤¥à¤®à¤¿à¤•à¤¤à¤¾ के साथ नियम फिर और जोड़े जाà¤à¤à¤—े. " "समान पà¥à¤°à¤¾à¤¥à¤®à¤¿à¤•à¤¤à¤¾ के साथ नियम समान सà¥à¤¤à¤° पर हैं और इन नियमों का कà¥à¤°à¤® सà¥à¤¥à¤¿à¤° नहीं है और बदल " "सकता है. यदि आप पकà¥à¤•à¤¾ करना चाहते हैं कि कोई नियम किसी के बाद जोड़े जाà¤à¤à¤—े, पहले कम " "पà¥à¤°à¤¾à¤¥à¤®à¤¿à¤•à¤¤à¤¾ का जोड़ें कि à¤à¤• नियम à¤à¤• के बाद à¤à¤• जोड़े जाà¤à¤à¤—े, पहले से कम पà¥à¤°à¤¾à¤¥à¤®à¤¿à¤•à¤¤à¤¾ का " "उपयोग करें और निमà¥à¤¨à¤²à¤¿à¤–ित के लिठउचà¥à¤šà¤¤à¤° जोड़े जाà¤à¤à¤—े." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "नियम जोड़ें" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "नियम का संपादन करें" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "नियम मिटाà¤à¤" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "नियम " #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "पासथà¥à¤°à¥‚ नियम सीधे फायरवॉल के दà¥à¤µà¤¾à¤°à¤¾ भेजा जा सकता है और विशेष शृंखला में सà¥à¤¥à¤¾à¤ªà¤¿à¤¤ नहीं है. " "सभी iptables, ip6tables और ebtables विकलà¥à¤ª का उपयोग किया जा सकता है." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "पासथà¥à¤°à¥‚ नियम के साथ कृपया धà¥à¤¯à¤¾à¤¨ रखें ताकि फ़ायरवॉल का नà¥à¤•à¤¸à¤¾à¤¨ न हो." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "पासथà¥à¤°à¥‚ जोड़ें" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "पासथà¥à¤°à¥‚ संपादित करें" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "पासथà¥à¤°à¥‚ हटाà¤à¤" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "पासथà¥à¤°à¥‚" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "lockdown विशेषता उपयोकà¥à¤¤à¤¾ और अनà¥à¤ªà¥à¤°à¤¯à¥‹à¤— नीति के हलà¥à¤•à¥‡ संसà¥à¤•à¤°à¤£ के लिठfirewalld है. यह " "फ़ायरवॉल में परिवरà¥à¤¤à¤¨ परिसीमित करता है. लॉकडाउन हà¥à¤µà¤¾à¤‡à¤Ÿà¤²à¤¿à¤¸à¥à¤š में कमांड, संदरà¥à¤­, उपयोकà¥à¤¤à¤¾ " "और उपयोकà¥à¤¤à¤¾ आईडी समाहित है." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "संदरà¥à¤­ जोड़ें" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "संदरà¥à¤­ संपादित करें" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "संदरà¥à¤­ हटाà¤à¤" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "संदरà¥à¤­" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "यदि हà¥à¤µà¤¾à¤‡à¤Ÿà¤²à¤¿à¤¸à¥à¤Ÿ पर किसी कमांड पà¥à¤°à¤µà¤¿à¤·à¥à¤Ÿ का अंत तारांकन '*' से होता है, तो सभी कमांड " "लाइन जो कमांड से आरंभ होता है मेल खाà¤à¤—ा. यदि '*' वहाठनहीं है, तो निरपेकà¥à¤· कमांड " "अंतरà¥à¤¨à¤¿à¤µà¥‡à¤¶à¤¿à¤¤ तरà¥à¤• को जरूर मेल खाना चाहिà¤." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "कमांड लाइन जोड़ें" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "कमांड लाइन संपादित करें" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "कमांड लाइन हटाà¤à¤" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "कमांड लाइन" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "उपयोकà¥à¤¤à¤¾ नाम." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "उपयोकà¥à¤¤à¤¾ नाम जोड़ें" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "उपयोकà¥à¤¤à¤¾ नाम का संपादन करें" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "उपयोकà¥à¤¤à¤¾ नाम हटाà¤à¤" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "उपयोकà¥à¤¤à¤¾ नाम" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "उपयोकà¥à¤¤à¤¾ आईडी" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "उपयोकà¥à¤¤à¤¾ आईडी जोड़ें" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "उपयोकà¥à¤¤à¤¾ आईडी संपादित करें" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "उपयोकà¥à¤¤à¤¾ आईडी निकालें" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "उपयोकà¥à¤¤à¤¾ आईडी" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "तंतà¥à¤° का मौजूदा तयशà¥à¤¦à¤¾ कà¥à¤·à¥‡à¤¤à¥à¤°" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "पैनिक अवसà¥à¤¥à¤¾:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "लॉकडाउन:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "तयशà¥à¤¦à¤¾ कà¥à¤·à¥‡à¤¤à¥à¤°:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "पोरà¥à¤Ÿ और पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤²" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "कृपया कोई पोरà¥à¤Ÿ और पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤² दरà¥à¤œ करें." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "पà¥à¤°à¤¤à¥à¤¯à¤•à¥à¤· नियम" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "कृपया ipv और सारणी, शृंखला पà¥à¤°à¤¾à¤¥à¤®à¤¿à¤•à¤¤à¤¾ चà¥à¤¨à¥‡à¤‚ और args दरà¥à¤œ करें." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "पà¥à¤°à¤¾à¤¥à¤®à¤¿à¤•à¤¤à¤¾:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "à¤à¤• वैध पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤² दरà¥à¤œ कीजिà¤." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "अनà¥à¤¯ पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤²:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "रिच नियम" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "कृपया कोई रिच नियम दरà¥à¤œ कीजिà¤." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "मेजबान या संजाल शà¥à¤µà¥‡à¤¤ या बà¥à¤²à¥ˆà¤•à¤²à¤¿à¤¸à¥à¤Ÿà¤¿à¤‚ग के लिठततà¥à¤µ को निषà¥à¤•à¥à¤°à¤¿à¤¯ करें." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "सà¥à¤°à¥‹à¤¤:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "गंतवà¥à¤¯:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "लॉग:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ऑडिट:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 और ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "उलà¥à¤Ÿà¤¾" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "इसे सकà¥à¤°à¤¿à¤¯ करने के लिठकà¥à¤°à¤¿à¤¯à¤¾ को 'असà¥à¤µà¥€à¤•à¤¾à¤°' करने की जरूरत है और फैमिली को 'ipv4' या " "'ipv6' (दोनों नहीं) होना चाहिà¤." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "पà¥à¤°à¤•à¤¾à¤° के साथ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "सीमा के साथ:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "पà¥à¤°à¥€à¤«à¤¼à¤¿à¤•à¥à¤¸:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "सà¥à¤¤à¤°à¤ƒ" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "ततà¥à¤µ:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "कà¥à¤°à¤¿à¤¯à¤¾:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "आधार सेवा सेटिंगà¥à¤¸" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "कृपया बेस सेवा सेटिंगà¥à¤¸ विनà¥à¤¯à¤¸à¥à¤¤ कीजिà¤:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "कृपया कोई सेवा चà¥à¤¨à¥‡à¤‚." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "उपयोकà¥à¤¤à¤¾ ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "कृपया उपयोकà¥à¤¤à¤¾ आईडी दाखिल करें." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "कृपया उपयोकà¥à¤¤à¤¾ नाम दाखिल करें." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "आधार कà¥à¤·à¥‡à¤¤à¥à¤° सेटिंगà¥à¤¸" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "कृपया बेस कà¥à¤·à¥‡à¤¤à¥à¤° सेटिंगà¥à¤¸ विनà¥à¤¯à¤¸à¥à¤¤ कीजिà¤:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "तयशà¥à¤¦à¤¾ लकà¥à¤·à¥à¤¯" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "लकà¥à¤·à¥à¤¯à¤ƒ" firewalld-1.1.1/po/hr.po0000644000000000000000000012563414217342322015063 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Gogo Gogsi , 2021. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: Automatically generated\n" "Language-Team: none\n" "Language: hr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-1.1.1/po/hu.po0000644000000000000000000017421114217342322015061 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Arpad Biro , 2004,2006,2008 # teknos.ferenc , 2013 # Gabor Mako , 2009 # Gábor Szentiványi , 2006 # István Zoltán Nagy , 2009 # Kovács Tamás , 2009 # Gabor Mako , 2009 # István Zoltán Nagy , 2009 # Nikolas Slivka , 2010 # Szentiványi Gábor , 2006 # Tamas Szanto , 2003 # teknos.ferenc , 2013 # teknos.ferenc , 2013 # Zoltan Hoppár , 2012-2013 # Meskó Balázs , 2017. #zanata # Eric Garver , 2018. #zanata # Meskó Balázs , 2018. #zanata # Balázs Meskó , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-07-21 14:28+0000\n" "Last-Translator: Balázs Meskó \n" "Language-Team: Hungarian \n" "Language: hu\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.1.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Tűzfal kisalkalmazás" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Tűzfal" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Tűzfal beállítások" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "tűzfal;hálózat;biztonság;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Zóna kiválasztása a(z) „%s†csatolóhoz" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Alapértelmezett zóna" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Zóna kiválasztása a(z) „%s†kapcsolathoz" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" "Nem sikerült beállítani a(z) {zone} zónát a(z) {connection_name} kapcsolathoz" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Zóna kiválasztása a(z) „%s†forráshoz" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "A pajzsok fent/lent zónák beállítása" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Itt kiválaszthatja a használandó zónákat a „Pajzsok fent†és a „Pajzsok " "lent†funkcióhoz." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Ez a funkció azoknak hasznos, akik fÅ‘leg az alapértelmezett zónákat " "használják. Azoknál a felhasználóknál, akik megváltoztatják a kapcsolatok " "zónáit, korlátozottan lehet hasznos." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "„Pajzsok fent†zóna:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Visszaállítás az alapértelmezettre" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "„Pajzsok lent†zóna:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "A %s névjegye" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "SzerzÅ‘k" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licenc" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Pajzsok fent" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Értesítések engedélyezése" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Tűzfal-beállítások szerkesztése…" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Kapcsolatok zónáinak módosítása…" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "A „Pajzsok fent/lent†zónák beállítása…" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Összes hálózati forgalom blokkolása" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Névjegy" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Kapcsolatok" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Csatolók" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Források" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "A hitelesítés meghiúsult." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Érvénytelen név" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "A név már létezik" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (zóna: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (alapértelmezett zóna: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Nem sikerült lekérni a kapcsolatokat a NetworkManagerbÅ‘l" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Nem érhetÅ‘k el NetworkManager importok" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Nincs kapcsolat a tűzfaldémonnal" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Az összes hálózati forgalom blokkolva van." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Alapértelmezett zóna: „%sâ€" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "A(z) „{default_zone}†alapértelmezett zóna aktív a(z) „{connection}†" "kapcsolatnál ezen a csatolón: „{interface}â€" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "A(z) „{zone}†zóna aktív a(z) „{connection}†kapcsolatnál ezen a csatolón: " "„{interface}â€" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "A(z) „{zone}†zóna aktív a(z) „{interface}†csatolón" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "A(z) „{zone}†zóna aktív a(z) {source} forrásnál" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Nincsenek aktív zónák." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "A FirewallD kapcsolat felépült." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "A FirewallD kapcsolat elveszett." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "A FirewallD újra lett töltve." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Az alapértelmezett zóna megváltoztatva erre: „%sâ€." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "A hálózati forgalom többé már nincs blokkolva." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "bekapcsolva" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "kikapcsolva" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "A(z) „{default_zone}†alapértelmezett zóna {activated_deactivated} a(z) " "„{connection}†kapcsolatnál ezen a csatolón: „{interface}â€" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "A(z) „{zone}†zóna {activated_deactivated} a(z) „{connection}†kapcsolatnál " "ezen a csatolón: „{interface}â€" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "A(z) „{zone}†zóna {activated_deactivated} ezen a csatolón: „{interface}â€" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "A(z) „%s†zóna bekapcsolva ezen a csatolón: „%sâ€" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "A(z) „{zone}†zóna {activated_deactivated} a(z) „{source}†forrásnál" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "A(z) „%s†zóna bekapcsolva a(z) „%s†forrásnál" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "A FirewallD kapcsolat felépült." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Kapcsolódási kísérlet a FirewallD-hez, várakozás…" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Nem sikerült kapcsolódni a FirewallD szolgáltatáshoz. EllenÅ‘rizze, hogy a " "szolgáltatás megfelelÅ‘en el lett-e indítva, és próbálja újra." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "A változások alkalmazva." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "A(z) „%s†hálózati kapcsolat által használt" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "A(z) „%s†hálózati kapcsolat által használt alapértelmezett zóna" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "engedélyezve" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "letiltva" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Az ikonok betöltése meghiúsult." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Környezet" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Parancssor" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Felhasználónév" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Felhasználóazonosító" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Táblázat" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Lánc" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioritás" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumentumok" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Futásidejű" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Ãllandó" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Szolgáltatás" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokoll" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Célport" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Célcím" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Kötések" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Bejegyzés" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp típus" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Család" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Művelet" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elem" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Forrás" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Cél" #: ../src/firewall-config.in:834 msgid "log" msgstr "napló" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Csatoló" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Megjegyzés" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Forrás" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Figyelmeztetés" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Hiba" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "elfogadás" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "elutasítás" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "eldobás" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "megjelölés" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "korlát" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "szolgáltatás" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokoll" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maszkolás" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-blokk" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-típus" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "port-továbbítás" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "forrásport" #: ../src/firewall-config.in:2097 msgid "level" msgstr "szint" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "igen" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zóna" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Alapértelmezett zóna: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zóna: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "„%s†zóna: a(z) „%s†szolgáltatás nem érhetÅ‘ el." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Eltávolítás" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "MellÅ‘zés" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "„%s†zóna: a(z) „%s†ICMP-típus nem érhetÅ‘ el." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Beépített zóna, az átnevezés nem támogatott." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "másodperc" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "perc" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "óra" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "nap" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "vészjelzés" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "riasztás" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritikus" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "hiba" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "figyelmeztetés" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "megjegyzés" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "információ" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "hibakeresés" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "A továbbítás egy másik rendszerbe csak akkor hasznos, ha a csatoló maszkolva " "van.\n" "Szeretné maszkolni ezt a zónát?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Beépített szolgáltatás, az átnevezés nem támogatott." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Adjon meg egy IPv4-címet cím[/maszk] formában." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "A maszk lehet hálózati maszk vagy szám." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Adjon meg egy IPv6-címet cím[/maszk] formában." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "A maszk egy szám." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Adjon meg egy IPv4 vagy IPv6-címet cím[/maszk] formában." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "A maszk lehet hálózati maszk vagy szám az IPv4 esetén.\n" "A maszk egy szám az IPv6-nál." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "Beépített IP-készlet, az átnevezés nem támogatott." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Válasszon egy fájlt" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Szövegfájlok" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Összes fájl" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Összes" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Beépített segéd, az átnevezés nem támogatott." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Beépített icmp, az átnevezés nem támogatott." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Nem sikerült a(z) „%s†fájlt olvasni: %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Zóna kiválasztása a(z) „%s†forráshoz" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Cím" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatikus segédek" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Válassza ki az automatikus segédek értékét:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Adja meg a parancssort." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Adja meg a környezetet." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Válasszon alapértelmezett zónát az alábbi listából." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Közvetlen lánc" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Válasszon ipv-t és táblát, majd adja meg a lánc nevét." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Lánc:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "nyers" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "biztonság" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tábla:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Közvetlen áteresztÅ‘ szabály" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Válasszon ipv-t, és adja meg az argumentumokat." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumentumok:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Port továbbítás" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Válassza ki a forrás és cél lehetÅ‘ségeket az igényei szerint." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / porttartomány:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP-cím:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokoll:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Cél" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Ha engedélyezi a helyi továbbítást, akkor meg kell adnia egy portot. Ennek a " "portnak különböznie kell lennie a forrásporttól." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Helyi továbbítás" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Továbbítás egy másik portra" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Alap segéd beállítások" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Ãllítsa be az alap segéd beállításokat:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "A vastag bejegyzések kötelezÅ‘k, az összes többi választható." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Név:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Verzió:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Rövid:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Leírás:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Család:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modul:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Segéd" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Válasszon segédet:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Alap ICMP-típus beállítások" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Ãllítsa be az alap ICMP-típus beállításokat:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP-típus" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Válasszon ICMP-típust" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Bejegyzés hozzáadása" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Bejegyzések hozzáadása fájlból" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Kijelölt bejegyzés eltávolítása" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Összes bejegyzés eltávolítása" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Bejegyzések eltávolítása fájlból" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fájl" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "Beállítás_ok" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "A Firewalld újratöltése" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Újratölti a tűzfalszabályokat. A jelenlegi állandó beállítás válik majd az " "új futásidejű beállítássá, azaz minden kizárólag futásidejű változtatás " "elvész a következÅ‘ újratöltéskor, ha az nem található meg az állandó " "beállítások között is." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" "Annak megváltoztatása, hogy mely zóna melyik hálózati kapcsolathoz tartozik." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Alapértelmezett zóna megváltoztatása" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" "Alapértelmezett zóna megváltoztatása a kapcsolatoknál vagy csatolóknál." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Megtagadottak naplójának megváltoztatása" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "A LogDenied értékének megváltoztatása." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Automatikus segéd hozzárendelés beállítása" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Automatikus segéd hozzárendelés beállításának megváltoztatása." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "A pánik mód azt jelenti, hogy az összes bejövÅ‘ és kimenÅ‘ csomag eldobásra " "kerül." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Pánik mód" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "A zárolás lezárja a tűzfal beállítását, így csak azok az alkalmazások " "képesek megváltoztatni azt, amelyek rajta vannak a fehér listán." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Zárolás" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Legyen a futásidejű beállítás állandó" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "FutásidejűbÅ‘l állandóvá" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Nézet" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IP-készletek" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP-típusok" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Segédek" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Közvetlen beállítás" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Zárolási fehér lista" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktív kötések" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Súgó" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Zóna megváltoztatása" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Kötés zónájának megváltoztatása" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "A zónákhoz tartozó kapcsolatok, csatolók és források aktív futásidejű " "kötéseinek elrejtése" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "A zónákhoz tartozó kapcsolatok, csatolók és források aktív futásidejű " "kötéseinek megjelenítése" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Beállítás:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Jelenleg látható beállítás. A futásidejű beállítás a jelenleg aktív " "beállítás. Az állandó beállítás akkor lesz aktív, ha a szolgáltatás vagy a " "rendszer újratölt vagy újraindul." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Egy firewalld határozza meg a bizalmi szintet a zónához kötött hálózati " "kapcsolatoknál, csatolóknál és forráscímeknél. A zóna egyesíti " "szolgáltatásokat, portokat, protokollokat, maszkolást, portok/csomagok " "továbbítását, ICMP-szűrÅ‘ket és a gazdag szabályokat. A zóna köthetÅ‘ " "csatolókhoz és forráscímekhez." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Zóna hozzáadása" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Zóna szerkesztése" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Zóna eltávolítása" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Zóna alapértékeinek betöltése" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Itt meghatározhatja meg, hogy mely szolgáltatások megbízhatóak a zónában. A " "megbízható szolgáltatások elérhetÅ‘ek az olyan összes géprÅ‘l és hálózatból, " "amelyeket elérhet a gép az ezzel a zónával összekötött kapcsolatokból, " "csatolókból és forrásokból." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Szolgáltatások" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "További portok vagy porttartományok hozzáadása, melyeknek elérhetÅ‘knek kell " "lenniük az összes olyan gépnél vagy hálózatnál, amelyek a géphez " "kapcsolódhatnak." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Port hozzáadása" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Port szerkesztése" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Port eltávolítása" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portok" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Protokollok hozzáadása, amelyeknek elérhetÅ‘knek kell lenniük az összes " "gépnél vagy hálózatnál." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Protokoll hozzáadása" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Protokoll szerkesztése" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Protokoll eltávolítása" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokollok" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "További forrásportok vagy porttartományok hozzáadása, melyeknek elérhetÅ‘knek " "kell lenniük az összes olyan gépnél vagy hálózatnál, amelyek a géphez " "kapcsolódhatnak." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Forrásportok" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "A maszkolás lehetÅ‘vé teszi egy olyan gép vagy útválasztó beállítását, amely " "összekapcsolja a helyi hálózatot az internettel. A helyi hálózat nem lesz " "látható, és a gépek egyetlen címként jelennek meg az interneten. A maszkolás " "csak IPv4 esetén használható." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zóna maszkolása" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Ha engedélyezi a maszkolást, akkor az IP-továbbítás engedélyezve lesz az " "IPv4 hálózatainál." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maszkolás" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Bejegyzések hozzáadása portok továbbításához vagy egy portról egy másikra a " "helyi rendszeren, vagy a helyi rendszerrÅ‘l egy másik rendszerre. Egy másik " "rendszerre történÅ‘ továbbítás csak akkor hasznos, ha a csatoló maszkolva " "van. A port továbbítás csak IPv4 esetén használható." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Port továbbítás hozzáadása" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Port továbbítás szerkesztése" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Port továbbítás eltávolítása" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Az Internet Control Message Protocol (ICMP) általában hálózatba kötött " "számítógépek közti hibaüzenetek küldésére használható, de emellett " "tájékoztató üzenetekhez is használják, mint a ping kérések és válaszok." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Az ICMP-típusok megjelölése a listában, melyeket el kell utasítani. Az " "összes többi ICMP-típus engedélyezett, hogy átmenjen a tűzfalon. " "Alapértelmezetten nincs korlátozás." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Ha a fordított szűrÅ‘ engedélyezve van, akkor a megjelölt ICMP-bejegyzések " "lesznek elfogadva, és a többi lesz elutasítva. A DROP céllal rendelkezÅ‘ " "zónában ezek el lesznek dobva." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "SzűrÅ‘ megfordítása" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP-szűrÅ‘" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Itt beállíthat be gazdag nyelvi szabályokat a zónához." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Gazdag szabály hozzáadása" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Gazdag szabály szerkesztése" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Gazdag szabály eltávolítása" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Gazdag szabályok" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Bejegyzések hozzáadása a csatolók zónához kötéséhez. Ha a csatolót használni " "fogja egy kapcsolat, akkor a zóna a kapcsolatban meghatározott zónára lesz " "állítva." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Csatoló hozzáadása" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Csatoló szerkesztése" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Csatoló eltávolítása" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Bejegyzések hozzáadása forráscímek vagy területek zónához kötéséhez. Kötheti " "MAC forráscímhez is, de korlátozásokkal. A port továbbítás és a maszkolás " "nem fog működni MAC források kötéseinél." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Forrás hozzáadása" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Forrás szerkesztése" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Forrás eltávolítása" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zónák" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Egy firewalld szolgáltatás portok, protokollok, modulok és célcímek " "kombinációja." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Szolgáltatás hozzáadása" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Szolgáltatás szerkesztése" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Szolgáltatás eltávolítása" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Szolgáltatás alapértékeinek betöltése" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "További portok vagy porttartományok hozzáadása, melyeknek elérhetÅ‘knek kell " "lenniük az összes gépnél vagy hálózatnál." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Bejegyzés szerkesztése" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Bejegyzés eltávolítása" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "További forrásportok vagy porttartományok hozzáadása, melyeknek elérhetÅ‘knek " "kell lenniük az összes gépnél vagy hálózatnál." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Forrásport" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Netfilter segédmodulok szükségesek néhány szolgáltatáshoz." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modulok" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Ha megad célcímeket, akkor a szolgáltatás bejegyzése a célcímre és típusra " "lesz korlátozva. Ha mindkét bejegyzés üres, akkor nincs korlátozás." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "A szolgáltatások csak az állandó beállítások nézetében változtathatók meg. A " "szolgáltatások futásidejű beállításai rögzítettek." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Az IP-készletek használhatók fehér- vagy feketelisták létrehozásához, " "valamint képesek IP-címeket, portszámokat vagy MAC-címeket tárolni. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IP-készlet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "IP-készlet hozzáadása" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "IP-készlet szerkesztése" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "IP-készlet eltávolítása" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "IP-készlet alapértékeinek betöltése" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Az IP-készlet bejegyzései. Csak azokat az IP-készlet bejegyzéseket tudja " "megnézni, amelyek nem használják az idÅ‘korlát beállítást, valamint csak " "azokat a bejegyzéseket, amelyeket a firewalld adott hozzá. Azok a " "bejegyzések, amelyek közvetlenül az ipset paranccsal lettek hozzáadva, nem " "lesznek itt felsorolva." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Ez az IP-készlet használja az idÅ‘korlát beállítást, ezért nem láthatók itt a " "bejegyzései. A bejegyzéseket közvetlenül az ipset paranccsal tudja kezelni." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Hozzáadás" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Bejegyzések" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "Az IP-készletek csak az állandó beállítások nézetében hozhatók létre vagy " "törölhetÅ‘k." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "A firewalld icmptype információt biztosít az Internet Control Message " "Protocol (ICMP) típusról a firewalld számára." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP-típus hozzáadása" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP-típus szerkesztése" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP-típus eltávolítása" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP-típus alapértékeinek betöltése" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" "Adja meg, hogy ez az ICMP-típus elérhetÅ‘-e az IPv4 és/vagy az IPv6 számára." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Az ICMP-típusok csak az állandó beállítások nézetében változtathatók meg. Az " "ICMP-típusok futásidejű beállításai rögzítettek." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Egy kapcsolatkövetÅ‘ segéd segít azon protokollok működÅ‘vé tételében, amelyek " "különbözÅ‘ csatornákat használnak a jelzésekhez és az adatátvitelhez. Az " "adatátvitelek olyan portokat használnak, amelyek nem függenek össze a jelzÅ‘ " "kapcsolattal, és ezért a segéd nélkül a tűzfal blokkolja azokat." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Portok vagy porttartományok meghatározása, amelyeket a segíéd figyel." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "A közvetlen beállítás közvetlenebb hozzáférést ad a tűzfalhoz. Ezek a " "beállítások megkövetelik, hogy a felhasználó ismerje az iptables fogalmait, " "azaz tudja mik a táblák, láncok, parancsok, paraméterek és célok. A " "közvetlen beállítást csak legvégsÅ‘ esetben kell használni, amikor nincs " "lehetÅ‘ség más firewalld funkciók használatára." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Minden egyes beállítás ipv argumentuma ipv4, ipv6 vagy eb kell legyen. Az " "ipv4 használatával az iptables parancs, az ipv6 használatával az ip6tables " "parancs, az eb használatával az ethernet híd (ebtables) lesz használva." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "További láncok a szabályokkal való használathoz." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Lánc hozzáadása" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Lánc szerkesztése" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Lánc eltávolítása" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Láncok" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Szabály hozzáadása az args argumentumokkal egy táblában lévÅ‘ lánchoz, " "megadott prioritással." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "A prioritás a szabályok sorrendezéséhez használható. A 0-s prioritás azt " "jelenti, hogy a szabályt a lánc tetejéhez adja hozzá, magasabb prioritással " "a szabály lentebb lesz hozzáadva. Az azonos prioritású szabályok ugyanazon a " "szinten lesznek, és ezen szabályok sorrendje nem rögzített, hanem változhat. " "Ha biztos szeretne lenni abban, hogy a szabály egy másik szabály után legyen " "hozzáadva, akkor használjon alacsony prioritást az elsÅ‘nél és magasabb " "prioritást az ezt követÅ‘knél." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Szabály hozzáadása" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Szabály szerkesztése" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Szabály eltávolítása" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Szabályok" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Az áteresztÅ‘ szabályok közvetlenül átmennek a tűzfalon, és nem kerülnek " "speciális láncokba. Minden iptables, ip6tables és ebtables beállítás " "használható." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "Legyen óvatos az áteresztÅ‘ szabályokkal, hogy ne károsítsa a tűzfalat." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Ãteresztés hozzáadása" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Ãteresztés szerkesztése" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Ãteresztés eltávolítása" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Ãteresztés" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "A zárolás funkció a felhasználó- és alkalmazásházirendek egyszerűsített " "verziója a firewalld programnál. Korlátozza a változtatásokat a tűzfalon. A " "zárolás fehér lista tartalmazhat parancsokat, környezeteket, felhasználókat " "és felhasználó-azonosítókat." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "A környezet egy futó alkalmazás vagy szolgáltatás biztonsági (SELinux) " "környezete. Egy futó alkalmazás környezetének lekéréséhez használja a ps " "-e --context parancsot." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Környezet hozzáadása" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Környezet szerkesztése" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Környezet eltávolítása" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Környezetek" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Ha a fehér listán egy parancsbejegyzés csillaggal „*†végzÅ‘dik, akkor az " "összes parancssor illeszkedni fog, amely azzal a paranccsal kezdÅ‘dik. Ha a " "„*†nincs ott, akkor az abszolút parancsnak – beleértve az argumentumokat – " "egyeznie kell." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Parancssor hozzáadása" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Parancssor szerkesztése" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Parancssor eltávolítása" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Parancssorok" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Felhasználónevek." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Felhasználónév hozzáadása" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Felhasználónév szerkesztése" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Felhasználónév eltávolítása" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Felhasználónevek" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Felhasználó-azonosítók." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Felhasználó-azonosító hozzáadása" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Felhasználó-azonosító szerkesztése" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Felhasználó-azonosító eltávolítása" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Felhasználó-azonosítók" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "A rendszer jelenlegi alapértelmezett zónája." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Megtagadottak naplója:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Pánik mód:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatikus segédek:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Zárolás:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Alapértelmezett zóna:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Adjon meg egy csatolónevet:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Alap IP-készlet beállítások" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Adja meg az alap IP-készlet beállításokat:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Típus:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "IdÅ‘korlát:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hash méret:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Legnagyobb elem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "IdÅ‘korlát értéke másodpercben" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Kezdeti hash méret, alapértelmezetten 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Elemek legnagyobb száma, alapértelmezetten 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Válasszon egy IP-készletet:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Adjon meg egy ipset-bejegyzést:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Megtagadottak naplózása" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Válassza ki a megtagadottak naplózásának értékét:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Megjelölés" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Adjon meg egy jelölést egy nem kötelezÅ‘ maszkkal." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "A jelölés és a maszk mezÅ‘k mindegyike 32-bit széles, elÅ‘jel nélküli szám." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Jelölés:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maszk:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Válasszon egy netfilter conntrack segítÅ‘t:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Válasszon -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Egyéb modul:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port és protokoll" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Adjon meg egy portot és egy protokollt." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Közvetlen szabály" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Válasszon ipv-t és táblát, valamint láncprioritást, majd adja meg az " "argumentumokat." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioritás:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Adjon meg egy protokollt." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Egyéb protokoll:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Gazdag szabály" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Adjon meg egy gazdag szabályt." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" "A gépnél vagy hálózatnál a fehér- vagy feketelista használata letiltja az " "elemet." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Forrás:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Cél:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Napló:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 és IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "fordított" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "A művelet engedélyezéséhez „elutasítás†értékűnek, a családnak pedig vagy " "„IPv4â€-nek, vagy „IPv6â€-nak (nem mindkettÅ‘) kell lennie." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "ezzel a típussal:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Ezzel a korláttal:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "ElÅ‘tag:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Szint:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Elem:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Művelet:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Alap szolgáltatás beállítások" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Ãllítsa be az alap szolgáltatás beállításokat:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Válasszon egy szolgáltatást." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Adjon meg egy forrást." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Felhasználó-azonosító" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Adja meg a felhasználó-azonosítót." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Adja meg a felhasználónevet." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "címke" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Alap zóna beállítások" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Ãllítsa be az alap zóna beállításokat:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Alapértelmezett cél" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Cél:" firewalld-1.1.1/po/ia.po0000644000000000000000000012625214217342322015040 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Nik Kalach , 2012-2013 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2015-02-26 09:58+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Interlingua (http://www.transifex.com/projects/p/firewalld/" "language/ia/)\n" "Language: ia\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Applet de parafoco" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Parafoco" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuration de parafoco" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Blocar tote le traffico de rete" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-1.1.1/po/id.po0000644000000000000000000012754714217342322015053 0ustar00rootroot00000000000000# Ferdi Saptanera , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2018-05-22 09:00+0000\n" "Last-Translator: Ferdi Saptanera \n" "Language-Team: Indonesian\n" "Language: id\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Zanata 4.6.2\n" "Plural-Forms: nplurals=1; plural=0\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Aplikasi Firewall" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Pengaturan Firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Pilih zona untuk antarmuka '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona Standar" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Pilih zona untuk sambungan '%s'" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Pilih zona untuk sumber '%s'" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Mengatur Zona Perisai Menyala/Mati" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Di sini, Anda bisa memilih zona yang digunakan di Perisai Menyala dan " "Perisai Mati." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Fitur ini berguna untuk mereka yang sebagian besar memakai zona standar. " "Bagi pengguna yang mengubah-ubah zona sambungan, mungkin fitur ini tidak " "berguna." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Zona Perisai Menyala:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Ubah Ke Pengaturan Awal" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Zona Perisai Mati:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Tentang %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Penulis" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Lisensi" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Perisai Menyala" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Nyalakan Pemberitahuan" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Sunting Pengaturan Firewall..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Ubah Zona Sambungan" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Susun Zona Perisai Nyala/Mati" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Blokir semua lalu lintas jaringan" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Tentang" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Sambungan" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Antarmuka" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Sumber" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Otorisasi gagal." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Nama tidak valid" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Nama sudah ada" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Zona Standar: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Gagal mendapatkan sambungan dari NetworkManager" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Tidak ada impor NetworkManager yang tersedia" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Tidak ada sambungan ke daemon firewall" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Semua lalu lintas jaringan diblokir." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-1.1.1/po/it.po0000644000000000000000000017072314217342322015065 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Andrea La Fauci , 2010 # antonio montagnani , 2013 # Antonio Trande , 2012 # Daniele Catanesi , 2009 # Francesco D'Aluisio , 2011,2013 # Francesco D'Aluisio , 2011 # Francesco Tombolini , 2005-2008,2010 # fvalen , 2004 # Franco Godone , 2008 # fvalen , 2004,2014 # fvalen , 2014 # Germano Massullo , 2013 # Gianluca Sforna , 2012 # Guido Grazioli , 2008 # Luca Ferrari , 2004 # Mario Santagiuliana , 2011 # Massimiliano Tropeano , 2013 # Massimiliano Tropeano , 2013 # Paolo Dona' , 2004 # tavanofabio , 2013 # tavanofabio , 2013 # Gregorio , 2016. #zanata # Terry Chuang , 2016. #zanata # Andrea Masala , 2017. #zanata # Elena Metelli , 2017. #zanata # Thomas Woerner , 2017. #zanata # Elena Metelli , 2018. #zanata # Eric Garver , 2018. #zanata # Milo Casagrande , 2018. #zanata # Enrico Bella , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-07-10 16:27+0000\n" "Last-Translator: Enrico Bella \n" "Language-Team: Italian \n" "Language: it\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.1.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Applet firewall" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configurazione del firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;rete;sicurezza;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Seleziona zona per l'interfaccia '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona predefinita" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Seleziona la zone per la connessione '%s'" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" "Impossibile impostare la zona {zone} per la connessione {connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Selezionare la zona per il sorgente '%s'" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Configura Shields Up/Down Zones" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Qui è possibile selezionare le zone usate per Shields Up e Shields Down." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Questa funzione è utile per coloro che usano soprattutto le zone " "predefinite. Per gli utenti che modificano le zone delle connessioni, " "potrebbe essere limitata." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Zona Shields Up:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Ripristina impostazioni predefinite" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Zona Shields Down:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Informazioni su %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Autori" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licenza" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Shields Up" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Abilita Notifiche" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Modifica Impostazioni Firewall..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Cambia Zone di Connessione..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Configura Shields UP/Down Zones..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Blocca l'intero traffico di rete" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Informazioni" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Connessioni" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaccia" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Sorgente" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autorizzazione fallita." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Nome non valido" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Nome già esistente" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Zona predefinita: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Impossibile ottenere le connessioni da NetworkManager" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Nessuna importazione NetworkManager disponibile" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Non connesso al demone firewall" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "L'intero traffico di rete è bloccato." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Zona Predefinita: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona predefinita '{default_zone}' attivata per la connessione '{connection}' " "sull'interfaccia '{interface}'" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zona '{zone}' attiva per la connessione '{connection}' sull'interfaccia " "'{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zona '{zone}' attiva per l'interfaccia '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zona '{zone}' attiva per la sorgente {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Nessuna Zona Attiva." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Connessione a Firewalld stabilita." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Connessione a Firewalld persa." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "Firewalld è stato ricaricato." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Zona predefinita cambiata a '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Il traffico di rete non è più bloccato." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "attivato" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "disattivato" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Zona predefinita '{default_zone}' {activated_deactivated} per la connessione " "'{connection}' sull'interfaccia '{interface}'" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} per la connessione '{connection}' " "sull'interfaccia '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zona '{zone}' {activated_deactivated} per l'interfaccia '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zona '%s' attivata per l'interfaccia '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zona '{zone}' {activated_deactivated} per la sorgente '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zona '%s' attivata per la sorgente '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Connessione a firewalld stabilita." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Tentativo di connessione a firewalld in corso, attendere..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Impossibile connettersi al firewall. Verificare che il servizio sia stato " "avviato correttamente e riprovare." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Modifiche applicate." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Usato dalla connessione di rete '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Zona predefinita utilizzata dalla connessione di rete '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "abilitato" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "disabilitato" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Caricamento icone fallito." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Contesto" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Linea di comando" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nome utente" #: ../src/firewall-config.in:244 msgid "User id" msgstr "ID utente" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabella" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Catena" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priorità" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argomenti" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "In esecuzione" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Salvata" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Servizio" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Porta" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocollo" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Alla porta" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "All'indirizzo" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Associazioni" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Voce" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Tipologìa Icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Famiglia" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Azione" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elemento" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Controllo" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interfaccia" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Commento" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Sorgente" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Attenzione" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Errore" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accetta" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "rifiuta" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "rilascio" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "contrassegno" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limita" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "servizio" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "porta" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocollo" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "mascheramento" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "blocco-icmp" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "porta inoltro" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "porta-sorgente" #: ../src/firewall-config.in:2097 msgid "level" msgstr "livello" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "si" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Zona predefinita: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zona: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona '%s': Servizio '%s' non disponibile." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Elimina Zona" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ignora" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona '%s': tipo ICMP '%s' non disponibile." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Zona integrata, impossibile rinominare." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "secondo" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuto" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ora" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "giorno" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergenza" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "avviso" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "critico" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "errore" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "attenzione" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "avviso" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "informazioni" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "L'inoltro ad un altro sistema è utile solo se l'interfaccia è nattata.\n" "Si vuole nattare questa zona?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Servizio integrato, impossibile rinominare." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" "Si prega di inserire un indirizzo ipv4 con la forma indirizzo[/maschera]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "La maschera può essere una maschera di rete o un numero." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" "Si prega di inserire un indirizzo ipv6 con la forma indirizzo[/maschera]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "La maschera è un numero." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" "Si prega di inserire un indirizzo ipv4 o ipv6 con la forma indirizzo[/" "maschera]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "La maschera può essere una maschera di rete o un numero per ipv4.\n" "La maschera è un numero per ipv6." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "Ipset integrato, ridenominazione non supportata." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Per favore seleziona un file" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "File di testo" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Tutti i file" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Tutte" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Helper integrato, rinominazione non supportata." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Icmp integrato, impossibile rinominare." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Impossibile leggere il file '%s': %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Selezionare la zona per il sorgente %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Indirizzo" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Assistenti Automatici" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Selezionare il valore automatico degli helper:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Inserire il comando." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Inserire il contesto." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Si prega di selezionare la zona predefinita dalla lista sotto." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Catena" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Prego selezionare ipv e tabella e inserire il nome della catena." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Catena:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "sicurezza" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabella:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Regola di attraversamento diretto" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Prego selezionare l'ipv e inserire gli argomenti." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argomenti:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Forwarding della porta" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Selezionare le opzioni di sorgente e destinazione in base alle proprie " "esigenze." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Porta / Intervallo di porte:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Indirizzo IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocollo:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destinazione" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Se si abilita il forward locale, si deve specificare una porta. Questa porta " "deve essere diversa dalla porta sorgente." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Forward locale" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Forward verso un'altra porta" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Impostazioni di base per gli helper" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Configurare le impostazioni di base per gli helper:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Le voci in grassetto sono obbligatorie, tutte le altre sono opzionali." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nome:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versione:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Breve:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Descrizione:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Famiglia:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modulo:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Helper" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Selezionare un helper:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Impostazioni di base Tipologìa ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Configurare le impostazioni di base ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Tipo ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Sezionare il tipo di ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Aggiungi voce" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Aggiungi voci dal file" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Rimuovi la voce selezionata" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Rimuovi tutte le voci" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Rimuovi le voci dal file" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_File" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opzioni" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Ricarica Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Ricarica le regole del firewall. L'attuale configurazione salvata diventerà " "la nuova configurazione in uso. p.e. tutti i cambiamenti fatti prima saranno " "perse con la ricarica se non sono presenti anche nella configurazione " "salvata." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Cambia l'appartenenza ad una zona di una rete." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Cambia Zona Predefinita " #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Cambia la zona predefinita di connessioni o interfacce." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Log di modifica negato" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Valore Log di modifica negato." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Configurare Assegnazione Assistenti Automatici" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Configurare l'impostazione Assegnazione Assistenti Automatici" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Modalità panico significa che tutti i pacchetti in ingresso e uscita " "verranno scartati." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Modalità Panico" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown blocca la configurazione del firewall in modo che solo le " "applicazioni nella lockdown whitelist possano cambiarla." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Lockdown" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Rendi la configurazione di runtime permanente" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Runtime su permanente" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Visualizza" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSet" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Tipi ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Helper" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Configurazione Esperta" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Whitelist lockdown" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Associazioni attive" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "Aiu_to" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Modifica zona" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Modifica zona associazione" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Nascondere le associazioni a runtime attive di connessioni, interfacce e " "sorgenti alle zone" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Mostrare le associazioni a runtime attive di connessioni, interfacce e " "sorgenti alle zone" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configurazione:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Configurazione attuale visibile. La configurazione runtime è l'attuale " "configurazione attiva. Quella persistente sarà attiva dopo il ricaricamento " "o il riavvìo del servizio o del sistema." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Una zona firewalld definisce il livello di fiducia per le connessioni della " "rete, interfacce e indirizzi della sorgente legati alla zona. La zona " "combina servizi, porte, protocolli, mascheramenti, inoltro porte/pacchetti, " "filtri icmp e regole estese. La zona può essere associata alle interfacce e " "agli indirizzi della sorgente." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Aggiungi Zona" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Modifica Zona" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Elimina Zona" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Carica Zona Predefinita" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Qui è possibile definire quali servizi sono fidati nella zona. I servizi " "fidati sono accessibili da tutti gli host e reti che possono raggiungere la " "macchina attraverso connessioni, interfacce e sorgenti associate a questa " "zona." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Servizi" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Aggiungere ulteriori porte o intervalli di porte, che dovranno essere " "accessibili da tutti gli host o reti che possono connettersi alla macchina." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Alla porta" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Modifica Zona" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Elimina Zona" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Porte" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Aggiungere i protocolli che si necessita rendere accessibili per tutti gli " "host o reti." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Aggiungi protocollo" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Modifica protocollo" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Rimuovi protocollo" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protocolli" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Aggiungere ulteriori porte o intervalli di porte sorgente, che devono essere " "accessibili da tutti gli host o reti che possono connettersi alla macchina." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Porte Sorgente" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Il mascheramento (masquerading) permette di impostare un host o un router " "che connette la rete locale ad Internet. La rete locale non sarà visibile e " "gli host appariranno come un singolo indirizzo su Internet. Il mascheramento " "è disponibile solo con IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zona Mascherata" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Se si abilta il masquerading, l'IP forwarding sarà abilitato per le reti " "IPv4." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Mascheramento" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Aggiungere righe per eseguire il forward delle porte sia da una porta ad " "un'altra sul sistema locale o dal sistema locale ad un altro sistema. " "Eseguire il forward verso un altro sistema è utile solo se l'interfaccia è " "mascherata. Il forwarding delle porte è disponibile solo con IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Aggiungi Forward di porta" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Modifica Forward di porta" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Rimuovi Forward di porta" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "L'Internet Control Message Protocol (ICMP) è principalmente utilizzato per " "inviare messaggi d'errore fra computer in rete, ma anche per messaggi " "informativi come richieste e risposte ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Contrassegnare nell'elenco i tipi ICMP che dovranno essere rifiutati. A " "tutti gli altri tipi ICMP sarà consentito di oltrepassare il firewall. " "L'impostazione predefinita è: nessuna limitazione." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Se l’opzione Inverti filtro è abilitata, le voci ICMP contrassegnate sono " "accettate e le altre respinte. In una zona con DROP destinazione, sono " "scartate." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Inverti filtro" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtro ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Qui è possibile impostare le regole estese per la zona." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Aggiungi Regola Estesa" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Modifica Regola Estesa" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Rimuovi Regola Estesa" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Regole Estese" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Aggiunta voci per collegare interfacce alla zona. Se l'interfaccia sarà " "utilizzata da una connessione, la zona verrà impostata alla zona specificata " "nella connessione." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Aggiungi Interfaccia" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Modifica Interfaccia" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Rimuovi Interfaccia" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Aggiungere le voci per associare gli indirizzi sorgente o le aree alla zona. " "Si possono anche associare ad un indirizzo sorgente MAC, ma con limitazioni. " "Il port forwarding e il mascheramento non funzioneranno per le associazioni " "ai MAC sorgente." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Aggiungi Sorgente" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Modifica Sorgente" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Rimuovi Sorgente" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zone" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Un servizio firewalld è una combinazione di porte, protocolli, moduli e " "indirizzi di destinazione." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Aggiungi Servizio" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Modifica Servizio" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Elimina Servizio" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Carica Servizi Predefiniti" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Aggiungere ulteriori porte o intervalli di porte, che devono essere " "accessibili per tutti gli host o reti." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Modifica voce" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Rimuovi voce" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Aggiungere ulteriori porte o intervalli di porte sorgente, che devono essere " "accessibili per tutti gli host o reti." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Porta sorgente" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "I moduli helper sono necessari per alcuni servizi." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduli" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Se si specificano indirizzi di destinazione, la voce del servizio sarà " "limitato a quell'indirizzo o al tipo. Se entrambe le voci sono vuote, non ci " "sono limitazioni." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "E' possibile cambiare i servizi solo nella vista configurazione permanente. " "La configurazione runtime dei servizi è fissa." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Un IPSet può essere usato per creare liste bianche o nere ed è in grado di " "memorizzare per esempio gli indirizzi IP, numeri di porta o indirizzi MAC." #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Aggiungi IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Modifica IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Rimuovi IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Carica impostazioni predefinite IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Voci dell'IPSet. Si è in grado di vedere solamente le voci degli ipset che " "non stanno usando l'opzione timeout, ed anche solamente le voci che sono " "state aggiunte da firewalld. Le voci che sono state aggiunte direttamente " "con il comando ipset non saranno visualizzate qui." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Questo IPSet usa l'opzione timeout, perciò nessuna delle voci è visibile " "qui. Le voci dovrebbero essere prese in considerazione direttamente con il " "comando ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Aggiungere" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Voci" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "Gli IPSet possono essere creati o eliminati solo nella vista di " "configurazione permanente." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Un icmptype di firewalld fornisce l'informazione per un tipo di Internet " "Control Message Protocol (ICMP) per firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Aggiungi ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Modifica ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Rimuovi ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Carica ICMP Predefiniti" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Definisci se questo tipo di ICMP è disponibile per IPv4 e/o IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "E' possibile cambiare i tipi ICMP solo nella vista configurazione " "permanente. La configurazione runtime dei tipi ICMP è fissa." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "È disponibile un helper di controllo per la connessione che consente il " "funzionamento di protocolli che utilizzano flussi diversi per segnalazione e " "trasferimento dati. Per il trasferimento di dati vengono utilizzate porte " "diverse da quelle utilizzate per segnalare la connessione e bloccate dal " "firewall senza helper." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Definire le porte o intervalli di porte, che sono monitorati dall'assistente." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "La configurazione esperta permette un accesso più profondo al firewall. " "Queste opzioni richiedono all'utente una conoscenza dei concetti base di " "iptables, p.e. tabelle, catene, comandi, parametri e obiettivi. La " "configurazione esperta dovrebbe essere usata solo come ultima possibilità " "quando non è possibile utilizzare gli altri strumenti di firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "L'argomenti ipv di ogni opzione deve essere ipv4 o ipv6 o eb. Se ipv4 sarà " "per iptables, se ipv6 sarà per ip6tables e con eb sarà per i bridge ethernet " "(ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Catene aggiuntive per l'utilizzo con regole." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Aggiungi Catena" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Modifica Catena" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Rimuovi Catena" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Catene" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Aggiungi una regola con gli argomenti args ad una catena in una tabella con " "priorità." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "La priorità viene usata per ordinare le regole. Priorità 0 significa " "aggiungere la regola in cima alla catena, con una priorità maggiore la " "regola verrà aggiunta sempre più in basso. Regole con la stessa priorità " "sono allo stesso livello e l'ordine di queste regole non è fisso e può " "cambiare. Se si vuole essere sicuri che una regola venga aggiunta dopo " "un'altra, utilizzare una priorità minore per la prima e maggiore per la " "seconda." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Aggiungi Regola" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Modifica Regola" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Rimuovi Regola" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regole" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Le regole di passthrough vengono inviate direttamente al firewall e non " "vengono inserite in catene speciali. Tutte le opzioni di iptables, ip6tables " "e ebtables possono essere usate." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Siate prudenti con le regole di passthrough per non danneggiare il firewall." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Aggiungi Passthrough" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Modifica Passthrough" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Rimuovi Passthrough" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Passthrough" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "La funzionalità lockdown è una versione light delle politiche dell'utente e " "dell'applicazione per firewalld. Limita le modifiche del firewall. La " "whitelist lockdown può contenere, comandi, contesti, utenti e user id." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Il contesto è il contesto di sicurezza (SELinux) di un’applicazione o di un " "servizio in esecuzione. Per ottenere il contesto di un’applicazione in " "esecuzione, utilizzare ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Aggiungi Contesto" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Modifica Contesto" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Rimuovi Contesto" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contesti" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Se una voce di comando nella whitelist finisce per asterisco '*', tutti i " "comandi che iniziano per il comando corrisponderanno. Se non c'è '*' il " "comando assoluto compresi argomenti dovrà corrispondere." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Aggiungi Riga di Comando" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Modifica Riga di Comando" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Rimuovi Riga di Comando" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Linee di comando" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Nomi utente." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Aggiungi Nome Utente" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Modifica Nome Utente" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Rimuovi Nome Utente" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Nomi utenti" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ID utenti." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Aggiungi Id Utente" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Modifica Id Utente" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Rimuovi Id Utente" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ID Utenti" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Zona predefinita di sistema corrente." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Log negato:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Modalità Panico:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Assistenti Automatici:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Lockdown:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zona Predefinita:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Immettere un nome per l'interfaccia:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Impostazioni di base IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Configurare le impostazioni di base ipset:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tipo:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Timeout:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Dimensione hash:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Elem max:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Valore del timeout in secondi" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Dimensione hash iniziale, valore predefinito 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Numero max di elementi, valore predefinito 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Per favore selezionare un ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Immettere una voce IPSet:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Log negato" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Selezionare il valore del log negato:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Contrassegno" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Inserire un contrassegno con una maschera opzionale." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "Contrassegno e campi del contrassegno sono entrambi numeri senza segno a 32 " "bit." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Contrassegno:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maschera:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Immettere un helper per il controllo della connessione di Netfiler:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Seleziona -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Altro Modulo:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Porta e protocollo" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Inserire una porta ed un protocollo." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Regola Diretta" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Prego selezionare l'ipv e la tabella, la priorità della catena e inserire " "gli argomenti." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priorità:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Per cortesia scegli un protocollo" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Altro Protocollo:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Regola Estesa" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Inserire una regola estesa." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "Per host o rete bianca o in lista nera disattivare l'elemento." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Sorgente:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destinazione:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Controllo:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 e ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "invertito" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Per abilitarlo, Action deve essere 'reject' e Family 'ipv4' o 'ipv6' (non " "entrambi)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "con Tipo:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Con limite:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefisso:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Livello" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Elemento:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Azione:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Impostazioni Servizi di Base" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Configurare le impostazioni del servizio di base:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Per favore selezionare un servizio." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Immettere una sorgente." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ID utente" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Per favore inserire l'id utente" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Per favore inserire il nome utente" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etichetta" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Impostazioni Base Zone" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Impostare la configurazione della base zone:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Destinazione Predefinita" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Destinazione:" firewalld-1.1.1/po/ja.po0000644000000000000000000020250514217342322015035 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Aiko Sasaki , 2014 # Copyright (C) Red Hat Inc. 2010, 2011 # Hajime Taira , 2010-2011,2013 # Kenzo Moriguchi , 2014 # noriko , 2014 # noriko , 2014 # Tomoyuki KATO , 2012-2013 # Hajime Taira , 2015. #zanata # Aiko Sasaki , 2016. #zanata # Hajime Taira , 2016. #zanata # Noriko Mizumoto , 2016. #zanata # Takuro Nagamoto , 2016. #zanata # Casey Jones , 2018. #zanata # Eric Garver , 2018. #zanata # Hajime Taira , 2018. #zanata # simmon , 2021. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2021-07-10 21:04+0000\n" "Last-Translator: simmon \n" "Language-Team: Japanese \n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Weblate 4.7.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "ファイアウォールアプレット" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ファイアウォール" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ファイアウォールã®è¨­å®š" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "ファイアウォール;ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯;セキュリティー;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "インターフェース '%s' ã®ã‚¾ãƒ¼ãƒ³ã‚’é¸æŠžã™ã‚‹" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "標準ゾーン" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "接続 '%s' ã®ã‚¾ãƒ¼ãƒ³ã‚’é¸æŠžã™ã‚‹" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "接続 {connection_name}用ã®ã‚¾ãƒ¼ãƒ³ {zone} ã®è¨­å®šã«å¤±æ•—ã—ã¾ã—ãŸ" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "ソース '%s' ã®ã‚¾ãƒ¼ãƒ³ã‚’é¸æŠžã™ã‚‹" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "シールド・アップ/ダウン・ゾーンã®è¨­å®š" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "ã“ã“ã‹ã‚‰ã‚·ãƒ¼ãƒ«ãƒ‰ãƒ»ã‚¢ãƒƒãƒ—ãŠã‚ˆã³ã‚·ãƒ¼ãƒ«ãƒ‰ãƒ»ãƒ€ã‚¦ãƒ³ã«å¯¾ã—ã¦ä½¿ç”¨ã™ã‚‹ã‚¾ãƒ¼ãƒ³ã‚’é¸æŠžã§" "ãã¾ã™ã€‚" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "ã“ã®æ©Ÿèƒ½ã¯ãŸã„ã¦ã„標準ã®ã‚¾ãƒ¼ãƒ³ã‚’使用ã™ã‚‹äººã€…ã«ã¨ã£ã¦æœ‰ç”¨ã§ã™ã€‚接続ã®ã‚¾ãƒ¼ãƒ³ã‚’" "変更ã—ã¦ã„るユーザーã«å¯¾ã—ã¦ã€é™å®šçš„ã«ä½¿ç”¨ã§ãã¾ã™ã€‚" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "シールド・アップ・ゾーン:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "デフォルトã«ãƒªã‚»ãƒƒãƒˆ" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "シールド・ダウン・ゾーン:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "%s ã«ã¤ã„ã¦" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "作者" #: ../src/firewall-applet.in:393 msgid "License" msgstr "ライセンス" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "シールド・アップ" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "通知ã®æœ‰åŠ¹åŒ–" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "ファイアウォール設定ã®ç·¨é›†..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "接続ã®ã‚¾ãƒ¼ãƒ³ã®å¤‰æ›´..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "シールド・アップ/ダウン・ゾーンã®è¨­å®š..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "ã™ã¹ã¦ã®ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãƒ»ãƒˆãƒ©ãƒ•ã‚£ãƒƒã‚¯ã®ãƒ–ロック" #: ../src/firewall-applet.in:492 msgid "About" msgstr "ã“ã®ã‚¢ãƒ—リケーションã«ã¤ã„ã¦" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "接続" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "インターフェース" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "é€ä¿¡å…ƒ" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "èªè¨¼ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "無効ãªåå‰" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "åå‰ãŒã™ã§ã«å­˜åœ¨ã—ã¾ã™" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (ゾーン: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (デフォルトゾーン: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "NetworkManager ã‹ã‚‰ã®æŽ¥ç¶šã®å–å¾—ã«å¤±æ•—ã—ã¾ã—ãŸ" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "利用å¯èƒ½ãª NetworkManager インãƒãƒ¼ãƒˆãŒã‚ã‚Šã¾ã›ã‚“" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "ファイアーウォール・デーモンã¸ã®æŽ¥ç¶šãŒã‚ã‚Šã¾ã›ã‚“。" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "ã™ã¹ã¦ã®ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯é€šä¿¡ãŒé®æ–­ã•ã‚Œã¾ã™ã€‚" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "標準ゾーン: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "デフォルトゾーン '{default_zone}' ãŒã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ '{interface}' ã®æŽ¥ç¶š " "'{connection}' ã«å¯¾ã—ã¦æœ‰åŠ¹åŒ–" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "ゾーン '{zone}' ãŒã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ '{interface}' ã®æŽ¥ç¶š '{connection}' ã«å¯¾ã—" "ã¦æœ‰åŠ¹åŒ–" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "ゾーン '{zone}' ãŒã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ '{interface}' ã«å¯¾ã—ã¦æœ‰åŠ¹åŒ–" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "ゾーン '{zone}' ã‚’é€ä¿¡å…ƒ {source} ã«å¯¾ã—ã¦æœ‰åŠ¹åŒ–" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "有効ãªã‚¾ãƒ¼ãƒ³ãŒã‚ã‚Šã¾ã›ã‚“。" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallD ã¸ã®æŽ¥ç¶šãŒç¢ºç«‹ã•ã‚Œã¾ã—ãŸã€‚" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallD ã¸ã®æŽ¥ç¶šãŒå¤±ã‚ã‚Œã¾ã—ãŸã€‚" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD ãŒå†èª­ã¿è¾¼ã¿ã•ã‚Œã¾ã—ãŸã€‚" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "標準ã®ã‚¾ãƒ¼ãƒ³ã‚’ '%s' ã«å¤‰æ›´ã—ã¾ã—ãŸã€‚" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯é€šä¿¡ãŒé®æ–­ã•ã‚Œãªããªã‚Šã¾ã™ã€‚" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "有効化" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "無効化" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "デフォルトゾーン '{default_zone}' ãŒã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ '{interface}' ã®æŽ¥ç¶š " "'{connection}' ã«å¯¾ã—㦠{activated_deactivated} " #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "ゾーン '{zone}' ãŒã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ '{interface}' ã®æŽ¥ç¶š '{connection}' ã«å¯¾ã—" "㦠{activated_deactivated}" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "インターフェース '{interface}' ã«å¯¾ã—ã¦ã‚¾ãƒ¼ãƒ³ '{zone}' ã‚’ " "{activated_deactivated} ã—ã¾ã—ãŸ" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "ゾーン '%s' をインターフェース '%s' ã«å¯¾ã—ã¦æœ‰åŠ¹åŒ–ã—ã¾ã—ãŸ" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" "ゾーン '{zone}' ã‚’é€ä¿¡å…ƒ '{source}' ã«å¯¾ã—㦠{activated_deactivated} ã—ã¾ã—ãŸ" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "ゾーン '%s' ã‚’é€ä¿¡å…ƒ '%s' ã«å¯¾ã—ã¦æœ‰åŠ¹åŒ–ã—ã¾ã—ãŸ" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "firewalld ã¸ã®æŽ¥ç¶šãŒç¢ºç«‹ã•ã‚Œã¾ã—ãŸã€‚" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "firewalld ã¸ã®æŽ¥ç¶šã‚’試行ã—ã¦ã„ã¾ã™ã€‚ãŠå¾…ã¡ãã ã•ã„..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "firewalldã¸ã®æŽ¥ç¶šã«å¤±æ•—ã—ã¾ã—ãŸã€‚サービスãŒæ­£å¸¸ã«é–‹å§‹ã—ã¦ã„ã‚‹ã“ã¨ã‚’確èªã—ã¦ã€" "å†åº¦æŽ¥ç¶šã‚’試行ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "変更をé©ç”¨ã—ã¾ã—ãŸã€‚" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯æŽ¥ç¶š '%s' ã«ã‚ˆã‚Šä½¿ç”¨ä¸­" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯æŽ¥ç¶š '%s' ã§ä½¿ç”¨ã•ã‚Œã‚‹ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã‚¾ãƒ¼ãƒ³" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "有効" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "無効" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "アイコンã®èª­ã¿è¾¼ã¿ã«å¤±æ•—ã—ã¾ã—ãŸã€‚" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "コンテキスト" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "コマンドライン" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "ユーザーå" #: ../src/firewall-config.in:244 msgid "User id" msgstr "ユーザーID" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "テーブル" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "ãƒã‚§ã‚¤ãƒ³" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "優先度" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "引数" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "実行時" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "永続" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "サービス" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "ãƒãƒ¼ãƒˆ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "プロトコル" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "é€ä¿¡å…ˆãƒãƒ¼ãƒˆ" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "é€ä¿¡å…ˆã‚¢ãƒ‰ãƒ¬ã‚¹" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "ãƒã‚¤ãƒ³ãƒ‡ã‚£ãƒ³ã‚°" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "エントリー" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "ICMP タイプ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "ファミリー" #: ../src/firewall-config.in:826 msgid "Action" msgstr "アクション" #: ../src/firewall-config.in:828 msgid "Element" msgstr "è¦ç´ " #: ../src/firewall-config.in:830 msgid "Src" msgstr "é€ä¿¡å…ƒ" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "é€ä¿¡å…ˆ" #: ../src/firewall-config.in:834 msgid "log" msgstr "ログ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "監査" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "インターフェース" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "コメント" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "é€ä¿¡å…ƒ" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "警告" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "エラー" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "å—ä¿¡" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "æ‹’å¦" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "廃棄" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "マーク" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "制é™" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "サービス" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "ãƒãƒ¼ãƒˆ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "プロトコル" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "マスカレード" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "ICMP タイプ" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "レベル" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ã¯ã„" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "ゾーン" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "デフォルトゾーン: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "ゾーン: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "ゾーン '%s': サービス '%s' ãŒåˆ©ç”¨å¯èƒ½ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "ゾーンã®å‰Šé™¤" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "無視" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "ゾーン '%s': ICMP タイプ '%s' ãŒåˆ©ç”¨å¯èƒ½ã§ã¯ã‚ã‚Šã¾ã›ã‚“。" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "組ã¿è¾¼ã¿ã®ã‚¾ãƒ¼ãƒ³ã§ã™ã€‚åå‰ã®å¤‰æ›´ã¯ã§ãã¾ã›ã‚“。" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "秒" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "分" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "時間" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "æ—¥" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "緊急" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "アラート" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "クリティカル" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "エラー" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "警告" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "注æ„" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "情報" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "デãƒãƒƒã‚°" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "IPv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "IPv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ä»–ã®ã‚·ã‚¹ãƒ†ãƒ ã¸ã®è»¢é€ã¯ã€ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ãŒãƒžã‚¹ã‚«ãƒ¬ãƒ¼ãƒ‰ã•ã‚Œã¦ã„ã‚‹å ´åˆã®ã¿æœ‰ç”¨" "ã§ã™ã€‚\n" "ã“ã®ã‚¾ãƒ¼ãƒ³ã‚’マスカレードã—ãŸã„ã§ã™ã‹ ?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "組ã¿è¾¼ã¿ã®ã‚µãƒ¼ãƒ“スã§ã™ã€‚åå‰ã®å¤‰æ›´ã¯ã§ãã¾ã›ã‚“。" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "IPv4 アドレスを address[/mask] ã®å½¢å¼ã§å…¥åŠ›ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "mask ã¯ã€ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãƒžã‚¹ã‚¯ã‚‚ã—ãã¯æ•°å­—ã§æŒ‡å®šã§ãã¾ã™ã€‚" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "IPv6 アドレスを address[/mask] ã®å½¢å¼ã§å…¥åŠ›ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "mask ã¯æ•°å­—ã§æŒ‡å®šã—ã¾ã™ã€‚" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" "IPv4 ã‚‚ã—ã㯠IPv6 アドレスを address[/mask] ã®å½¢å¼ã§å…¥åŠ›ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "mask ã¯ã€IPv4 ã®å ´åˆãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãƒžã‚¹ã‚¯ãŒæŒ‡å®šã§ãã¾ã™ã€‚\n" "IPv6 ã®å ´åˆã«ã¯æ•°å­—ã§æŒ‡å®šã—ã¦ãã ã•ã„。" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "組ã¿è¾¼ã¿ã® IPSet ã§ã™ã€‚åå‰ã®å¤‰æ›´ã¯ã§ãã¾ã›ã‚“。" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "ファイルをé¸æŠžã—ã¦ãã ã•ã„" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "テキストファイル" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "全ファイル" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "ã™ã¹ã¦" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "ビルトインヘルパーã§ã™ã€‚åå‰ã®å¤‰æ›´ã¯ã‚µãƒãƒ¼ãƒˆã•ã‚Œã¦ã„ã¾ã›ã‚“。" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "組ã¿è¾¼ã¿ã® ICMP ã§ã™ã€‚åå‰ã®å¤‰æ›´ã¯ã§ãã¾ã›ã‚“。" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "ファイル '%s' ã®èª­ã¿è¾¼ã¿ã«å¤±æ•—ã—ã¾ã—ãŸ: %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "ソース %s ã®ã‚¾ãƒ¼ãƒ³ã‚’é¸æŠžã™ã‚‹" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "アドレス" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "オートマãƒãƒƒã‚¯ãƒ˜ãƒ«ãƒ‘ー" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "オートマãƒãƒƒã‚¯ãƒ˜ãƒ«ãƒ‘ーã®å€¤ã‚’é¸æŠžã—ã¦ãã ã•ã„:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "コマンドラインを入力ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "コンテキストを入力ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "以下ã®ä¸€è¦§ã‹ã‚‰æ¨™æº–ã®ã‚¾ãƒ¼ãƒ³ã‚’é¸æŠžã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "ダイレクトãƒã‚§ã‚¤ãƒ³" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ipv ã¨ãƒ†ãƒ¼ãƒ–ルをé¸æŠžã—ã€ãƒã‚§ã‚¤ãƒ³åを入力ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "ãƒã‚§ã‚¤ãƒ³:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "セキュリティ" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "テーブル:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "ダイレクト・パススルー・ルール" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ipv ã‚’é¸æŠžã—ã€å¼•æ•°ã‚’入力ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "引数:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "ãƒãƒ¼ãƒˆè»¢é€" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "å¿…è¦ã«å¿œã˜ãŸé€ä¿¡å…ƒã¨é€ä¿¡å…ˆã®ã‚ªãƒ—ションをé¸æŠžã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "ãƒãƒ¼ãƒˆ / ãƒãƒ¼ãƒˆç¯„囲:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP アドレス:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "プロトコル:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "é€ä¿¡å…ˆ" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "ローカル転é€ã‚’有効ã«ã™ã‚‹å ´åˆã€ãƒãƒ¼ãƒˆã‚’指定ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ã“ã‚Œã¯ã‚½ãƒ¼ã‚¹" "ãƒãƒ¼ãƒˆã¨ç•°ãªã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "ローカル転é€" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "ä»–ã®ãƒãƒ¼ãƒˆã¸ã®è»¢é€" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "ベースヘルパーã®è¨­å®š" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "ベースヘルパーã®å€¤ã®è¨­å®šã‚’è¡Œã£ã¦ãã ã•ã„:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "太字ã®é …ç›®ã¯å¿…é ˆã§ã™ã€ãã®ä»–ã¯ã™ã¹ã¦ã‚ªãƒ—ションã§ã™ã€‚" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "åå‰:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "ãƒãƒ¼ã‚¸ãƒ§ãƒ³:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "概è¦:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "詳細:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "ファミリー:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "モジュール:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "ヘルパー" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "ヘルパーをé¸æŠžã—ã¦ãã ã•ã„:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "基本 ICMP タイプ設定" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "基本 ICMP タイプ設定を設定ã—ã¦ãã ã•ã„:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP ã®ç¨®é¡ž" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ICMP タイプをé¸æŠžã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "エントリーã®è¿½åŠ " #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "ファイルã‹ã‚‰ã‚¨ãƒ³ãƒˆãƒªãƒ¼ã‚’追加" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "é¸æŠžã—ãŸã‚¨ãƒ³ãƒˆãƒªãƒ¼ã®å‰Šé™¤" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "ã™ã¹ã¦ã®ã‚¨ãƒ³ãƒˆãƒªãƒ¼ã®å‰Šé™¤" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "ファイルã‹ã‚‰ã‚¨ãƒ³ãƒˆãƒªãƒ¼ã‚’削除" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ファイル(_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "オプション(_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld ã®å†èª­ã¿è¾¼ã¿" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ファイアウォールルールをå†èª­ã¿è¾¼ã¿ã—ã¾ã™ã€‚ç¾åœ¨ã®æ°¸ç¶šçš„ãªè¨­å®šãŒæ–°ã—ã„実行時ã®" "設定ã«ãªã‚Šã¾ã™ã€‚ã¤ã¾ã‚Šã€æ°¸ç¶šçš„ãªè¨­å®šã«å­˜åœ¨ã—ãªã„ã€å†èª­ã¿è¾¼ã¿ã™ã‚‹ã¾ã§ã«è¡Œã‚ã‚Œ" "ãŸå®Ÿè¡Œæ™‚ã®å¤‰æ›´ã¯ã™ã¹ã¦å¤±ã‚ã‚Œã¾ã™ã€‚" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯æŽ¥ç¶šã«é©ç”¨ã•ã‚Œã‚‹ã‚¾ãƒ¼ãƒ³ã‚’変更ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "標準ã®ã‚¾ãƒ¼ãƒ³ã®å¤‰æ›´" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "接続やインターフェースã«é©ç”¨ã•ã‚Œã‚‹æ¨™æº–ã®ã‚¾ãƒ¼ãƒ³ã‚’変更ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "æ‹’å¦ã•ã‚ŒãŸãƒ­ã‚°ã®å¤‰æ›´" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "LogDenied 値を変更ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "オートマãƒãƒƒã‚¯ãƒ˜ãƒ«ãƒ‘ーã®å‰²ã‚Šå½“ã¦ã‚’設定ã™ã‚‹" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "オートマãƒãƒƒã‚¯ãƒ˜ãƒ«ãƒ‘ーã®å‰²ã‚Šå½“ã¦å€¤ã‚’設定ã™ã‚‹" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "パニックモードã¯ã™ã¹ã¦ã®é€å—信パケットãŒç ´æ£„ã•ã‚Œã¾ã™ã€‚" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "パニックモード" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "ロックダウンã«ã‚ˆã‚Šã€ãƒ­ãƒƒã‚¯ãƒ€ã‚¦ãƒ³ãƒ»ãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆã«ã‚るアプリケーションã®ã¿ãŒ" "ファイアウォール設定を変更ã§ãるよã†ã«ãƒ­ãƒƒã‚¯ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "ロックダウン" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "実行時ã®è¨­å®šã‚’永続的ã«ã™ã‚‹" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "永続的ã«ã™ã‚‹å®Ÿè¡Œæ™‚設定" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "表示(_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP タイプ" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "ヘルパー" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "ダイレクト設定" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "ロックダウン・ホワイトリスト" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "アクティブãƒã‚¤ãƒ³ãƒ‡ã‚£ãƒ³ã‚°" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "ヘルプ(_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "ゾーンã®å¤‰æ›´" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "ãƒã‚¤ãƒ³ãƒ‡ã‚£ãƒ³ã‚°ã®ã‚¾ãƒ¼ãƒ³ã‚’変更" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "接続ã®ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãªãƒ©ãƒ³ã‚¿ã‚¤ãƒ ãƒã‚¤ãƒ³ãƒ‡ã‚£ãƒ³ã‚°ã€ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ãŠã‚ˆã³ã‚½ãƒ¼ã‚¹ã‚’" "ゾーンã«å¯¾ã—ã¦éžè¡¨ç¤ºã«ã—ã¾ã™" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "接続ã®ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãªãƒ©ãƒ³ã‚¿ã‚¤ãƒ ãƒã‚¤ãƒ³ãƒ‡ã‚£ãƒ³ã‚°ã€ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ãŠã‚ˆã³ã‚½ãƒ¼ã‚¹ã‚’" "ゾーンã«å¯¾ã—ã¦è¡¨ç¤ºã—ã¾ã™" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "設定:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "ç¾åœ¨åˆ©ç”¨å¯èƒ½ãªè¨­å®šã€‚実行時ã®è¨­å®šãŒå®Ÿéš›ã«æœ‰åŠ¹ãªè¨­å®šã§ã™ã€‚永続的ãªè¨­å®šã¯ã€ã‚µãƒ¼" "ビスã¾ãŸã¯ã‚·ã‚¹ãƒ†ãƒ ãŒå†èª­ã¿è¾¼ã¿ã¾ãŸã¯å†èµ·å‹•ã—ãŸå¾Œã€æœ‰åŠ¹ã«ãªã‚Šã¾ã™ã€‚" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld ゾーンã§ã¯ã‚¾ãƒ¼ãƒ³ã«çµã³ä»˜ã‘られã¦ã„ã‚‹ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯æŽ¥ç¶šã€ã‚¤ãƒ³ã‚¿ãƒ¼" "フェースãŠã‚ˆã³é€ä¿¡å…ƒã‚¢ãƒ‰ãƒ¬ã‚¹ã®ä¿¡é ¼ãƒ¬ãƒ™ãƒ«ã‚’定義ã—ã¾ã™ã€‚サービスã€ãƒãƒ¼ãƒˆã€ãƒ—ロ" "トコルã€ãƒžã‚¹ã‚«ãƒ¬ãƒ¼ãƒ‰ã€ãƒãƒ¼ãƒˆã¨ãƒ‘ケット転é€ã€ICMP フィルターã€é«˜åº¦ãªãƒ«ãƒ¼ãƒ«ã‚’組" "ã¿åˆã‚ã›ã¾ã™ã€‚ゾーンã¯ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã‚„é€ä¿¡å…ƒã‚¢ãƒ‰ãƒ¬ã‚¹ã«çµã³ä»˜ã‘ã‚‹ã“ã¨ãŒã§ã" "ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "ゾーンã®è¿½åŠ " #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "ゾーンã®ç·¨é›†" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "ゾーンã®å‰Šé™¤" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "ゾーンã®åˆæœŸå€¤ã®èª­ã¿è¾¼ã¿" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "ã“ã®ã‚¾ãƒ¼ãƒ³ã§ä¿¡é ¼ã§ãるサービスを定義ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ã“ã®ã‚¾ãƒ¼ãƒ³ã«çµã³ä»˜ã‘" "られã¦ã„る接続ã€ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã€é€ä¿¡å…ƒã‹ã‚‰ã“ã®ãƒžã‚·ãƒ³ã«åˆ°é”ã§ãるホストや" "ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãªã‚‰ã„ãšã‚Œã§ã‚‚ä¿¡é ¼ã§ãるサービスã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ãŒå¯èƒ½ã«ãªã‚Šã¾ã™ã€‚" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "サービス" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "ã“ã®ãƒžã‚·ãƒ³ã«æŽ¥ç¶šã§ãるホストやãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãŒã‚¢ã‚¯ã‚»ã‚¹ã§ããªã‘ã‚Œã°ãªã‚‰ãªã„ãƒãƒ¼" "トã¾ãŸã¯ãƒãƒ¼ãƒˆç¯„囲を追加ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "é€ä¿¡å…ˆãƒãƒ¼ãƒˆ" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "ゾーンã®ç·¨é›†" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "ゾーンã®å‰Šé™¤" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "ãƒãƒ¼ãƒˆ" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "ã™ã¹ã¦ã®ãƒ›ã‚¹ãƒˆã‚„ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãŒã‚¢ã‚¯ã‚»ã‚¹ã§ããªã‘ã‚Œã°ãªã‚‰ãªã„プロトコルを追加ã—" "ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "プロトコルã®è¿½åŠ " #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "プロトコルã®ç·¨é›†" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "プロトコルã®å‰Šé™¤" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "プロトコル" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "ã“ã®ãƒžã‚·ãƒ³ã«æŽ¥ç¶šã§ãã‚‹ã™ã¹ã¦ã®ãƒ›ã‚¹ãƒˆã‚„ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãŒã‚¢ã‚¯ã‚»ã‚¹ã§ããªã‘ã‚Œã°ãªã‚‰" "ãªã„ソースãƒãƒ¼ãƒˆã¾ãŸã¯ãƒãƒ¼ãƒˆç¯„囲を追加ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "é€ä¿¡å…ƒãƒãƒ¼ãƒˆ" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "マスカレード機能を使用ã™ã‚‹ã¨ãƒ­ãƒ¼ã‚«ãƒ«ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚’インターãƒãƒƒãƒˆã«ç¹‹ã’るルー" "ターã¾ãŸã¯ãƒ›ã‚¹ãƒˆã‚’セットアップã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ローカルãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã¯ã‚¤ãƒ³" "ターãƒãƒƒãƒˆä¸Šã‹ã‚‰ã¯è¦‹ãˆãªããªã‚Šã€ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆä¸Šã§ã¯ãƒ›ã‚¹ãƒˆãŒ 1 ã¤ã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã¨" "ã—ã¦è¡¨ç¤ºã•ã‚Œã¾ã™ã€‚マスカレード機能㯠IPv4 é™å®šã§ã™ã€‚" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "マスカレードゾーン" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "マスカレード機能を有効ã«ã™ã‚‹ã¨ã€IPv4 ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã§ IP フォワーディングãŒæœ‰åŠ¹" "ã«ãªã‚Šã¾ã™ã€‚" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "マスカレード機能" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ローカルシステム上ã®ä»»æ„ã®ãƒãƒ¼ãƒˆã‹ã‚‰åˆ¥ã®ãƒãƒ¼ãƒˆã¸ãƒãƒ¼ãƒˆè»¢é€ã€ãƒ­ãƒ¼ã‚«ãƒ«ã‚·ã‚¹ãƒ†ãƒ " "ã‹ã‚‰åˆ¥ã®ã‚·ã‚¹ãƒ†ãƒ ã¸ã®ãƒãƒ¼ãƒˆè»¢é€ã‚’è¡Œã†ãŸã‚ã®ã‚¨ãƒ³ãƒˆãƒªãƒ¼ã‚’追加ã—ã¾ã™ã€‚別ã®ã‚·ã‚¹ãƒ†" "ムã¸ã®ãƒãƒ¼ãƒˆè»¢é€ã«ã¤ã„ã¦ã¯ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ãŒãƒžã‚¹ã‚«ãƒ¬ãƒ¼ãƒ‰ã•ã‚Œã¦ã„ã‚‹å ´åˆã«ã®ã¿" "有効ã§ã™ã€‚ãƒãƒ¼ãƒˆè»¢é€ã¯ IPv4 é™å®šã§ã™ã€‚" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "転é€ãƒãƒ¼ãƒˆã®è¿½åŠ " #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "転é€ãƒãƒ¼ãƒˆã®ç·¨é›†" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "転é€ãƒãƒ¼ãƒˆã®å‰Šé™¤" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ICMP (Internet Control Message Protocol) ã¯ã€ä¸»ã«ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ä¸Šã® コンピュー" "ã‚¿é–“ã§ã‚¨ãƒ©ãƒ¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’é€ä¿¡ã™ã‚‹ã®ã«ä½¿ç”¨ã•ã‚Œã¾ã™ãŒã€æ›´ã«ã¯ ping ã®è¦æ±‚や応答" "ãªã©ã®æƒ…報メッセージã«ã‚‚使用ã•ã‚Œã¾ã™ã€‚" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "一覧内ã®æ‹’å¦ã•ã‚Œã‚‹ã¹ã ICMP タイプをマークã—ã¾ã™ã€‚ ãã®ä»–ã™ã¹ã¦ã® ICMP タイプ" "ã¯ãƒ•ã‚¡ã‚¤ã‚¢ãƒ¼ã‚¦ã‚©ãƒ¼ãƒ«ã®é€šéŽãŒè¨±å¯ã•ã‚Œã¾ã™ã€‚ デフォルトã§ã¯ç„¡åˆ¶é™ã«ãªã£ã¦ã„ã¾" "ã™ã€‚" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "å転フィルターãŒæœ‰åŠ¹ã«ã•ã‚Œã¦ã„ã‚‹å ´åˆã€ãƒžãƒ¼ã‚¯ã•ã‚ŒãŸ ICMP エントリーã¯å—ã‘入れ" "られã€ãれ以外ã¯æ‹’å¦ã•ã‚Œã¾ã™ã€‚ターゲット㌠DROP ã®ã‚¾ãƒ¼ãƒ³ã§ã¯ã€ãれらã¯ç ´æ£„ã•" "ã‚Œã¾ã™ã€‚" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "å転フィルター" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP フィルター" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "ã“ã“ã‹ã‚‰ã‚¾ãƒ¼ãƒ³ã®é«˜åº¦ãªè¨€èªžãƒ«ãƒ¼ãƒ«ã‚’設定ã§ãã¾ã™ã€‚" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "高度ãªãƒ«ãƒ¼ãƒ«ã®è¿½åŠ " #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "高度ãªãƒ«ãƒ¼ãƒ«ã®ç·¨é›†" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "高度ãªãƒ«ãƒ¼ãƒ«ã®å‰Šé™¤" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "高度ãªãƒ«ãƒ¼ãƒ«" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "インターフェースをゾーンã«å‰²ã‚Šå½“ã¦ã‚‹ãŸã‚ã®é …目を追加ã—ã¾ã™ã€‚インターフェース" "ãŒæŽ¥ç¶šã«ã‚ˆã‚Šä½¿ç”¨ã•ã‚Œã‚‹å ´åˆã€ã‚¾ãƒ¼ãƒ³ãŒæŽ¥ç¶šã§æŒ‡å®šã•ã‚ŒãŸã‚¾ãƒ¼ãƒ³ãŒè¨­å®šã•ã‚Œã¾ã™ã€‚" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "インターフェースã®è¿½åŠ " #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "インターフェースã®ç·¨é›†" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "インターフェースã®å‰Šé™¤" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "ゾーンã«é€ä¿¡å…ƒã‚¢ãƒ‰ãƒ¬ã‚¹ã‚‚ã—ãã¯ã‚¨ãƒªã‚¢ã‚’ãƒã‚¤ãƒ³ãƒ‰ã™ã‚‹ãŸã‚ã«ã‚¨ãƒ³ãƒˆãƒªãƒ¼ã‚’追加ã—ã¾" "ã™ã€‚é€ä¿¡å…ƒã® MAC アドレスをãƒã‚¤ãƒ³ãƒ‰ã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚ã—ã‹ã—ã€ãã®å ´åˆã«åˆ¶ç´„" "ãŒã‚ã‚Šã¾ã™ã€‚ãƒãƒ¼ãƒˆãƒ•ã‚©ã‚¢ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ãŠã‚ˆã³ãƒžã‚¹ã‚«ãƒ¬ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã«ã¯ã€é€ä¿¡å…ƒ MAC ã‚¢" "ドレスã®ãƒã‚¤ãƒ³ãƒ‡ã‚£ãƒ³ã‚°ã¯æ©Ÿèƒ½ã—ã¾ã›ã‚“。" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "ソースã®è¿½åŠ " #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "ソースã®ç·¨é›†" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "ソースã®å‰Šé™¤" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "ゾーン" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "firewalld サービスã¨ã¯ãƒãƒ¼ãƒˆã‚„プロトコルã€ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã€é€ä¿¡å…ˆã‚¢ãƒ‰ãƒ¬ã‚¹ãªã©ã®çµ„" "ã¿åˆã‚ã›ã‚’指ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "サービスã®è¿½åŠ " #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "サービスã®ç·¨é›†" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "サービスã®å‰Šé™¤" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "サービスã®æ¨™æº–ã®èª­ã¿è¾¼ã¿" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "ã™ã¹ã¦ã®ãƒ›ã‚¹ãƒˆã‚„ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‹ã‚‰ã‚¢ã‚¯ã‚»ã‚¹ã§ãã‚‹ã“ã¨ãŒå¿…è¦ãªè¿½åŠ ã®ãƒãƒ¼ãƒˆã‹ã€" "ãƒãƒ¼ãƒˆã®ç¯„囲を追加ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "エントリーã®ç·¨é›†" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "エントリーã®å‰Šé™¤" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "ã™ã¹ã¦ã®ãƒ›ã‚¹ãƒˆã‚„ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãŒã‚¢ã‚¯ã‚»ã‚¹ã§ããªã‘ã‚Œã°ãªã‚‰ãªã„ソースãƒãƒ¼ãƒˆã¾ãŸã¯" "ãƒãƒ¼ãƒˆç¯„囲を追加ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "ソースãƒãƒ¼ãƒˆ" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Netfiler ヘルパーモジュールã¯ã€ã„ãã¤ã‹ã®ã‚µãƒ¼ãƒ“スを必è¦ã¨ã—ã¦ã„ã¾ã™" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "モジュール" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "é€ä¿¡å…ˆã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’指定ã™ã‚‹ã¨ã€ã‚µãƒ¼ãƒ“スã®é …ç›®ãŒé€ä¿¡å…ˆã‚¢ãƒ‰ãƒ¬ã‚¹ã¨ã‚¿ã‚¤ãƒ—ã«åˆ¶é™ã•ã‚Œ" "ã¾ã™ã€‚ã©ã¡ã‚‰ã®é …目も空ã®å ´åˆã€åˆ¶é™ãŒã‚ã‚Šã¾ã›ã‚“。" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "サービスã¯æ°¸ç¶šçš„ãªè¨­å®šã®è¡¨ç¤ºç”»é¢ã ã‘ã§å¤‰æ›´ã§ãã¾ã™ã€‚サービスã®å®Ÿè¡Œæ™‚ã®è¨­å®šãŒ" "変更ã•ã‚Œã¾ã™ã€‚" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet ã¯ãƒ›ãƒ¯ã‚¤ãƒˆãƒªã‚¹ãƒˆã‚‚ã—ãã¯ãƒ–ラックリストを作æˆã§ãã€ãã®ä¸­ã«ã€IPアドレス" "ã‚„ãƒãƒ¼ãƒˆç•ªå·ã€MAC アドレスã®æƒ…報を格ç´ã§ãã¾ã™ã€‚" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "IPSet ã®è¿½åŠ " #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "IPSet ã®ç·¨é›†" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "IPSet ã®å‰Šé™¤" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "IPSet ã®åˆæœŸå€¤ã®èª­ã¿è¾¼ã¿" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "IPSet エントリーã®ä¸€è¦§ã§ã¯ã€ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã‚ªãƒ—ションを使用ã—ã¦ã„ãªã„ IPSet ã®ã‚¨" "ントリーã€firewalld ã«ã‚ˆã£ã¦è¿½åŠ ã•ã‚ŒãŸã‚¨ãƒ³ãƒˆãƒªãƒ¼ã®ã¿ã‚’確èªã™ã‚‹ã“ã¨ãŒã§ãã¾" "ã™ã€‚ipset コマンドを直接実行ã—ã¦è¿½åŠ ã—ãŸã‚¨ãƒ³ãƒˆãƒªãƒ¼ã¯è¡¨ç¤ºã•ã‚Œã¾ã›ã‚“。" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "ã“ã® IPSet ã¯ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã‚ªãƒ—ションを使ã£ã¦ã„ã¾ã™ã€‚従ã£ã¦ã€ã“ã“ã«ã¯ã‚¨ãƒ³ãƒˆãƒªãƒ¼" "ãŒè¡¨ç¤ºã•ã‚Œã¾ã›ã‚“。エントリー㯠ipset コマンドを直接実行ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "追加" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "エントリー" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "IPSets ã¯æ°¸ç¶šçš„ãªè¨­å®šã®è¡¨ç¤ºç”»é¢ã ã‘ã§ä½œæˆãŠã‚ˆã³å‰Šé™¤ãŒã§ãã¾ã™ã€‚" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld ã® ICMP タイプ㯠firewalld 用㮠Internet Control Message Protocol " "(ICMP) タイプã®æƒ…報をæä¾›ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP ã®ç¨®é¡žã®è¿½åŠ " #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP ã®ç¨®é¡žã®ç·¨é›†" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP ã®ç¨®é¡žã®å‰Šé™¤" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP タイプã®åˆæœŸå€¤ã®èª­ã¿è¾¼ã¿" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" "ã“ã® ICMP タイプ㌠IPv4 㨠IPv6 ã«å¯¾ã—ã¦åˆ©ç”¨å¯èƒ½ã§ã‚ã‚‹ã‹ã©ã†ã‹ã‚’指定ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP タイプã¯æ°¸ç¶šçš„ãªè¨­å®šã®è¡¨ç¤ºç”»é¢ã ã‘ã§å¤‰æ›´ã§ãã¾ã™ã€‚ICMP タイプã®å®Ÿè¡Œæ™‚ã®" "設定ã¯å¤‰æ›´ã•ã‚Œã¾ã™ã€‚" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "コãƒã‚¯ã‚·ãƒ§ãƒ³ãƒˆãƒ©ãƒƒã‚­ãƒ³ã‚°ãƒ˜ãƒ«ãƒ‘ーã¯ã€ã‚·ã‚°ãƒŠãƒ«ã¨ãƒ‡ãƒ¼ã‚¿è»¢é€ã¨ã®ç•°ãªã‚‹ãƒ•ãƒ­ãƒ¼ã§åˆ©" "用ã•ã‚Œã‚‹ãƒ—ロトコルãŒå‹•ä½œã™ã‚‹ã‚ˆã†æ”¯æ´ã—ã¾ã™ã€‚データ転é€ã¯ã€ã‚·ã‚°ãƒŠãƒ«æŽ¥ç¶šã¨ç„¡é–¢" "ä¿‚ãªãƒãƒ¼ãƒˆã‚’利用ã™ã‚‹ãŸã‚ã€ãƒ˜ãƒ«ãƒ‘ーãŒãªã„ã¨ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã«ã‚ˆã£ã¦ãƒ–ロックã•" "ã‚Œã¦ã—ã¾ã„ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "ãƒãƒ¼ãƒˆã‚‚ã—ãã¯ãƒãƒ¼ãƒˆã®ç¯„囲を定義ã—ã€ãれをヘルパーã«ã‚ˆã£ã¦ãƒ¢ãƒ‹ã‚¿ãƒªãƒ³ã‚°ã•ã‚Œã¾" "ã™ã€‚" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "ダイレクト設定ã«ã‚ˆã‚Šã€ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã«ã‚ˆã‚Šç›´æŽ¥ã‚¢ã‚¯ã‚»ã‚¹ã§ãã¾ã™ã€‚ã“れらã®ã‚ª" "プションã¯ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒ iptables ã®åŸºæœ¬çš„ãªæ¦‚念ã€ã¤ã¾ã‚Šãƒ†ãƒ¼ãƒ–ルã€ãƒã‚§ã‚¤ãƒ³ã€ã‚³" "マンドã€ãƒ‘ラメーターã€ã‚¿ãƒ¼ã‚²ãƒƒãƒˆã«é–¢ã™ã‚‹çŸ¥è­˜ã‚’有ã—ã¦ã„ã‚‹ã“ã¨ã‚’å‰æã«ã—ã¦ã„ã¾" "ã™ã€‚ダイレクト設定ã¯ã€ä»–ã®ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«æ©Ÿèƒ½ã‚’使用ã§ããªã„å ´åˆã«ã€æœ€çµ‚手段" "ã¨ã—ã¦ã®ã¿ä½¿ç”¨ã™ã¹ãã§ã™ã€‚" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "å„オプション㮠ipv 引数㯠ipv4, ipv6, eb ã®ã©ã‚Œã‹ã§ã‚ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ipv4 " "を指定ã™ã‚‹ã¨ã€iptables ãŒä½¿ç”¨ã•ã‚Œã¾ã™ã€‚ipv6 を指定ã™ã‚‹ã¨ã€ip6tables ãŒä½¿ç”¨ã•" "ã‚Œã¾ã™ã€‚eb を指定ã™ã‚‹ã¨ã€ã‚¤ãƒ¼ã‚µãƒãƒƒãƒˆãƒ–リッジ (ebtables) ãŒä½¿ç”¨ã•ã‚Œã¾ã™ã€‚" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "ルールã§ç”¨ã„る追加ã®ãƒã‚§ã‚¤ãƒ³ã€‚" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "ãƒã‚§ã‚¤ãƒ³ã®è¿½åŠ " #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "ãƒã‚§ã‚¤ãƒ³ã®ç·¨é›†" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "ãƒã‚§ã‚¤ãƒ³ã®å‰Šé™¤" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "ãƒã‚§ã‚¤ãƒ³" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "ルールを args 引数ã¨ã¨ã‚‚ã«ã€ãƒ†ãƒ¼ãƒ–ルã«ã‚ã‚‹ãƒã‚§ã‚¤ãƒ³ã«å„ªå…ˆåº¦ã‚’付ã‘ã¦è¿½åŠ ã—ã¾" "ã™ã€‚" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "優先度ã¯ãƒ«ãƒ¼ãƒ«ã®é †åºã‚’ã¤ã‘ã‚‹ãŸã‚ã«ä½¿ç”¨ã•ã‚Œã¾ã™ã€‚優先度 0 ã¯ãƒ«ãƒ¼ãƒ«ã‚’ãƒã‚§ã‚¤ãƒ³ã®" "最åˆã«è¿½åŠ ã—ã¾ã™ã€‚より高ã„優先度をæŒã¤ãƒ«ãƒ¼ãƒ«ãŒã•ã‚‰ã«ä¸‹ã«è¿½åŠ ã•ã‚Œã¾ã™ã€‚åŒã˜å„ª" "先度をæŒã¤ãƒ«ãƒ¼ãƒ«ã¯åŒã˜ãƒ¬ãƒ™ãƒ«ã«ãªã‚Šã¾ã™ã€‚ã“れらã®ãƒ«ãƒ¼ãƒ«ã®é †åºã¯å›ºå®šã•ã‚Œãšã€å¤‰" "æ›´ã•ã‚Œã‚‹ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“。ルールを確実ã«ä»–ã®ãƒ«ãƒ¼ãƒ«ã®å¾Œã‚ã«è¿½åŠ ã—ãŸã„å ´åˆã€æœ€åˆ" "ã«ä½Žã„優先度を使用ã—ã€æ¬¡ã«ã‚ˆã‚Šé«˜ã„優先度を使用ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "ルールã®è¿½åŠ " #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "ルールã®ç·¨é›†" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "ルールã®å‰Šé™¤" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "ルール" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "パススルールールã¯ç›´æŽ¥ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã«æ¸¡ã•ã‚Œã‚‹ãƒ«ãƒ¼ãƒ«ã§ã™ã€‚特別ãªãƒã‚§ã‚¤ãƒ³ã«" "ç½®ã‹ã‚Œã¾ã›ã‚“。iptables, ip6tables, ebtables ã®ã™ã¹ã¦ã®ã‚ªãƒ—ションãŒä½¿ç”¨ã§ãã¾" "ã™ã€‚" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "パススルールールを追加ã™ã‚‹å ´åˆã€ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã‚’壊ã•ãªã„よã†æ³¨æ„ã—ã¦ãã ã•" "ã„。" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "パススルーã®è¿½åŠ " #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "パススルーã®ç·¨é›†" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "パススルーã®å‰Šé™¤" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "パススルー" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "ロックダウン機能ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¨ã‚¢ãƒ—リケーションã®ãƒãƒªã‚·ãƒ¼ã® firewalld å‘ã‘軽é‡" "ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã™ã€‚ã“ã‚Œã«ã‚ˆã‚Šã€ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã¸ã®å¤‰æ›´ãŒåˆ¶é™ã•ã‚Œã¾ã™ã€‚ロックダ" "ウン・ホワイトリストã¯ã€ã‚³ãƒžãƒ³ãƒ‰ã€ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŠã‚ˆã³ãƒ¦ãƒ¼ã‚¶ãƒ¼ ID ã‚’" "å«ã‚られã¾ã™ã€‚" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "コンテキストã¯å®Ÿè¡Œä¸­ã®ã‚¢ãƒ—リケーションやサービスã®ã‚»ã‚­ãƒ¥ãƒªãƒ†ã‚£ãƒ¼ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆ" "(SELinux コンテキスト)ã§ã™ã€‚実行中ã®ã‚¢ãƒ—リケーションã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’確èªã™ã‚‹" "ã«ã¯ã€ps -e --contextコマンドを使用ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "コンテキストã®è¿½åŠ " #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "コンテキストã®ç·¨é›†" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "コンテキストã®å‰Šé™¤" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "コンテキスト" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "ホワイトリストã®ã‚³ãƒžãƒ³ãƒ‰ãŒã‚¢ã‚¹ã‚¿ãƒªã‚¹ã‚¯ '*' ã§çµ‚ã‚ã£ã¦ã„ã‚‹å ´åˆã€ãã®ã‚³ãƒžãƒ³ãƒ‰ã‹" "ら始ã¾ã‚‹ã™ã¹ã¦ã®ã‚³ãƒžãƒ³ãƒ‰ãƒ©ã‚¤ãƒ³ã«ä¸€è‡´ã—ã¾ã™ã€‚ã‚‚ã— '*' ãŒãªã‘ã‚Œã°ã€å¼•æ•°ã‚’å«ã‚ã€" "コマンドãŒå®Œå…¨ã«ä¸€è‡´ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "コマンドラインã®è¿½åŠ " #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "コマンドラインã®ç·¨é›†" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "コマンドラインã®å‰Šé™¤" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "コマンドライン" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "ユーザーå。" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "ユーザーåã®è¿½åŠ " #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "ユーザーåã®ç·¨é›†" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "ユーザーåã®å‰Šé™¤" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "ユーザーå" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ユーザー ID。" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "ユーザー ID ã®è¿½åŠ " #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "ユーザー ID ã®ç·¨é›†" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "ユーザー ID ã®å‰Šé™¤" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ユーザー ID" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "ç¾åœ¨ã®ã‚·ã‚¹ãƒ†ãƒ ã®æ¨™æº–ゾーン。" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "æ‹’å¦ã•ã‚ŒãŸãƒ­ã‚°:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "パニックモード:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "オートマãƒãƒƒã‚¯ãƒ˜ãƒ«ãƒ‘ー:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "ロックダウン:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "標準ゾーン:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "インターフェースåを入力ã—ã¦ãã ã•ã„:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "基本 IPSet 設定" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "基本IPSet設定を設定ã—ã¦ãã ã•ã„:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "タイプ:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "タイムアウト:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "ãƒãƒƒã‚·ãƒ¥ã‚µã‚¤ã‚º:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "最大è¦ç´ :" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "タイムアウトã®ç§’æ•°" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "ãƒãƒƒã‚·ãƒ¥ã‚µã‚¤ã‚ºã®åˆæœŸå€¤ã€ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã¯ 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "è¦ç´ ã®æœ€å¤§æ•°ã€ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã¯ 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "IPSet ã‚’é¸æŠžã—ã¦ãã ã•ã„:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "IPSetエントリーを入力ã—ã¦ãã ã•ã„:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "æ‹’å¦ã•ã‚ŒãŸãƒ­ã‚°" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "æ‹’å¦ã•ã‚ŒãŸãƒ­ã‚°ã®å€¤ã‚’é¸æŠžã—ã¦ãã ã•ã„:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "マーク" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "オプションã®ãƒžã‚¹ã‚¯ã¨å…±ã«ãƒžãƒ¼ã‚¯ã‚’入力ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "マークã¨ãƒžã‚¹ã‚¯ãƒ•ã‚£ãƒ¼ãƒ«ãƒ‰ã¯ã©ã¡ã‚‰ã‚‚ 32 ビットã®ç¬¦å·ãªã—数値ã«ãªã‚Šã¾ã™ã€‚" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "マーク:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "マスク:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "netfilter conntrack ヘルパーをé¸æŠžã—ã¦ãã ã•ã„:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- é¸æŠž -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "ãã®ä»–ã®ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "ãƒãƒ¼ãƒˆã¨ãƒ—ロトコル" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ãƒãƒ¼ãƒˆãŠã‚ˆã³ãƒ—ロトコルを入力ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "ダイレクトルール" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "ipvã€ãƒ†ãƒ¼ãƒ–ルã€ãƒã‚§ã‚¤ãƒ³å„ªå…ˆåº¦ãŠã‚ˆã³å¼•æ•°ã‚’入力ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "優先度:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "プロトコルを入力ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "ä»–ã®ãƒ—ロトコル:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "高度ãªãƒ«ãƒ¼ãƒ«" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "高度ãªãƒ«ãƒ¼ãƒ«ã‚’入力ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "ホストã¾ãŸã¯ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã®å ´åˆã€è¦ç´ ã‚’許å¯ã¾ãŸã¯æ‹’å¦ã—ã¦éžã‚¢ã‚¯ãƒ†ã‚£ãƒ–化ã—ã¾ã™ã€‚" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "é€ä¿¡å…ƒ:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "é€ä¿¡å…ˆ:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "ログ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "監査:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 㨠IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "å転" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "ã“れを有効ã«ã™ã‚‹ã«ã¯ã€ã‚¢ã‚¯ã‚·ãƒ§ãƒ³ã‚’ 'reject' ã«ã—ã€ãƒ•ã‚¡ãƒŸãƒªãƒ¼ã‚’ 'ipv4' ã¾ãŸã¯ " "'ipv6' ã®ã„ãšã‚Œã‹ (両方ã§ã¯ãªã„) ã«ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "タイプ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "有効期é™:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "プレフィックス:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "レベル:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "è¦ç´ :" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "アクション:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "基本サービス設定" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "基本サービス設定を設定ã—ã¦ãã ã•ã„:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "サービスをé¸æŠžã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "ソースを入力ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ユーザー ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ユーザー ID を入力ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "ユーザーåを入力ã—ã¦ãã ã•ã„。" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "ラベル" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "基本ゾーン設定" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "基本ゾーン設定を設定ã—ã¦ãã ã•ã„:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "標準ターゲット" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "ターゲット:" firewalld-1.1.1/po/ka.po0000644000000000000000000013551014217342322015037 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # George Machitidze , 2013 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2016-01-04 12:24+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Georgian (http://www.transifex.com/projects/p/firewalld/" "language/ka/)\n" "Language: ka\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ქსელური ფáƒáƒ áƒ˜" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ქსელური ფáƒáƒ áƒ˜áƒ¡ კáƒáƒœáƒ¤áƒ˜áƒ’ურáƒáƒªáƒ˜áƒ" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "შეტყáƒáƒ‘ინებების ჩáƒáƒ áƒ—ვáƒ" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "ფáƒáƒ áƒ˜áƒ¡ პáƒáƒ áƒáƒ›áƒ”ტრების რედáƒáƒ¥áƒ¢áƒ˜áƒ áƒ”ბáƒ..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "ქსელის ტრáƒáƒ¤áƒ˜áƒ™áƒ˜áƒ¡ სრული ბლáƒáƒ™áƒ˜áƒ áƒ”ბáƒ" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "კáƒáƒ•áƒ¨áƒ˜áƒ áƒ˜ áƒáƒ áƒáƒ." #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "<ინტერფეისი>" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "áƒáƒ•áƒ¢áƒáƒ áƒ˜áƒ–ებრვერ მáƒáƒ®áƒ”რხდáƒ." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "სáƒáƒ®áƒ”ლი უკვე áƒáƒ áƒ¡áƒ”ბáƒáƒ‘ს" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "ქსელის ტრáƒáƒ¤áƒ˜áƒ™áƒ˜áƒ¡ სრულიáƒáƒ“ დáƒáƒ˜áƒ‘ლáƒáƒ™áƒ." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "áƒáƒ¥áƒ¢áƒ˜áƒ£áƒ áƒ˜ ზáƒáƒœáƒ”ბი áƒáƒ áƒáƒ." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallD-თáƒáƒœ კáƒáƒ•áƒ¨áƒ˜áƒ áƒ˜ დáƒáƒ›áƒ§áƒáƒ áƒ“áƒ." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallD-თáƒáƒœ კáƒáƒ•áƒ¨áƒ˜áƒ áƒ˜ გáƒáƒ¬áƒ§áƒ“áƒ." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD გáƒáƒ“áƒáƒ˜áƒ¢áƒ•áƒ˜áƒ áƒ—áƒ." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "ნáƒáƒ’ულისხმევი ზáƒáƒœáƒ შეიცვáƒáƒšáƒ - '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "ქსელური ტრáƒáƒ¤áƒ˜áƒ™áƒ˜ áƒáƒ¦áƒáƒ áƒáƒ დáƒáƒ‘ლáƒáƒ™áƒ˜áƒšáƒ˜." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "áƒáƒ¥áƒ¢áƒ˜áƒ•áƒ˜áƒ áƒ”ბული" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "დეáƒáƒ¥áƒ¢áƒ˜áƒ•áƒ˜áƒ áƒ”ბული" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ხáƒáƒ¢áƒ£áƒšáƒ”ბის ჩáƒáƒ¢áƒ•áƒ˜áƒ áƒ—ვრვერ მáƒáƒ®áƒ”რხდáƒ." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "სერვისი" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "პáƒáƒ áƒ¢áƒ˜" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "áƒáƒ¥áƒ›áƒ˜" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "პáƒáƒ áƒ¢áƒ˜áƒ¡áƒ™áƒ”ნ" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "მისáƒáƒ›áƒáƒ áƒ—ისკენ" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp-ის ტიპი" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "წყáƒáƒ áƒ" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "ყურáƒáƒ“ღებáƒ" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "შეცდáƒáƒ›áƒ" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "ზáƒáƒœáƒ" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "ზáƒáƒœáƒ˜áƒ¡ áƒáƒ›áƒáƒ¦áƒ”ბáƒ" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "იგნáƒáƒ áƒ˜áƒ áƒ”ბáƒ" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "ჩáƒáƒ“გმული ზáƒáƒœáƒ, სáƒáƒ®áƒ”ლის შეცვლრშეუძლებელიáƒ." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "ჩáƒáƒ“გმული სერვისი, სáƒáƒ®áƒ”ლის შეცვლრშეუძლებელიáƒ." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "ჩáƒáƒ“გმული icmp, სáƒáƒ®áƒ”ლის შეცვლრშეუძლებელიáƒ." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "მისáƒáƒ›áƒáƒ áƒ—ი" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "პáƒáƒ áƒ¢áƒ˜áƒ¡ გáƒáƒ“áƒáƒ›áƒ˜áƒ¡áƒáƒ›áƒáƒ áƒ—ებáƒ" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "პáƒáƒ áƒ¢áƒ˜ / პáƒáƒ áƒ¢áƒ”ბის დიáƒáƒžáƒáƒ–áƒáƒœáƒ˜:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP მისáƒáƒ›áƒáƒ áƒ—ი:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "áƒáƒ¥áƒ›áƒ˜:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "დáƒáƒœáƒ˜áƒ¨áƒœáƒ£áƒšáƒ”ბáƒ" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "áƒáƒ“გილზე გáƒáƒ“áƒáƒ›áƒ˜áƒ¡áƒáƒ›áƒáƒ áƒ—ებáƒ" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "სხვრპáƒáƒ áƒ¢áƒ˜áƒ¡áƒ™áƒ”ნ გáƒáƒ“áƒáƒ›áƒ˜áƒ¡áƒáƒ›áƒáƒ áƒ—ებáƒ" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "სáƒáƒ®áƒ”ლი:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "ვერსიáƒ:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "მáƒáƒ™áƒšáƒ”:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "áƒáƒ¦áƒ¬áƒ”რáƒ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP-ის ტიპი" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "ჩáƒáƒœáƒáƒ¬áƒ”რი" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_ფáƒáƒ˜áƒšáƒ˜" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_პáƒáƒ áƒáƒ›áƒ”ტრები" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld-ის გáƒáƒ“áƒáƒ¢áƒ•áƒ˜áƒ áƒ—ვáƒ" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "ნáƒáƒ’ულისხმევი ზáƒáƒœáƒ˜áƒ¡ შეცვლáƒ" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "დáƒ_ხმáƒáƒ áƒ”ბáƒ" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "ზáƒáƒœáƒ˜áƒ¡ დáƒáƒ›áƒáƒ¢áƒ”ბáƒ" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "ზáƒáƒœáƒ˜áƒ¡ რედáƒáƒ¥áƒ¢áƒ˜áƒ áƒ”ბáƒ" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "ზáƒáƒœáƒ˜áƒ¡ áƒáƒ›áƒáƒ¦áƒ”ბáƒ" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "სერვისები" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "პáƒáƒ áƒ¢áƒ˜áƒ¡áƒ™áƒ”ნ" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "ზáƒáƒœáƒ˜áƒ¡ რედáƒáƒ¥áƒ¢áƒ˜áƒ áƒ”ბáƒ" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "ზáƒáƒœáƒ˜áƒ¡ áƒáƒ›áƒáƒ¦áƒ”ბáƒ" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "პáƒáƒ áƒ¢áƒ”ბი" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "გáƒáƒ“áƒáƒ›áƒ˜áƒ¡áƒáƒ›áƒáƒ áƒ—ების პáƒáƒ áƒ¢áƒ˜áƒ¡ დáƒáƒ›áƒáƒ¢áƒ”ბáƒ" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "გáƒáƒ“áƒáƒ›áƒ˜áƒ¡áƒáƒ›áƒáƒ áƒ—ების პáƒáƒ áƒ¢áƒ˜áƒ¡ რედáƒáƒ¥áƒ¢áƒ˜áƒ áƒ”ბáƒ" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "გáƒáƒ“áƒáƒ›áƒ˜áƒ¡áƒáƒ›áƒáƒ áƒ—ების პáƒáƒ áƒ¢áƒ˜áƒ¡ áƒáƒ›áƒáƒ¦áƒ”ბáƒ" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ფილტრი" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "სერვისის დáƒáƒ›áƒáƒ¢áƒ”ბáƒ" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "სერვისის რედáƒáƒ¥áƒ¢áƒ˜áƒ áƒ”ბáƒ" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "სერვისის áƒáƒ›áƒáƒ¦áƒ”ბáƒ" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "ჩáƒáƒœáƒáƒ¬áƒ”რის რედáƒáƒ¥áƒ¢áƒ˜áƒ áƒ”ბáƒ" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "ჩáƒáƒœáƒáƒ¬áƒ”რის áƒáƒ›áƒáƒ¦áƒ”ბáƒ" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "მáƒáƒ“ულები" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP-ის ტიპის დáƒáƒ›áƒáƒ¢áƒ”ბáƒ" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP-ის ტიპის რედáƒáƒ¥áƒ¢áƒ˜áƒ áƒ”ბáƒ" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP-ის ტიპის áƒáƒ›áƒáƒ¦áƒ”ბáƒ" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "ნáƒáƒ’ულისხმევი ზáƒáƒœáƒ:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "პáƒáƒ áƒ¢áƒ˜ დრáƒáƒ¥áƒ›áƒ˜" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "გთხáƒáƒ•áƒ— შეიყვáƒáƒœáƒáƒ— პáƒáƒ áƒ¢áƒ˜ დრáƒáƒ¥áƒ›áƒ˜." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "სხვრáƒáƒ¥áƒ›áƒ˜:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-1.1.1/po/kn.po0000644000000000000000000021762014217342322015057 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # shanky , 2014 # shankar , 2006 # shankar , 2006 # shankar , 2007-2011 # shankar , 2006 # shanky , 2014 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2015-02-26 09:59+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Kannada (http://www.transifex.com/projects/p/firewalld/" "language/kn/)\n" "Language: kn\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "ಫೈರà³à²µà²¾à²²à³ ಆಪà³à²²à³†à²Ÿà³" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ಫೈರà³à²µà²¾à²²à³" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ಫೈರà³à²µà²¾à²²à³ ಸà³à²µà²°à³‚ಪಣೆ" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "ಫೈರà³à²µà²¾à²²à³;ಜಾಲಬಂಧ;ಸà³à²°à²•à³à²·à²¤à³†;iptables;ನೆಟà³â€Œà²«à²¿à²²à³à²Ÿà²°à³â€Œ;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "'%s' ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²•à³à²•à²¾à²—ಿ ವಲಯವನà³à²¨à³ ಆರಿಸಿ." #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤ ವಲಯ" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "'%s' ಸಂಪರà³à²•à²•à³à²•à²¾à²—ಿ ವಲಯವನà³à²¨à³ ಆರಿಸಿ" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "ಶೀಲà³à²¡à³à²¸à³ ಅಪà³/ಡೌನೠವಲಯಗಳನà³à²¨à³ ಸಂರಚಿಸà³" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "ಇಲà³à²²à²¿ ನೀವೠಶೀಲà³à²¡à³à²¸à³ ಅಪೠಮತà³à²¤à³ ಡೌನà³â€Œà²—ಾಗಿ ಬಳಸಲಾದ ವಲಯಗಳನà³à²¨à³ ಆರಿಸಬಹà³à²¦à³." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "ಈ ಸೌಲಭà³à²¯à²µà³ ಹೆಚà³à²šà³ ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤à²µà²¾à²¦ ವಲಯಗಳನà³à²¨à³ ಬಳಸà³à²µ ಜನರಿಗೆ ಪà³à²°à²¯à³‹à²œà²¨à²µà²¾à²—à³à²¤à³à²¤à²¦à³†. ವಲಯಗಳ " "ಸಂಪರà³à²•à²—ಳನà³à²¨à³ ಬದಲಾಯಿಸà³à²µ ಬಳಕೆದಾರರಿಗೆ, ಇದೠಬಹà³à²·à²ƒ ನಿಯಮಿತವಾದ ಉಪಯೋಗವನà³à²¨à³ ಒದಗಿಸಬಹà³à²¦à³." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "ಶೀಲà³à²¡à³à²¸à³ ಅಪೠವಲಯ:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "ಶೀಲà³à²¡à³à²¸à³ ಡೌನೠವಲಯ:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "ಶೀಲà³à²¡à³à²¸à³ ಅಪà³" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "ಸೂಚನೆಗಳನà³à²¨à³ ಸಕà³à²°à²¿à²¯à²—ೊಳಿಸà³" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "ಫೈರà³à²µà²¾à²²à³ ಸಿದà³à²§à²¤à³†à²—ಳನà³à²¨à³ ಸಂಪಾದಿಸà³..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "ಸಂಪರà³à²•à²—ಳ ವಲಯಗಳನà³à²¨à³ ಬದಲಾಯಿಸà³..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "ಶೀಲà³à²¡à³à²¸à³ ಅಪà³/ಡೌನೠವಲಯಗಳನà³à²¨à³ ಸಂರಚಿಸà³..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "ಎಲà³à²²à²¾ ಜಾಲಬಂಧ ಸಂಚಾರವನà³à²¨à³ ನಿರà³à²¬à²‚ಧಿಸà³" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "ಸಂಪರà³à²•à²—ಳà³" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "ಆಕರಗಳà³" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ದೃಢೀಕರಣವೠವಿಫಲಗೊಂಡಿದೆ." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "ಅಮಾನà³à²¯à²µà²¾à²¦ ಆರà³à²—à³à²¯à³à²®à³†à²‚ಟೠ%s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "ಹೆಸರೠಈಗಾಗಲೆ ಅಸà³à²¤à²¿à²¤à³à²µà²¦à²²à³à²²à²¿à²¦à³†" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "ಫೈರà³à²µà²¾à²²à³ ಡೀಮನà³â€Œà²¨à³Šà²‚ದಿಗೆ ಸಂಪರà³à²•à²µà³ ಕಡಿದೠಹೋಗಿದೆ" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "ಎಲà³à²²à²¾ ಜಾಲಬಂಧ ಸಂಚಾರವನà³à²¨à³ ನಿರà³à²¬à²‚ಧಿಸಲಾಗಿದೆ." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤ ವಲಯ: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "'{interface}' ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²¦à²²à³à²²à²¿à²¨ '{connection}' ಸಂಪರà³à²•à²•à³à²•à²¾à²—ಿನ '{zone}' ವಲಯವೠ" "ಸಕà³à²°à²¿à²¯à²µà²¾à²—ಿದೆ" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "'{interface}' ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²•à³à²•à²¾à²—ಿನ '{zone}' ವಲಯವೠಸಕà³à²°à²¿à²¯à²µà²¾à²—ಿದೆ" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "'{source}' ಆಕರಕà³à²•à²¾à²—ಿನ '{zone}' ವಲಯವೠಸಕà³à²°à²¿à²¯à²µà²¾à²—ಿದೆ" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "ಯಾವà³à²¦à³† ಸಕà³à²°à²¿à²¯ ವಲಯಗಳಿಲà³à²²." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallID ಗೆ ಸಂಪರà³à²•à²µà²¨à³à²¨à³ ಸಾಧಿಸಲಾಗಿದೆ." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallID ಗೆ ಸಂಪರà³à²•à²µà³ ತಪà³à²ªà²¿ ಹೋಗಿದೆ." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD ಅನà³à²¨à³ ಮರಳಿ ಲೋಡೠಮಾಡಲಾಗಿದೆ." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤ ವಲಯವನà³à²¨à³ '%s' ಗೆ ಬದಲಾಯಿಸಲಾಗಿದೆ." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "ಜಾಲಬಂಧ ಸಂಚಾರವನà³à²¨à³ ಈಗ ನಿರà³à²¬à²‚ಧಿಸಲಾಗಿಲà³à²²." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "ಸಕà³à²°à²¿à²¯à²—ೊಂಡಿದೆ" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "ನಿಷà³à²•à³à²°à²¿à²¯à²—ೊಂಡಿದೆ" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "'{interface}' ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²¦à²²à³à²²à²¿à²¨ '{connection}' ಸಂಪರà³à²•à²•à³à²•à²¾à²—ಿನ " "'{zone}' {activated_deactivated} ವಲಯ" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "'{interface}' ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²•à³à²•à²¾à²—ಿ '{zone}' {activated_deactivated} ವಲಯ" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "'%s' ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²•à³à²•à²¾à²—ಿ '%s' ವಲಯವನà³à²¨à³ ಸಕà³à²°à²¿à²¯à²—ೊಳಿಸಲಾಗಿದೆ." #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "'{source}' ಆಕರಕà³à²•à²¾à²—ಿ '{zone}' {activated_deactivated} ವಲಯ" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "'%s' ಆಕರಕà³à²•à²¾à²—ಿ '%s' ವಲಯವನà³à²¨à³ ಸಕà³à²°à²¿à²¯à²—ೊಳಿಸಲಾಗಿದೆ." #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "ಬದಲಾವನೆಗಳನà³à²¨à³ ಅನà³à²µà²¯à²¿à²¸à²²à²¾à²—ಿದೆ." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "'%s' ಜಾಲಬಂಧದಿಂದ ಬಳಸಲಾಗಿದೆ" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "ಸಕà³à²°à²¿à²¯à²—ೊಂಡ" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "ನಿಷà³à²•à³à²°à²¿à²¯à²—ೊಂಡ" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ಚಿಹà³à²¨à³†à²—ಳನà³à²¨à³ ಲೋಡೠಮಾಡà³à²µà²²à³à²²à²¿ ವಿಫಲತೆ." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "ಬಳಕೆದಾರ ಹೆಸರà³" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "ಚಾಲನಾಸಮಯ" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "ಶಾಶà³à²µà²¤" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "ಸೇವೆ" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "ಸಂಪರà³à²• ಸà³à²¥à²¾à²¨" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "ಪà³à²°à³Šà²Ÿà³Šà²•à²¾à²²à³" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "ಸಂಪರà³à²• ಸà³à²¥à²¾à²¨à²•à³à²•à³†" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "ಗೆ ವಿಳಾಸ" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp ಬಗೆ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "ಕà³à²Ÿà³à²‚ಬ" #: ../src/firewall-config.in:826 msgid "Action" msgstr "ಕà³à²°à²¿à²¯à³†" #: ../src/firewall-config.in:828 msgid "Element" msgstr "ಅಂಶ" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "ಲಾಗà³" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ಆಡಿಟà³" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "ಆಕರ" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "ಎಚà³à²šà²°à²¿à²•à³†" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "ದೋಷ" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "ಸà³à²µà²¿à³•à²•à²°à²¿à²¸à³" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "ತಿರಸà³à²•à²°à²¿à²¸à³" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "ಬಿಟà³à²Ÿà³à²¬à²¿à²¡à³" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "ಮಿತಿ" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "ಸೇವೆ" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "ಪà³à²°à³Šà²Ÿà³Šà²•à²¾à²²à³" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "ಛದà³à²®à²µà³‡à²·à²—ೊಳಿಕೆ" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "ಫಾರà³à²µà²¾à²°à³à²¡à³-ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "ಮಟà³à²Ÿ" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ಹೌದà³" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "ವಲಯ" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "ವಲಯ '%s': '%s' ಸೇವೆಯೠಲಭà³à²¯à²µà²¿à²²à³à²²." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "ತೆಗೆದೠಹಾಕà³" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "ಕಡೆಗಣಿಸà³" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "ವಲಯ '%s': ICMP '%s' ಬಗೆಯೠಲಭà³à²¯à²µà²¿à²²à³à²²." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "ಒಳನಿರà³à²®à²¿à²¤ ವಲಯ, ಮರà³à²¹à³†à²¸à²°à²¿à²¸à³à²µà²¿à²•à³†à²—ೆ ಬೆಂಬಲವಿಲà³à²²." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "ಎರಡನೆಯ" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "ನಿಮಿಷ" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ಗಂಟೆ" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "ದಿನ" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "ತà³à²°à³à²¤à³" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "ಎಚà³à²šà²°à²¿à²•à³†" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "ಸಂದಿಗà³à²§" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "ದೋಷ" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "ಎಚà³à²šà²°à²¿à²•à³†" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "ಸೂಚನೆ" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "ಮಾಹಿತಿ" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ದೋಷನಿವಾರಣೆ" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²µà²¨à³à²¨à³ ಛದà³à²®à²µà³‡à²¶à²—ೊಳಿಸದಲà³à²²à²¿ ಮಾತà³à²° ಇನà³à²¨à³Šà²‚ದೠವà³à²¯à²µà²¸à³à²¥à³†à²—ೆ ಫಾರà³à²µà²¾à²°à³à²¡à³ ಮಾಡà³à²µà³à²¦à³ " "ಉಪಯೋಗಕà³à²•à³† ಬರà³à²¤à³à²¤à²¦à³†.\n" "ನೀವೠಈ ವಲಯವನà³à²¨à³ ಛದà³à²®à²µà³‡à²¶à²—ೊಳಿಸಲೠಬಯಸà³à²µà²¿à²°à²¾?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "ಒಳ-ನಿರà³à²®à²¿à²¤ ಸೇವೆ, ಮರà³à²¹à³†à²¸à²°à²¿à²¸à³à²µà²¿à²•à³†à²—ೆ ಬೆಂಬಲವಿಲà³à²²." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "ಒಳ-ನಿರà³à²®à²¿à²¤ icmp, ಮರà³à²¹à³†à²¸à²°à²¿à²¸à³à²µà²¿à²•à³†à²—ೆ ಬೆಂಬಲವಿಲà³à²²." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "'%s' ಆಕರಕà³à²•à²¾à²—ಿ ವಲಯವನà³à²¨à³ ಆರಿಸಿ." #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ವಿಳಾಸ" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "ದಯವಿಟà³à²Ÿà³ ಒಂದೠಆದೇಶಸಾಲನà³à²¨à³ ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "ದಯಮಾಡಿ ಸನà³à²¨à²¿à²µà³‡à²¶à²µà²¨à³à²¨à³ ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "ದಯವಿಟà³à²Ÿà³ ಈ ಕೆಳಗಿನ ಪಟà³à²Ÿà²¿à²¯à²¿à²‚ದ ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤ ವಲಯವನà³à²¨à³ ಆರಿಸಿಕೊಳà³à²³à²¿." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "ನೇರ ಸರಣಿ" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ದಯವಿಟà³à²Ÿà³ ipv ಮತà³à²¤à³ ಕೋಷà³à²Ÿà²•à²µà²¨à³à²¨à³ ಆರಿಸಿ ನಂತರ ಸರಣಿಯ ಹೆಸರನà³à²¨à³ ಆರಿಸಿ." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "ಸರಣಿ:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "ಸà³à²°à²•à³à²·à²¤à³†" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "ಕೋಷà³à²Ÿà²•:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "ನೇರ ಪಾಸà³â€Œà²¤à³à²°à³‚ ನಿಯಮ" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ದಯವಿಟà³à²Ÿà³ ipv ಅನà³à²¨à³ ಆರಿಸಿ ನಂತರ args ಅನà³à²¨à³ ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "ಸಂಪರà³à²• ಸà³à²¥à²¾à²¨ ಫಾರà³à²µà²¾à²°à³à²¡à²¿à²‚ಗà³" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "ನಿಮà³à²® ಅಗತà³à²¯à²—ಳಿಗನà³à²—à³à²£à²µà²¾à²—ಿ ದಯವಿಟà³à²Ÿà³ ಮೂಲ ಹಾಗೠಉದà³à²¦à²¿à²·à³à²Ÿ ಸà³à²¥à²³à²¦ ಆಯà³à²•à³†à²—ಳನà³à²¨à³ ಆರಿಸಿ." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "ಸಂಪರà³à²• ಸà³à²¥à²¾à²¨/ಸಂಪರà³à²• ವà³à²¯à²¾à²ªà³à²¤à²¿:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP ವಿಳಾಸ:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "ಪà³à²°à³Šà²Ÿà³‹à²•à²¾à²²à³â€Œ:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "ಗà³à²°à²¿" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "ನೀವೠಸà³à²¥à²³à³€à²¯ ಫಾರà³à²µà²¾à²¡à²¿à²‚ಗೠಅನà³à²¨à³ ಶಕà³à²¤à²—ೊಳಿಸಿದಲà³à²²à²¿, ನೀವೠಒಂದೠಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²µà²¨à³à²¨à³ ಸೂಚಿಸಬೇಕà³. " "ಈ ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²µà³ ಮೂಲ ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²•à³à²•à³† ಪà³à²°à²¤à³à²¯à³‡à²•à²µà²¾à²—ಿರಬೇಕà³." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "ಸà³à²¥à²³à³€à²¯ ಫಾರà³à²µà²¾à²°à³à²¡à²¿à²‚ಗà³" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "ಬೇರೊಂದೠಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²•à³à²•à³† ಫಾರà³à²µà²¾à²°à³à²¡à³ ಮಾಡà³" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "ಬೋಲà³à²¡à³ ನಮೂದà³à²—ಳೠಖಡà³à²¡à²¾à²¯à²µà²¾à²—ಿರà³à²¤à³à²¤à²µà³†, ಮಿಕà³à²•à²µà³†à²²à³à²²à²¾ à²à²šà³à²›à²¿à²•à²µà²¾à²—ಿರà³à²¤à³à²¤à²µà³†." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "ಹೆಸರà³:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "ಆವೃತà³à²¤à²¿:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "ಸಂಕà³à²·à²¿à²ªà³à²¤:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "ವಿವರಣೆ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "ಕà³à²Ÿà³à²‚ಬ:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "ಮೂಲಭೂತ ICMP ಬಗೆ ಸಿದà³à²§à²¤à³†à²—ಳà³" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "ದಯವಿಟà³à²Ÿà³ ಮೂಲಭೂತ ICMP ಬಗೆ ಸಿದà³à²§à²¤à³†à²—ಳನà³à²¨à³ ಸಂರಚಿಸಿ:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP ಬಗೆ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ದಯವಿಟà³à²Ÿà³ ಒಂದೠICMP ಬಗೆಯನà³à²¨à³ ಆರಿಸಿ" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "ನಮೂದನà³à²¨à³ ಸೇರಿಸಿ" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ಕಡತ(_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "ಆಯà³à²•à³†à²—ಳà³(_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "FirewallD ಅನà³à²¨à³ ಮರಳಿ ಲೋಡೠಮಾಡà³" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ಫೈರà³à²µà²¾à²²à³ ನಿಯಮಗಳನà³à²¨à³ ಮರಳಿ ಲೋಡೠಮಾಡà³à²¤à³à²¤à²¦à³†. ಪà³à²°à²¸à²•à³à²¤ ಶಾಶà³à²µà²¤ ಸಂರಚನೆಯೠಹೊಸ ಚಾಲನಾ ಸಮಯದ " "ಸಂರಚನೆಯಾಗà³à²¤à³à²¤à²¦à³†. ಅಂದರೆ, ಎಲà³à²²à²¾ ಚಾಲನಾಸಮಯದ ಮಾತà³à²°à²¦ ಬದಲಾವಣೆಗಳೠಶಾಶà³à²µà²¤ ಸಂರಚನೆಯಲà³à²²à²¿ ಇರದೆ " "ಇದà³à²¦à²°à³‚ ಸಹ ಅವà³à²—ಳನà³à²¨à³ ಮರಳಿ ಲೋಡೠಆಗà³à²µà²µà²°à³†à²—ೆ ಮಾಡಲಾಗà³à²¤à³à²¤à²¦à³†, ಮತà³à²¤à³ ಅವà³à²—ಳೠಮರಳಿ ಲೋಡೠ" "ಮಾಡಿದಾಗ ಇಲà³à²²à²µà²¾à²—à³à²¤à³à²¤à²¦à³†." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ಒಂದೠಜಾಲಬಂಧ ಸಂಪರà³à²•à²µà³ ಯಾವ ವಲಯಕà³à²•à³† ಸಂಬಂಧಿಸಿದೆ ಎನà³à²¨à³à²µà³à²¦à²¨à³à²¨à³ ಬದಲಾಯಿಸಿ." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤ ವಲಯವನà³à²¨à³ ಬದಲಿಸà³" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "ಸಂಪರà³à²•à²—ಳೠಅಥವ ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²—ಳಿಗಾಗಿನ ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤ ವಲಯವನà³à²¨à³ ಬದಲಿಸಿ." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "ಪà³à²¯à²¾à²¨à²¿à²•à³ ಸà³à²¥à²¿à²¤à²¿ ಎಂದರೆ ಎಲà³à²²à²¾ ಒಳಬರà³à²µ ಮತà³à²¤à³ ಹೊರಹೋಗà³à²µ ಪà³à²¯à²¾à²•à³†à²Ÿà³â€Œà²—ಳನà³à²¨à³ ಬಿಟà³à²Ÿà³à²¬à²¿à²¡à²²à²¾à²—à³à²¤à³à²¤à²¦à³† " "ಎಂದರà³à²¥." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "ಪà³à²¯à²¾à²¨à²¿à²•à³ ಸà³à²¥à²¿à²¤à²¿" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "ಕೇವಲ ಲಾಕà³â€Œà²¡à³Œà²¨à³ ವೈಟà³â€Œà²²à²¿à²¸à³à²Ÿà²¿à²¨à²²à³à²²à²¿à²¨ ಅನà³à²µà²¯à²—ಳೠಮಾತà³à²° ಬದಲಾಯಿಸಲೠಅವಕಾಶ ಇರà³à²µà²‚ತೆ ಫೈರà³à²µà²¾à²²à³ " "ಸಂರಚನೆಯನà³à²¨à³ ಲಾಕà³â€Œà²¡à³Œà²¨à³ ಲಾಕೠಮಾಡà³à²¤à³à²¤à²¦à³†." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "ಲಾಕà³â€Œà²¡à³Œà²¨à³" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "ಚಾಲನಾಸಮಯದ ಸಂರಚನೆಯನà³à²¨à³ ಶಾಶà³à²µà²¤à²µà²¾à²—ಿಸà³" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "ಶಾಶà³à²µà²¤à²µà²¾à²¦ ಚಾಲನಾಸಮಯ" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "ನೋಟ (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP ಬಗೆಗಳà³" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "ನೇರ ಸಂರಚನೆ" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "ಲಾಕà³â€Œà²¡à³Œà²¨à³ ವೈಟà³â€Œà²²à²¿à²¸à³à²Ÿà³" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "ಸಹಾಯ(_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "ಸಂರಚನೆ:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "ಪà³à²°à²¸à²•à³à²¤ ಗೋಚರಿಸà³à²µ ಸಂರಚನೆ. ಚಾಲನಾಸಮಯದ ಸಂರಚನೆಯೠನಿಜವಾದ ಸಕà³à²°à²¿à²¯ ಸಂರಚನೆಯಾಗಿದೆ. ಶಾಶà³à²µà²¤ " "ಸಂರಚನೆಯೠಸೇವೆ ಅಥವ ವà³à²¯à²µà²¸à³à²¥à³†à²¯à²¨à³à²¨à³ ಮರಳಿ ಲೋಡೠಮಾಡà³à²µà²¿à²•à³† ಅಥವ ಮರಳಿ ಆರಂಭಿಸà³à²µà²¿à²•à³†à²¯ ನಂತರ " "ಸಕà³à²°à²¿à²¯à²µà²¾à²—à³à²¤à³à²¤à²¦à³†." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "ಒಂದೠfirewalld ವಲಯವà³, ವಲಯಕà³à²•à³† ಬರà³à²µ ಜಾಲಬಂಧ ಸಂಪರà³à²•à²—ಳà³, ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²—ಳೠ(ಇಂಟರà³à²«à³‡à²¸à²¸à³) " "ಮತà³à²¤à³ ಆಕರ ವಿಳಾಸಗಳಿಗಾಗಿನ ನಂಬಿಕೆಯ ಮಟà³à²Ÿà²µà²¨à³à²¨à³ ವಿವರಿಸà³à²¤à³à²¤à²¦à³†. ವಲಯವೠಸೇವೆಗಳà³, " "ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²—ಳà³, ಪà³à²°à³Šà²Ÿà³Šà²•à²¾à²²à³â€Œà²—ಳà³, ಛದà³à²®à²µà³‡à²¶à²—ೊಳಿಕೆ, ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨/ಪà³à²¯à²¾à²•à³†à²Ÿà³ ಫಾರà³à²µà²¾à²°à³à²¡à²¿à²‚ಗà³, icmp " "ಫಿಲà³à²Ÿà²°à³à²—ಳೠಮತà³à²¤à³ ಸಮೃದà³à²§ ನಿಯಮಗಳನà³à²¨à³ ಹೊಂದಿರà³à²¤à³à²¤à²¦à³†. ವಲಯವೠಸಂಪರà³à²•à²¸à²¾à²§à²¨à²—ಳೠಮತà³à²¤à³ ಆಕರ " "ವಿಳಾಸಗಳಿಗೆ ಬದà³à²§à²µà²¾à²—ಿರಬಹà³à²¦à³." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "ವಲಯವನà³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "ವಲಯವನà³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "ವಲಯವನà³à²¨à³ ತೆಗೆದà³à²¹à²¾à²•à³" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "ವಲಯದ ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤à²—ಳನà³à²¨à³ ಲೋಡೠಮಾಡà³" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "ಯಾವ ಸೇವೆಗಳೠನಂಬಿಕಸà³à²¤ ಎಂದೠಇಲà³à²²à²¿ ನೀವೠಸೂಚಿಸಬಹà³à²¦à³. ನಂಬಿಕಸà³à²¤ ಸೇವೆಗಳನà³à²¨à³ ಈ ವಲಯಕà³à²•à³† " "ಬರà³à²µ ಸಂಪರà³à²•à²—ಳà³, ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²—ಳೠ(ಇಂಟರà³à²«à³‡à²¸à²¸à³) ಮತà³à²¤à³ ಆಕರಗಳಿಂದ ತಲà³à²ªà³à²µ ಎಲà³à²²à²¾ ಅತಿಥೇಯಗಳಿಂದ " "ಹಾಗೠಜಾಲಬಂಧಗಳಿಂದ ನಿಲà³à²•à²¿à²¸à²¿à²•à³Šà²³à³à²³à²¬à²¹à³à²¦à²¾à²—ಿರà³à²¤à³à²¤à²µà³†." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "ಸೇವೆಗಳà³" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "ಗಣಕಕà³à²•à³† ಸಂಪರà³à²• ಜೋಡಿಸà³à²µ ಎಲà³à²²à²¾ ಅತಿಥೇಯಗಳಿಂದ ಅಥವ ಜಾಲಬಂಧಗಳಿಂದ ನಿಲà³à²•à²¿à²¸à²¿à²•à³Šà²³à³à²³à²¬à²¹à³à²¦à²¾à²¦à²‚ತ " "ಹೆಚà³à²šà³à²µà²°à²¿ ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²—ಳನà³à²¨à³ ಅಥವ ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨ ವà³à²¯à²¾à²ªà³à²¤à²¿à²—ಳನà³à²¨à³ ಸೇರಿಸಿ." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "ಸಂಪರà³à²• ಸà³à²¥à²¾à²¨à²•à³à²•à³†" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²µà²¨à³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²µà²¨à³à²¨à³ ತೆಗೆದà³à²¹à²¾à²•à³" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²—ಳà³" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "ನಿಮà³à²® ಸà³à²¥à²³à³€à²¯ ಜಾಲಬಂಧಕà³à²•à³† ಸಂಪರà³à²• ಕಲà³à²ªà²¿à²¸à³à²µ ಅತಿಥೇಯ ಅಥವ ರೌಟರೠಅನà³à²¨à³ ಸಂಯೋಜಿಸà³à²µà²¾à²— " "ಛದà³à²®à²µà³‡à²¶à²—ೊಳಿಕೆಯà³(Masquerading) ಸಹಾಯಕವಾಗà³à²¤à³à²¤à²¦à³†. ನಿಮà³à²® ಸà³à²¥à²³à³€à²¯ ಜಾಲಬಂಧವೠಅಂತರà³à²œà²¾à²²à²•à³à²•à³† " "ಒಂದೠಅತಿಥೇಯವಾಗಿ ಗೋಚರಿಸà³à²µà³à²¦à²¿à²²à³à²². ಛದà³à²®à²µà³‡à²¶à²¿à²¸à³à²µà³à²¦à³ IPv4 ನಲà³à²²à²¿ ಮಾತà³à²°." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "ಛದà³à²®à²µà³‡à²·à²—ೊಳಿಕೆ ವಲಯ" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "ನೀವೠಛದà³à²®à²µà³‡à²¶à²—ೊಳಿಕೆಯನà³à²¨à³ ಸಕà³à²°à²¿à²¯à²—ೊಳಿಸà³à²µà³à²¦à²¾à²¦à²°à³†, IP ಫಾರà³à²µà²¾à²°à³à²¡à²¿à²‚ಗೠಅನà³à²¨à³ IPv4 " "ಜಾಲಬಂಧಗಳಿಗಾಗಿ ಸಕà³à²°à²¿à²¯à²—ೊಳಿಸಬಹà³à²¦à²¾à²—ಿರà³à²¤à³à²¤à²¦à³†." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "ಛದà³à²®à²µà³‡à²·à²—ೊಳಿಕೆ" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ಸà³à²¥à²³à³€à²¯ ಗಣಕದಲà³à²²à²¿à²¨ ಒಂದೠಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²¦à²¿à²‚ದ ಇನà³à²¨à³Šà²‚ದಕà³à²•à³† ಅಥವ ಸà³à²¥à²³à³€à²¯ ಗಣಕದಿಂದ ಇನà³à²¨à³Šà²‚ದೠಗಣಕಕà³à²•à³† " "ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²—ಳನà³à²¨à³ ಫಾರà³à²µà²¾à²°à³à²¡à³â€Œà²®à²¾à²¡à²²à³ ನಮೂದà³à²—ಳನà³à²¨à³ ಸೇರಿಸಿ. ಬೇರೆ ಗಣಕಕà³à²•à³† ಫಾರà³à²µà²¾à²°à³à²¡à³â€Œ ಮಾಡà³à²µà³à²¦à³, " "ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²µà³ ಮರೆಮಾಚಲà³à²ªà²Ÿà³à²Ÿà²¿à²¦à³à²¦à²²à³à²²à²¿ ಮಾತà³à²° ಪà³à²°à²¯à³‹à²œà²¨à²•à²¾à²°à²¿à²¯à²¾à²—à³à²¤à³à²¤à²¦à³†. ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨ ಫಾರà³à²µà²¾à²¡à²¿à²‚ಗೠ" "ಕೇವಲ IPv4 ಮಾತà³à²° ಆಗಿರà³à²¤à³à²¤à²¦à³†." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ಫಾರà³à²µà²¾à²°à³à²¡à³ ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²µà²¨à³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ಫಾರà³à²µà²¾à²°à³à²¡à³ ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²µà²¨à³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ಫಾರà³à²µà²¾à²°à³à²¡à³ ಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²µà²¨à³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ಇಂಟರà³à²¨à³†à²Ÿà³ ಕಂಟà³à²°à³‹à²²à³ ಮೆಸೇಜೠಪà³à²°à³Šà²Ÿà³‹à²•à²¾à²²à³ (ICMP) ಹೆಚà³à²šà²¾à²—ಿ ಜಾಲದೊಳಗಿನ ಗಣಕಗಳ ನಡà³à²µà³† ದೋಷ " "ಸಂದೇಶಗಳನà³à²¨à³ ಕಳà³à²¹à²¿à²¸à²²à³ ಬಳಸಲà³à²ªà²¡à³à²¤à³à²¤à²¦à³†, ಆದರೆ ಇದರ ಜೊತೆಗೆ ಮಾಹಿತಿಯ ಸಂದೇಶಗಳಾದಂತಹ ಪಿಂಗೠ" "ಮನವಿಗಳೠಹಾಗೠಪà³à²°à²¤à³à²¯à³à²¤à³à²¤à²°à²—ಳನà³à²¨à³‚ ಸಹ ಕಳà³à²¹à²¿à²¸à²²à³ ಬಳಸಲà³à²ªà²¡à³à²¤à³à²¤à²¦à³†." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "ಪಟà³à²Ÿà²¿à²¯à²²à³à²²à²¿à²°à³à²µ ತಿರಸà³à²•à²°à²¿à²¸à²¬à³‡à²•à²¿à²°à³à²µ ICMP ಬಗೆಗಳನà³à²¨à³ ಗà³à²°à³à²¤à³ ಹಾಕಿ. ಎಲà³à²²à²¾ ಇತರೆ ICMP ಬಗೆಗಳೠ" "ಫೈರà³à²µà²¾à²²à³ ಮೂಲಕ ಹಾದà³à²¹à³‹à²—ಲೠಅನà³à²®à²¤à²¿à²¸à²²à³à²ªà²¡à³à²¤à³à²¤à²µà³†. ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤à²µà²¾à²—ಿ ಯಾವà³à²¦à³† ಮಿತಿ ಇರà³à²µà³à²¦à²¿à²²à³à²²." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ಶೋಧಕ" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "ಇಲà³à²²à²¿ ನೀವೠವಲಯಕà³à²•à²¾à²—ಿ ಸಮೃದà³à²§ ಭಾಷಾ ನಿಯಮಗಳನà³à²¨à³ ಹೊಂದಿಸಬಹà³à²¦à³." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "ಸಮೃದà³à²§ ನಿಯಮವನà³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "ಸಮೃದà³à²§ ನಿಯಮವನà³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "ಸಮೃದà³à²§ ನಿಯಮ ತೆಗೆದà³à²¹à²¾à²•à³" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "ಸಮೃದà³à²§ ನಿಯಮಗಳà³" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²—ಳನà³à²¨à³ ವಲಯಕà³à²•à³† ಬೈಂಡೠಮಾಡಲೠನಮೂದà³à²—ಳನà³à²¨à³ ಸೇರಿಸಿ. ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²µà²¨à³à²¨à³ ಒಂದೠ" "ಸಂಪರà³à²•à²¦à²¿à²‚ದ ಬಳಸಲಾಗà³à²¤à³à²¤à²¿à²¦à³à²¦à²°à³†, ವಲಯವನà³à²¨à³ ಸಂಪರà³à²•à²¦à²¿à²‚ದ ಸೂಚಿಸಲಾದ ವಲಯಕà³à²•à³† ಹೊಂದಿಸಲಾಗà³à²¤à³à²¤à²¦à³†." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²µà²¨à³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²µà²¨à³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ಸಂಪರà³à²•à²¸à²¾à²§à²¨à²µà²¨à³à²¨à³ ತೆಗೆದà³à²¹à²¾à²•à³" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "ಒಂದà³â€Œ ಆಕರವನà³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "ಆಕರವನà³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "ಆಕರವನà³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "ವಲಯಗಳà³" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "ಒಂದೠfirewalld ಸೇವೆಯೠಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨à²—ಳà³, ಪà³à²°à³Šà²Ÿà³Šà²•à²¾à²²à³â€Œà²—ಳà³, ಮಾಡà³à²¯à³‚ಲà³â€Œà²—ಳೠಮತà³à²¤à³ ಉದà³à²§à³‡à²¶à²¿à²¤ " "ವಿಳಾಸಗಳ ಒಂದೠಸಂಯೋಜನೆಯಾಗಿರà³à²¤à³à²¤à²¦à³†." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "ಸೇವೆಯನà³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "ಸೇವೆಯನà³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "ಸೇವೆಯನà³à²¨à³ ತೆಗೆದà³à²¹à²¾à²•à³" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "ಸೇವೆ ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤à²—ಳನà³à²¨à³ ಲೋಡೠಮಾಡà³" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "ನಮೂದನà³à²¨à³ ಸಂಪಾದಿಸಿ" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "ನಮೂದನà³à²¨à³ ತೆಗೆದà³à²¹à²¾à²•à²¿" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "ಮಾಡà³à²¯à³‚ಲà³â€Œà²—ಳà³" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "ನೀವೠಉದà³à²§à³‡à²¶à²¿à²¤ ವಿಳಾಸವನà³à²¨à³ ಸೂಚಿಸಿದಲà³à²²à²¿, ಸೇವೆಯ ನಮೂದನà³à²¨à³ ಉದà³à²§à³‡à²¶à²¿à²¤ ವಿಳಾಸ ಮತà³à²¤à³ ಬಗೆಗೆ " "ಮಿತಿಗೊಳಿಸಲಾಗà³à²¤à³à²¤à²¦à³†. ಎರಡೂ ನಮೂದಗಳನà³à²¨à³ ಖಾಲಿ ಬಿಟà³à²Ÿà²²à³à²²à²¿, ಯಾವà³à²¦à³† ಮಿತಿ ಇರà³à²µà³à²¦à²¿à²²à³à²²." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "ಸೇವೆಗಳನà³à²¨à³ ಶಾಶà³à²µà²¤ ಸಂರಚನಾ ನೋಟದಲà³à²²à²¿ ಮಾತà³à²° ಬಳಸಲೠಸಾಧà³à²¯à²µà²¿à²°à³à²¤à³à²¤à²¦à³†. ಸೇವೆಗಳ ಚಾಲನಾಸಮಯ " "ಸಂರಚನೆಯೠನಿಶà³à²šà²¿à²¤à²µà²¾à²—ಿರà³à²¤à³à²¤à²¦à³†." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "ಒಂದೠfirewalld icmptype ಎನà³à²¨à³à²µà³à²¦à³ firewalld ಗಾಗಿನ ಇಂಟರà³à²¨à³†à²Ÿà³ ಕಂಟà³à²°à³‹à²²à³ ಮೆಸೇಜಿಂಗೠ" "ಪà³à²°à³Šà²Ÿà³Šà²•à²¾à²²à³ (ICMP) ಗಾಗಿ ಮಾಹಿತಿಯನà³à²¨à³ ಒದಗಿಸà³à²¤à³à²¤à²¦à³†." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP ಬಗೆಯನà³à²¨à³ ಸೇರಿಸಿ" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP ಬಗೆಯನà³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP ಬಗೆಯನà³à²¨à³ ತೆಗೆದà³à²¹à²¾à²•à³" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP ಬಗೆಯ ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤à²—ಳನà³à²¨à³ ಲೋಡೠಮಾಡà³" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "ಈ ICMP ಬಗೆಯೠIPv4 ಮತà³à²¤à³/ಅಥವ IPv6 ಗಾಗಿ ಲಭà³à²¯à²µà²¿à²¦à³†à²¯à³† ಎನà³à²¨à³à²µà³à²¦à²¨à³à²¨à³ ಸೂಚಿಸಿ." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP ಬಗೆಗಳನà³à²¨à³ ಶಾಶà³à²µà²¤ ಸಂರಚನಾ ನೋಟದಲà³à²²à²¿ ಮಾತà³à²° ಬಳಸಲೠಸಾಧà³à²¯à²µà²¿à²°à³à²¤à³à²¤à²¦à³†. ICMP ಬಗೆಗಳ " "ಚಾಲನಾಸಮಯ ಸಂರಚನೆಯೠನಿಶà³à²šà²¿à²¤à²µà²¾à²—ಿರà³à²¤à³à²¤à²¦à³†." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "ನೇರ ಸಂರಚನೆಯೠಫೈರà³à²µà²¾à²²à³â€Œà²—ೆ ಹೆಚà³à²šà³ ನೇರವಾದ ಪà³à²°à²µà³‡à²¶à²µà²¨à³à²¨à³ ಒದಗಿಸà³à²¤à³à²¤à²¦à³†. ಈ ಆಯà³à²•à³†à²—ಳಿಗಾಗಿ " "ಬಳಕೆದಾರರೠಮೂಲಭೂತ iptables ಪರಿಕಲà³à²ªà²¨à³†à²—ಳನà³à²¨à³ ತಿಳಿಯà³à²µ ಅಗತà³à²¯à²µà²¿à²°à³à²¤à³à²¤à²¦à³†, ಅಂದರೆ, " "ಕೋಷà³à²Ÿà²•à²—ಳà³, ಸರಣಿಗಳà³, ಆದೇಶಗಳà³, ನಿಯತಾಂಕಗಳೠಮತà³à²¤à³ ಗà³à²°à²¿à²—ಳà³. ನೇರ ಸಂರಚನೆಯನà³à²¨à³ " "ಬೇರವಾವà³à²¦à³† firewalld ಯ ಸೌಲಭà³à²¯à²—ಳನà³à²¨à³ ಬಳಸಲೠಸಾಧà³à²¯à²µà²¾à²—ದೆ ಇದà³à²¦à²¾à²— ಮಾತà³à²° ಕೊನೆಯ ಉಪಾಯವಾಗಿ " "ಬಳಸಬೇಕ." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "ಪà³à²°à²¤à²¿à²¯à³Šà²‚ದೠಆಯà³à²•à³†à²¯ ipv ಆರà³à²—à³à²¯à³à²®à³†à²‚ಟà³â€Œ ipv4 ಅಥವ ipv6 ಅಥವ eb ಆಗಿರಬೇಕà³. ipv4 ನೊಂದಿಗೆ " "ಇದೠiptables ಗಾಗಿ, ip6tables ಗಾಗಿ ipv6 ನೊಂದಿಗೆ ಮತà³à²¤à³ ಎತರà³à²¨à³†à²Ÿà³ ಬà³à²°à²¿à²œà³â€Œà²—ಳಿಗಾಗಿ " "(ebtables) eb ಇರà³à²¤à³à²¤à²¦à³†." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "ನಿಯಮಗಳೊಂದಿಗೆ ಬಳಸಲೠಹೆಚà³à²šà³à²µà²°à²¿ ಸರಣಿಗಳà³." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "ಸರಣಿಯನà³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "ಸರಣಿಯನà³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "ಸರಣಿಯನà³à²¨à³ ತೆಗೆದà³à²¹à²¾à²•à³" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "ಸರಣಿಗಳà³" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "ಒಂದೠಆದà³à²¯à²¤à³†à²¯à³Šà²‚ದಿಗೆ ಕೋಷà³à²Ÿà²•à²µà³Šà²‚ದರಲà³à²²à²¿ ಒಂದೠಸರಣಗೆ ಆರà³à²—à³à²¯à³à²®à³†à²‚ಟà³â€Œà²—ಳ args ನೊಂದಿಗೆ ಒಂದೠ" "ನಿಯಮವನà³à²¨à³ ಸೇರಿಸà³." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "ನಿಯಮಗಳನà³à²¨à³ ಕà³à²°à²®à²µà²¾à²—ಿರಿಸಲೠಆದà³à²¯à²¤à³†à²¯à²¨à³à²¨à³ ಬಳಸಲಾಗà³à²¤à³à²¤à²¦à³†. ಆದà³à²¯à²¤à³† 0 ಎಂದರೆ ಸರಣಿಯ ಮೇಲà³à²­à²¾à²—ದಲà³à²²à²¿ " "ನಿಯಮವನà³à²¨à³ ಸೇರಿಸೠಎಂದರà³à²¥, ಹೆಚà³à²šà²¿à²¨ ಆದà³à²¯à²¤à³†à²¯à²²à³à²²à²¿ ನಿಯಮವನà³à²¨à³ ಇನà³à²¨à³‚ ಕೆಳಗೆ ಸೇರಿಸಲಾಗà³à²¤à³à²¤à²¦à³†. " "ಒಂದೇ ಆದà³à²¯à²¤à³†à²¯à²¨à³à²¨à³ ಹೊಂದಿರà³à²µ ನಿಯಮಗಳೠಒಂದೇ ಹಂತದಲà³à²²à²¿ ಇರà³à²¤à³à²¤à²µà³† ಮತà³à²¤à³ ಈ ನಿಯಮಗಳ ಅನà³à²•à³à²°à²®à²µà³ " "ಒಂದೇ ರೀತಿ ಇರದೆ ಬದಲಾವಣೆ ಹೊಂದà³à²µ ಸಾಧà³à²¯à²¤à³† ಇರà³à²¤à³à²¤à²¦à³†. ಒಂದೠನಿಯಮದ ನಂತರ ಇನà³à²¨à³Šà²‚ದೠ" "ನಿಯಮವನà³à²¨à³ ಸೇರಿಸಬೇಕೠಎನà³à²¨à³à²µà³à²¦à²¨à³à²¨à³ ಖಚಿತಪಡಿಸಿಕೊಳà³à²³à²²à³ ನೀವೠಬಯಸಿದಲà³à²²à²¿, ಮೊದಲನೆಯದಕà³à²•à³† " "ಕಡಿಮೆ ಆದà³à²¯à²¤à³†à²¯à²¨à³à²¨à³ ಮತà³à²¤à³ ನಂತರದವà³à²—ಳಿಗೆ ಹೆಚà³à²šà²¿à²¨ ಆದà³à²¯à²¤à³†à²¯à²¨à³à²¨à³ ಬಳಸಿ." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "ನಿಯಮವನà³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "ನಿಯಮವನà³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "ನಿಯಮವನà³à²¨à³ ತೆಗೆದà³à²¹à²¾à²•à³" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "ನಿಯಮಗಳà³" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "ಪಾಸà³â€Œà²¤à³à²°à³‚ ನಿಯಮಗಳನà³à²¨à³ ನೇರವಾಗಿ ಫೈರà³à²µà²¾à²²à³â€Œ ಮà³à²–ಾಂತರ ಹಾದà³à²¹à³‹à²—à³à²µà²‚ತೆ ಮಾಡಲಾಗà³à²¤à³à²¤à²¦à³† ಮತà³à²¤à³ ಅದನà³à²¨à³ " "ವಿಶೇಷ ಸರಣಿಗಳಲà³à²²à²¿ ಇರಿಸಲಾಗà³à²µà³à²¦à²¿à²²à³à²². ಎಲà³à²²à²¾ iptables, ip6tables ಮತà³à²¤à³ ebtables " "ಆಯà³à²•à³†à²—ಳನà³à²¨à³ ಬಳಸಬಹà³à²¦à³." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "ಪಾಸà³â€Œà²¤à³à²°à³‚ ನಿಯಮಗಳೠಫೈರà³à²µà²¾à²²à³â€Œà²—ೆ ತೊಂದರೆ ಮಾಡದಂತೆ ದಯವಿಟà³à²Ÿà³ ಎಚà³à²šà²°à²µà²¹à²¿à²¸à²¿." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "ಪಾಸà³â€Œà²¤à³à²°à³‚ ಅನà³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "ಪಾಸà³â€Œà²¤à³à²°à³‚ ಅನà³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "ಪಾಸà³â€Œà²¤à³à²°à³‚ ಅನà³à²¨à³ ತೆಗೆದà³à²¹à²¾à²•à³" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "ಪಾಸà³â€Œà²¤à³à²°à³‚" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "ಲಾಕà³â€Œà²¡à³Œà²¨à³ ಸೌಲಭà³à²¯à²µà³ firewalld ಗಾಗಿನ ಬಳಕೆದಾರ ಮತà³à²¤à³ ಅನà³à²µà²¯ ಪಾಲಿಸಿಗಳ ಒಂದೠಹಗà³à²° " "ಆವೃತà³à²¤à²¿à²¯à²¾à²—ಿದೆ. ಇದೠಫೈರà³â€Œà²µà²¾à²²à³â€Œà²—ೆ ಬದಲಾವಣೆಗಳನà³à²¨à³ ಮಿತಿಗೊಳಿಸà³à²¤à³à²¤à²¦à³†. ಲಾಕà³â€Œà²¡à³Œà²¨à³â€Œ ವೈಟà³â€Œà²²à²¿à²¸à³à²Ÿà³ " "ಆದೇಶಗಳà³, ಸನà³à²¨à²¿à²µà³‡à²¶à²—ಳà³, ಬಳಕೆದಾರರೠಮತà³à²¤à³ ಬಳಕೆದಾರ idಗಳನà³à²¨à³ ಹೊಂದಿರà³à²¤à³à²¤à²¦à³†." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "ಸನà³à²¨à²¿à²µà³‡à²¶à²µà²¨à³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "ಸನà³à²¨à²¿à²µà³‡à²¶à²µà²¨à³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "ಸನà³à²¨à²¿à²µà³‡à²¶à²µà²¨à³à²¨à³ ತೆಗೆದà³à²¹à²¾à²•à³" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "ಸನà³à²¨à²¿à²µà³‡à²¶à²—ಳà³" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "ವೈಟà³â€Œà²²à²¿à²¸à³à²Ÿà²¿à²¨à²²à³à²²à²¿à²¨ ಒಂದೠಆದೇಶದ ನಮೂದೠಒಂದೠಆಸà³à²Ÿà³†à²°à²¿à²¸à³à²•à³ '*' ಇಂದ ಕೊನೆಗೊಳà³à²³à³à²¤à³à²¤à²¿à²¦à³à²¦à²°à³†, " "ಆದೇಶದಿಂದ ಆರಂಭಗೊಳà³à²³à³à²µ ಎಲà³à²²à²¾ ಆದೇಶ ಸಾಲà³à²—ಳೠಹೊಂದಿಕೆಯಾಗà³à²¤à³à²¤à²µà³†. '*' ಇಲà³à²²à²¦à³† ಇದà³à²¦à²²à³à²²à²¿, " "ಪರಿಪೂರà³à²£à²µà²¾à²¦ ಆದೇಶವನà³à²¨à³ ಹೊಂದಿರà³à²µ ಆರà³à²—à³à²¯à³à²®à³†à²‚ಟà³â€Œà²—ಳೠಹೊಂದಿಕೆಯಾಗà³à²µà³à²¦à³ ಅತà³à²¯à²—ತà³à²¯." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "ಆಜà³à²žà²¾ ಸಾಲನà³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "ಆಜà³à²žà²¾ ಸಾಲನà³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "ಆಜà³à²žà²¾ ಸಾಲನà³à²¨à³ ತೆಗೆದà³à²¹à²¾à²•à³" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "ಆದೇಶ ಸಾಲà³à²—ಳà³" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "ಬಳಕೆದಾರ ಹೆಸರà³à²—ಳà³." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "ಬಳಕೆದಾರ ಹೆಸರನà³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "ಬಳಕೆದಾರ ಹೆಸರನà³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "ಬಳಕೆದಾರ ಹೆಸರನà³à²¨à³ ತೆಗೆದà³à²¹à²¾à²•à³" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "ಬಳಕದಾರ ಹೆಸರà³à²—ಳà³" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ಬಳಕೆದಾರ idಗಳà³." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "ಬಳಕೆದಾರ Idಯನà³à²¨à³ ಸೇರಿಸà³" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "ಬಳಕೆದಾರ Idಯನà³à²¨à³ ಸಂಪಾದಿಸà³" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "ಬಳಕೆದಾರ Id ಯನà³à²¨à³ ತೆಗೆದà³à²¹à²¾à²•à³" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ಬಳಕೆದಾರ idಗಳà³" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "ವà³à²¯à²µà²¸à³à²¥à³†à²¯ ಪà³à²°à²¸à²•à³à²¤ ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤ ವಲಯ." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "ಪà³à²¯à²¾à²¨à²¿à²•à³ ಸà³à²¥à²¿à²¤à²¿:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "ಲಾಕà³â€Œà²¡à³Œà²¨à³:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤ ವಲಯ:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "ಸಂಪರà³à²• ಸà³à²¥à²¾à²¨ ಹಾಗೠಪà³à²°à³‹à²Ÿà³Šà²•à²¾à²²à³" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ಒಂದೠಸಂಪರà³à²•à²¸à³à²¥à²¾à²¨ ಮತà³à²¤à³ ಪà³à²°à³Šà²Ÿà³Šà²•à²¾à²²à³ ಅನà³à²¨à³ ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "ನೇರ ನಿಯಮ" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "ದಯವಿಟà³à²Ÿà³ ipv ಮತà³à²¤à³ ಕೋಷà³à²Ÿà²•à²µà²¨à³à²¨à³, ಸರಣಿ ಆದà³à²¯à²¤à³†à²¯à²¨à³à²¨à³ ಆರಿಸಿ ನಂತರ args ಅನà³à²¨à³ ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "ಆದà³à²¯à²¤à³†:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "ದಯವಿಟà³à²Ÿà³ ಒಂದೠಪà³à²°à³Šà²Ÿà³Šà²•à²¾à²²à³ ಅನà³à²¨à³ ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "ಇತರೆ ಪà³à²°à³Šà²Ÿà³Šà²•à²¾à²²à³:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "ಸಮೃದà³à²§ ನಿಯಮ" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "ದಯವಿಟà³à²Ÿà³ ಒಂದೠಸಮೃದà³à²§ ನಿಯಮವನà³à²¨à³ ನಮೂದಿಸà³." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "ಆತಿಥೇಯ ಅಥವ ಜಾಲಬಂಧದ ವೈಟೠಅಥವ ಬà³à²²à²¾à²•à³â€Œà²²à²¿à²¸à³à²Ÿà³ ಮಾಡà³à²µà²¿à²•à³†à²—ಾಗಿ ಅಂಶವನà³à²¨à³ ನಿಷà³à²•à³à²°à²¿à²¯à³Šà²³à²¿à²¸à²¿." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "ಆಕರ:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "ಗà³à²°à²¿:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "ಲಾಗà³:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ಆಡಿಟà³:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 ಮತà³à²¤à³ ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "ವಿಲೋಮಗೊಳಿಸಿದ" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "ಇದನà³à²¨à³ ನಿಷà³à²•à³à²°à²¿à²¯à²—ೊಳಿಸಲೠಕà³à²°à²¿à²¯à³†à²¯à³ 'reject' ಮತà³à²¤à³ ಕà³à²Ÿà³à²‚ಬವೠ(ಫà³à²¯à²¾à²®à²¿à²²à²¿) 'ipv4' ಅಥವ " "'ipv6' (ಎರಡೂ ಒಟà³à²Ÿà²¿à²—ೆ ಅಲà³à²²) ಆಗಿರಬೇಕà³." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "ಬಗೆಯೊಂದಿಗೆ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "ಮಿತಿಯೊಂದಿಗೆ:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "ಪೂರà³à²µà²ªà³à²°à²¤à³à²¯à²¯:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "ಮಟà³à²Ÿ:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "ಅಂಶ:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "ಕà³à²°à²¿à²¯à³†:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "ಮೂಲಭೂತ ಸೇವೆಯ ಸಿದà³à²§à²¤à³†à²—ಳà³" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "ದಯವಿಟà³à²Ÿà³ ಮೂಲಭೂತ ಸೇವೆಯ ಸಿದà³à²§à²¤à³†à²—ಳನà³à²¨à³ ಸಂರಚಿಸಿ:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "ದಯವಿಟà³à²Ÿà³ ಒಂದೠಸೇವೆಯನà³à²¨à³ ಆರಿಸಿ." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ಬಳಕೆದಾರ ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ಬಳಕೆದಾರ id ಯನà³à²¨à³ ಇಲà³à²²à²¿ ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "ಬಳಕೆದಾರ ಹೆಸರನà³à²¨à³ ಇಲà³à²²à²¿ ನಮೂದಿಸಿ." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "ಮೂಲಭೂತ ವಲಯ ಸಿದà³à²§à²¤à³†à²—ಳà³" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "ದಯವಿಟà³à²Ÿà³ ಮೂಲಭೂತ ವಲಯ ಸಿದà³à²§à²¤à³†à²—ಳನà³à²¨à³ ಸಂರಚಿಸಿ:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "ಪೂರà³à²µà²¨à²¿à²¯à³‹à²œà²¿à²¤ ಗà³à²°à²¿" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "ಗà³à²°à²¿:" firewalld-1.1.1/po/ko.po0000644000000000000000000017106414217342322015061 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # eukim , 2014 # eukim , 2014 # eukim , 2006-2009 # Hyunsok Oh , 2010 # Jinseok Seo , 2004 # Michelle Ji Yeen Kim , 2005-2006 # Michelle J Kim , 2003-2004 # Michelle Kim , 2002 # Eun-Ju Kim , 2016. #zanata # Terry Chuang , 2016. #zanata # Eric Garver , 2018. #zanata # simmon , 2021. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2021-06-22 10:04+0000\n" "Last-Translator: simmon \n" "Language-Team: Korean \n" "Language: ko\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Weblate 4.7\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "방화벽 애플릿" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "방화벽" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "방화벽 설정" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "방화벽;네트워í¬;보안;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "ì¸í„°íŽ˜ì´ìŠ¤ '%s'ì˜ ì˜ì—­ì„ ì„ íƒ" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "기본 ì˜ì—­" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "ì—°ê²° '%s'ì˜ ì˜ì—­ì„ ì„ íƒ" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "{connection_name} ì—°ê²°ì„ ìœ„í•œ {zone} ì˜ì—­ 설정 실패" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "소스 '%s'ì˜ ì˜ì—­ì„ ì„ íƒ" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "쉴드업/다운 ì˜ì—­ 설정" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "여기ì—ì„œ 쉴드업 ë° ì‰´ë“œ ë‹¤ìš´ì— ì‚¬ìš©í•  ì˜ì—­ì„ ì„ íƒí•  수 있습니다." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "ì´ ê¸°ëŠ¥ì€ ëŒ€ë¶€ë¶„ 기본값 ì˜ì—­ì„ 사용하는 사용ìžì—게 유용합니다. ì—°ê²° ì˜ì—­ì„ ë³€" "경한 사용ìžì˜ 경우 제한ì ìœ¼ë¡œ 사용할 수 있습니다." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "쉴드업 ì˜ì—­:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "기본값으로 재설정" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "쉴드 다운 ì˜ì—­:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "%sì— ëŒ€í•œ ì •ë³´" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "ìž‘ìž" #: ../src/firewall-applet.in:393 msgid "License" msgstr "저작권(license)" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "쉴드업" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "통지 활성화" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "방화벽 설정 편집..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "ì—°ê²° ì˜ì—­ 변경..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "쉴드업/다운 ì˜ì—­ 설정..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "모든 ë„¤íŠ¸ì›Œí¬ í†µì‹ ëŸ‰ 차단" #: ../src/firewall-applet.in:492 msgid "About" msgstr "ì •ë³´" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "ì ‘ì†" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "ì¸í„°íŽ˜ì´ìŠ¤" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "소스" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ì¸ì¦ 실패했습니다." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "ìž˜ëª»ëœ ì´ë¦„" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "ì´ë¦„ì´ ì´ë¯¸ 존재합니다" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (ì˜ì—­: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (기본 ì˜ì—­: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "NetworkManagerì—ì„œ ì—°ê²° 실패했습니다" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "가져올 수 있는 NetworkManagerê°€ 없습니다" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "방화벽 ë°ëª¬ìœ¼ë¡œì˜ ì—°ê²°ì´ ì—†ìŠµë‹ˆë‹¤" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "모든 ë„¤íŠ¸ì›Œí¬ í†µì‹ ì´ ì°¨ë‹¨ë˜ì—ˆìŠµë‹ˆë‹¤." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "기본 ì˜ì—­: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "기본 ì˜ì—­ '{default_zone}'ì€ ì¸í„°íŽ˜ì´ìŠ¤ '{interface}' ìƒì˜ ì—°ê²° " "'{connection}'ì— ëŒ€í•´ 활성화" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "ì˜ì—­ '{zone}'ì€ ì¸í„°íŽ˜ì´ìŠ¤ '{interface}' ìƒì˜ ì—°ê²° '{connection}'ì— ëŒ€í•´ 활성" "í™”" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "ì˜ì—­ '{zone}'ì€ ì¸í„°íŽ˜ì´ìŠ¤ '{interface}'ì— ëŒ€í•´ 활성화" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "ì˜ì—­ '{zone}'ì€ ì†ŒìŠ¤ {source}ì— ëŒ€í•´ 활성화" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "í™œì„±í™”ëœ ì˜ì—­ì´ 없습니다." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallDì— ì—°ê²°ë˜ì—ˆìŠµë‹ˆë‹¤." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallD ì—°ê²°ì´ ëŠì–´ì¡ŒìŠµë‹ˆë‹¤." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallDê°€ 다시 로딩ë˜ì—ˆìŠµë‹ˆë‹¤." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "기본 ì˜ì—­ì„ '%s'ë¡œ 변경했습니다." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "ë„¤íŠ¸ì›Œí¬ í†µì‹ ì´ ë”ì´ìƒ 차단ë˜ì§€ 않습니다." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "활성화ë¨" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "비활성화ë¨" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "기본 ì˜ì—­ '{default_zone}'ì€ ì¸í„°íŽ˜ì´ìŠ¤ '{interface}' ìƒì˜ ì—°ê²° " "'{connection}'ì— ëŒ€í•´ {activated_deactivated}" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "ì˜ì—­ '{zone}'ì´ ì¸í„°íŽ˜ì´ìŠ¤ '{interface}' ìƒì˜ ì—°ê²°ì— ëŒ€í•´ " "{activated_deactivated}" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "ì˜ì—­ '{zone}'ì´ ì¸í„°íŽ˜ì´ìŠ¤ '{interface}'ì— ëŒ€í•´ {activated_deactivated}" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "ì˜ì—­ '%s'ì´ ì¸í„°íŽ˜ì´ìŠ¤ '%s'ì— ëŒ€í•´ 활성화ë˜ì—ˆìŠµë‹ˆë‹¤" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "ì˜ì—­ '{zone}'ì´ ì†ŒìŠ¤ '{source}'ì— ëŒ€í•´ {activated_deactivated}" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "ì˜ì—­ '%s'ì´ ì†ŒìŠ¤ '%s'ì— ëŒ€í•´ 활성화ë˜ì—ˆìŠµë‹ˆë‹¤" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "firewalldì— ì—°ê²°ë˜ì—ˆìŠµë‹ˆë‹¤." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "firewalldì— ì—°ê²° ì‹œë„ ì¤‘ìž…ë‹ˆë‹¤. 대기 중..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "ë°©í™”ë²½ì— ì—°ê²°í•  수 없습니다. 서비스를 제대로 시작했는지 확ì¸í•˜ê³  다시 ì‹œë„í•´ " "주십시오." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "변경 ì‚¬í•­ì´ ì ìš©ë˜ì—ˆìŠµë‹ˆë‹¤." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "ë„¤íŠ¸ì›Œí¬ ì—°ê²° '%s'ì— ì˜í•´ 사용ë¨" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "ë„¤íŠ¸ì›Œí¬ ì—°ê²° '%s'ì— ì˜í•´ 사용ë˜ëŠ” 기본 ì˜ì—­" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "활성화ë¨" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "비활성화ë¨" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ì•„ì´ì½˜ ë¡œë”©ì— ì‹¤íŒ¨í–ˆìŠµë‹ˆë‹¤." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "문맥" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "명령행" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "ì‚¬ìš©ìž ì´ë¦„" #: ../src/firewall-config.in:244 msgid "User id" msgstr "ì‚¬ìš©ìž ID" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "í…Œì´ë¸”" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "ì²´ì¸" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "우선순위" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "ì¸ìˆ˜" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "런타임" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "ì˜êµ¬ì " #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "서비스" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "í¬íŠ¸" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "프로토콜" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "ëª©ì  í¬íŠ¸" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "ëª©ì  ì£¼ì†Œ" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "ë°”ì¸ë”©" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "항목" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp 유형" #: ../src/firewall-config.in:822 msgid "Family" msgstr "제품군" #: ../src/firewall-config.in:826 msgid "Action" msgstr "ë™ìž‘" #: ../src/firewall-config.in:828 msgid "Element" msgstr "요소" #: ../src/firewall-config.in:830 msgid "Src" msgstr "소스" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "대ìƒ" #: ../src/firewall-config.in:834 msgid "log" msgstr "로그" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ê°ì‚¬" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "ì¸í„°íŽ˜ì´ìŠ¤" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "코멘트" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "소스" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "경고" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "오류" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "허용" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "거부" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "드롭" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "표시" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "제한" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "서비스" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "í¬íŠ¸" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "프로토콜" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "마스커레ì´ë”©" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-차단" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp 유형" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "í¬ì›Œë“œ-í¬íŠ¸" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "레벨" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "예" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "ì˜ì—­" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "기본 ì˜ì—­: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "ì˜ì—­: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "ì˜ì—­ '%s': 서비스 '%s'를 사용할 수 없습니다." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "제거" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "무시" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "ì˜ì—­ '%s': ICMP 유형 '%s'ì„ ì‚¬ìš©í•  수 없습니다." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "ë‚´ìž¥ëœ ì˜ì—­, ì´ë¦„ì„ ë°”ê¿€ 수 없습니다." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "ì´ˆ" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "분" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ì‹œ" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "ì¼" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "긴급" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "주ì˜" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "위험" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "오류" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "경고" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "알림" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "ì •ë³´" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "디버그" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ì¸í„°íŽ˜ì´ìŠ¤ê°€ 마스커레ì´ë”©ë˜ëŠ” 경우ì—만 다른 ì‹œìŠ¤í…œì— ì „ì†¡í•˜ëŠ” ê²ƒì´ ìœ ìš©í•©ë‹ˆ" "다.\n" "ì´ ì˜ì—­ì„ 마스커레ì´ë”©í•˜ì‹œê² ìŠµë‹ˆê¹Œ?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "ë‚´ìž¥ëœ ì„œë¹„ìŠ¤, ì´ë¦„ì„ ë°”ê¿€ 수 없습니다." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "ipv4 주소를 address[/mask] 형ì‹ìœ¼ë¡œ 입력하십시오." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "mask는 ë„¤íŠ¸ì›Œí¬ ë§ˆìŠ¤í¬ ë˜ëŠ” 숫ìžë¡œ 지정할 수 있습니다." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "ipv6 주소를 address[/mask] 형ì‹ìœ¼ë¡œ 입력하십시오." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "mask는 숫ìžë¡œ 지정합니다." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "ipv4 ë˜ëŠ” ipv6 주소를 address[/mask] 형ì‹ìœ¼ë¡œ 입력하십시오." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "mask는 ë„¤íŠ¸ì›Œí¬ ë§ˆìŠ¤í¬ ë˜ëŠ” ipv4 숫ìžë¡œ 지정할 수 있습니다.\n" "mask는 ipv6 숫ìžìž…니다." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "ë‚´ìž¥ëœ ipset입니다. ì´ë¦„ì„ ë³€ê²½í•  수 없습니다." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "파ì¼ì„ ì„ íƒí•˜ì‹­ì‹œì˜¤" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "í…스트 파ì¼" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "모든 파ì¼" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "모ë‘" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "기본 제공 í—¬í¼, ì´ë¦„ 바꾸기가 지ì›ë˜ì§€ 않습니다." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "ë‚´ìž¥ëœ icmp, ì´ë¦„ì„ ë°”ê¿€ 수 없습니다." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "'%s' íŒŒì¼ ì½ê¸° 실패: %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "소스 '%s'ì˜ ì˜ì—­ì„ ì„ íƒ" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "주소" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "ìžë™ í—¬í¼" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "ìžë™ ë„움 ê°’ì„ ì„ íƒí•´ 주십시오.:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "ëª…ë ¹í–‰ì„ ìž…ë ¥í•˜ì‹­ì‹œì˜¤." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "컨í…스트를 입력하십시오." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "아래 목ë¡ì—ì„œ 기본 ì˜ì—­ì„ ì„ íƒí•˜ì‹­ì‹œì˜¤." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "ì§ì ‘ ì²´ì¸" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ipv ë° í…Œì´ë¸”ì„ ì„ íƒí•˜ê³  ì²´ì¸ ì´ë¦„ì„ ìž…ë ¥í•˜ì‹­ì‹œì˜¤." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "ì²´ì¸:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "날것" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "보안" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "í…Œì´ë¸”:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "ì§ì ‘ 통과 규칙" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ipv를 ì„ íƒí•˜ê³  ì¸ìˆ˜ë¥¼ 입력하십시오." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "ì¸ìˆ˜:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "í¬íŠ¸ í¬ì›Œë”©" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "í•„ìš”ì— ë”°ë¼ ì†ŒìŠ¤ ë° ìˆ˜ì‹ ì§€ ì˜µì…˜ì„ ì„ íƒí•˜ì‹œê¸° ë°”ëžë‹ˆë‹¤." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "í¬íŠ¸ / í¬íŠ¸ 범위:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP 주소:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "프로토콜:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "대ìƒ" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "로컬 í¬ì›Œë”©ì„ 사용하실 경우, í¬íŠ¸ë¥¼ 지정하셔야 합니다. ì´ëŸ¬í•œ í¬íŠ¸ëŠ” 소스 í¬" "트와 달ë¼ì•¼ 합니다." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "로컬 í¬íŠ¸ í¬ì›Œë”©" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "다른 í¬íŠ¸ë¡œ í¬ì›Œë“œ" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "기본 í—¬í¼ ì„¤ì •" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "기본 ë„움 ì„¤ì •ì„ êµ¬ì„±í•´ 주십시오.:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "굵게 í‘œì‹œëœ í•­ëª©ì€ í•„ìˆ˜ 항목ì´ë©° 모든 다른 í•­ëª©ì€ ì˜µì…˜ìž…ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "ì´ë¦„:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "버전:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "개요:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "설명:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "제품군:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "모듈:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "í—¬í¼" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "ë„움를 ì„ íƒí•´ 주십시오.:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "기본 ICMP 유형 설정" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "기본 ICMP 유형 ì„¤ì •ì„ êµ¬ì„±í•˜ì‹­ì‹œì˜¤:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP 유형" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ICMP ìœ í˜•ì„ ì„ íƒí•˜ì‹­ì‹œì˜¤" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "항목 추가" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "파ì¼ì—ì„œ 항목 추가" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "ì„ íƒí•œ 항목 ì‚­ì œ" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "모든 항목 ì‚­ì œ" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "파ì¼ì—ì„œ 항목 ì‚­ì œ" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "파ì¼(_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "옵션(_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld 다시 불러오기" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "방화벽 ê·œì¹™ì„ ë‹¤ì‹œ 로딩합니다. 현재 ì˜êµ¬ ì„¤ì •ì€ ìƒˆë¡œìš´ 런타임 ì„¤ì •ì´ ë©ë‹ˆë‹¤. " "즉, 방화벽 ê·œì¹™ì´ ì˜êµ¬ì  ì„¤ì •ì— ì¡´ìž¬í•˜ì§€ ì•Šì„ ê²½ìš° 다시 로딩할 ë•Œ 까지 변경" "ëœ ëª¨ë“  런타임 ë‚´ìš©ì´ ì†ì‹¤ë©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ë„¤íŠ¸ì›Œí¬ ì—°ê²°ì´ ì†í•´ 있는 ì˜ì—­ì„ 변경합니다." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "기본 ì˜ì—­ 변경" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "ì—°ê²° ë˜ëŠ” ì¸í„°íŽ˜ì´ìŠ¤ì˜ 기본 ì˜ì—­ì„ 변경합니다." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "로그 거부 변경" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "로그 거부 ê°’ì„ ë³€ê²½í•©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "ìžë™ ë„움 í• ë‹¹ì„ êµ¬ì„±í•´ 주십시오" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "ìžë™ í—¬í¼ í• ë‹¹ ì„¤ì •ì„ êµ¬ì„±í•´ 주십시오." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "패닉 모드는 모든 송수신 íŒ¨í‚·ì´ ì‚­ì œë¨ì„ ì˜ë¯¸í•©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "패닉 모드" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "잠금 ê¸°ëŠ¥ì€ ë°©í™”ë²½ ì„¤ì •ì„ ìž ê¸ˆí•˜ì—¬ 잠금 í™”ì´íŠ¸ë¦¬ìŠ¤íŠ¸ì— 있는 애플리케ì´ì…˜ë§Œ ë³€" "경할 수 있게 합니다." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "잠금" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "런타임 ì„¤ì •ì„ ì˜êµ¬ì ìœ¼ë¡œ 유지" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "ì˜êµ¬ì ìœ¼ë¡œ 런타임 설정" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "보기(_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP 유형" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "í—¬í¼" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "ì§ì ‘ 설정" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "잠금 í™”ì´íŠ¸ë¦¬ìŠ¤íŠ¸" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "ë°”ì¸ë”© 활성화" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "ë„움ë§(_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "ì˜ì—­ 변경" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "ë°”ì¸ë”© ì˜ì—­ 변경" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "ì˜ì—­ìœ¼ë¡œì˜ 소스, ì¸í„°íŽ˜ì´ìŠ¤, ì—°ê²°ì— ëŒ€í•œ 활성 런타임 ë°”ì¸ë”© 숨기기" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "ì˜ì—­ìœ¼ë¡œì˜ 소스, ì¸í„°íŽ˜ì´ìŠ¤, ì—°ê²°ì— ëŒ€í•œ 활성 런타임 ë°”ì¸ë”© 표시" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "설정:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "현재 사용 가능한 설정. 런타임 ì„¤ì •ì€ ì‹¤ì œ í™œì„±í™”ëœ ì„¤ì •ìž…ë‹ˆë‹¤. ì˜êµ¬ ì„¤ì •ì€ ì„œ" "비스나 ì‹œìŠ¤í…œì„ ë‹¤ì‹œ 로딩하거나 다시 시작한 후 사용할 수 있습니다." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld ì˜ì—­ì€ ì˜ì—­ê³¼ ê²°í•©ëœ ë„¤íŠ¸ì›Œí¬ ì—°ê²°, ì¸í„°íŽ˜ì´ìŠ¤ ë° ì†ŒìŠ¤ ì£¼ì†Œì˜ ì‹ ë¢°" "ëœ ìˆ˜ì¤€ì„ ì •ì˜í•©ë‹ˆë‹¤. ì˜ì—­ì€ 서비스, í¬íŠ¸ 프로토콜, 마스커레ì´ë”©, í¬íŠ¸/패킷 " "í¬ì›Œë”©, icmp í•„í„° ë° ê³ ê¸‰ ê·œì¹™ì˜ ì¡°í•©ìž…ë‹ˆë‹¤. ì˜ì—­ì€ ì¸í„°íŽ˜ì´ìŠ¤ì™€ 소스 주소로 " "ì—°ê²°ë  ìˆ˜ 있습니다." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "ì˜ì—­ 추가" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "ì˜ì—­ 편집" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "ì˜ì—­ 제거" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "ì˜ì—­ 기본값 ì½ê¸°" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "ì˜ì—­ì—ì„œ 신뢰할 수 있는 서비스를 지정할 수 있습니다. 신뢰할 수 있는 서비스는 " "ì´ ì˜ì—­ì— ê²°í•©ëœ ì—°ê²°, ì¸í„°íŽ˜ì´ìŠ¤, 소스ì—ì„œ ì‹œìŠ¤í…œì— ë„달할 수 있는 모든 호스" "트 ë° ë„¤íŠ¸ì›Œí¬ì—ì„œ 액세스 가능하게 ë©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "서비스" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "ì´ ì»´í“¨í„°ì— ì—°ê²° 가능한 모든 호스트 ë˜ëŠ” 네트워í¬ì— 액세스할 수 있어야 하는 " "추가 í¬íŠ¸ ë˜ëŠ” í¬íŠ¸ 범위를 추가합니다." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "í¬íŠ¸ 추가" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "í¬íŠ¸ 편집" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "í¬íŠ¸ ì‚­ì œ" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "í¬íŠ¸" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "모든 호스트 ë˜ëŠ” 네트워í¬ì— 액세스 가능한 í”„ë¡œí† ì½œì„ ì¶”ê°€í•©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "프로토콜 추가" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "프로토콜 편집" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "프로토콜 ì‚­ì œ" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "프로토콜" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "ì´ ì»´í“¨í„°ì— ì—°ê²° 가능한 모든 호스트 ë˜ëŠ” 네트워í¬ì— 액세스할 수 있어야 하는 " "추가 소스 í¬íŠ¸ ë˜ëŠ” í¬íŠ¸ 범위를 추가합니다." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "소스 í¬íŠ¸" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "마스커레ì´ë”© (Masquerading) ê¸°ëŠ¥ì€ ë¡œì»¬ 네트워í¬ë¥¼ ì¸í„°ë„·ì— 연결하는 호스트" "나 ë¼ìš°í„°ë¥¼ 설정할 수 있게 합니다. 로컬 네트워í¬ëŠ” ë³¼ 수 없으며 호스트는 ì¸í„°" "ë„·ì—ì„œ í•˜ë‚˜ì˜ ì£¼ì†Œë¡œ 나타납니다. 마스커레ì´ë”© (Masquerading) ê¸°ëŠ¥ì€ IPv4ì—ì„œ" "만 해당ë©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "마스커레ì´ë”© ì˜ì—­" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "마스커레ì´ë”©ì„ 활성화할 경우 IP í¬ì›Œë”©ì€ IPv4 네트워í¬ì— 대해 활성화ë©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "마스커레ì´ë”© (Masquerading)" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "로컬 시스템 ìƒì—ì„œ í•˜ë‚˜ì˜ í¬íŠ¸ì—ì„œ 다른 í¬íŠ¸ë¡œ ë˜ëŠ” 로컬 시스템ì—ì„œ 다른 시스" "템으로 í¬íŠ¸ë¥¼ í¬ì›Œë”©í•˜ê¸° 위해 í•­ëª©ì„ ì¶”ê°€í•©ë‹ˆë‹¤. 다른 시스템으로 í¬ì›Œë”©í•˜ëŠ” " "ê²ƒì€ ì¸í„°íŽ˜ì´ìŠ¤ê°€ 마스커레ì´ë”©ë˜ì—ˆì„ 경우ì—만 유용합니다. í¬íŠ¸ í¬ì›Œë”©ì€ IPv4" "ì—서만 해당ë©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "í¬ì›Œë“œ í¬íŠ¸ 추가" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "í¬ì›Œë“œ í¬íŠ¸ 편집" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "í¬ì›Œë“œ í¬íŠ¸ ì‚­ì œ" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ICMP (Internet Control Message Protocol)는 네트워í¬ë¡œ ì—°ê²°ëœ ì»´í“¨í„° ê°„ì˜ ì˜¤" "류 메세지를 보내는 ë° ì£¼ë¡œ 사용ë˜ì§€ë§Œ, 추가로 í•‘ 요청 ë° ì‘답과 ê°™ì€ ì•Œë¦¼ ë©”" "세지를 보내는 ë° ì‚¬ìš©ë  ìˆ˜ 있습니다." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "목ë¡ì—ì„œ 거부해야 í•  ICMP ìœ í˜•ì„ í‘œì‹œí•©ë‹ˆë‹¤. ê·¸ ì™¸ì˜ ëª¨ë“  ICMP ìœ í˜•ì€ ë°©í™”ë²½ " "통과를 허용합니다. ê¸°ë³¸ê°’ì€ ì œí•œ ì—†ìŒìž…니다." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "í•„í„° ë°˜ì „ì´ í™œì„±í™”ë˜ì–´ ìžˆì„ ê²½ìš° í‘œì‹œëœ ICMP í•­ëª©ì´ í—ˆìš©ë˜ë©° ê·¸ ì™¸ì˜ í•­ëª©ì€ " "거부ë©ë‹ˆë‹¤. ëŒ€ìƒ DROPì´ ìžˆëŠ” ì˜ì—­ì—ì„œ ì´ëŸ¬í•œ í•­ëª©ì€ ì„ íƒ í•´ì œë©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "í•„í„° 반전" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP í•„í„°" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "여기ì—ì„œ ì˜ì—­ì˜ 고급 언어 ê·œì¹™ì„ ì„¤ì • í•  수 있습니다." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "고급 규칙 추가" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "고급 규칙 편집" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "고급 규칙 ì‚­ì œ" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "고급 규칙" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "ì˜ì—­ì— ì¸í„°íŽ˜ì´ìŠ¤ë¥¼ ë°”ì¸ë”©í•  í•­ëª©ì„ ì¶”ê°€í•©ë‹ˆë‹¤. ì¸í„°íŽ˜ì´ìŠ¤ê°€ ì—°ê²°ì— ì˜í•´ 사용" "ë  ê²½ìš° ì˜ì—­ì€ ì—°ê²°ì— ì§€ì •ëœ ì˜ì—­ìœ¼ë¡œ 설정ë©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ì¸í„°íŽ˜ì´ìŠ¤ 추가" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ì¸í„°íŽ˜ì´ìŠ¤ 편집" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ì¸í„°íŽ˜ì´ìŠ¤ 제거" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "ì˜ì—­ì— 소스 주소 ë˜ëŠ” 범위를 ë°”ì¸ë”©í•  í•­ëª©ì„ ì¶”ê°€í•©ë‹ˆë‹¤. MAC 소스 주소를 ë°”ì¸" "딩할 수 있지만 ì œí•œì´ ë”°ë¦…ë‹ˆë‹¤. í¬íŠ¸ í¬ì›Œë”© ë° ë§ˆìŠ¤ì»¤ë ˆì´ë”©ì€ MAC 소스 ë°”ì¸ë”©" "ì— ìž‘ë™í•˜ì§€ 않습니다." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "소스 추가" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "소스 편집" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "소스 제거" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "ì˜ì—­" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld 서비스는 í¬íŠ¸, 프로토콜, 모듈 ë° ëŒ€ìƒ ì£¼ì†Œì˜ ì¡°í•©ìž…ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "서비스 추가" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "서비스 편집" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "서비스 ì‚­ì œ" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "서비스 기본값 ì½ê¸°" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "모든 호스트 ë˜ëŠ” 네트워í¬ì— 액세스 가능한 í¬íŠ¸ ë° í¬íŠ¸ 범위를 추가합니다." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "항목 편집" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "항목 ì‚­ì œ" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "모든 호스트 ë˜ëŠ” 네트워í¬ì— 액세스 가능한 소스 í¬íŠ¸ ë° í¬íŠ¸ 범위를 추가합니" "다." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "소스 í¬íŠ¸" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "ì¼ë¶€ 서비스 ì‹¤í–‰ì— Netfilter í—¬í¼ ëª¨ë“ˆì´ í•„ìš”í•©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "모듈" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "ëŒ€ìƒ ì£¼ì†Œë¥¼ 지정할 경우, 서비스 í•­ëª©ì€ ëŒ€ìƒ ì£¼ì†Œ ë° ìœ í˜•ìœ¼ë¡œ 제한ë©ë‹ˆë‹¤. ë‘ " "항목 모ë‘ê°€ 비어 ìžˆì„ ê²½ìš° ì œí•œì´ ì—†ê²Œ ë©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "서비스는 ì˜êµ¬ 설정 보기ì—서만 변경할 수 있습니다. ì„œë¹„ìŠ¤ì˜ ëŸ°íƒ€ìž„ ì„¤ì •ì€ ê³ ì •" "ë˜ì–´ 있습니다." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet를 사용하여 í™”ì´íŠ¸ë¦¬ìŠ¤íŠ¸ ë˜ëŠ” 블랙리스트를 만들 수 있으며 IP 주소, í¬íŠ¸ " "번호, MAC 주소 ë“±ì„ ì €ìž¥í•  수 있습니다. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "IPSet 추가" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "IPSet 편집" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "IPSet ì‚­ì œ" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "IPSet 기본값 불러오기" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "IPSet 항목입니다. 시간 제한 ì˜µì…˜ì„ ì‚¬ìš©í•˜ì§€ 않는 IPSet 항목과 firewalldì— ì˜" "í•´ ì¶”ê°€ëœ í•­ëª©ë§Œì„ í™•ì¸í•  수 있습니다. ì§ì ‘ ipset ëª…ë ¹ì„ ì‹¤í–‰í•˜ì—¬ ì¶”ê°€ëœ í•­ëª©" "ì„ í‘œì‹œë˜ì§€ 않습니다." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "IPSet는 시간 제한 ì˜µì…˜ì„ ì‚¬ìš©í•˜ê¸° ë•Œë¬¸ì— ì—¬ê¸°ì—는 í•­ëª©ì´ í‘œì‹œë˜ì§€ 않습니다. " "ipset ëª…ë ¹ì„ ì§ì ‘ 실행하여 í•­ëª©ì„ ê´€ë¦¬í•©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "추가" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "항목" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "ì˜êµ¬ 설정 보기ì—서만 IPSetì„ ìƒì„± ë˜ëŠ” 삭제할 수 있습니다." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld icmp ìœ í˜•ì€ firewalld ìš© ICMP (Internet Control Message Protocol) " "ìœ í˜•ì˜ ì •ë³´ë¥¼ 제공합니다." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP 유형 추가" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP 유형 편집" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP 유형 제거" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP ìœ í˜•ì˜ ê¸°ë³¸ê°’ 가져오기" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "ICMP ìœ í˜•ì´ IPv4 ë° IPv6ì—ì„œ 사용 가능한 ì§€ì— ëŒ€í•œ 여부를 지정합니다." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP ìœ í˜•ì€ ì˜êµ¬ 설정 보기ì—서만 변경할 수 있습니다. ICMP ìœ í˜•ì˜ ëŸ°íƒ€ìž„ 설정" "ì€ ê³ ì •ë˜ì–´ 있습니다." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "ì—°ê²° ì¶”ì  í—¬í¼ê°€ 신호 발송과 ë°ì´í„° ì „ì†¡ì— ì„œë¡œ 다른 íë¦„ì„ ì‚¬ìš©í•˜ëŠ” 프로토콜" "ì´ ìž‘ë™í•˜ë„ë¡ ë•ìŠµë‹ˆë‹¤. ë°ì´í„° ì „ì†¡ì€ ì‹ í˜¸ 발송 ì—°ê²°ê³¼ 무관한 í¬íŠ¸ë¥¼ 사용하므" "ë¡œ í—¬í¼ ì—†ì´ëŠ” ë°©í™”ë²½ì— ì˜í•´ 차단ë©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "í—¬í¼ê°€ 모니터ë§í•˜ëŠ” í¬íŠ¸ ë˜ëŠ” í¬íŠ¸ 범위를 ì •ì˜í•´ 주십시오." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "ì§ì ‘ 설정하면 ë°©í™”ë²½ì— ì§ì ‘ 액세스할 수 있습니다. ì´ ì˜µì…˜ì€ ì‚¬ìš©ìžê°€ iptables" "ì˜ ê¸°ë³¸ ê°œë…, 즉 í…Œì´ë¸”, ì²´ì¸, 명령, 매개 변수, 대ìƒì— 대한 지ì‹ì„ 가지고 있" "ìŒì„ 전제로 하고 있습니다. ì§ì ‘ ì„¤ì •ì€ ë‹¤ë¥¸ 방화벽 ê¸°ëŠ¥ì„ ì‚¬ìš©í•  수 없는 경우" "ì— ë§ˆì§€ë§‰ 방법으로 사용해야 합니다." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "ê° ì˜µì…˜ì˜ ipv ì¸ìˆ˜ëŠ” ipv4, ipv6, eb 중 하나여야 합니다. ipv4를 지정하면 " "iptablesê°€ 사용ë©ë‹ˆë‹¤. ipv6를 지정하면 ip6tablesê°€ 사용ë©ë‹ˆë‹¤. eb를 사용하면 " "ì´ë”ë„· 브리지 (ebtables)ê°€ 사용ë©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "규칙과 함께 사용ë˜ëŠ” 추가 ì²´ì¸ìž…니다." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "ì²´ì¸ ì¶”ê°€" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "ì²´ì¸ íŽ¸ì§‘" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "ì²´ì¸ ì œê±°" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "ì²´ì¸" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "ê·œì¹™ì„ args ì¸ìˆ˜ì™€ 함께 í…Œì´ë¸”ì— ìžˆëŠ” ì²´ì¸ì— ìš°ì„  순위를 붙여 추가합니다." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "ìš°ì„  순위는 ê·œì¹™ì˜ ìˆœì„œë¥¼ ì§€ì •í•˜ëŠ”ë° ì‚¬ìš©ë©ë‹ˆë‹¤. ìš°ì„  순위 0ì€ ê·œì¹™ì„ ì²´ì¸ì˜ " "처ìŒì— 추가합니다. ë” ë†’ì€ ìš°ì„  순위를 가진 ê·œì¹™ì´ ë” ì•„ëž˜ì— ì¶”ê°€ë©ë‹ˆë‹¤. ë™ì¼" "í•œ ìš°ì„  순위를 갖는 ê·œì¹™ì€ ë™ì¼í•œ ìˆ˜ì¤€ì´ ë˜ë©° ì´ëŸ¬í•œ ê·œì¹™ì˜ ìˆœì„œëŠ” ê³ ì •ë˜ì§€ " "ì•Šê³  ë³€ê²½ë  ìˆ˜ 있습니다. ê·œì¹™ì„ ë‹¤ë¥¸ 규칙 ë’¤ì— ì¶”ê°€í•˜ë ¤ë©´ 먼저 ë‚®ì€ ìš°ì„  순위" "를 사용하고 ê·¸ 다ìŒìœ¼ë¡œ ë” ë†’ì€ ìš°ì„  순위를 사용합니다." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "규칙 추가" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "규칙 편집" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "규칙 ì‚­ì œ" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "규칙" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "통과 ê·œì¹™ì€ ì§ì ‘ ë°©í™”ë²½ì— ì „ë‹¬ë˜ëŠ” 규칙으로 특별한 ì²´ì¸ì— ë‘지 않습니다. " "iptables, ip6tables, ebtablesì˜ ëª¨ë“  ì˜µì…˜ì„ ì‚¬ìš©í•  수 있습니다." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "통과 ê·œì¹™ì´ ë°©í™”ë²½ì— ì†ìƒì„ 입히지 ì•Šë„ë¡ ì£¼ì˜í•˜ì‹­ì‹œì˜¤." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "통과 규칙 추가" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "통과 규칙 편집" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "통과 규칙 제거" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "통과 규칙" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "잠금 ê¸°ëŠ¥ì€ firewalldì˜ ì‚¬ìš©ìž ë° ì• í”Œë¦¬ì¼€ì´ì…˜ ì •ì±…ì— ëŒ€í•œ 경량 버전입니다. " "ì´ëŠ” 방화벽 ë³€ê²½ì„ ì œí•œí•©ë‹ˆë‹¤. 잠금 í™”ì´íŠ¸ë¦¬ìŠ¤íŠ¸ì—는 명령, ë‚´ìš©, ì‚¬ìš©ìž ë° ì‚¬" "ìš©ìž IDê°€ í¬í•¨ë˜ì–´ 있습니다." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "컨í…스트는 실행 ì¤‘ì¸ ì• í”Œë¦¬ì¼€ì´ì…˜ì´ë‚˜ ì„œë¹„ìŠ¤ì˜ ë³´ì•ˆ (SELinux) 컨í…스트입니" "다. 실행 ì¤‘ì¸ ì• í”Œë¦¬ì¼€ì´ì…˜ì˜ 컨í…스트를 얻으려면 ps -e --context를 " "사용합니다." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "문맥 추가" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "문맥 편집" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "문맥 제거" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "컨í…스트" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "í™”ì´íŠ¸ë¦¬ìŠ¤íŠ¸ì˜ ëª…ë ¹ì´ ë³„í‘œ '*'ë¡œ ë나는 경우 해당 명령으로 시작하는 모든 명령" "행과 ì¼ì¹˜í•˜ê²Œ ë©ë‹ˆë‹¤. '*'ê°€ ì—†ì„ ê²½ìš° ì¸ìˆ˜ë¥¼ í¬í•¨í•˜ì—¬ ëª…ë ¹ì´ ì •í™•í•˜ê²Œ ì¼ì¹˜í•´" "야 합니다." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "명령행 추가" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "명령행 편집" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "명령행 제거" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "명령행" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "ì‚¬ìš©ìž ì´ë¦„." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "ì‚¬ìš©ìž ì´ë¦„ 추가" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "ì‚¬ìš©ìž ì´ë¦„ 편집" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "ì‚¬ìš©ìž ì´ë¦„ 제거" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "ì‚¬ìš©ìž ì´ë¦„" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ì‚¬ìš©ìž ID." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "ì‚¬ìš©ìž ID 추가" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "ì‚¬ìš©ìž ID 편집" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "ì‚¬ìš©ìž ID 제거" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ì‚¬ìš©ìž ID" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "ì‹œìŠ¤í…œì˜ í˜„ìž¬ 기본 ì˜ì—­ìž…니다." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "로그 거부:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "패닉 모드:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "ìžë™ í—¬í¼:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "잠금:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "기본 ì˜ì—­:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "ì¸í„°íŽ˜ì´ìŠ¤ ì´ë¦„ì„ ìž…ë ¥í•´ 주십시오:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "기본 IPSet 설정" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "기본 IPSetì„ ì„¤ì •í•˜ì‹­ì‹œì˜¤:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "유형:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "제한 시간:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "í•´ì‹œ í¬ê¸°:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "최대 요소:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "제한 시간 ê°’ (ì´ˆ 단위)" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "초기 í•´ì‹œ í¬ê¸°, 기본값 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "최대 요소 ê°’, 기본값 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "IPSetì„ ì„ íƒí•˜ì‹­ì‹œì˜¤:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "ipset í•­ëª©ì„ ìž…ë ¥í•´ 주십시오:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "로그 거부" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "로그 거부 ê°’ì„ ì„ íƒí•˜ì‹­ì‹œì˜¤:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "마í¬" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "mask 옵션으로 마í¬ë¥¼ 입력하십시오." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "ë§ˆí¬ ë° mask 필드는 32 ë¹„íŠ¸ì˜ ë¶€í˜¸ì—†ëŠ” 숫ìžìž…니다." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "마í¬:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Mask:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Netfilter conntrack ë„움를 ì„ íƒí•´ 주십시오.:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- ì„ íƒ -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "기타 모듈:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "í¬íŠ¸ ë° í”„ë¡œí† ì½œ" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "í¬íŠ¸ ë° í”„ë¡œí† ì½œì„ ìž…ë ¥í•˜ì‹­ì‹œì˜¤." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "ì§ì ‘ 규칙" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "ipv ë° í…Œì´ë¸”, ì²´ì¸ ìš°ì„  순위를 ì„ íƒí•˜ê³  ì¸ìˆ˜ë¥¼ 입력하십시오." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "ìš°ì„  순위:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "í”„ë¡œí† ì½œì„ ìž…ë ¥í•˜ì‹­ì‹œì˜¤." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "다른 프로토콜:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "고급 규칙" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "고급 ê·œì¹™ì„ ìž…ë ¥í•˜ì‹­ì‹œì˜¤." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" "호스트 ë˜ëŠ” 네트워í¬ì˜ 경우 허용 ë˜ëŠ” 거부 목ë¡ì— ë”°ë¼ ìš”ì†Œê°€ 비활성화ë©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "소스:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "수신지:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "기ë¡:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ê°ì‚¬:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 ë° ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "변환ë¨" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "ì´ë¥¼ 활성화하려면 ìž‘ì—…ì„ '거부'하고 'ipv4' ë˜ëŠ” 'ipv6' 중 하나 (둘 중 하나)" "ì˜ ì œí’ˆêµ°ì„ ì„ íƒí•©ë‹ˆë‹¤." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "유형:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "제한:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "ì ‘ë‘부:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "단계:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "요소:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "ë™ìž‘:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "기본 서비스 설정" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "기본 서비스 ì„¤ì •ì„ êµ¬ì„± 하십시오:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "서비스를 ì„ íƒí•˜ì‹­ì‹œì˜¤." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "소스를 입력해 주십시오." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ì‚¬ìš©ìž ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ì‚¬ìš©ìž ID를 입력하십시오." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "ì‚¬ìš©ìž ì´ë¦„ì„ ìž…ë ¥í•˜ì‹­ì‹œì˜¤." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "ë ˆì´ë¸”" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "기본 ì˜ì—­ 설정" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "기본 ì˜ì—­ ì„¤ì •ì„ êµ¬ì„± 하십시오:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "기본 대ìƒ" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "대ìƒ:" firewalld-1.1.1/po/lt.po0000644000000000000000000014730514217342322015070 0ustar00rootroot00000000000000# Moo , 2018. #zanata # Moo , 2019. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2019-05-13 08:05+0000\n" "Last-Translator: Moo \n" "Language-Team: Lithuanian\n" "Language: lt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Zanata 4.6.2\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n" "%100<10 || n%100>=20) ? 1 : 2)\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Užkardos programÄ—lÄ—" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Užkarda" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Užkardos konfigÅ«ravimas" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "užkarda;tinklas;saugumas;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Pasirinkite zonÄ… sÄ…sajai \"%s\"" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Numatytoji zona" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Pasirinkite zonÄ… ryÅ¡iui \"%s\"" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Nepavyko ryÅ¡iui {connection_name} nustatyti zonÄ… {zone} " #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Å i ypatybÄ— yra naudinga žmonÄ—ms, kurie, daugiausiai, naudoja numatytÄ…sias " "zonas. Naudotojams, kurie keiÄia ryÅ¡ių zonas Å¡i ypatybÄ— gali bÅ«ti ribota." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Atstatyti į numatytÄ…jÄ…" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Apie %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Autoriai" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licencija" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Ä®jungti praneÅ¡imus" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Taisyti užkardos nustatymus..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Keisti ryÅ¡ių zonas..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Blokuoti visÄ… tinklo duomenų srautÄ…" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Apie" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "RyÅ¡iai" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "SÄ…sajos" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Å altiniai" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Nepavyko suteikti prieigos teises." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Neteisingas pavadinimas" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Pavadinimas jau yra" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Numatytoji zona: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Nepavyko gauti ryÅ¡ių iÅ¡ NetworkManager" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "NÄ—ra prieinami jokie NetworkManager importavimai" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "NÄ—ra ryÅ¡io su užkardos tarnyba" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Visas tinklo duomenų srautas yra užblokuotas." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Numatytoji zona: \"%s\"" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Numatytoji zona \"{default_zone}\" aktyvi ryÅ¡iui \"{connection}\" ties " "sÄ…saja \"{interface}\"" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zona \"{zone}\" aktyvi ryÅ¡iui \"{connection}\" ties sÄ…saja \"{interface}\"" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zona \"{zone}\" aktyvi sÄ…sajai \"{interface}\"" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zona \"{zone}\" aktyvi sÄ…sajai {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "NÄ—ra jokių aktyvių zonų." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Užmegztas ryÅ¡ys su FirewallD." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Prarastas ryÅ¡ys su FirewallD." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD buvo įkelta iÅ¡ naujo." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Numatytoji zona pakeista į \"%s'\"" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Tinklo duomenų srautas daugiau nebÄ—ra užblokuotas." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "aktyvuota" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "pasyvinta" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Numatytoji zona \"{default_zone}\" {activated_deactivated} ryÅ¡iui " "\"{connection}\" ties sÄ…saja \"{interface}\"" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona \"{zone}\" {activated_deactivated} ryÅ¡iui \"{connection}\" ties sÄ…saja " "\"{interface}\"" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zona \"{zone}\" {activated_deactivated} sÄ…sajai \"{interface}\"" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zona \"%s\" aktyvuota sÄ…sajai \"%s\"" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zona \"{zone}\" {activated_deactivated} Å¡altiniui \"{source}\"" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zona \"%s\" aktyvuota Å¡altiniui \"%s\"" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Užmegztas ryÅ¡ys su firewalld." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Bandoma prisijungti prie firewalld, laukiama..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Nepavyko prisijungti prie firewalld. Ä®sitikinkite, kad tarnyba buvo paleista " "teisingai ir bandykite dar kartÄ…." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Pakeitimai pritaikyti." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Naudoja tinklo ryÅ¡ys \"%s\"" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Numatytoji zona, naudojama ryÅ¡io \"%s\"" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "įjungta" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "iÅ¡jungta" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Nepavyko įkelti piktogramų." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Kontekstas" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Komandų eilutÄ—" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Naudotojo vardas" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Naudotojo id" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "LentelÄ—" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "GrandinÄ—" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "PirmenybÄ—" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Vykdymo trukmÄ—s" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "IlgalaikÄ—" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Tarnyba" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Prievadas" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokolas" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Ä® prievadÄ…" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Ä® adresÄ…" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Susiejimai" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Ä®raÅ¡as" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp tipas" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Å eima" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Veiksmas" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elementas" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Å alt." #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Pask." #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "SÄ…saja" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Komentaras" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Å altinis" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Ä®spÄ—jimas" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Klaida" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "priimti" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "atmesti" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "žymÄ—ti" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "prievadas" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokolas" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "taip" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Numatytoji zona: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zona: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona \"%s\": Tarnyba \"%s\" yra neprieinama." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Å alinti" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Nepaisyti" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona \"%s\": ICMP tipas \"%s\" yra neprieinamas." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Ä®taisytoji zona, pervadinimas yra nepalaikomas." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekundÄ—" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minutÄ—" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "valanda" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "diena" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "klaida" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "įspÄ—jimas" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "informacija" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "derinimas" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Peradresavimas į kitÄ… sistemÄ… yra naudingas tik tuomet, jei sÄ…saja yra " "maskuojama.\n" "Ar norite maskuoti Å¡iÄ… zonÄ…?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Ä®taisytoji tarnyba, pervadinimas yra nepalaikomas." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "KaukÄ— gali bÅ«ti tinklo kaukÄ— arba skaiÄius." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "KaukÄ— yra skaiÄius." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "KaukÄ— gali bÅ«ti tinklo kaukÄ— arba, ipv4 atveju, gali bÅ«ti skaiÄius.\n" "KaukÄ—, ipv6 atveju, yra skaiÄius." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Pasirinkite failÄ…" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Tekstiniai failai" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Visi failai" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Visi" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Ä®taisytasis pagelbiklis, pervadinimas yra nepalaikomas." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Ä®taisytasis icmp, pervadinimas yra nepalaikomas." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Nepavyko skaityti failÄ… \"%s\": %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresas" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatiniai pagelbikliai" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Pasirinkite automatinių pagelbiklių reikÅ¡mÄ™:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Ä®veskite komandų eilutÄ™." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Ä®veskite kontekstÄ…." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Pasirinkite numatytÄ…jÄ… zonÄ… iÅ¡ sÄ…raÅ¡o žemiau." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "TiesioginÄ— grandinÄ—" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Pasirinkite ipv bei lentelÄ™ ir įveskite grandinÄ—s pavadinimÄ…." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "GrandinÄ—:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "LentelÄ—:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumentai:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Prievadų peradresavimas" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Pasirinkite Å¡altinio ir paskirties parametrus pagal savo poreikius." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Prievadas / Prievadų rėžis:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP adresas:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokolas:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Paskirtis" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Jeigu įjungsite vietinį peradresavimÄ…, turÄ—site nurodyti prievadÄ…. Å is " "prievadas turÄ—s bÅ«ti kitoks nei Å¡altinio prievadas." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Vietinis peradresavimas" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Peradresuoti į kitÄ… prievadÄ…" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Pusjuodžiai įraÅ¡ai yra privalomi, visi kiti - nebÅ«tini." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Pavadinimas:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versija:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Sutrumpinimas:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "ApraÅ¡as:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Å eima:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modulis:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Pagelbiklis" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Pasirinkite pagelbiklį:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP tipas" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Pasirinkite ICMP tipÄ…" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "PridÄ—ti įraÅ¡Ä…" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "PridÄ—ti įraÅ¡us iÅ¡ failo" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Å alinti pažymÄ—tus įraÅ¡us" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Å alinti visus įraÅ¡us" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Å alinti įraÅ¡us iÅ¡ failo" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Failas" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Parametrai" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Ä®kelti Firewalld iÅ¡ naujo" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "IÅ¡ naujo įkelia visas užkardos taisykles. DabartinÄ— ilgalaikÄ— konfigÅ«racija " "taps naujÄ…ja vykdymo trukmÄ—s konfigÅ«racija. T. y. įkÄ—lus iÅ¡ naujo, visi tik " "vykdymo trukmÄ—s pakeitimai bus prarasti, jeigu jų nebuvo taip pat ir " "ilgalaikÄ—je konfigÅ«racijoje." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Keisti kuriai zonai priklausys tinklo ryÅ¡ys." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Keisti numatytÄ…jÄ… zonÄ…" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Keisti numatytÄ…jÄ… ryÅ¡ių ir sÄ…sajų zonÄ…." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "KonfigÅ«ruoti automatinių pagelbiklių priskyrimÄ…" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "KonfigÅ«ruoti automatinių pagelbiklių priskyrimo nustatymÄ…." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Panikos veiksena" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Paversti vykdymo trukmÄ—s konfigÅ«racija į ilgalaikÄ™" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Vykdymo trukmÄ—s į ilgalaikÄ™" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Rodinys" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP tipai" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Pagelbikliai" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "TiesioginÄ— konfigÅ«racija" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "AktyvÅ«s susiejimai" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "Ž_inynas" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Keisti zonÄ…" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Keisti susiejimo zonÄ…" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "KonfigÅ«racija:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Å iuo metu matoma konfigÅ«racija. Vykdymo trukmÄ—s konfigÅ«racija yra dabartinÄ— " "aktyvi konfigÅ«racija. IlgalaikÄ— konfigÅ«racija bus aktyvi po tarnybos ar " "sistemos įkelimo iÅ¡ naujo, ar paleidimo iÅ¡ naujo." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Firewalld zona apibrėžia su zona susietų tinklo ryÅ¡ių, sÄ…sajų ir Å¡altinio " "adresų pasitikÄ—jimo lygius. ZonÄ… sudaro tarnybos, prievadai, protokolai, " "maskavimai, prievadų/paketų peradresavimai, icmp filtrai ir iÅ¡samios " "taisyklÄ—s. Zona gali bÅ«ti susieta su sÄ…sajomis ir Å¡altinio adresais." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "PridÄ—ti zonÄ…" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Taisyti zonÄ…" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Å alinti zonÄ…" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Tarnybos" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "PridÄ—ti prievadÄ…" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Taisyti prievadÄ…" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Å alinti prievadÄ…" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Prievadai" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "PridÄ—ti protokolÄ…" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Taisyti protokolÄ…" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Å alinti protokolÄ…" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokolai" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Maskuoti zonÄ…" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Jeigu įjungsite maskavimÄ…, tuomet jÅ«sų IPv4 tinklams bus įjungtas IP " "peradresavimas." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskavimas" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internetinio valdymo praneÅ¡imų protokolas (angl. Internet Control Message " "Protocol (ICMP)) pagrinde yra naudojamas siųsti žinutes tarp kompiuterių " "tinkle, o taip pat ir informacinius praneÅ¡imus, tokius kaip ryÅ¡io " "patikrinimų užklausas ir atsakymus." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Invertuoti filtrÄ…" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP filtras" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "ÄŒia galite nustatyti zonai iÅ¡samios kalbos taisykles." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "PridÄ—ti iÅ¡samiÄ… taisyklÄ™" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Taisyti iÅ¡samiÄ… taisyklÄ™" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Å alinti iÅ¡samiÄ… taisyklÄ™" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "IÅ¡samios taisyklÄ—s" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "PridÄ—kite įraÅ¡us, norÄ—dami susieti sÄ…sajas su zona. Jeigu ryÅ¡ys naudos " "sÄ…sajÄ…, tuomet zona bus nustatyta į tÄ…, kuri yra nurodyta ryÅ¡yje." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "PridÄ—ti sÄ…sajÄ…" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Taisyti sÄ…sajÄ…" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Å alinti sÄ…sajÄ…" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "PridÄ—kite įraÅ¡us, norÄ—dami susieti adresus ar sritis su zona. Taip pat " "galite susieti su MAC Å¡altinio adresu, taÄiau su apribojimais. Prievadų " "peradresavimas ir maskavimas neveiks su MAC Å¡altinio susiejimais." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "PridÄ—ti Å¡altinį" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Taisyti Å¡altinį" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Å alinti Å¡altinį" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zonos" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Firewalld tarnyba yra prievadų, protokolų, modulių ir paskirties adresų " "kombinacija." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "PridÄ—ti tarnybÄ…" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Taisyti tarnybÄ…" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Å alinti tarnybÄ…" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Taisyti įraÅ¡Ä…" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Å alinti įraÅ¡Ä…" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduliai" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Tarnybos gali bÅ«ti keiÄiamos tik ilgalaikÄ—s konfigÅ«racijos rodinyje. Tarnybų " "vykdymo trukmÄ—s konfigÅ«racija yra fiksuota." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "PridÄ—ti" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Ä®raÅ¡ai" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "PridÄ—ti ICMP tipÄ…" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Taisyti ICMP tipÄ…" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Å alinti ICMP tipÄ…" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Nurodykite ar Å¡is ICMP tipas yra prieinamas IPv4 ir/ar IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP tipai gali bÅ«ti keiÄiami tik ilgalaikÄ—s konfigÅ«racijos rodinyje. ICMP " "tipų vykdymo trukmÄ—s konfigÅ«racija yra fiksuota." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Apibrėžkite prievadus ar prievadų rėžius, kurie bus stebimi pagelbiklio." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Papildomos grandinÄ—s, kurios bus naudojamos su taisyklÄ—mis." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "PridÄ—ti grandinÄ™" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Taisyti grandinÄ™" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Å alinti grandinÄ™" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "GrandinÄ—s" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "PridÄ—ti taisyklÄ™" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Taisyti taisyklÄ™" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Å alinti taisyklÄ™" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "TaisyklÄ—s" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "PridÄ—ti kontekstÄ…" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Taisyti kontekstÄ…" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Å alinti kontekstÄ…" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Kontekstai" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "PridÄ—ti komandų eilutÄ™" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Taisyti komandų eilutÄ™" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Å alinti komandų eilutÄ™" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Komandų eilutÄ—s" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Naudotojų vardai." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "PridÄ—ti naudotojo vardÄ…" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Taisyti naudotojo vardÄ…" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Å alinti naudotojo vardÄ…" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Naudotojų vardai" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Naudotojų id." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "PridÄ—ti naudotojo Id" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Taisyti naudotojo Id" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Å alinti naudotojo Id" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Naudotojų Id" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "DabartinÄ— numatytoji sistemos zona." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Panikos veiksena:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatiniai pagelbikliai:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Numatytoji zona:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Ä®veskite sÄ…sajos pavadinimÄ…:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tipas:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Laiko limitas:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Laiko limitas, sekundÄ—mis" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Pradinis maiÅ¡os dydis, numatytasis 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maksimalus elementų skaiÄius, numatytasis 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "ŽymÄ—ti" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Ä®veskite žymÄ—jimÄ… ir neprivalomai kaukÄ™." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "ŽymÄ—jimo ir kaukÄ—s laukai abudu yra 32 bitų ploÄio skaiÄiai be ženklo." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "ŽymÄ—jimas:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "KaukÄ—:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Pasirinkite -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Kitas modulis:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Prievadas ir protokolas" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Ä®veskite prievadÄ… ir protokolÄ…." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "TiesioginÄ— taisyklÄ—" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "PirmenybÄ—:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Ä®veskite protokolÄ…." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Kitas protokolas:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "IÅ¡sami taisyklÄ—" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Ä®veskite iÅ¡samiÄ… taisyklÄ™" #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "" "Serverio ar tinklo įtraukimui į baltÄ…jį ar juodÄ…jį sÄ…raÅ¡Ä…, pasyvinkite " "elementÄ…." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Å altinis:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Paskirtis:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Registruoti:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 ir ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "invertuota" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "naudojant tipÄ…:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "naudojant ribÄ…:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "PrieÅ¡dÄ—lis:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Elementas:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Veiksmas:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Pasirinkite tarnybÄ…." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Ä®veskite Å¡altinį." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Naudotojo ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Ä®veskite naudotojo id." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Ä®veskite naudotojo vardÄ…." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etiketÄ—" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-1.1.1/po/ml.po0000644000000000000000000022755414217342322015066 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Ani Peter , 2006-2007,2009,2014 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2015-02-26 10:00+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Malayalam (http://www.transifex.com/projects/p/firewalld/" "language/ml/)\n" "Language: ml\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "ഫയരàµâ€à´µàµ‹à´³àµâ€ ആപàµà´²àµ†à´±àµà´±àµ" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ഫയരàµâ€à´µàµ‹à´³àµâ€" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ഫയരàµâ€à´µàµ‹à´³àµâ€ à´•àµà´°à´®àµ€à´•à´°à´£à´‚" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "'%s' ഇനàµà´±à´°àµâ€à´«àµ†à´¯à´¿à´¸à´¿à´¨àµàµ മേഘല തെരഞàµà´žàµ†à´Ÿàµà´•àµà´•àµà´•" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "à´¸àµà´µà´¤à´µàµ‡à´¯àµà´³à´…à´³ മേഖല" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "'%s' കണകàµà´·à´¨àµàµ മേഖല തെരഞàµà´žàµ†à´Ÿàµà´•àµà´•àµà´•" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "ഷീളàµâ€à´¡àµà´¸àµ à´…à´ªàµà´ªàµ/ഡൌണàµâ€ മേഘലകളàµâ€ à´•àµà´°à´®àµ€à´•à´°à´¿à´¯àµà´•àµà´•àµà´•" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "ഷീളàµâ€à´¡àµà´¸àµ à´…à´ªàµà´ªàµ, ഷീളàµâ€à´¡àµà´¸àµ ഡൌണàµâ€ à´Žà´¨àµà´¨à´¿à´µà´¯àµà´•àµà´•àµà´ªà´¯àµ‹à´—à´¿à´šàµà´š മേഘലകളàµâ€ നിങàµà´™à´³àµâ€à´•àµà´•àµàµ ഇവിടെ തെരഞàµà´žàµ†à´Ÿàµà´•àµà´•à´¾à´‚." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "മികàµà´•à´ªàµà´ªàµ‹à´´àµà´‚ à´¸àµà´µà´¤à´µàµ‡à´¯àµà´³àµà´³ മേഘലകളàµâ€ ഉപയോഗിയàµà´•àµà´•àµà´µà´°àµâ€à´•àµà´•àµàµ à´ˆ വിശേഷത à´ªàµà´°à´¯àµ‹à´œà´¨à´•à´°à´®à´¾à´£àµàµ. കണകàµà´·à´¨àµà´•à´³àµà´Ÿàµ† " "മേഘലകളàµâ€ മാറàµà´±àµà´¨àµà´¨ ഉപയോകàµà´¤à´¾à´•àµà´•à´³àµâ€à´•àµà´•àµàµ അധികം ഉപയോഗമàµà´£àµà´Ÿà´¾à´µà´¿à´²àµà´²." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "ഷീളàµâ€à´¡àµà´¸àµ à´…à´ªàµà´ªàµ മേഘല:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "ഷീളàµâ€à´¡àµà´¸àµ ഡൌണàµâ€ മേഘല:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "ഷീളàµâ€à´¡àµà´¸àµ à´…à´ªàµà´ªàµ" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "അറിയിപàµà´ªàµà´•à´³àµâ€ à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨ സജàµà´œà´®à´¾à´•àµà´•àµà´•" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "ഫയരàµâ€à´µàµ‹à´³àµâ€ സജàµà´œàµ€à´•à´°à´£à´™àµà´™à´³àµâ€ à´šà´¿à´Ÿàµà´Ÿà´ªàµà´ªàµ†à´Ÿàµà´¤àµà´¤àµà´•..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "കണകàµà´·à´¨àµà´•à´³àµâ€à´•àµà´•àµà´³àµà´³ മേഘലകളàµâ€ മാറàµà´±àµà´•..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "ഷീളàµâ€à´¡àµà´¸àµ à´…à´ªàµà´ªàµ/ഡൌണàµâ€ മേഘലകളàµâ€ à´•àµà´°à´®àµ€à´•à´°à´¿à´¯àµà´•àµà´•àµà´•..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "à´Žà´²àµà´²à´¾ നെറàµà´±àµâ€Œà´µà´°àµâ€à´•àµà´•àµ à´Ÿàµà´°à´¾à´«à´¿à´•àµà´•àµà´‚ തടയàµà´•" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "കണകàµà´·à´¨àµà´•à´³àµâ€" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "à´¶àµà´°àµ‹à´¤à´¸àµà´¸àµà´•à´³àµâ€" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ആധികാരികത ഉറപàµà´ªà´¾à´•àµà´•à´²àµâ€ പരാജയപàµà´ªàµ†à´Ÿàµà´Ÿàµ." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "തെറàµà´±à´¾à´¯ ആരàµâ€à´—àµà´¯àµà´®àµ†à´¨àµà´±àµ %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "പേരàµàµ നിലവിലàµà´£àµà´Ÿàµàµ" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "ഫയരàµâ€à´µàµ‹à´³àµâ€ ഡെമണിലേകàµà´•àµàµ കണകàµà´·à´¨àµâ€ ലഭàµà´¯à´®à´²àµà´²" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "à´Žà´²àµà´²à´¾ നെറàµà´±àµâ€Œà´µà´°àµâ€à´•àµà´•àµ à´Ÿàµà´°à´¾à´«à´¿à´•àµà´•àµà´‚ തടഞàµà´žà´¿à´°à´¿à´¯àµà´•àµà´•àµà´¨àµà´¨àµ" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "à´¸àµà´µà´¤à´µàµ‡à´¯àµà´³àµà´³ മേഘല: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "'{interface}' ഇനàµà´±à´°àµâ€à´«àµ†à´¯à´¿à´¸à´¿à´²àµâ€ '{connection}' കണകàµà´·à´¨àµàµ സജീവമായ '{zone}' മേഘല" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "'{interface}' ഇനàµà´±à´°àµâ€à´«àµ†à´¯à´¿à´¸à´¿à´²àµâ€ സജീവമായ '{zone}' മേഘല" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "{source} à´¶àµà´°àµ‹à´¤à´¸àµà´¸à´¿à´²àµâ€â€ സജീവമായ '{zone}' മേഘല" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "സജീവമായ മേഘലകളàµâ€ ലഭàµà´¯à´®à´²àµà´²." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallD-à´¯àµà´•àµà´•àµà´³àµà´³ കണകàµà´·à´¨àµâ€ à´¸àµà´¥à´¾à´ªà´¿à´šàµà´šà´¿à´°à´¿à´¯àµà´•àµà´•àµà´¨àµà´¨àµ." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallD-ലേകàµà´•àµà´³àµà´³ കണകàµà´·à´¨àµâ€ നഷàµà´Ÿà´®à´¾à´¯à´¿." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD വീണàµà´Ÿàµà´‚ ലഭàµà´¯à´®à´¾à´•àµà´•à´¿à´¯à´¿à´°à´¿à´¯àµà´•àµà´•àµà´¨àµà´¨àµ." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "à´¸àµà´µà´¤à´µàµ‡à´¯àµà´³àµà´³ മേഘല '%s' ആയി മാറàµà´±à´¿à´¯à´¿à´°à´¿à´¯àµà´•àµà´•àµà´¨àµà´¨àµ." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "നെറàµà´±àµâ€Œà´µà´°àµâ€à´•àµà´•àµ à´Ÿàµà´°à´¾à´«à´¿à´•àµà´•àµ ഇനി തടസàµà´¸à´ªàµà´ªàµ†à´Ÿàµà´¤àµà´¤à´¿à´¯à´¿à´Ÿàµà´Ÿà´¿à´²àµà´²." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "സജീവമാകàµà´•à´¿à´¯à´¿à´°à´¿à´•àµà´•àµà´¨àµà´¨àµ" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "നിരàµâ€à´œàµà´œàµ€à´µà´®à´¾à´•àµà´•à´¿à´¯à´¿à´°à´¿à´¯àµà´•àµà´•àµà´¨àµà´¨àµ" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "'{interface}' ഇനàµà´±à´°àµâ€à´«àµ†à´¯à´¿à´¸à´¿à´²àµâ€ '{connection}' കണകàµà´·à´¨àµàµ സജീവമായ " "'{zone}'{activated_deactivated} മേഘല" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "'{interface}' ഇനàµà´±à´°àµâ€à´«àµ†à´¯à´¿à´¸à´¿à´²àµâ€ സജീവമായ '{zone}' {activated_deactivated} മേഘല" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "'%s' മേഘല '%s' ഇനàµà´±à´°àµâ€à´«àµ†à´¯à´¿à´¸à´¿à´¨àµàµ സജീവമാകàµà´•à´¿à´¯à´¿à´°à´¿à´¯àµà´•àµà´•àµà´¨àµà´¨àµ" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "'{source}' à´¶àµà´°àµ‹à´¤à´¸àµà´¸à´¿à´¨àµà´³àµà´³ '{zone}' {activated_deactivated} മേഘല" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "'%s' മേഘല '%s' à´¶àµà´°àµ‹à´¤à´¸àµà´¸à´¿à´¨àµàµ സജീവമാകàµà´•à´¿à´¯à´¿à´°à´¿à´¯àµà´•àµà´•àµà´¨àµà´¨àµ" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "മാറàµà´±à´™àµà´™à´³àµâ€ സൂകàµà´·à´¿à´šàµà´šàµ." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "നെറàµà´±àµâ€Œà´µà´°àµâ€à´•àµà´•àµ കണകàµà´·à´¨àµâ€ '%s' ഉപയോഗിയàµà´•àµà´•àµà´¨àµà´¨àµ" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨ സജàµà´œà´‚" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨ രഹിതം" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "à´šà´¿à´¹àµà´¨à´™àµà´™à´³àµâ€ ലഭàµà´¯à´®à´¾à´•àµà´•àµà´¨àµà´¨à´¤à´¿à´²àµâ€ പരാജയപàµà´ªàµ†à´Ÿàµà´Ÿàµ." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "ഉപയോകàµà´¤àµƒà´¨à´¾à´®à´‚" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨à´¸à´®à´¯à´‚" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "à´¸àµà´¥à´¿à´°à´®à´¾à´¯" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "സേവനം" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "പോരàµâ€à´Ÿàµà´Ÿàµ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "സമàµà´ªàµà´°à´¦à´¾à´¯à´‚" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "à´à´¤àµà´¤à´¿à´šàµà´šàµ‡à´°à´£àµà´Ÿ പോരàµâ€à´Ÿàµà´Ÿàµ" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "à´à´¤àµà´¤à´¿à´šàµà´šàµ‡à´°à´£àµà´Ÿ വിലാസം:" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "à´à´¸à´¿à´Žà´‚പി തരം" #: ../src/firewall-config.in:822 msgid "Family" msgstr "à´•àµà´Ÿàµà´‚ബം" #: ../src/firewall-config.in:826 msgid "Action" msgstr "à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨à´‚" #: ../src/firewall-config.in:828 msgid "Element" msgstr "എലമെനàµà´±àµ" #: ../src/firewall-config.in:830 msgid "Src" msgstr "à´¶àµà´°àµ‹à´¤à´¸àµà´¸àµ" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "ലകàµà´·àµà´¯à´‚" #: ../src/firewall-config.in:834 msgid "log" msgstr "ലോഗàµ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "à´“à´¡à´¿à´±àµà´±àµ ചെയàµà´¯àµà´•" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "à´¶àµà´°àµ‹à´¤à´¸àµà´¸àµ" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "à´®àµà´¨àµà´¨à´±à´¿à´¯à´¿à´ªàµà´ªàµ" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "പിഴവàµ" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "à´¸àµà´µàµ€à´•à´°à´¿à´¯àµà´•àµà´•àµà´•" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "നിരസിയàµà´•àµà´•àµà´•" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "ഉപേകàµà´·à´¿à´¯àµà´•àµà´•àµà´•" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "പരിധി" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "സേവനം " #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "പോരàµâ€à´Ÿàµà´Ÿàµ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "സമàµà´ªàµà´°à´¦à´¾à´¯à´‚ " #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "മാസàµà´•àµà´¯àµà´±àµ‡à´¡à´¿à´‚à´™àµ" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "നില" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ഉവàµà´µàµàµ" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "മേഘല" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "'%s' മേഘല: '%s' സരàµâ€à´µàµ€à´¸àµ തരം ലഭàµà´¯à´®à´²àµà´²." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "അവഗണിയàµà´•àµà´•àµà´•" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "'%s' മേഘല: '%s' à´à´¸à´¿à´Žà´‚പി തരം ലഭàµà´¯à´®à´²àµà´²." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "ബിളàµâ€à´Ÿàµà´Ÿà´¿à´¨àµâ€ zone, rename പിനàµà´¤àµà´£à´¯àµà´•àµà´•àµà´¨àµà´¨à´¿à´²àµà´²." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "നിമിഷം" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "മിനിറàµà´±àµ" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "മണികàµà´•àµ‚à´°àµâ€" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "ദിവസം" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergency" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alert" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "critical" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "പിശകàµ" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "à´®àµà´¨àµà´¨à´±à´¿à´¯à´¿à´ªàµà´ªàµàµ" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "notice" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "വിവരം" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ഇനàµà´±à´°àµâ€à´«àµ†à´¯à´¿à´¸àµ മാസàµà´•àµà´¯àµà´±àµ‡à´¡àµ ചെയàµà´¤à´¾à´²àµâ€ മാതàµà´°à´®àµ‡ മറàµà´±àµŠà´°àµ സിസàµà´±àµà´±à´¤àµà´¤à´¿à´²àµ‡à´•àµà´•àµàµ ഫോരàµâ€à´µàµ‡à´¡àµ ചെയàµà´¯àµà´¨àµà´¨à´¤àµàµ " "à´ªàµà´°à´¯àµ‹à´œà´¨à´•à´°à´®à´¾à´•àµ‚.\n" "à´ˆ മേഖല മാസàµà´•àµà´¯àµà´±àµ‡à´¡àµ ചെയàµà´¯à´£à´®àµ‹ ?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "ബിളàµâ€à´Ÿàµà´Ÿà´¿à´¨àµâ€ service, rename പിനàµà´¤àµà´£à´¯àµà´•àµà´•àµà´¨àµà´¨à´¿à´²àµà´²." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "ബിളàµâ€à´Ÿàµà´Ÿà´¿à´¨àµâ€ icmp, rename പിനàµà´¤àµà´£à´¯àµà´•àµà´•àµà´¨àµà´¨à´¿à´²àµà´²." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "'%s' à´¶àµà´°àµ‹à´¤à´¸àµà´¸à´¿à´¨àµàµ മേഘല തെരഞàµà´žàµ†à´Ÿàµà´•àµà´•àµà´•" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "വിലാസം" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "ദയവായി കമാനàµâ€à´¡àµ ലൈനàµâ€ നലàµâ€à´•àµà´•." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "ദയവായി സനàµà´¦à´°àµâ€à´­à´‚ നലàµâ€à´•àµà´•." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "താഴെ കാണിചàµà´šà´¿à´Ÿàµà´Ÿàµà´³àµà´³ പടàµà´Ÿà´¿à´•à´¯à´¿à´²àµâ€ നിനàµà´¨àµà´‚ à´¸àµà´µà´¤à´µàµ‡à´¯àµà´³àµà´³ മേഘല ദയവായി തെരഞàµà´žàµ†à´Ÿàµà´•àµà´•àµà´•." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "ഡയറകàµà´Ÿàµ ചെയിനàµâ€" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ipv, പടàµà´Ÿà´¿à´• à´Žà´¨àµà´¨à´¿à´µ തെരഞàµà´žàµ†à´Ÿàµà´¤àµà´¤àµàµ, ചെയിനàµà´±àµ† പേരàµàµ നലàµâ€à´•àµà´•." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "ചെയിനàµâ€:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "à´¸àµà´°à´•àµà´·" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "പടàµà´Ÿà´¿à´•:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "നേരിടàµà´Ÿàµà´³àµà´³ പാസàµà´¤àµà´°àµ‚ നിയമം" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ipv ദയവായി തെരഞàµà´žàµ†à´Ÿàµà´¤àµà´¤àµàµ ആരàµâ€à´—àµà´¯àµà´®àµ†à´¨àµà´±àµà´•à´³àµâ€ നലàµâ€à´•àµà´•." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "ആരàµâ€à´—àµà´¯àµà´®àµ†à´¨àµà´±àµà´•à´³àµâ€:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "പോരàµâ€à´Ÿàµà´Ÿàµ ഫോരàµâ€â€à´µàµ‡à´°àµâ€â€à´¡à´¿à´‚à´—àµ" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "നിങàµà´™à´³àµà´Ÿàµ† ആവശàµà´¯â€Œà´®à´¨àµà´¸à´°à´¿à´šàµà´šàµ ഉറവിട, ലകàµà´·àµà´¯ പോരàµâ€à´Ÿàµà´Ÿàµà´•à´³àµâ€ തെരഞàµà´žàµ†à´Ÿàµà´•àµà´•àµà´•." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "പോരàµâ€à´Ÿàµà´Ÿàµ / പോരàµâ€à´Ÿàµà´Ÿàµ പരിധി:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "à´à´ªà´¿ വിലാസം:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "സമàµà´ªàµà´°à´¦à´¾à´¯à´‚:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "ലകàµà´·àµà´¯à´¸àµà´¥à´²à´‚" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "നിങàµà´™à´³àµâ€ ലോകàµà´•à´²àµâ€ ഫോരàµâ€à´µàµ‡à´°àµâ€à´¡à´¿à´™àµ സജàµà´œà´®à´¾à´•àµà´•à´¿à´¯à´¾à´²àµâ€, പോരàµâ€à´Ÿàµà´Ÿàµ നലàµâ€à´•àµ‡à´£àµà´Ÿà´¤à´¾à´£àµ. ഇതൠഉറവിട പോരàµâ€à´Ÿàµà´Ÿà´¿à´²àµâ€ നിനàµà´¨àµà´‚ " "à´µàµà´¯â€Œâ€Œà´¤àµà´¯â€Œâ€Œà´¸àµà´¤à´®à´¾à´£àµ." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "ലോകàµà´•à´²àµâ€ ഫോരàµâ€à´µàµ‡à´¡à´¿à´™àµ" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "മറàµà´±àµŠà´°àµ പോരàµâ€à´Ÿàµà´Ÿà´¿à´²àµ‡à´•àµà´•àµ അയയàµà´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "à´•à´Ÿàµà´Ÿà´¿à´¯à´¿à´²àµà´³àµà´³ à´Žà´¨àµâ€à´Ÿàµà´°à´¿à´•à´³àµâ€ നിരàµâ€à´¬à´¨àµà´§à´®à´¾à´£àµàµ, മറàµà´±àµŠà´¨àµà´¨àµà´‚ നിരàµâ€à´¬à´¨àµà´§à´®à´²àµà´²." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "പേരàµàµ:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "പതിപàµà´ªàµàµâ€Œ:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "ലഘàµ:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "വിവരണം:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "à´•àµà´Ÿàµà´‚ബം:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "à´…à´Ÿà´¿à´¸àµà´¥à´¾à´¨ à´à´¸à´¿à´Žà´‚പി തരം സജàµà´œàµ€à´•à´°à´£à´™àµà´™à´³àµâ€" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "ദയവായി à´…à´Ÿà´¿à´¸àµà´¥à´¾à´¨ à´à´¸à´¿à´Žà´‚പി തരം സജàµà´œàµ€à´•à´°à´£à´™àµà´™à´³àµâ€ à´•àµà´°à´®àµ€à´•à´°à´¿à´¯àµà´•àµà´•àµà´•: " #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP തരതàµà´¤à´¿à´²àµà´³àµà´³" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ഒരൠà´à´¸à´¿à´Žà´‚പി തരം ദയവായി തെരഞàµà´žàµ†à´Ÿàµà´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "à´Žà´¨àµâ€à´Ÿàµà´°à´¿ ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ഫയലàµâ€ (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "à´à´›à´¿à´•à´™àµà´™à´³àµâ€ (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld വീണàµà´Ÿàµà´‚ ലഭàµà´¯à´®à´¾à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ഫയരàµâ€à´µàµ‹à´³àµâ€ നിയമങàµà´™à´³àµâ€ വീണàµà´Ÿàµà´‚ ലഭàµà´¯à´®à´¾à´•àµà´•àµà´¨àµà´¨àµ. നിലവിലàµâ€ à´¸àµà´¥à´¿à´°à´®à´¾à´¯àµà´³àµà´³ à´•àµà´°à´®àµ€à´•à´°à´£à´‚ à´ªàµà´¤à´¿à´¯ à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨ " "à´•àµà´°à´®àµ€à´•à´°à´£à´®à´¾à´•àµà´¨àµà´¨àµ. അതായതàµàµ, à´¸àµà´¥à´¿à´°à´®à´¾à´¯ à´•àµà´°à´®àµ€à´•à´°à´£à´¤àµà´¤à´¿à´²à´¿à´²àµà´²àµ†à´™àµà´•à´¿à´²àµâ€, à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨ സമയതàµà´¤àµàµ വരàµà´¤àµà´¤à´¿à´¯ " "മാറàµà´±à´™àµà´™à´³àµâ€ വീണàµà´Ÿàµà´‚ ലഭàµà´¯à´®à´¾à´•àµà´•àµà´®àµà´ªàµ‹à´³àµâ€ നഷàµà´Ÿà´®à´¾à´•àµà´¨àµà´¨àµ." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ഒരൠനെറàµà´±àµâ€Œà´µà´°àµâ€à´•àµà´•àµ കണകàµà´·à´¨àµà´³àµà´³ മേഖല മാറàµà´±àµà´•." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "à´¸àµà´µà´¤à´µàµ‡à´¯àµà´³àµà´³ മേഘല മാറàµà´±àµà´•" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "കണകàµà´·à´¨àµà´•à´³àµâ€à´•àµà´•àµà´‚ ഇനàµà´±à´°àµâ€à´«àµ†à´¯à´¿à´¸àµà´•à´³àµâ€à´•àµà´•àµà´®àµà´³àµà´³ à´¸àµà´µà´¤à´µàµ‡à´¯àµà´³àµà´³ മേഖല മാറàµà´±àµà´•." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "പാനികàµà´•àµ മോഡിനരàµâ€à´¤àµà´¥à´‚ വരàµà´¨àµà´¨à´¤àµà´‚ പോകàµà´¨àµà´¨à´¤àµà´®à´¾à´¯ à´Žà´²àµà´²à´¾ പാകàµà´•à´±àµà´±àµà´•à´³àµà´‚ ഇലàµà´²à´¾à´¤à´¾à´•àµà´•àµà´¨àµà´¨àµàµ à´Žà´¨àµà´¨à´¾à´£àµàµ." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "പാനികàµà´•àµ മോഡàµ" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "ലോകàµà´•àµâ€à´¡àµŒà´£àµâ€ ഫയരàµâ€à´µàµ‹à´³àµâ€ à´•àµà´°à´®àµ€à´•à´°à´£à´‚ പൂടàµà´Ÿàµà´¨àµà´¨àµ. ഇങàµà´™à´¨àµ† വൈറàµà´±àµâ€Œà´²à´¿à´¸àµà´±àµà´±à´¿à´²àµà´³àµà´³ à´ªàµà´°à´¯àµ‹à´—à´™àµà´™à´³àµâ€à´•àµà´•àµàµ മാതàµà´°à´®àµ‡ ഇതിലàµâ€ " "മാറàµà´±à´‚ വരàµà´¤àµà´¤àµà´µà´¾à´¨àµâ€ സാധàµà´¯à´®à´¾à´•àµ‚." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "ലോകàµà´•àµ ഡൌണàµâ€" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨ à´•àµà´°à´®àµ€à´•à´°à´£à´‚ à´¸àµà´¥à´¿à´°à´®à´¾à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨à´¸à´®à´¯à´‚ à´¸àµà´¥à´¿à´°à´®à´¾à´•àµà´•à´²àµâ€" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_കാഴàµà´š" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "à´à´¸à´¿à´Žà´‚പി തരങàµà´™à´³àµâ€" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "നേരിടàµà´Ÿàµà´³àµà´³ à´•àµà´°à´®àµ€à´•à´°à´£à´‚" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "ലോകàµà´•àµà´¡àµŒà´£àµâ€ വൈറàµà´±àµ ലിസàµà´±àµà´±àµ" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "സഹായം (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "à´•àµà´°à´®àµ€à´•à´°à´£à´‚:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "നിലവിലàµâ€ ദൃശàµà´¯à´®à´¾à´¯ à´•àµà´°à´®àµ€à´•à´°à´£à´‚. à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨ à´•àµà´°à´®àµ€à´•à´°à´£à´®à´¾à´£àµàµ സജീവമായ à´•àµà´°à´®àµ€à´•à´°à´£à´‚. സരàµâ€à´µàµ€à´¸àµ à´…à´²àµà´²àµ†à´™àµà´•à´¿à´²àµâ€ " "സിസàµà´±àµà´±à´‚ വീണàµà´Ÿàµà´‚ ലഭàµà´¯à´®à´¾à´•àµà´•àµà´¨àµà´¨à´¤à´¿à´¨àµàµ à´…à´²àµà´²àµ†à´™àµà´•à´¿à´²àµâ€ വീണàµà´Ÿàµà´‚ ആരംഭിയàµà´•àµà´•àµà´¨àµà´¨à´¤à´¿à´¨àµàµ ശേഷം à´Žà´¨àµà´¨àµ‡à´•àµà´•àµà´®àµà´³àµà´³ " "à´•àµà´°à´®àµ€à´•à´°à´£à´‚ സജീവമാകàµà´¨àµà´¨àµ." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "മേഘലയàµà´•àµà´•àµà´³àµà´³ നെറàµà´±àµâ€Œà´µà´°àµâ€à´•àµà´•àµ കണകàµà´·à´¨àµà´•à´³àµâ€, ഇനàµà´±à´°àµâ€à´«àµ†à´¯à´¿à´¸àµà´•à´³àµâ€, à´¶àµà´°àµ‹à´¤à´¸àµà´¸àµ വിലാസങàµà´™à´³àµâ€ à´Žà´¨àµà´¨à´¿à´µà´¯àµà´•àµà´•àµà´³àµà´³ വിശàµà´µà´¸àµà´¤à´¤ " "firewalld മേഘല നിഷàµà´•à´°àµâ€à´·à´¿à´¯àµà´•àµà´•àµà´¨àµà´¨àµ. സരàµâ€à´µàµ€à´¸àµà´•à´³àµâ€, പോരàµâ€à´Ÿàµà´Ÿàµà´•à´³àµâ€, സമàµà´ªàµà´°à´¦à´¾à´¯à´™àµà´™à´³àµâ€, മാസàµà´•àµà´¯àµ‚റേഡിങàµ, പോരàµâ€à´Ÿàµà´Ÿàµ/" "പാകàµà´•à´±àµà´±àµ ഫോരàµâ€à´µàµ‡à´¡à´¿à´™àµ, icmp à´«à´¿à´²àµâ€à´±àµà´±à´±àµà´•à´³àµâ€, റിചàµà´šàµ റൂളàµà´•à´³àµâ€ à´Žà´¨àµà´¨à´¿à´µ മേഘലയിലàµâ€ ലഭàµà´¯à´®à´¾à´•àµà´¨àµà´¨àµ. ഇനàµà´±à´°àµâ€" "ഫെയിസàµà´•à´³àµà´‚ à´¶àµà´°àµ‹à´¤à´¸àµà´¸à´¿à´¨àµà´³àµà´³ വിലാസങàµà´™à´³àµà´‚ à´…à´¨àµà´¸à´°à´¿à´šàµà´šà´¾à´£àµàµ മേഘല." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "മേഘല ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "മേഘല à´šà´¿à´Ÿàµà´Ÿà´ªàµà´ªàµ†à´Ÿàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "മേഘല നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "à´¸àµà´µà´¤à´µàµ‡à´¯àµà´³àµà´³ മേഘല ലഭàµà´¯à´®à´¾à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "à´à´¤àµ†à´²àµà´²à´¾à´‚ സരàµâ€â€à´µàµ€à´¸àµà´•à´³à´¾à´£àµ വിശàµà´µà´¸à´¨àµ€à´¯à´‚ à´Žà´¨àµà´¨àµ നിങàµà´™à´³àµâ€à´•àµà´•àµ ഇവിടെ à´µàµà´¯â€Œà´•àµà´¤à´®à´¾à´•àµà´•à´¾à´‚. à´ˆ മേഘലയàµà´•àµà´•àµà´³àµà´³ " "à´¶àµà´°àµ‹à´¤à´¸àµà´¸àµà´•à´³àµà´‚ ഇനàµà´±à´°àµâ€à´«àµ†à´¯à´¿à´¸àµà´•à´³àµà´‚ കണകàµà´·à´¨àµà´•à´³à´¿à´²àµà´‚ നിനàµà´¨àµà´‚ സിസàµà´±àµà´±à´¤àµà´¤à´¿à´²àµ‡à´•àµà´•àµà´³àµà´³ à´Žà´²àµà´²à´¾ ഹോസàµà´±àµà´±àµà´•à´³àµà´‚ നെറàµà´±àµâ€Œà´µà´°àµâ€" "à´•àµà´•àµà´•à´³àµà´‚ വിശàµà´µà´¸à´¨àµ€à´¯à´®à´¾à´¯ സേവനങàµà´™à´³àµâ€à´•àµà´•àµàµ ലഭàµà´¯à´®à´¾à´•àµà´¨àµà´¨àµ." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "സരàµâ€à´µàµ€à´¸àµà´•à´³àµâ€" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "അധികമായ പോരàµâ€à´Ÿàµà´Ÿàµà´•à´³àµâ€ à´…à´²àµà´²àµ†à´™àµà´•à´¿à´²àµâ€ പോരàµâ€à´Ÿàµà´Ÿàµ പരിധികളàµà´‚ ചേരàµâ€à´•àµà´•àµà´•, സിസàµà´±àµà´±à´¤àµà´¤à´¿à´²àµ‡à´•àµà´•àµàµ കണകàµà´Ÿàµ ചെയàµà´¯àµà´µà´¾à´¨àµâ€ " "സാധàµà´¯à´®à´¾à´¯ നെറàµà´±àµâ€Œà´µà´°àµâ€à´•àµà´•àµà´•à´³àµâ€ à´…à´²àµà´²àµ†à´™àµà´•à´¿à´²àµâ€ à´Žà´²àµà´²à´¾à´‚ ഹോസàµà´±àµà´±àµà´•à´³à´¿à´²àµ‡à´•àµà´•àµà´³àµà´³ ഇവയàµà´•àµà´•àµàµ à´ªàµà´°à´µàµ‡à´¶à´¿à´¯àµà´•àµà´•àµ‡à´£àµà´Ÿà´¤àµà´£àµà´Ÿàµàµ." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "à´à´¤àµà´¤à´¿à´šàµà´šàµ‡à´°à´£àµà´Ÿ പോരàµâ€à´Ÿàµà´Ÿàµ" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "പോരàµâ€à´Ÿàµà´Ÿàµ à´šà´¿à´Ÿàµà´Ÿà´ªàµà´ªàµ†à´Ÿàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "പോരàµâ€à´Ÿàµà´Ÿàµ നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "പോരàµâ€à´Ÿàµà´Ÿàµà´•à´³àµâ€" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "നിങàµà´™à´³àµà´Ÿàµ† à´ªàµà´°à´¾à´¦àµ‡à´¶à´¿à´• ശൃംഖലാ à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨à´¤àµà´¤à´¿à´¨àµ† ഇനàµà´±à´°àµâ€à´¨àµ†à´±àµà´±àµà´®à´¾à´¯à´¿ ബനàµà´§à´ªàµà´ªàµ†à´Ÿàµà´¤àµà´¤àµà´¨àµà´¨à´¤à´¿à´¨à´¾à´¯à´¿ ഒരൠ" "ആതിഥേയനàµâ€ à´…à´²àµà´²àµ†à´™àµà´•à´¿à´²àµâ€ റൂടàµà´Ÿà´°àµâ€ നിങàµà´™à´³àµâ€ à´•àµà´°à´®àµ€à´•à´°à´¿à´•àµà´•àµà´¨àµà´¨àµ à´Žà´™àµà´•à´¿à´²àµâ€ മാസàµà´•àµà´¯àµà´±àµ‡à´¡à´¿à´‚ഗൠനിങàµà´™à´³àµâ€à´•àµà´•àµ " "à´ªàµà´°à´¯àµ‹à´œà´¨à´•à´°à´®à´¾à´•àµà´¨àµà´¨àµ. നിങàµà´™à´³àµà´Ÿàµ† à´ªàµà´°à´¾à´¦àµ‡à´¶à´¿à´• ശൃംഖലാകരàµà´®àµà´®à´‚ അദൃശàµà´¯â€Œà´®à´¾à´¯à´¿à´°à´¿à´•àµà´•àµà´‚, മാതàµà´°à´®à´²àµà´², ഇനàµà´±à´°àµâ€" "നെറàµà´±à´¿à´²àµâ€ ആതിഥേയനെ ഒരൠവിലാസമായി കണകàµà´•à´¾à´•àµà´•àµà´¨àµà´¨àµ. മാസàµà´•àµà´¯àµà´±àµ‡à´¡à´¿à´‚ഗൠIPv4 മാതàµà´°à´®à´¾à´£àµ." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "മാസàµà´•àµà´¯àµà´±àµ‡à´¡àµ മേഘല" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "മാസàµà´•àµà´¯àµà´±àµ‡à´¡à´¿à´™àµ à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨ സജàµà´œà´®à´¾à´•àµà´•àµà´¨àµà´¨àµ†à´™àµà´•à´¿à´²àµâ€, നിങàµà´™à´³àµà´Ÿàµ† IPv4 നെറàµà´±àµâ€Œà´µà´°àµâ€à´•àµà´•àµàµ à´à´ªà´¿ ഫോരàµâ€à´µàµ‡à´¡à´¿à´™àµ à´ªàµà´°à´µà´°àµâ€" "à´¤àµà´¤à´¨ സജàµà´œà´®à´¾à´•àµà´•àµà´¨àµà´¨àµ." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "മാസàµà´•àµà´¯àµà´±àµ‡à´¡à´¿à´‚à´—àµ" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ഒരൠപàµà´°à´¾à´¦àµ‡à´¶à´¿à´• à´µàµà´¯à´µàµà´¸àµà´¥à´¯à´¿à´²àµà´³àµà´³ പോരàµâ€à´Ÿàµà´Ÿà´¿à´²àµâ€ നിനàµà´¨àµà´‚ മറàµà´±àµŠà´¨àµà´¨à´¿à´²àµ‡à´•àµà´•àµ à´…à´²àµà´²àµ†à´™àµà´•à´¿à´²àµâ€ ഒരൠപàµà´°à´¾à´¦àµ‡à´¶à´¿à´• " "à´µàµà´¯â€Œà´µà´¸àµà´¥à´¯à´¿à´²àµâ€à´¨à´¿à´¨àµà´¨àµà´‚ മറàµà´±àµŠà´¨àµà´¨à´¿à´²àµ‡à´•àµà´•àµ പോരàµâ€à´Ÿàµà´Ÿàµà´•à´³àµâ€ അയയàµà´•àµà´•àµà´¨àµà´¨à´¤à´¿à´¨à´¾à´¯à´¿ à´Žà´¨àµà´Ÿàµà´°à´¿à´•à´³àµâ€ നലàµâ€à´•àµà´•. വിനിമയതലം " "മാസàµà´•àµà´¯àµà´±àµ‡à´¡àµ ചെയàµà´¤àµ†à´™àµà´•à´¿à´²àµâ€ മാതàµà´°à´®àµ‡ മറàµà´±àµŠà´°àµ സിസàµà´±àµà´±à´®à´¿à´²àµ‡à´•àµà´•àµ അയയàµà´•àµà´•àµà´¨àµà´¨à´¤à´¿à´²àµâ€ à´ªàµà´°à´¯àµ‹à´œà´¨à´®àµà´³àµà´³àµ‚. പോരàµâ€à´Ÿàµà´Ÿàµ ഫോരàµâ€" "വേരàµâ€à´¡à´¿à´‚ഗൠIPv4 മാതàµà´°à´®à´¾à´£àµ." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ഫോരàµâ€à´µàµ‡à´¡àµ പോരàµâ€à´Ÿàµà´Ÿàµ ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ഫോരàµâ€à´µàµ‡à´¡àµ പോരàµâ€à´Ÿàµà´Ÿàµ à´šà´¿à´Ÿàµà´Ÿà´ªàµà´ªàµ†à´Ÿàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ഫോരàµâ€à´µàµ‡à´¡àµ പോരàµâ€à´Ÿàµà´Ÿàµ നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ശൃംഖലയിലെ à´•à´®àµà´ªàµà´¯àµ‚à´Ÿàµà´Ÿà´±àµà´•à´³àµâ€à´•àµà´•àµ തമàµà´®à´¿à´²àµâ€ പിശകൠഅറിയികàµà´•àµà´¨àµà´¨ സനàµà´¦àµ‡à´¶à´™àµà´™à´³àµâ€ അയയàµà´•àµà´•àµà´¨àµà´¨à´¤à´¿à´¨à´¾à´£àµ à´ªàµà´°à´§à´¾à´¨à´®à´¾à´¯àµà´‚ " "ഇനàµà´±à´°àµâ€à´¨àµ†à´±àµà´±àµ à´•à´£àµà´Ÿàµà´°àµ‹à´³àµâ€ മെസേജൠപàµà´°àµ‹à´Ÿàµà´Ÿàµ‹à´•àµà´•àµ‹à´³àµâ€ (ICMP) ഉപയോഗികàµà´•àµà´¨àµà´¨à´¤àµ. കൂടാതെ, വിവരങàµà´™à´³àµâ€ " "ലഭàµà´¯â€Œà´®à´¾à´•àµà´•àµà´µà´¾à´¨àµâ€ സഹായികàµà´•àµà´¨àµà´¨ പിങൠഅപേകàµà´·à´•à´³àµâ€à´•àµà´•àµà´‚ മറàµà´ªà´Ÿà´¿à´•à´³àµâ€à´•àµà´•àµà´‚ ഇവ ഉപയോഗികàµà´•àµà´¨àµà´¨àµ." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "പടàµà´Ÿà´¿à´•à´¯à´¿à´²àµâ€ നിനàµà´¨àµà´‚ വേണàµà´Ÿ à´Žà´¨àµà´¨àµ തീരàµà´®à´¾à´¨à´¿à´•àµà´•àµ‡à´£àµà´Ÿ ICMP തരതàµà´¤à´¿à´²àµà´³àµà´³à´µ അടയാളപàµà´ªàµ†à´Ÿàµà´¤àµà´¤àµà´•. മറàµà´±àµ†à´²àµà´²à´¾ " "ICMP തരതàµà´¤à´¿à´²àµà´³àµà´³à´µà´¯àµà´‚ ഫയരàµâ€à´µàµ‹à´³àµâ€ à´•à´Ÿà´•àµà´•àµà´¨àµà´¨à´¤à´¿à´¨àµ à´…à´¨àµà´µà´¾à´¦à´®àµà´³àµà´³à´µà´¯à´¾à´£àµ. പരിമിതികളിലàµà´²à´¾à´¤àµà´¤à´¤à´¾à´£àµ സഹജം." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP à´«à´¿à´²àµâ€â€Œà´±àµà´±à´°àµâ€" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "മേഘലയàµà´•àµà´•àµà´³àµà´³ റിചàµà´šàµ ഭാഷ നിയമങàµà´™à´³àµâ€ നിങàµà´™à´³àµâ€à´•àµà´•à´¿à´µà´¿à´Ÿàµ† സജàµà´œà´®à´¾à´•àµà´•à´¾à´‚." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "റിചàµà´šàµ റൂളàµâ€ ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "റിചàµà´šàµ റൂളàµâ€ à´šà´¿à´Ÿàµà´Ÿà´ªàµà´ªàµ†à´Ÿàµà´Ÿàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "റിചàµà´šàµ റൂളàµâ€ നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "റിചàµà´šàµ റൂളàµà´•à´³àµâ€" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "മേഘലയàµà´•àµà´•àµàµ സംയോജക ഘടകങàµà´™à´³àµâ€ ബൈനàµâ€à´¡àµ ചെയàµà´¯àµà´¨àµà´¨à´¤à´¿à´¨àµàµ à´Žà´¨àµâ€à´Ÿàµà´°à´¿à´•à´³àµâ€ ചേരàµâ€à´•àµà´•àµà´•. സംയോജകഘടകം ഒരൠകണകàµà´·à´¨àµâ€ " "ഉപയോഗിയàµà´•àµà´•àµà´¨àµà´¨àµ†à´™àµà´•à´¿à´²àµâ€, കണകàµà´·à´¨à´¿à´²àµâ€ à´µàµà´¯à´•àµà´¤à´®à´¾à´•àµà´•à´¿à´¯à´¿à´°à´¿à´¯àµà´•àµà´•àµà´¨àµà´¨ മേഘലയായി à´ˆ മേഘല സജàµà´œà´®à´¾à´•àµà´•àµà´¨àµà´¨àµ." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ഇനàµà´±à´°àµâ€à´«àµ†à´¯à´¿à´¸àµ ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ഇനàµà´±à´°àµâ€à´«àµ†à´¯à´¿à´¸à´¿à´²àµâ€ മാറàµà´±à´‚ വരàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ഇനàµà´±à´°àµâ€à´«àµ†à´¯à´¿à´¸àµ നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "ഒരൠശàµà´°àµ‹à´¤à´¸àµà´¸àµ ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "à´¶àµà´°àµ‹à´¤à´¸àµà´¸à´¿à´²àµâ€ മാറàµà´±à´‚ വരàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "à´¶àµà´°àµ‹à´¤à´¸àµà´¸àµ നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "മേഘലകളàµâ€" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "പോരàµâ€à´Ÿàµà´Ÿàµà´•à´³àµâ€, സമàµà´ªàµà´°à´¦à´¾à´¯à´™àµà´™à´³àµâ€, ഘടകങàµà´™à´³àµâ€, ലകàµà´·àµà´¯ വിലാസങàµà´™à´³àµâ€ à´Žà´¨àµà´¨à´¿à´µà´¯àµ† à´’à´¨àµà´¨à´¿à´šàµà´šàµàµ ഒരൠfirewalld സരàµâ€" "വീസായി കണകàµà´•à´¾à´•àµà´•àµà´¨àµà´¨àµ." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "സരàµâ€à´µàµ€à´¸àµ ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "സരàµâ€à´µàµ€à´¸àµ à´šà´¿à´Ÿàµà´Ÿà´ªàµà´ªàµ†à´Ÿàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "സരàµâ€à´µàµ€à´¸àµ നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "à´¸àµà´µà´¤à´µàµ‡à´¯àµà´³àµà´³ സരàµâ€à´µàµ€à´¸àµ ലഭàµà´¯à´®à´¾à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "à´Žà´¨àµâ€à´Ÿàµà´°à´¿ à´šà´¿à´Ÿàµà´Ÿà´ªàµà´ªàµ†à´Ÿàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "à´Žà´¨àµâ€à´Ÿàµà´°à´¿ നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "ഘടകങàµà´™à´³àµâ€" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "ലകàµà´·àµà´¯à´¸àµà´¥à´¾à´¨ വിലാസങàµà´™à´³àµâ€ നലàµâ€à´•àµà´¨àµà´¨àµ†à´™àµà´•à´¿à´²àµâ€, ലകàµà´·àµà´¯à´¸àµà´¥à´¾à´¨ വിലാസം , തരം à´Žà´¨àµà´¨à´¤à´¿à´²àµâ€ സരàµâ€à´µàµ€à´¸àµ à´Žà´¨àµâ€à´Ÿàµà´°à´¿ " "à´’à´¤àµà´™àµà´™àµà´¨àµà´¨àµ. à´°à´£àµà´Ÿàµàµ à´Žà´¨àµâ€à´Ÿàµà´°à´¿à´•à´³àµà´‚ കാലിയെങàµà´•à´¿à´²àµâ€ ഒരൠപരിമിതികളàµà´®à´¿à´²àµà´²." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "à´¸àµà´¥à´¿à´°à´®à´¾à´¯àµà´³àµà´³ à´•àµà´°à´®àµ€à´•à´°à´£ കാഴàµà´šà´¯à´¿à´²àµâ€ മാതàµà´°à´®àµ‡ സരàµâ€à´µàµ€à´¸àµà´•à´³àµâ€à´•àµà´•àµàµ മാറàµà´±à´‚ വരàµà´¤àµà´¤àµà´µà´¾à´¨àµâ€ സാധിയàµà´•àµà´•àµ‚. സരàµâ€à´µàµ€à´¸àµà´•à´³àµà´Ÿàµ† " "à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨ à´•àµà´°à´®àµ€à´•à´°à´£à´‚ പരിഹരിചàµà´šà´¿à´°à´¿à´¯àµà´•àµà´•àµà´¨àµà´¨àµ." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld-à´¯àµà´•àµà´•àµà´³àµà´³àµŠà´°àµ ഇനàµà´±à´°àµâ€à´¨àµ†à´±àµà´±àµ à´•à´£àµà´Ÿàµà´°àµ‹à´³àµâ€ മസàµà´¸àµ‡à´œàµ à´ªàµà´°àµ‹à´Ÿàµà´Ÿàµ‹à´•àµà´•àµ‹à´³àµâ€ (à´à´¸à´¿à´Žà´‚പി) തരതàµà´¤à´¿à´¨àµà´³àµà´³ " "വിവരങàµà´™à´³àµâ€ ഒരൠfirewalld icmptype ലഭàµà´¯à´®à´¾à´•àµà´•àµà´¨àµà´¨àµ." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "à´à´¸à´¿à´Žà´‚പി തരം ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "à´à´¸à´¿à´Žà´‚പി തരം à´šà´¿à´Ÿàµà´Ÿà´ªàµà´ªàµ†à´Ÿàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "à´à´¸à´¿à´Žà´‚പി തരം നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "à´à´¸à´¿à´Žà´‚പി തരതàµà´¤à´¿à´²àµà´³àµà´³à´µ ലഭàµà´¯à´®à´¾à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "IPv4, IPv6 à´Žà´¨àµà´¨à´¿à´µà´¯àµà´•àµà´•àµàµ à´à´¸à´¿à´Žà´‚പി തരം ലഭàµà´¯à´®à´¾à´£àµ‹ à´Žà´¨àµà´¨àµàµ à´µàµà´¯à´•àµà´¤à´®à´¾à´•àµà´•àµà´•." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "à´¸àµà´¥à´¿à´°à´®à´¾à´¯àµà´³àµà´³ à´•àµà´°à´®àµ€à´•à´°à´£ കാഴàµà´šà´¯à´¿à´²àµâ€ മാതàµà´°à´®àµ‡ à´à´¸à´¿à´Žà´‚പി തരങàµà´™à´³àµâ€à´•àµà´•àµàµ മാറàµà´±à´‚ വരàµà´¤àµà´¤àµà´µà´¾à´¨àµâ€ സാധിയàµà´•àµà´•àµ‚. " "à´à´¸à´¿à´Žà´‚പി തരങàµà´™à´³àµà´Ÿàµ† à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨ à´•àµà´°à´®àµ€à´•à´°à´£à´‚ പരിഹരിചàµà´šà´¿à´°à´¿à´¯àµà´•àµà´•àµà´¨àµà´¨àµ." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "നേരിടàµà´Ÿàµà´³àµà´³ à´•àµà´°à´®àµ€à´•à´°à´£à´‚ ഫയരàµâ€à´µàµ‹à´³à´¿à´²àµ‡à´•àµà´•àµàµ കൂടàµà´¤à´²àµâ€ à´…à´¨àµà´®à´¤à´¿ നലàµâ€à´•àµà´¨àµà´¨àµ. à´ˆ à´à´šàµà´›à´¿à´•à´™àµà´™à´³àµâ€à´•àµà´•àµàµ, ഉപയോകàµà´¤à´¾à´µàµàµ " "à´…à´Ÿà´¿à´¸àµà´¥à´¾à´¨ iptables ശൈലികളàµâ€, അതായതàµàµ, പടàµà´Ÿà´¿à´•à´•à´³àµâ€, ചെയിനàµà´•à´³àµâ€, കമാനàµâ€à´¡àµà´•à´³àµâ€, പരാമീറàµà´±à´±àµà´•à´³àµâ€, ടാരàµâ€" "à´—à´±àµà´±àµà´•à´³àµâ€ à´Žà´¨àµà´¨à´¿à´µ അറിയേണàµà´Ÿ ആവശàµà´¯à´®àµà´£àµà´Ÿàµàµ. മറàµà´±àµàµ firewalld വിശേഷതകളàµâ€ ഉപയോഗിയàµà´•àµà´•àµà´µà´¾à´¨àµâ€ സാധàµà´¯à´®à´²àµà´² " "à´Žà´¨àµà´¨àµà´±à´ªàµà´ªàµà´³àµà´³à´ªàµà´ªàµ‹à´³àµâ€ മാതàµà´°à´‚ നേരിടàµà´Ÿàµà´³àµà´³ à´•àµà´°à´®àµ€à´•à´°à´£à´‚ ഉപയോഗിയàµà´•àµà´•àµà´µà´¾à´¨àµâ€ പാടàµà´³àµà´³àµ‚." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "ഓരോ à´à´šàµà´›à´¿à´•à´¤àµà´¤à´¿à´¨àµà´±àµ‡à´¯àµà´‚ ipv ആരàµâ€à´—àµà´¯àµà´®àµ†à´¨àµà´±àµ ipv4 à´…à´²àµà´²àµ†à´™àµà´•à´¿à´²àµâ€ ipv6 à´…à´²àµà´²àµ†à´™àµà´•à´¿à´²àµâ€ eb ആയിരിയàµà´•àµà´•à´£à´‚. " "ipv4 - iptables, ipv6 - ip6tables, eb - ഇഥരàµâ€à´¨àµ†à´±àµà´±àµ à´¬àµà´°à´¿à´¡àµà´œàµà´•à´³àµâ€à´•àµà´•àµàµ (ebtables) " "à´Žà´¨àµà´¨à´¿à´™àµà´™à´¨àµ†à´¯à´¾à´•àµà´¨àµà´¨àµ." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "നിയമങàµà´™à´³àµâ€à´•àµà´•àµŠà´ªàµà´ªà´‚ ഉപയോഗിയàµà´•àµà´•àµà´¨àµà´¨à´¤à´¿à´¨àµà´³àµà´³ അധികമായ ചെയിനàµà´•à´³àµâ€." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "ചെയിനàµâ€ ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "ചെയിനിലàµâ€ മാറàµà´±à´‚ വരàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "ചെയിനàµâ€ നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "ചെയിനàµà´•à´³àµâ€" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "à´®àµà´¨àµâ€à´—ണനയàµà´•àµà´•àµŠà´ªàµà´ªà´‚ ഒരൠപടàµà´Ÿà´¿à´•à´¯à´¿à´²àµâ€ ഒരൠചെയിനിനàµàµ args ആരàµâ€à´—àµà´¯àµà´®àµ†à´¨àµà´±àµà´•à´³àµâ€à´•àµà´•àµŠà´ªàµà´ªà´‚ ഒരൠനിയമം ചേരàµâ€à´•àµà´•àµà´•." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "നിയമങàµà´™à´³àµà´Ÿàµ† à´•àµà´°à´®à´¤àµà´¤à´¿à´¨àµàµ വേണàµà´Ÿà´¿ à´®àµà´¨àµâ€à´—ണന ഉപയോഗിയàµà´•àµà´•àµà´¨àµà´¨àµ. à´®àµà´¨àµâ€à´—ണന 0 - ചെയിനിനàµà´±àµ† à´®àµà´•à´³à´¿à´²àµâ€ നിയമം " "ചേരàµâ€à´•àµà´•àµà´•, ഇതിനàµàµ ശേഷം കൂടàµà´¤à´²àµâ€ à´®àµà´¨àµâ€à´—ണനയോടെ നിയമങàµà´™à´³àµâ€ ചേരàµâ€à´•àµà´•àµà´¨àµà´¨àµ. ഒരേ à´®àµà´¨àµâ€à´—ണനയàµà´³àµà´³ നിയമങàµà´™à´³àµâ€ ഒരേ " "തലതàµà´¤à´¿à´²à´¾à´•àµà´¨àµà´¨àµ. ഇവയàµà´Ÿàµ† à´•àµà´°à´®à´‚ à´¸àµà´¥à´¿à´°à´®à´²àµà´², മാറàµà´±àµà´µà´¾à´¨àµâ€ സാധàµà´¯à´®à´¾à´•àµà´¨àµà´¨àµ. à´’à´¨àµà´¨à´¿à´¨àµàµ ശേഷം മറàµà´±àµŠà´¨àµà´¨à´¾à´¯à´¿ " "നിയമം ചേരàµâ€à´•àµà´•àµà´¨àµà´¨à´¤à´¿à´¨àµàµ, ആദàµà´¯à´‚ à´®àµà´¨àµâ€à´—ണന à´•àµà´±à´žàµà´žà´¤àµàµ ഉപയോഗിയàµà´•àµà´•àµà´• ശേഷം à´®àµà´¨àµâ€à´—ണന കൂടിയതàµàµ, à´…à´™àµà´™à´¨àµ†..." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "നിയമം ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "നിയമതàµà´¤à´¿à´²àµâ€ മാറàµà´±à´‚ വരàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "നിയമം†നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "നിയമങàµà´™à´³àµâ€" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "പാസàµà´¤àµà´°àµ‚ നിയമങàµà´™à´³àµâ€ à´ªàµà´°à´¤àµà´¯àµ‡à´• ചെയിനിലലàµà´², പകàµà´·àµ‡ നേരിടàµà´Ÿàµàµ ഫയരàµâ€à´µàµ‹à´³à´¿à´²àµ‡à´•àµà´•àµàµ അയയàµà´•àµà´•àµà´¨àµà´¨àµ. iptables, " "ip6tables, ebtables à´Žà´¨àµà´¨à´¿à´µà´¯àµ†à´²àµà´²à´¾à´‚ ഉപയോഗിയàµà´•àµà´•à´¾à´‚." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "പാസàµà´¤àµà´°àµ‚ നിയമങàµà´™à´³àµâ€ ഫയരàµâ€à´µàµ‹à´³à´¿à´¨àµ† ബാധിയàµà´•àµà´•àµà´¨àµà´¨à´¿à´²àµà´²àµ†à´¨àµà´¨àµàµ ദയവായി ഉറപàµà´ªàµàµ വരàµà´¤àµà´¤àµà´•." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "പാസàµà´¤àµà´°àµ‚ ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "പാസàµà´¤àµà´°àµ‚ à´šà´¿à´Ÿàµà´Ÿà´ªàµà´ªàµ†à´Ÿàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "പാസàµà´¤àµà´°àµ‚ നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "പാസàµà´¤àµà´°àµ‚" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "firewalld-à´¯àµà´•àµà´•àµà´³àµà´³ ഉപയോകàµà´¤à´¾à´µà´¿à´¨àµà´‚ à´ªàµà´°à´¯àµ‹à´—à´¤àµà´¤à´¿à´¨àµà´®àµà´³àµà´³ ലളിതമായ പോളിസികളാണàµàµ ലോകàµà´•àµà´¡àµŒà´£àµâ€ വിശേഷത. " "ഇതàµàµ ഫയരàµâ€à´µàµ‹à´³à´¿à´²àµâ€ മാതàµà´°à´®àµ‡à´¯àµà´³àµà´³àµ‚. ലോകàµà´•àµà´¡àµŒà´£àµâ€ വൈറàµà´±àµ ലിസàµà´±àµà´±à´¿à´²àµâ€ കമാനàµâ€à´¡àµà´•à´³àµâ€, സനàµà´¦à´°àµâ€à´­à´™àµà´™à´³àµâ€, ഉപയോകàµà´¤à´¾à´•àµà´•à´³àµâ€, " "ഉപയോകàµà´¤àµƒ à´à´¡à´¿à´•à´³àµâ€ à´Žà´¨àµà´¨à´¿à´µ à´…à´Ÿà´™àµà´™àµà´¨àµà´¨àµ." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "സനàµà´¦à´°àµâ€à´­à´‚ ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "സനàµà´¦à´°àµâ€à´­à´‚ à´šà´¿à´Ÿàµà´Ÿà´ªàµà´ªàµ†à´Ÿàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "സനàµà´¦à´°àµâ€à´­à´‚ നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "സനàµà´¦à´°àµâ€à´­à´™àµà´™à´³àµâ€" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "വൈറàµà´±àµ ലിസàµà´±àµà´±à´¿à´²àµà´³àµà´³àµŠà´°àµ കമാനàµâ€à´¡àµ à´Žà´¨àµâ€à´Ÿàµà´°à´¿ '*'-à´²àµâ€ അവസാനിയàµà´•àµà´•àµà´¨àµà´¨àµ†à´™àµà´•à´¿à´²àµâ€, കമാനàµâ€â€à´¡à´¿à´²àµâ€ ആരംഭിയàµà´•àµà´•àµà´¨àµà´¨ à´Žà´²àµà´²à´¾ " "കമാനàµâ€à´¡àµ ലൈനàµà´•à´³àµà´‚ ചേരàµà´¨àµà´¨àµ. '*' ലഭàµà´¯à´®à´²àµà´²àµ†à´™àµà´•à´¿à´²àµâ€, ആരàµâ€à´—àµà´¯àµà´®àµ†à´¨àµà´±àµà´•à´³àµâ€ ഉളàµâ€à´ªàµà´ªà´Ÿàµ†à´¯àµà´³àµà´³ ആബàµà´¸à´²àµà´¯àµ‚à´Ÿàµà´Ÿàµ കമാനàµâ€à´¡àµà´‚ " "പൊരàµà´¤àµà´¤à´ªàµà´ªàµ†à´Ÿà´£à´‚. " #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "കമാനàµâ€à´¡àµ ലൈനàµâ€ ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "കമാനàµâ€à´¡àµ ലൈനàµâ€ à´šà´¿à´Ÿàµà´Ÿà´ªàµà´ªàµ†à´Ÿàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "കമാനàµâ€à´¡àµ ലൈനàµâ€ നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "കമാനàµâ€à´¡àµ ലൈനàµà´•à´³àµâ€" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "ഉപയോകàµà´¤à´¾à´µà´¿à´¨àµà´±àµ† പേരàµà´•à´³àµâ€." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "ഉപയോകàµà´¤àµƒà´¨à´¾à´®à´‚ ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "ഉപയോകàµà´¤àµƒà´¨à´¾à´®à´‚ à´šà´¿à´Ÿàµà´Ÿà´ªàµà´ªàµ†à´Ÿàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "ഉപയോകàµà´¤àµƒà´¨à´¾à´®à´‚ നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "ഉപയോകàµà´¤à´¾à´µà´¿à´¨àµà´±àµ† പേരàµà´•à´³àµâ€" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ഉപയോകàµà´¤à´¾à´µà´¿à´¨àµà´±àµ† à´à´¡à´¿à´•à´³àµâ€." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "ഉപയോകàµà´¤àµƒ à´à´¡à´¿ ചേരàµâ€à´•àµà´•àµà´•" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "ഉപയോകàµà´¤àµƒ à´à´¡à´¿à´¯à´¿à´²àµâ€ മാറàµà´±à´‚ വരàµà´¤àµà´¤àµà´•" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "ഉപയോകàµà´¤àµƒ à´à´¡à´¿ നീകàµà´•à´‚ ചെയàµà´¯àµà´•" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ഉപയോകàµà´¤à´¾à´µà´¿à´¨àµà´±àµ† à´à´¡à´¿à´•à´³àµâ€" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "സിസàµà´±àµà´±à´¤àµà´¤à´¿à´²àµâ€ നിലവിലàµâ€ à´¸àµà´µà´¤à´µàµ‡à´¯àµà´³àµà´³ മേഘല." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "പാനികàµà´•àµ മോഡàµ:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "ലോകàµà´•àµà´¡àµŒà´£àµâ€:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "à´¸àµà´µà´¤à´µàµ‡à´¯àµà´³àµà´³ മേഘല:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "പോരàµâ€à´Ÿàµà´Ÿàµà´‚ സമàµà´ªàµà´°à´¦à´¾à´¯à´µàµà´‚" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ഒരൠപോരàµâ€à´Ÿàµà´Ÿàµà´‚ സമàµà´ªàµà´°à´¦à´¾à´¯à´µàµà´‚ ദയവായി നലàµâ€à´•àµà´•." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "നേരിടàµà´Ÿàµà´³àµà´³ നിയമം" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "ipv, പടàµà´Ÿà´¿à´•, ചെയിനàµâ€ à´®àµà´¨àµâ€à´—ണം à´Žà´¨àµà´¨à´¿à´µ പരിശോധിചàµà´šàµàµ ആരàµâ€à´—àµà´¯àµà´®àµ†à´¨àµà´±àµà´•à´³àµâ€ നലàµâ€à´•àµà´•." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "à´®àµà´¨àµâ€à´—ണന:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "ദയവായി ഒരൠസമàµà´ªàµà´°à´¦à´¾à´¯à´‚ നലàµâ€à´•àµà´•." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "മറàµà´±àµà´³àµà´³ സമàµà´ªàµà´°à´¦à´¾à´¯à´‚:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "റിചàµà´šàµ റൂളàµâ€" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "ദയവായി ഒരൠറിചàµà´šàµ റൂളàµâ€ നലàµâ€à´•àµà´•." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "" "ഹോസàµà´±àµà´±àµ à´…à´²àµà´²àµ†à´™àµà´•à´¿à´²àµâ€ നെറàµà´±àµâ€Œà´µà´°àµâ€à´•àµà´•à´¿à´¨àµàµ, വൈറàµà´±àµ à´…à´²àµà´²àµ†à´™àµà´•à´¿à´²àµâ€ à´¬àµà´²à´¾à´•àµà´•àµ ലിസàµà´±àµà´±àµ ചെയàµà´¤à´¤à´¿à´¨àµàµ എലമെനàµà´±àµ നിരàµâ€" "ജീവമാകàµà´•àµà´•." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "à´¶àµà´°àµ‹à´¤à´¸àµà´¸àµ:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "ലകàµà´·àµà´¯à´¸àµà´¥à´¾à´¨à´‚:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "ലോഗàµ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "à´“à´¡à´¿à´±àµà´±àµ ചെയàµà´¯àµà´•:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4-ഉം ipv6-ഉം" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "വിപിരീതമായ" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¨à´¸à´œàµà´œà´®à´¾à´•àµà´•àµà´¨àµà´¨à´¤à´¿à´¨à´¾à´¯à´¿, à´ˆ à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¿ 'reject' ചെയàµà´¤àµàµ à´•àµà´Ÿàµà´‚ബം 'ipv4' à´…à´²àµà´²àµ†à´™àµà´•à´¿à´²àµâ€ " "'ipv6' ആയിരിയàµà´•àµà´•à´£à´‚ (à´°à´£àµà´Ÿàµà´‚ പാടിലàµà´² )." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "തരം:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "പരിധി:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "à´ªàµà´°àµ€à´«à´¿à´•àµà´¸àµ:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "തലം:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "എലമെനàµà´±àµ:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "à´ªàµà´°à´µà´°àµâ€à´¤àµà´¤à´¿:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "à´…à´Ÿà´¿à´¸àµà´¥à´¾à´¨ സരàµâ€à´µàµ€à´¸àµ സജàµà´œàµ€à´•à´°à´£à´™àµà´™à´³àµâ€" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "à´…à´Ÿà´¿à´¸àµà´¥à´¾à´¨ സരàµâ€à´µàµ€à´¸àµ സജàµà´œàµ€à´•à´°à´£à´™àµà´™à´³àµâ€ ദയവായി à´•àµà´°à´®àµ€à´•à´°à´¿à´¯àµà´•àµà´•àµà´•:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "ദയവായി ഒരൠസരàµâ€à´µàµ€à´¸àµ തെരഞàµà´žàµ†à´Ÿàµà´•àµà´•àµà´•." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ഉപയോകàµà´¤àµƒ à´à´¡à´¿" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ദയവായി ഉപയോകàµà´¤àµƒ à´à´¡à´¿ നലàµâ€à´•àµà´•." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "ദയവായി ഉപയോകàµà´¤àµƒà´¨à´¾à´®à´‚ നലàµâ€à´•àµà´•." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "à´…à´Ÿà´¿à´¸àµà´¥à´¾à´¨ മേഘല സജàµà´œàµ€à´•à´°à´£à´™àµà´™à´³àµâ€" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "ദയവായി à´…à´Ÿà´¿à´¸àµà´¥à´¾à´¨ മേഘല സജàµà´œàµ€à´•à´°à´£à´™àµà´™à´³àµâ€ à´•àµà´°à´®àµ€à´•à´°à´¿à´¯àµà´•àµà´•àµà´•:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "à´¸àµà´µà´¤à´µàµ‡à´¯àµà´³àµà´³ ലകàµà´·àµà´¯à´¸àµà´¥à´¾à´¨à´‚" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "ലകàµà´·àµà´¯à´¸àµà´¥à´¾à´¨à´‚:" firewalld-1.1.1/po/mr.po0000644000000000000000000020650714217342322015067 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Automatically generated, 2004 # Rahul Bhalerao , 2006 # Rahul Bhalerao , 2006 # sandeep shedmake , 2007-2008 # Sandeep Shedmake , 2008-2009 # sandeeps , 2009-2010 # sandeeps , 2013-2014 # sandeeps , 2013 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2015-02-26 10:00+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Marathi (http://www.transifex.com/projects/p/firewalld/" "language/mr/)\n" "Language: mr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "फायरवॉल ॲपलेट" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "फायरवॉल" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "फायरवॉल संयोजना" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "फायरवॉल;नेटवरà¥à¤•;सà¥à¤°à¤•à¥à¤·à¤¾;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "संवाद '%s' करिता कà¥à¤·à¥‡à¤¤à¥à¤° निवडा" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¤¿à¤¤ à¤à¥‹à¤¨" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "जोडणी '%s' करिता à¤à¥‹à¤¨ निवडा" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "शिलà¥à¤¡à¤¸à¥ अप किंवा डाउन कà¥à¤·à¥‡à¤¤à¥à¤° संरचीत करा" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "शिलà¥à¤¡à¤¸à¥ अप व शिलà¥à¤¡à¤¸à¥ डाउनकरिता तà¥à¤®à¥à¤¹à¥€ येथे कà¥à¤·à¥‡à¤¤à¥à¤° निवडू शकता." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "हे गà¥à¤£à¤§à¤°à¥à¤® पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¤¿à¤¤ à¤à¥‹à¤¨à¥à¤¸à¤šà¤¾ वापर करणाऱà¥à¤¯à¤¾à¤‚ना उपयोगी ठरेल. वापरकरà¥à¤¤à¥à¤¯à¤¾à¤‚ना, जे जोडणींचे " "à¤à¥‹à¤¨à¥à¤¸ बदलतात, याचा मरà¥à¤¯à¤¾à¤¦à¥€à¤¤ वापर ठरू शकतो." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "शिलà¥à¤¡à¤¸à¥ अप कà¥à¤·à¥‡à¤¤à¥à¤°:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "शिलà¥à¤¡à¤¸à¥ डाउन कà¥à¤·à¥‡à¤¤à¥à¤°:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "शिलà¥à¤¡à¤¸à¥ अप" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "सूचना सà¥à¤°à¥‚ करा" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "फायरवॉल सेटिंगà¥à¤œ संपादित करा..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "जोडणींचे कà¥à¤·à¥‡à¤¤à¥à¤°à¤¾à¤‚मधà¥à¤¯à¥‡ बदल करा..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "शिलà¥à¤¡à¤¸à¥ अप किंवा डाउन कà¥à¤·à¥‡à¤¤à¥à¤° संरचीत करा..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "सरà¥à¤µ नेटवरà¥à¤• टà¥à¤°à¤¾à¤«à¤¿à¤• अडवा" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "जोडणी" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "सोअरà¥à¤¸à¥‡à¤¸" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ओळख पटवणे अपयशी." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "अवैध बाब %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "नाव आधीपासूनच असà¥à¤¤à¤¿à¤¤à¥à¤µà¤¾à¤¤ आहे" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "firewall डिमनकरिता जोडणी नाही" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "सरà¥à¤µ नेटवरà¥à¤• टà¥à¤°à¤¾à¤«à¤¿à¤• अडवले आहे." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¤¿à¤¤ कà¥à¤·à¥‡à¤¤à¥à¤°: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "संवाद '{interface}' वरील जोडणी '{connection}' करिता कà¥à¤·à¥‡à¤¤à¥à¤° '{zone}' सकà¥à¤°à¥€à¤¯" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "संवाद '{interface}' करिता कà¥à¤·à¥‡à¤¤à¥à¤° '{zone}' सकà¥à¤°à¥€à¤¯" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "सà¥à¤°à¥‹à¤¤ {source} करिता कà¥à¤·à¥‡à¤¤à¥à¤° '{zone}' सकà¥à¤°à¥€à¤¯" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "सकà¥à¤°à¥€à¤¯ कà¥à¤·à¥‡à¤¤à¥à¤° नाही." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallD करिता जोडणी सà¥à¤¥à¤¾à¤ªà¥€à¤¤ केले." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallD करिता जोडणी हरवले." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD पà¥à¤¨à¥à¤¹à¤¾ लोड केले आहे." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¤¿à¤¤ कà¥à¤·à¥‡à¤¤à¥à¤°à¤²à¤¾ '%s' करिता बदलले आहे." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "नेटवरà¥à¤• टà¥à¤°à¤¾à¤«à¤¿à¤• यापà¥à¤¢à¥‡ अडवले जात नाही." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "सकà¥à¤°à¥€à¤¯ केले" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "निषà¥à¤•à¥à¤°à¥€à¤¯ केले" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "संवाद '{interface}' वरील जोडणी '{connection}' करिता कà¥à¤·à¥‡à¤¤à¥à¤° " "'{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "संवाद '{interface}' करिता कà¥à¤·à¥‡à¤¤à¥à¤° '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° '%s' सकà¥à¤°à¥€à¤¯ केले, संवाद '%s' करिता" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "सोअरà¥à¤¸ '{source}' करिता कà¥à¤·à¥‡à¤¤à¥à¤° '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "सोअरà¥à¤¸ '%s' करिता कà¥à¤·à¥‡à¤¤à¥à¤° '%s' सकà¥à¤°à¥€à¤¯ केले" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "बदल लागू केले." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "नेटवरà¥à¤• जोडणी '%s' तरà¥à¤«à¥‡ वापरले जाते" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "सà¥à¤°à¥‚ केले" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "बंद केले" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "चिनà¥à¤¹ लोड करणà¥à¤¯à¤¾à¤¸ अपयशी." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "वापरकरà¥à¤¤à¤¾ नाव" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "रनटाइम" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "कायम" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "सेवा" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "पोरà¥à¤Ÿ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "शिषà¥à¤Ÿà¤¾à¤šà¤¾à¤°" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "पà¥à¤°à¤¤à¤¿ पोरà¥à¤Ÿ" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "पà¥à¤°à¤¤à¤¿ पतà¥à¤¤à¤¾" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "ICMP पà¥à¤°à¤•à¤¾à¤°" #: ../src/firewall-config.in:822 msgid "Family" msgstr "फॅमिली" #: ../src/firewall-config.in:826 msgid "Action" msgstr "कृती" #: ../src/firewall-config.in:828 msgid "Element" msgstr "घटक" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "लकà¥à¤·à¥à¤¯" #: ../src/firewall-config.in:834 msgid "log" msgstr "लॉग" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ऑडिट" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "सोअरà¥à¤¸" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "ताकीद" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "तà¥à¤°à¥à¤Ÿà¥€" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "सà¥à¤µà¥€à¤•à¤¾à¤° करा" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "नकारा" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "वगळा" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "मरà¥à¤¯à¤¾à¤¦à¤¾" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "सरà¥à¤µà¥à¤¹à¤¿à¤¸" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "पोरà¥à¤Ÿ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤²" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "मासà¥à¤•à¥à¤¯à¥à¤°à¥‡à¤¡" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "सà¥à¤¤à¤°" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "होय" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤°" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° '%s': सरà¥à¤µà¥à¤¹à¤¿à¤¸ '%s' अनà¥à¤ªà¤²à¤¬à¥à¤§." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "काढून टाका" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "दà¥à¤°à¥à¤²à¤•à¥à¤· करा" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° '%s': ICMP पà¥à¤°à¤•à¤¾à¤° '%s' अनà¥à¤ªà¤²à¤¬à¥à¤§." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "बिलà¥à¤Ÿ-इन à¤à¥‹à¤¨, पà¥à¤¨à¤ƒà¤¨à¤¾à¤µ देणे समरà¥à¤¥à¥€à¤¤ नाही." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "सेकंद" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "मिनिट" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "तास" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "दिवस" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "संकट" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "सावधानता" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "गंभीर" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "तà¥à¤°à¥à¤Ÿà¥€" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "सावधानता" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "सूचना" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "माहिती" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "डिबग करा" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "संवाद संकà¥à¤°à¤®à¥€à¤¤ à¤à¤¾à¤²à¥‡ असलà¥à¤¯à¤¾à¤µà¤°à¤š इतर पà¥à¤°à¤£à¤¾à¤²à¥€à¤•à¤°à¤¿à¤¤à¤¾ फॉरवरà¥à¤¡ करणे उपयोगी ठरते.\n" "तà¥à¤®à¥à¤¹à¤¾à¤²à¤¾ हे à¤à¥‹à¤¨ मासà¥à¤•à¥à¤¯à¥à¤°à¥‡à¤¡ करायचे ?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "बिलà¥à¤Ÿ-इन सरà¥à¤µà¥à¤¹à¤¿à¤¸, पà¥à¤¨à¤ƒà¤¨à¤¾à¤®à¤¾à¤‚कन समरà¥à¤¥à¥€à¤¤ नाही." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "बिलà¥à¤Ÿ-इन icmp, पà¥à¤¨à¤ƒà¤¨à¤¾à¤µ देणे समरà¥à¤¥à¥€à¤¤ नाही." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "सोअरà¥à¤¸ %s करिता कà¥à¤·à¥‡à¤¤à¥à¤° निवडा" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "पतà¥à¤¤à¤¾" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "कृपया आदेश ओळ दà¥à¤¯à¤¾." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "कृपया संदरà¥à¤­ दà¥à¤¯à¤¾." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "कृपया खालील सूचीपासून पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¤¿à¤¤ à¤à¥‹à¤¨ निवडा." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "डाइरेकà¥à¤Ÿ चैन" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "कृपया ipv आणि तकà¥à¤¤à¤¾ निवडा आणि चैनचे नाव दà¥à¤¯à¤¾." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "चैन:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "रॉ" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "सà¥à¤°à¤•à¥à¤·à¤¾" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "तकà¥à¤¤à¤¾:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "डाइरेकà¥à¤Ÿ पासथà¥à¤°à¥ नियम" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "कृपया ipv निवडा आणि बाबी दà¥à¤¯à¤¾." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "बाबी:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "पोरà¥à¤Ÿ फॉरवरà¥à¤¡à¥€à¤—" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "कृपया सà¥à¤¤à¥à¤°à¥‹à¤¤ व लकà¥à¤·à¥à¤¯ परà¥à¤¯à¤¾à¤¯ तà¥à¤®à¤šà¥à¤¯à¤¾ आवशà¥à¤¯à¤•à¤¤à¥‡à¤ªà¥à¤°à¤£à¤¾à¤£à¥‡ वापरा." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "पोरà¥à¤Ÿ / पोरà¥à¤Ÿ कà¥à¤·à¥‡à¤¤à¥à¤°:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP पतà¥à¤¤à¤¾:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤²:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "लकà¥à¤·à¥à¤¯" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "सà¥à¤¥à¤¾à¤¨à¥€à¤• फॉरà¥à¤µà¤¡à¥€à¤‚ग कारà¥à¤¯à¤¾à¤¨à¥à¤µà¥€à¤¤ केलà¥à¤¯à¤¾à¤¸, तà¥à¤®à¥à¤¹à¤¾à¤²à¤¾ पोरà¥à¤Ÿ निरà¥à¤¦à¥‡à¤¶à¥€à¤¤ करावे लागेल. सà¥à¤¤à¥à¤°à¥‹à¤¤ पोरà¥à¤Ÿ " "करीता हे पोरà¥à¤Ÿ वेगळे असायला हवे." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "सà¥à¤¥à¤¾à¤¨à¥€à¤• फॉरवरà¥à¤¡à¥€à¤—" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "पà¥à¤¢à¤šà¥à¤¯à¤¾ पोरà¥à¤Ÿ करीता पाठवा" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "ठलक नोंदणी आवशà¥à¤¯à¤• आहे, इतर सरà¥à¤µ वैकलà¥à¤ªà¤¿à¤• आहे." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "नाव:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "आवृतà¥à¤¤à¥€:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "छोटे:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "वरà¥à¤£à¤¨:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "फॅमिली:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "बेस ICMP पà¥à¤°à¤•à¤¾à¤° सेटिंगà¥à¤œ" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "कृपया बेस ICMP पà¥à¤°à¤•à¤¾à¤° सेटिंगà¥à¤œ संरचीत करा:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP पà¥à¤°à¤•à¤¾à¤°" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "कृपया ICMP पà¥à¤°à¤•à¤¾à¤° पसंत करा" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "नोंदणी समावेश करा" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "फाइल (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "परà¥à¤¯à¤¾à¤¯ (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld पà¥à¤¨à¥à¤¹à¤¾ लोड करा" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "फायरवॉल रूलà¥à¤¸ पà¥à¤¨à¥à¤¹à¤¾ लोड करतो. सधà¥à¤¯à¤¾à¤šà¥€ कायम संरचना नविन रनटाइम संचरना बनेल. मà¥à¤¹à¤£à¤œà¥‡à¤š " "कायम संरचनामधà¥à¤¯à¥‡ न आढळलà¥à¤¯à¤¾à¤¸ रिलोड परà¥à¤¯à¤‚तचे फकà¥à¤¤ रनटाइम बदल गमवले जातात." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "नेटवरà¥à¤• जोडणी कोणतà¥à¤¯à¤¾ à¤à¥‹à¤¨à¤šà¥à¤¯à¤¾ मालकीचे आहे, ते बदला." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¤¿à¤¤ कà¥à¤·à¥‡à¤¤à¥à¤° बदला" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "जोडणà¥à¤¯à¤¾ किंवा संवादकरिता पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¤¿à¤¤ à¤à¥‹à¤¨ बदला." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "पॅनिक मोड मà¥à¤¹à¤£à¤œà¥‡ सरà¥à¤µ येणारे आणि बाहेर जाणारे पॅकेटà¥à¤¸ वगळले जातात." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "पॅनिक मोड" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "लॉकडाऊन फायरवॉल संरचना कà¥à¤²à¥‚पबंद करते जेणेकरूण फकà¥à¤¤ लॉकडाऊनकरिता ॲपà¥à¤²à¤¿à¤•à¥‡à¤¶à¤¨à¥à¤¸ तà¥à¤¯à¤¾à¤¸ बदलू शकेल." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "कà¥à¤²à¥‚पबंद करा" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "रनटाइम संरचना कायमचे करा" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "रनटाइम कायमचे करा" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "अवलोकन (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP पà¥à¤°à¤•à¤¾à¤°" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "डाइरेकà¥à¤Ÿ संरचना" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "लॉकडाऊन वाइटलिसà¥à¤Ÿ" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "मदत (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "संरचना:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "सधà¥à¤¯à¤¾ दृशà¥à¤¯à¤¾à¤¸à¥à¤ªà¤¦ संरचना. रनटाइम संरचना वासà¥à¤¤à¤µà¤¿à¤• सकà¥à¤°à¥€à¤¯ संरचना आहे. सरà¥à¤µà¥à¤¹à¤¿à¤¸ किंवा " "पà¥à¤°à¤£à¤¾à¤²à¥€à¤²à¤¾ पà¥à¤¨à¥à¤¹à¤¾ लोड किंवा पà¥à¤¨à¥à¤¹à¤¾ सà¥à¤°à¥‚ केलà¥à¤¯à¤¾à¤¨à¤‚तर कायम संरचना सकà¥à¤°à¥€à¤¯ केली जाईल." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld कà¥à¤·à¥‡à¤¤à¥à¤° नेटवरà¥à¤• जोडणींकरिता विशà¥à¤µà¤¾à¤¸à¤°à¥à¤¹à¤¤à¤¾ सà¥à¤¤à¤°, इंटरफेसेस व à¤à¥‹à¤¨à¤•à¤°à¤¿à¤¤à¤¾ बांधणी असलेले " "सोअरà¥à¤¸ पतà¥à¤¤à¤¾ ठरवतो. कà¥à¤·à¥‡à¤¤à¥à¤° सरà¥à¤µà¥à¤¹à¤¿à¤¸à¥‡à¤¸, पोरà¥à¤Ÿà¤¸, पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤²à¥à¤¸, मॅसà¥à¤•à¥à¤¯à¥à¤°à¥‡à¤¡à¤¿à¤‚ग, पोरà¥à¤Ÿ किंवा पॅकेट " "फॉरवरà¥à¤¡à¤¿à¤‚ग, icmp फिलà¥à¤Ÿà¤°à¥à¤¸ व रिच रूलà¥à¤¸ à¤à¤•à¤¤à¥à¤°à¥€à¤¤ करतो. कà¥à¤·à¥‡à¤¤à¥à¤° इंटरफेसेस व सोअरà¥à¤¸ पतà¥à¤¤à¥à¤¯à¤¾à¤‚करिता " "बांधणी करतो." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° समावेश करा" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° संपादित करा" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° काढून टाका" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "कà¥à¤·à¥‡à¤¤à¥à¤° पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¤¿à¤¤ लोड करा" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "येथे तà¥à¤®à¥à¤¹à¥€ à¤à¥‹à¤¨à¤®à¤§à¥à¤¯à¥‡ कोणती सरà¥à¤µà¥à¤¹à¤¿à¤¸à¥‡à¤¸ विशà¥à¤µà¤¾à¤¸à¤°à¥à¤¹ आहेत ते ठरवू शकता. विशà¥à¤µà¤¾à¤¸à¤°à¥à¤¹ सरà¥à¤µà¥à¤¹à¤¿à¤¸à¥‡à¤¸ सरà¥à¤µ " "यजमानांपासून व हà¥à¤¯à¤¾ à¤à¥‹à¤¨à¤•à¤°à¤¿à¤¤à¤¾ बांधीत असलेलà¥à¤¯à¤¾ जोडणी, संवाद व सोअरà¥à¤¸à¥‡à¤¸à¤ªà¤¾à¤¸à¥‚न मशीनपरà¥à¤¯à¤‚त " "पोहचणà¥à¤¯à¤¾à¤œà¥‹à¤—ी नेटवरà¥à¤•à¤¸à¤•à¤°à¤¿à¤¤à¤¾ पà¥à¤°à¤µà¥‡à¤¶à¤œà¥‹à¤—ी आहेत." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "सरà¥à¤µà¥à¤¹à¤¿à¤¸à¥‡à¤¸" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "अगाऊ पोरà¥à¤Ÿà¤¸à¥ किंवा पोरà¥à¤Ÿ वà¥à¤¯à¤¾à¤ªà¥à¤¤à¤¿ समाविषà¥à¤Ÿ करा, जे सरà¥à¤µ यजमान किंवा मशनसह जोडणीजोगी " "नेटवरà¥à¤•à¤•à¤°à¤¿à¤¤à¤¾ पà¥à¤°à¤µà¥‡à¤¶à¤œà¥‹à¤—ी असायला हवे." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "पà¥à¤°à¤¤à¤¿ पोरà¥à¤Ÿ" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "पोरà¥à¤Ÿ संपादित करा" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "पोरà¥à¤Ÿ काढून टाका" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "पोरà¥à¤Ÿà¤¸à¥" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "मासà¥à¤•à¥à¤¯à¥à¤°à¥‡à¤¡à¥€à¤‚ग यजमान सà¥à¤¥à¤¾à¤ªà¥€à¤¤ करणà¥à¤¯à¤¾à¤¸ किंवा इंटरनेटवरील सà¥à¤¥à¤¾à¤¨à¥€à¤• संजाळ जà¥à¤³à¤µà¤£à¥€à¤•à¤°à¥€à¤¤à¤¾ राऊटरला " "परवानगी देतो. तà¥à¤®à¤šà¥‡ सà¥à¤¥à¤¾à¤¨à¥€à¤• संजाळ दिसणार नाही व इंटरनेटवर यजमान à¤à¤• पतà¥à¤¤à¤¾ मà¥à¤¹à¤£à¥‚नच दिसून " "येईल. मासà¥à¤•à¥à¤¯à¥à¤°à¥‡à¤¡à¥€à¤‚ग फकà¥à¤¤ IPv4 करीता आहे." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "मासà¥à¤•à¥à¤¯à¥à¤°à¥‡à¤¡ कà¥à¤·à¥‡à¤¤à¥à¤°" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "मासà¥à¤•à¥à¤¯à¥à¤°à¥‡à¤¡à¤¿à¤‚ग सà¥à¤°à¥‚ करताना, IP फॉरà¥à¤µà¤°à¤°à¥à¤¡à¤¿à¤‚ग IPv4 नेटवरà¥à¤•à¥à¤¸à¤•à¤°à¤¿à¤¤à¤¾ सà¥à¤°à¥‚ केले जाईल." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "मासà¥à¤•à¥à¤¯à¥à¤°à¥‡à¤¡à¥€à¤‚ग" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "सà¥à¤¥à¤¾à¤¨à¥€à¤• पà¥à¤°à¤£à¤¾à¤²à¥€à¤µà¤°à¥€à¤² किंवा à¤à¤•à¤¾ सà¥à¤¥à¤¾à¤¨à¥€à¤• पà¥à¤°à¤£à¤²à¥€ वरून अनà¥à¤¯ पà¥à¤°à¤£à¤¾à¤²à¥€ करीता à¤à¤•à¤¾ पोरà¥à¤Ÿ पासून " "इतर पोरà¥à¤Ÿ परà¥à¤¯à¤‚त पोरà¥à¤Ÿ फॉरà¥à¤µà¤¡ करणà¥à¤¯à¤¾à¤¸à¤¾à¤ à¥€ नोंदणी जोडा. अनà¥à¤¯ पà¥à¤°à¤£à¤¾à¤²à¥€ करीता फॉरà¥à¤µà¤¡à¥€à¤‚ग " "तेवà¥à¤¹à¤¾à¤š उपयोगी ठरेल जेवà¥à¤¹à¤¾ संवाद लपविला जाईल. पोरà¥à¤Ÿ फॉरà¥à¤µà¤¡à¥€à¤‚ग फकà¥à¤¤ IPv4 करीता आहे." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "फॉरवरà¥à¤¡ पोरà¥à¤Ÿ समाविषà¥à¤Ÿ करा" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "फॉरवरà¥à¤¡ पोरà¥à¤Ÿ संपादित करा" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "फॉरवरà¥à¤¡ पोरà¥à¤Ÿ काढून टाका" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internet Control Message Protocol (ICMP) चा वापर संभावà¥à¤¯à¤¤à¤ƒ तà¥à¤°à¥à¤Ÿà¥€ संदेश " "पाठविणà¥à¤¯à¤¾à¤•à¥€à¤°à¤¤à¤¾ केला जातो, पण अगाऊरितà¥à¤¯à¤¾ माहिती संदेश करीता देखील वापरला जातो जसे की " "पींग विनंती किंवा पà¥à¤°à¤¤à¤¿à¤¸à¤¾à¤¦." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "यादीतील ICMP पà¥à¤°à¤•à¤¾à¤°, जे सà¥à¤µà¥€à¤•à¤¾à¤°à¤²à¥‡ नाही पाहिजे. इतर सरà¥à¤µ ICMP पà¥à¤°à¤•à¤¾à¤° फायरवॉल ला भेदून " "जाऊ शकतात. पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¥€à¤¤à¤µà¤° मरà¥à¤¯à¤¾à¤¦à¤¾ नाही." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP फिलà¥à¤Ÿà¤°" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "कà¥à¤·à¥‡à¤¤à¥à¤°à¤•à¤°à¤¿à¤¤à¤¾ तà¥à¤®à¥à¤¹à¥€ येथे रिच लà¤à¤—वेज रूलà¥à¤¸ सेट करू शकता." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "रिच रूल समाविषà¥à¤Ÿ करा" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "रिच रूल संपादित करा" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "रिच रूल काढून टाका" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "रिच रूलà¥à¤¸" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "संवादांना à¤à¥‹à¤¨à¤•à¤°à¤¿à¤¤à¤¾ बांधणी करणà¥à¤¯à¤¾à¤¸à¤¾à¤ à¥€ नोंदणी समाविषà¥à¤Ÿ करा. जोडणीतरà¥à¤«à¥‡ संवादचा वापर " "करायचे असलà¥à¤¯à¤¾à¤¸, जोडणीमधà¥à¤¯à¥‡ निरà¥à¤¦à¥‡à¤¶à¥€à¤¤ à¤à¥‹à¤¨à¤•à¤°à¤¿à¤¤à¤¾ à¤à¥‹à¤¨ सेट केले जाईल." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "संवाद समाविषà¥à¤Ÿ करा" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "संवाद संपादित करा" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "संवाद काढून टाका" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "सोअरà¥à¤¸ समाविषà¥à¤Ÿ करा" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "सोअरà¥à¤¸ संपादित करा" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "सोअरà¥à¤¸ काढून टाका" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "à¤à¥‹à¤¨à¥à¤¸" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld सरà¥à¤µà¥à¤¹à¤¿à¤¸ पोरà¥à¤Ÿà¤¸à¥, पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤²à¥à¤¸, घटक व लकà¥à¤·à¥à¤¯ पतà¥à¤¤à¥à¤¯à¤¾à¤‚चे à¤à¤•à¤¤à¥à¤°à¥€à¤•à¤°à¤£ आहे." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "सरà¥à¤µà¥à¤¹à¤¿à¤¸ समाविषà¥à¤Ÿ करा" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "सरà¥à¤µà¥à¤¹à¤¿à¤¸ संपादित करा" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "सरà¥à¤µà¥à¤¹à¤¿à¤¸ काढून टाका" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "सरà¥à¤µà¥à¤¹à¤¿à¤¸ पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¤¿à¤¤ लोड करा" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "नोंदणी संपादीत करा" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "नोंदणी हटवा" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "घटक" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "लकà¥à¤·à¥à¤¯ पतà¥à¤¤à¤¾ निरà¥à¤¦à¥‡à¤¶à¥€à¤¤ केलà¥à¤¯à¤¾à¤¸, सरà¥à¤µà¥à¤¹à¤¿à¤¸ नोंदणी लकà¥à¤·à¥à¤¯ पतà¥à¤¤à¤¾ व पà¥à¤°à¤•à¤¾à¤°à¤•à¤°à¤¿à¤¤à¤¾ मरà¥à¤¯à¤¾à¤¦à¥€à¤¤ राहेल. " "दोंही नोंदणी रिकामे असलà¥à¤¯à¤¾à¤¸, कà¥à¤ à¤²à¤¿à¤¹à¥€ मरà¥à¤¯à¤¾à¤¦à¤¾ राहत नाही." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "सरà¥à¤µà¥à¤¹à¤¿à¤¸à¥‡à¤¸à¤²à¤¾ फकà¥à¤¤ नेहमीचà¥à¤¯à¤¾ संरचना दृषà¥à¤¯à¤®à¤§à¥à¤¯à¥‡ बदलणे शकà¥à¤¯ आहे. सरà¥à¤µà¥à¤¹à¤¿à¤¸à¥‡à¤¸à¤šà¥€ रनटाइम संरचना ठरवले " "आहे." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalldसाठी इंटरनेट कंटà¥à¤°à¥‹à¤² मेसेज पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤² (ICMP) पà¥à¤°à¤•à¤¾à¤°à¤•à¤°à¤¿à¤¤à¤¾ firewalld icmptype " "माहिती पà¥à¤°à¤µà¤¤à¥‡." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP पà¥à¤°à¤•à¤¾à¤° समाविषà¥à¤Ÿ करा" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP पà¥à¤°à¤•à¤¾à¤° संपादित करा" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP पà¥à¤°à¤•à¤¾à¤° काढून टाका" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP पà¥à¤°à¤•à¤¾à¤° पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¤¿à¤¤ लोड करा" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" "IPv4 आणि किंवा IPv6 करिता हे ICMP पà¥à¤°à¤•à¤¾à¤° उपलबà¥à¤§ आहे किंवा नाही ते निरà¥à¤¦à¥‡à¤¶à¥€à¤¤ करा." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP पà¥à¤°à¤•à¤¾à¤°à¤²à¤¾ कायमसà¥à¤µà¤°à¥‚पी संरचना दृषà¥à¤¯à¤®à¤§à¥à¤¯à¥‡ बदलणे शकà¥à¤¯ आहे. ICMP पà¥à¤°à¤•à¤¾à¤°à¤šà¥€ रनटाइम संरचना " "ठरवली आहे." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "डाइरेकà¥à¤Ÿ संरचना फायरवॉलकरिता पà¥à¤°à¤¤à¥à¤¯à¤•à¥à¤· पà¥à¤°à¤µà¥‡à¤¶ देते. हà¥à¤¯à¤¾ परà¥à¤¯à¤¾à¤¯à¤®à¥à¤³à¥‡ वापरकरà¥à¤¤à¥à¤¯à¤¾à¤²à¤¾ मूळ " "iptables ततà¥à¤µ, जसे कि तकà¥à¤¤à¤¾, चैनà¥à¤¸, आदेश, बाबी आणि लकà¥à¤·à¥à¤¯ माहिती असणे आवशà¥à¤¯à¤• आहे. " "पà¥à¤°à¤¤à¥à¤¯à¤•à¥à¤· संरचनेचा वापर शेवटचा परà¥à¤¯à¤¾à¤¯ मà¥à¤¹à¤£à¥‚न करावा जेवà¥à¤¹à¤¾ इतर फायरवॉलà¥à¤¡ गà¥à¤£à¤µà¤¿à¤¶à¥‡à¤·à¤¾à¤‚चा वापर " "शकà¥à¤¯ होत नाही." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "पà¥à¤°à¤¤à¥à¤¯à¥‡à¤• परà¥à¤¯à¤¾à¤¯à¤šà¥‡ ipv बाब ipv4 किंवा ipv6 किंवा eb पाहिजे. ipv4 असलà¥à¤¯à¤¾à¤¸ ते iptables " "करिता, ipv6 असलà¥à¤¯à¤¾à¤¸ ip6tables करिता आणि eb असलà¥à¤¯à¤¾à¤¸ for इथरनेट बà¥à¤°à¤¿à¤œà¥‡à¤¸à¤•à¤°à¤¿à¤¤à¤¾ " "(ebtables) असायला हवे." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "नियमसह वापरणà¥à¤¯à¤¾à¤œà¥‹à¤—ी अगाऊ चैनà¥à¤¸." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "चैन समाविषà¥à¤Ÿ करा" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "चैन संपादित करा" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "चैन काढून टाका" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "चैनà¥à¤¸" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "पà¥à¤°à¤¾à¤§à¤¾à¤¨à¥à¤¯à¤¤à¤¾à¤¸à¤¹ तकà¥à¤¤à¤¾à¤®à¤§à¥à¤¯à¥‡ चैनकरिता आरà¥à¤—à¥à¤¯à¥à¤®à¥‡à¤‚टà¥à¤¸ args सह नियम समाविषà¥à¤Ÿ करा." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "नियमांना कà¥à¤°à¤®à¤µà¤¾à¤°à¤¿à¤¤ लावणà¥à¤¯à¤¾à¤•à¤°à¤¿à¤¤à¤¾ पà¥à¤°à¤¾à¤§à¤¾à¤¨à¥à¤¯à¤¤à¤¾. पà¥à¤°à¤¾à¤§à¤¾à¤¨à¥à¤¯à¤¤à¤¾ 0 मà¥à¤¹à¤£à¤œà¥‡ चैनचà¥à¤¯à¤¾ शीरà¥à¤·à¤®à¤§à¥à¤¯à¥‡ नियम " "समाविषà¥à¤Ÿ करा , जासà¥à¤¤ पà¥à¤°à¤¾à¤§à¤¾à¤¨à¥à¤¯à¤¤à¤¾ असणाऱà¥à¤¯à¤¾ नियमाला अखेरीस समाविषà¥à¤Ÿ केले जाईल. समान " "पà¥à¤°à¤¾à¤§à¤¾à¤¨à¥à¤¯à¤¤à¤¾ असलेले नियम à¤à¤•à¤¾à¤š सà¥à¤¤à¤¾à¤°à¤¾à¤µà¤° असतात आणि या नियमांची कà¥à¤°à¤®à¤µà¤¾à¤°à¥€ निशà¥à¤šà¥€à¤¤ नसते आणि " "कदाचित बदलू शकते. à¤à¤•à¤¾ नियम नंतर इतर समाविषà¥à¤Ÿ केले जाईल, याची खातà¥à¤°à¥€ करायचे असलà¥à¤¯à¤¾à¤¸, " "पहिलà¥à¤¯à¤¾ नियमकरिता किमान पà¥à¤°à¤¾à¤§à¤¾à¤¨à¥à¤¯à¤¤à¤¾à¤šà¤¾ वापर करा आणि खालीलकरिता जासà¥à¤¤ पà¥à¤°à¤¾à¤§à¤¾à¤¨à¥à¤¯à¤¤à¤¾à¤šà¤¾ " "वापर करा." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "नियम समाविषà¥à¤Ÿ करा" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "नियम संपादित करा" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "नियम काढून टाका" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "नियम" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "फायरवॉलकरिता पासथà¥à¤°à¥ नियम पà¥à¤°à¤¤à¥à¤¯à¤•à¥à¤·à¤°à¤¿à¤¤à¥à¤¯à¤¾ पà¥à¤°à¤µà¤²à¥‡ जातात आणि तà¥à¤¯à¤¾à¤¸ विशेष चैनमधà¥à¤¯à¥‡ सà¥à¤¥à¤¿à¤¤ केले " "जात नाही. सरà¥à¤µ iptables, ip6tables आणि ebtables परà¥à¤¯à¤¾à¤¯à¤¾à¤‚चा वापर शकà¥à¤¯ आहे." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "कृपया फायरवॉल नषà¥à¤Ÿ होणार नाही याची पासथà¥à¤°à¥ नियमतरà¥à¤«à¥‡ काळजी घà¥à¤¯à¤¾." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "पासथà¥à¤°à¥ समाविषà¥à¤Ÿ करा" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "पासथà¥à¤°à¥ संपादित करा" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "पासथà¥à¤°à¥ काढून टाका" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "पासथà¥à¤°à¥" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "firewalld करिता लॉकडाऊन वापरकरà¥à¤¤à¤¾ व ॲपà¥à¤²à¤¿à¤•à¥‡à¤¶à¤¨ करारचे लाइटवेट गà¥à¤£à¤§à¤°à¥à¤® आहे. ते " "फायरवॉलकरिता बदल मरà¥à¤¯à¤¾à¤¦à¥€à¤¤ ठेवते. लॉकडाउन वाइटलिसà¥à¤Ÿà¤®à¤§à¥à¤¯à¥‡ आदेश, संदरà¥à¤­, वापरकरà¥à¤¤à¥‡ व यà¥à¤œà¤° " "आयडीज समाविषà¥à¤Ÿà¥€à¤¤ असू शकते." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "संदरà¥à¤­ समाविषà¥à¤Ÿ करा" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "संदरà¥à¤­ संपादित करा" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "संदरà¥à¤­ काढून टाका" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "संदरà¥à¤­" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "वाइटलिसà¥à¤Ÿ वरील आदेश नोंदणी ॲसà¥à¤Ÿà¥‡à¤°à¤¿à¤¸à¥à¤• '*' सह समापà¥à¤¤ होत असलà¥à¤¯à¤¾à¤¸, आदेश पासून सà¥à¤°à¥‚ होणारे " "सरà¥à¤µ आदेश ओळ जà¥à¤³à¤¤à¥€à¤². '*' हे ॲबसोलà¥à¤¯à¥à¤Ÿ आदेश अंतरà¥à¤—त न आढळलà¥à¤¯à¤¾à¤¸ परसà¥à¤ªà¤° बाबी जà¥à¤³à¤¾à¤¯à¤²à¤¾ पाहिजे." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "आदेश ओळ समाविषà¥à¤Ÿ करा" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "आदेश ओळ संपादित करा" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "आदेश ओळ काढून टाका" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "आदेश ओळ" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "वापरकरà¥à¤¤à¤¾ नावे." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "वापरकरà¥à¤¤à¤¾ नाव समाविषà¥à¤Ÿ करा" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "वापरकरà¥à¤¤à¤¾ नाव संपादित करा" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "वापरकरà¥à¤¤à¤¾ नाव काढून टाका" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "वापरकरà¥à¤¤à¤¾ नावे" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "यà¥à¤œà¤° आयडीज." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "वापरकरà¥à¤¤à¤¾ Id समाविषà¥à¤Ÿ करा" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "वापरकरà¥à¤¤à¤¾ Id संपादित करा" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "वापरकरà¥à¤¤à¤¾ Id काढून टाका" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "यà¥à¤œà¤° आयडीज" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "पà¥à¤°à¤£à¤¾à¤²à¥€à¤šà¥‡ सधà¥à¤¯à¤¾à¤šà¥‡ पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¤¿à¤¤ कà¥à¤·à¥‡à¤¤à¥à¤°." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "पॅनिक मोड:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "लॉकडाउन:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¤¿à¤¤ कà¥à¤·à¥‡à¤¤à¥à¤°:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "पोरà¥à¤Ÿ व शिषà¥à¤Ÿà¤¾à¤šà¤¾à¤°" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "कृपया पोरà¥à¤Ÿ व पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤² भरा." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "डाइरेकà¥à¤Ÿ नियम" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "कृपया ipv आणि तकà¥à¤¤à¤¾, चैन पà¥à¤°à¤¾à¤§à¤¾à¤¨à¥à¤¯à¤¤à¤¾ आणि बाबी निवडा." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "पà¥à¤°à¤¾à¤§à¤¾à¤¨à¥à¤¯à¤¤à¤¾:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "कृपया पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤² दà¥à¤¯à¤¾." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "इतर पà¥à¤°à¥‹à¤Ÿà¥‹à¤•à¥‰à¤²:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "रिच रूल" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "कृपया रिच रूल भरा." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "यजमान किंवा नेटवरà¥à¤•à¤•à¤°à¤¿à¤¤à¤¾ घटकांना निषà¥à¤•à¥à¤°à¥€à¤¯ करणà¥à¤¯à¤¾à¤¸à¤¾à¤ à¥€ वाइट किंवा बà¥à¤²à¥…कलिसà¥à¤Ÿ करा." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "सोअरà¥à¤¸:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "1लकà¥à¤·à¥à¤¯:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "लॉग:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ऑडिट:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 आणि ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "इनवरà¥à¤Ÿà¥‡à¤¡" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "सà¥à¤°à¥‚ करणà¥à¤¯à¤¾à¤¸à¤¾à¤ à¥€ हà¥à¤¯à¤¾ कृतीला 'reject' करा आणि फॅमिलि à¤à¤•à¤¤à¤° 'ipv4' किंवा 'ipv6' (दोनà¥à¤¹à¥€ " "नाही) पाहिजे." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "पà¥à¤°à¤•à¤¾à¤° सह:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "मरà¥à¤¯à¤¾à¤¦à¤¾ सह:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "पà¥à¤°à¤¿à¤«à¤¿à¤•à¥à¤¸:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "सà¥à¤¤à¤°:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "घटक:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "कृती:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "बेस सरà¥à¤µà¥à¤¹à¤¿à¤¸ सेटिंगà¥à¤œ" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "कृपया बेस सरà¥à¤µà¥à¤¹à¤¿à¤¸ सेटिंगà¥à¤œ संरचीत करा:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "कृपया सरà¥à¤µà¥à¤¹à¤¿à¤¸ निवडा." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "यà¥à¤œà¤° ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "कृपया यà¥à¤œà¤° id दà¥à¤¯à¤¾." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "कृपया वापरकरà¥à¤¤à¤¾ नाव दà¥à¤¯à¤¾." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "बेस कà¥à¤·à¥‡à¤¤à¥à¤° सेटिंगà¥à¤œ" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "कृपया बेस कà¥à¤·à¥‡à¤¤à¥à¤° सेटिंगà¥à¤œ संरचीत करा:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "पूरà¥à¤µà¤¨à¤¿à¤°à¥à¤§à¤¾à¤°à¤¿à¤¤ लकà¥à¤·à¥à¤¯" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "लकà¥à¤·à¥à¤¯:" firewalld-1.1.1/po/nl.po0000644000000000000000000016563414217342322015067 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Bart Couvreur , 2007 # Geert Warrink , 2009-2014, 2020. # Richard E. van der Luit , 2009-2010 # Taco Witte , 2002 # Tino Meinen , 2002-2003 # Geert Warrink , 2015. #zanata, 2020. # Geert Warrink , 2016. #zanata, 2020. # Geert Warrink , 2017. #zanata, 2020. # Eric Garver , 2018. #zanata # Geert Warrink , 2018. #zanata, 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-07-23 15:28+0000\n" "Last-Translator: Geert Warrink \n" "Language-Team: Dutch \n" "Language: nl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.1.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Firewall applet" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Firewall configuratie" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;netwerk;beveiliging;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Selecteer zone voor interface '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Standaard zone" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Selecteer zone voor verbinding '%s'" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Instellen van zone {zone} voor verbinding {connection_name} mislukte" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Selecteer zone voor bron '%s'" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Configureer Schild omhoog/omlaag zones" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Hier kun de zones selecteren gebruikt voor Schild omhoog en Schild omlaag." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Deze eigenschap is nuttig voor hen die meestal de standaard zones gebruiken. " "Voor gebruikersverbindingszones veranderen kan het van beperkt nut zijn." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Schild omhoog zone:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Terugzetten naar standaard" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Schild omlaag zone:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Over %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Auteurs" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licentie" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Schild omhoog brengen" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Meldingen inschakelen" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Bewerk firewall instellingen..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Verander verbindingszones..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Configureer Schild omhoog/omlaag zones..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Blokkeer alle netwerkverkeer" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Over" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Verbindingen" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaces" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Bronnen" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autorisatie is mislukt." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Ongeldige naam" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Naam bestaat al" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zone: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Standaard zone: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Verbindingen van NetworkManager krijgen mislukte" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Er is geen NetworkManager import beschikbaar" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Geen verbinding met firewall-daemon" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Alle netwerkverkeer is geblokkeerd." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Standaard zone: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Standaard zone '{default_zone}' actief voor verbinding '{connection}' op " "interface '{interface}'" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zone '{zone}' actief voor verbinding '{connection}' op interface " "'{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zone '{zone}' actief voor interface '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zone '{zone}' is actief voor bron {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Geen actieve zones." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Verbinding met FirewallD tot stand gebracht." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Verbinding met FirewallD verloren." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD is opnieuw geladen." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Standaard zone is veranderd naar '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Netwerkverkeer is niet meer geblokkeerd." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "geactiveerd" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "gedeactiveerd" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Standaard zone '{default_zone}' {activated_deactivated} voor verbinding " "'{connection}' op interface '{interface}'" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zone '{zone}' {activated_deactivated} voor verbinding '{connection}' op " "interface '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zone '{zone}' {activated_deactivated} voor interface '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zone '%s' geactiveerd voor interface '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zone '{zone}' {activated_deactivated} voor bron '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zone '%s' is geactiveerd voor bron '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Verbinding met firewalld tot stand gebracht." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Bezig met verbinden naar firewalld, wachten..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Verbinding maken met de firewall is mislukt. Zorg ervoor dat de service " "juist is opgestart en probeer het opnieuw." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Veranderingen zijn toegepast." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Wordt gebruikt door netwerkverbinding '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Standaard zone wordt gebruikt door netwerkverbinding '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "aangezet" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "uitgezet" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Iconen laden is mislukt." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Context" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Commandoregel" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Gebruikersnaam" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Gebruikers-id" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabel" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Keten" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioriteit" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumenten" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Runtime" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Service" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Poort" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Naar poort" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Naar adres" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Bindingen" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Ingang" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp type" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Familie" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Actie" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Bron" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Bestemming" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interface" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Commentaar" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Bron" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Waarschuwing" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Fout" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "accepteren" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "afwijzen" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "laten vallen" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "markeer" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "beperken" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "service" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "poort" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maskerade" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-blok" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "doorstuur-poort" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "bronpoort" #: ../src/firewall-config.in:2097 msgid "level" msgstr "niveau" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ja" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zone" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Standaard zone: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zone: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zone '%s': Service '%s' is niet beschikbaar." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Verwijder" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Negeer" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zone '%s': ICMP type '%s' is niet beschikbaar." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Ingebouwde zone, hernoemen niet ondersteund." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "seconde" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuut" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "uur" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dag" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "noodgeval" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alert" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritiek" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "fout" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "waarschuwing" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "opmerking" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Het doorsturen naar een ander systeem is alleen nuttig als de interface " "gemaskeerd is.\n" "Wil je deze zone maskeren?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Ingebouwde service, hernoemen niet ondersteund." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Vul een ipv4 adres in met het formaat adres[/masker]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "Het masker kan een netwerkmasker of een getal zijn." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Vul een ipv6 adres in met het formaat adres[/masker]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "Het masker is een getal." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Vul een ipv4 of ipv6 adres in met het formaat adres[/masker]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Het masker kan een netwerkmasker of een getal zijn voor ipv4.\n" "Het masker is een getal voor ipv6." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "Ingebouwde ipset, hernoemen wordt niet ondersteund." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Selecteer een bestand" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Tekstbestanden" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Alle bestanden" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Alles" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Ingebouwde helper, hernoemen wordt niet ondersteund." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Ingebouwde icmp, hernoemen niet ondersteund." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Het lezen van bestand '%s' mislukte: %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Selecteer zone voor bron %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adres" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatische helpers" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Selecteer de automatische helpers waarde:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Voer de commandoregel in." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Voer de context in." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Selecteer de standaard zone uit de lijst hieronder." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Directe keten" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Selecteer ipv en tabel en vul de keten naam in." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Keten:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "ruw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "beveiliging" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabel:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Direct doorgeven regel" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Selecteer ipv en vul de argumenten in." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumenten:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Poort doorsturen" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Selecteer de bron- en bestemmingsopties naar jouw behoefte." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Poort / poort reeks:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP adres:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Bestemming" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Als je lokaal doorzenden aanzet, moet je een poort opgeven. Deze poort moet " "verschillen van de bronpoort." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokaal doorsturen" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Doorsturen naar een andere poort" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Basis helperinstellingen" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Configureer de basis helper instellingen:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Vette ingangen zijn verplicht, alle andere zijn optioneel." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Naam:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versie:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Afgekort:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Beschrijving:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Familie:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Module:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Helper" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Selecteer een helper:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Basis ICMP-type instellingen" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Configureer basis ICMP-type instellingen:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP-type" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Selecteer een ICMP-type" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Ingang toevoegen" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Voeg ingangen uit bestand" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Verwijder geselecteerde ingang" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Verwijder alle ingangen" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Verwijder ingangen uit bestand" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Bestand" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opties" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld herladen" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Laadt firewall regels opnieuw in. De huidige permanente configuratie zal de " "nieuwe runtime configuratie worden. D.w.z. dat alle runtime veranderingen " "gemaakt tot herladen verloren gaan bij het herladen als ze niet in de " "permanente configuratie toegepast zijn." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Verander de zone waartoe een netwerkverbinding behoort." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Verander standaard zone" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Verander standaard zone voor verbindingen of interfaces." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Verander log-geweigerd" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Verander log-geweigerd waarde." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Configureer automatische helper toekenning" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Configureer automatische helper toekenningsinstellingen." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Paniekmodus betekent dat alle binnenkomende en uitgaande pakketten verloren " "gaan." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Paniekmodus" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Vergrendelen vergrendelt de firewall configuratie zodat alleen toepassingen " "op de vergrendel witte lijst deze kunnen veranderen." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Vergrendelen" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Maak runtime-configuratie permanent" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Runtime naar Permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_View" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP-types" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Helpers" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Directe configuratie" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Vergrendel whitelist" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Actieve verbindingen" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Hulp" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Zone wijzigen" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Verander zone van binding" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Verberg actieve runtime bindingen van verbindingen, interfaces en bronnen " "aan zones" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Toon actieve runtime bindingen van verbindingen, interfaces en bronnen aan " "zones" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuratie:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Huidige zichtbare configuratie. Runtime configuratie is de actuele actieve " "configuratie. Persistente configuratie zal actief zijn na het herladen of " "herstarten van service of systeem." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Een firewalld zone definieert het vertrouwensniveau voor " "netwerkverbindingen, interfaces en bronadressen die aan de zone gekoppeld " "zijn. De zone combineert services, poorten, protocols, maskerade, poort/" "pakket doorsturen, icmp filters en rich regels. De zone kan gekoppeld zijn " "aan interfaces en bronadressen." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Voeg zone toe" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Bewerk zone" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Verwijder zone" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Laad zone standaardinstellingen" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Hier kun je definiëren welke services vertrouwd zijn in de zone. Vertrouwde " "services zijn toegankelijk vanaf alle hosts en netwerken die de machine " "kunnen bereiken met verbindingen, interfaces en bronnen die aan de zone " "gekoppeld zijn." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Services" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Voeg extra poorten of poortreeksen toe welke toegankelijk moeten zijn voor " "alle hosts of netwerken die met de machine kunnen verbinden." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Poort toevoegen" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Bewerk poort" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Verwijder poort" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Poorten" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Voeg protocollen toe die toegankelijk moeten zijn voor alle hosts of " "netwerken." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Voeg protocol toe" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Bewerk protocol" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Verwijder protocol" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protocollen" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Voeg extra bronpoorten of poortreeksen toe welke toegankelijk moeten zijn " "voor alle hosts of netwerken die met de machine kunnen verbinden." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Bronpoorten" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Vermomming staat het instellen van een host of router toe die jouw lokale " "netwerk met het internet verbindt. Jouw lokale netwerk zal niet zichtbaar " "zijn en de hosts verschijnen als een enkel adres op het internet. Vermomming " "is alleen in IPv4 beschikbaar." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Maskerade zone" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Als je maskerade aanzet, zal IP forwarding aangezet worden voor je IPv4 " "netwerken." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Vermomming" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Voeg ingangen toe voor het doorsturen van een poort naar een andere poort op " "het lokale systeem of van het lokale systeem naar een ander systeem. " "Doorsturen naar een ander systeem is alleen nuttig als het interface vermomd " "is. Poorten doorsturen kan alleen met IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Voeg Forward poort toe" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Bewerk Forward poort" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Verwijder Forward poort" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Het Internet Control Message Protocol (ICMP) wordt voornamelijk gebruikt om " "foutmeldingen te versturen tussen computers op het netwerk, maar bovendien " "voor informatieve boodschappen zoals ping verzoeken en antwoorden." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Markeer de ICMP-types die geweigerd moeten worden in de lijst. Aan alle " "andere ICMP-types is het toegestaan de firewall te passeren. De standaard is " "geen beperking." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Als Omkeerfilter aangezet is dan worden ingangen gemarkeerd met ICMP " "aanvaard en alle andere geweigerd. In een zone met het doel Laat vallen " "gebeurd dat." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Omkeerfilter" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP-filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Hier kun je rich taalregels instellen voor de zone." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Voeg rich regel toe" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Bewerk rich regel" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Verwijder rich regel" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Rich regels" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Voeg ingangen toe om interface aan de zone te binden. Als de interface " "gebruikt gaat worden door een verbinding, zal de zone ingesteld worden op de " "zone die in de verbinding gespecificeerd wordt." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Voeg interface toe" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Bewerk interface" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Verwijder interface" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Voeg ingangen toe om bronadressen of gebieden te binden aan de zone. Je kunt " "ook een MAC-bronadres binden, echter met beperkingen. Poort doorsturen en " "maskeren zal niet werken voor MAC-bronbindingen." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Voeg bron toe" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Bewerk bron" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Verwijder bron" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zones" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Een firewalld service is een combinatie van poorten, protocollen, modules en " "bestemmingsadressen." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Voeg service toe" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Bewerk service" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Verwijder service" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Laad service standaardinstellingen" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Voeg extra poorten of poortreeksen toe welke toegankelijk moeten zijn voor " "alle hosts of netwerken." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Ingang bewerken" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Ingang verwijderen" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Voeg extra bronpoorten of poortreeksen toe welke toegankelijk moeten zijn " "voor alle hosts of netwerken." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Bronpoort" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Netfilter helper modules zijn nodig voor sommige services." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modules" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Als je bestemmingsadressen specificeert, zal de service ingang beperkt " "worden tot het bestemmingsadres en type. Als beide ingangen leeg zijn dan is " "er geen beperking." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Services kunnen alleen veranderd worden in de permanente configuratie view. " "De runtime configuratie van services is gefixeerd." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Een IPSet kan gebruikt worden voor het aanmaken van witte of zwarte lijsten " "en kan bijvoorbeeld IP-adressen, poortnummers of MAC-adressen opslaan. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Voeg IPSet toe" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Bewerk IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Verwijder IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Laad IPSet-standaardinstellingen" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Ingangen van de IPSet. Je kunt alleen ingangen van ipsets zien die de " "timeout optie niet gebruiken, en ook alleen de ingangen die toegevoegd zijn " "door firewalld. Ingangen die rechtstreeks toegevoegd zijn met het ipset " "commando zullen hier niet getoond worden." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Deze IPSet gebruikt de timeout optie, daarom zijn er hier geen ingangen " "zichtbaar. De ingangen moeten rechtstreeks met het ipset commando behandeld " "worden." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Toevoegen" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Ingangen" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSets kunnen alleen in het permanente configuratiescherm aangemaakt of " "verwijderd worden." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Een firewalld icmp-type geeft de informatie voor een Internet Control " "Message Protocol (ICMP) type voor firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Voeg ICMP-type toe" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Bewerk ICMP-type" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Verwijder ICMP-type" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Laad ICMP-type standaardinstellingen" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Specificeer of dit ICMP-type beschikbaar is voor IPv4 en/of IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP-types kunnen alleen in de permanente configuratie view veranderd " "worden. De runtime configuratie van ICMP-types is gefixeerd." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Een verbindingstrackhelper assisteert bij het laten werken van protocollen " "die verschillende flows gebruiken voor signalering en data overdrachten. De " "data overdrachten gebruiken poorten die niet gerelateerd zijn aan de " "signaleringsverbinding en worden daarom zonder de helper geblokkeerd door de " "firewall." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Definieer poorten of poortreeksen die bewaakt worden door de helper." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "De directe configuratie biedt een rechtstreekse toegang tot de firewall aan. " "Deze opties vereisen dat de gebruiker basis iptables concepten begrijpt, d.w." "z. tabellen, ketens, commando's, parameters en doelen. Directe configuratie " "moet alleen als laatste redmiddel gebruikt worden als het niet mogelijk is " "om andere firewalld functies te gebruiken." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Het ipv argument van elke optie moet ipv4, ipv6 of eb zijn. Bij ipv4 zal het " "voor iptables, bij ipv6 voor ip6tables en bij eb voor ethernet bruggen " "(ebtables) zijn." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Extra ketens voor gebruik met regels." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Voeg keten toe" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Bewerk keten" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Verwijder keten" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Ketens" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Voeg een regel met de argumenten args toe aan een keten in een tabel met een " "prioriteit." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "De prioriteit wordt gebruikt om regels te rangschikken. Prioriteit 0 " "betekent het toevoegen van een regel bovenin de keten, met een hogere " "prioriteit wordt de regel lager toegevoegd. Regels met dezelfde prioriteit " "bevinden zich op hetzelfde niveau en de volgorde van deze regels is niet " "gefixeerd en kan veranderen. Als je er zeker van wilt zijn dat een regel " "wordt toegevoegd na een andere, gebruik je een lage prioriteit voor de " "eerste en een hogere voor de volgende." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Voeg regel toe" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Bewerk regel" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Verwijder regel" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regels" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "De regels voor doorgeven wordt direct doorgegeven aan de firewall en worden " "niet in speciale ketens geplaatst. Alle iptables, ip6tables en ebtables " "opties kunnen gebruikt worden." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Wees voorzichtig met regels voor doorgeven zodat je de firewall niet " "beschadigt." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Voeg doorgeven toe" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Bewerk doorgeven" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Verwijder doorgeven" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Doorgeven" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "De vergrendel eigenschap is een verlichte versie van gebruikers en " "toepassingstactieken voor firewalld. Het beperkt de veranderingen in de " "firewall. De vergrendel whitelist kan commando's, context, gebruikers en " "gebruiker id's bevatten." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "De context is de beveiligings (SELinux) context van een draaiende toepassing " "of service. Om de context van een draaiende toepassing te krijgen gebruik je " "ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Voeg context toe" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Bewerk context" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Verwijder context" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Context" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Als een commando ingang in de whitelist eindigt met een asterisk '*', dan " "zullen alle commandoregels die beginnen met het commando matchen. Als de '*' " "niet aanwezig is, dan moet het gehele commando matchen inclusief argumenten." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Voeg commandoregel toe" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Bewerk commandoregel" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Verwijder commandoregel" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Commandoregels" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Gebruikersnamen." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Voeg gebruikersnaam toe" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Bewerk gebruikersnaam" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Verwijder gebruikersnaam" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Gebruikersnamen" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Gebruiker-id's." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Voeg gebruiker-ID toe" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Bewerk gebruiker-ID" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Verwijder gebruiker-ID" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Gebruiker-id's" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Huidige standaard zone van het systeem." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Log-geweigerd:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Paniek modus:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatische helpers:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Vergrendeling:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Standaard zone:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Voer een interfacenaam in:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Basis IPSet-instellingen" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Configureer de basis ipset-instellingen:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Type:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Timeout:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hashgrootte:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Timeout waarde in seconden" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Initiële hash grootte, standaard 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maximum aantal elementen, standaard 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Selecteer een ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Voer een ipset-ingang in:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Log-geweigerd" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Selecteer de log-geweigerd waarde:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Markeer" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Vul een markeerteken in met een optioneel masker." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "De markeer en masker velden zijn beide 32 bits brede gehele getallen zonder " "teken." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Markering:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Masker:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Selecteer een netfilter conntrack helper:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Selecteer -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Andere module:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Poort en protocol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Vul een poort en protocol in." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Directe regel" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Selecteer ipv en tabel, ketenprioriteit en vul de argumenten in." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioriteit:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Voer een protocol in." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Ander protocol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Rich regel" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Voer een rich regel in." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "Deactiveer het element voor de host of het netwerk." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Bron:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Bestemming:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 en ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "geïnverteerd" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Om dit aan te zetten moet Actie 'afwijzen' zijn en Familie 'ipv4' of " "'ipv6' (niet beide)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "met type:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Met limiet:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Niveau:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Actie:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Basis service instellingen" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Configureer basis instellingen:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Selecteer een service." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Voer een bron in." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Gebruiker-ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Vul een gebruiker-id in." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Vul een gebruikersnaam in." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "label" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Basis zone instellingen" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Configureer de basis zone instellingen:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Standaard doel" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Doel:" firewalld-1.1.1/po/or.po0000644000000000000000000021626414217342322015072 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Manoj Kumar Giri , 2008-2011,2014 # saroj kumar padhy , 2008 # Subhransu Behera , 2007 # Subhransu Behera , 2006-2007 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2016-01-04 12:33+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Oriya (http://www.transifex.com/projects/p/firewalld/language/" "or/)\n" "Language: or\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "ଅଗà­à¬¨à¬¿à¬•à¬¬à¬š ଆପଲେଟ" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ଅଗà­à¬¨à¬¿à¬•à¬¬à¬š" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ଅଗà­à¬¨à¬¿à¬•à¬¬à¬šà¬° ବିନà­à¬¯à¬¾à¬¸" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬  '%s' ପାଇଠଅଞà­à¬šà¬³ ବାଛନà­à¬¤à­" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "ପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤ ଅଞà­à¬šà¬³" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "ସଂଯୋଗ '%s' ପାଇଠଅଞà­à¬šà¬³ ବାଛନà­à¬¤à­" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "ସିଲà­à¬¡ ଉପର/ତଳ ଅଞà­à¬šà¬³à¬—à­à¬¡à¬¼à¬¿à¬•à­ ବିନà­à­Ÿà¬¾à¬¸ କରନà­à¬¤à­" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "à¬à¬ à¬¾à¬°à­‡ ଆପଣ ସିଲà­à¬¡ ଉପର à¬à¬¬à¬‚ ସିଲà­à¬¡ ତଳ ପାଇଠବà­à­Ÿà¬¬à¬¹à­ƒà¬¤ ଅଞà­à¬šà¬³à¬•à­ ବାଛିପାରିବେ।" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "à¬à¬¹à¬¿ ବିଶେଷତାଟି ପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤ ଅଞà­à¬šà¬³à¬•à­ ବà­à­Ÿà¬¬à¬¹à¬¾à¬° କରà­à¬¥à¬¿à¬¬à¬¾ ବà­à­Ÿà¬•à­à¬¤à¬¿à¬™à­à¬• ପାଇଠଉପଯୋଗୀ ହୋଇଥାà¬à¥¤ ସଂଯୋଗଗà­à¬¡à¬¼à¬¿à¬•à¬° " "ଅଞà­à¬šà¬³ ବଦଳାଉଥିବା ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€à¬™à­à¬• ପାଇà¬, à¬à¬¹à¬¾à¬° ଉପଯୋଗୀତା ସିମୀତ ଅଟେ।" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "ସିଲà­à¬¡ ଉପର ଅଞà­à¬šà¬³:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "ସିଲà­à¬¡ ତଳ ଅଞà­à¬šà¬³:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "ସିଲ ଉପରକà­" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "ବିଜà­à¬žà¬ªà­à¬¤à¬¿à¬—à­à¬¡à¬¼à¬¿à¬•à­ ସକà­à¬°à¬¿à­Ÿ କରନà­à¬¤à­" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "ଫାୟାରୱାଲ ସେଟିଙà­à¬—ଗà­à¬¡à¬¿à¬•à­ ସଂପାଦନକରନà­à¬¤à­ ..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "ସଂଯୋଗଗà­à¬¡à¬¼à¬¿à¬•à¬° ଅଞà­à¬šà¬³à¬•à­ ପରିବରà­à¬¤à­à¬¤à¬¨ କରନà­à¬¤à­ ..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "ସିଲà­à¬¡ ଉପର/ତଳ ଅଞà­à¬šà¬³à¬—à­à¬¡à¬¼à¬¿à¬•à­ ବିନà­à­Ÿà¬¾à¬¸ କରନà­à¬¤à­ ..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "ସମସà­à¬¤ ନେଟୱରà­à¬• ପà­à¬°à¬¬à¬¾à¬¹à¬•à­ ଅଟକାନà­à¬¤à­" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "ସଂଯୋଗଗà­à¬¡à¬¿à¬•" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬ " #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "ଉତà­à¬¸" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ବୈଧିକରଣ ବିଫଳ ହୋଇଛି।" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "ଅବୈଧ ନାମ" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "ନାମ ପୂରà­à¬¬à¬°à­ ଅବସà­à¬¥à¬¿à¬¤ ଅଛି" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "ଅଗà­à¬¨à¬¿à¬•à¬¬à¬š ଡେମନକୠକୌଣସି ସଂଯୋଗ ନାହିà¬" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "ସମସà­à¬¤ ନେଟୱରà­à¬• ଯାତାୟାତକୠବନà­à¬¦ କରାଯାଇଛି।" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "ପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤ ଅଞà­à¬šà¬³: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "ଅଞà­à¬šà¬³ '{zone}' ସଂଯୋଗ '{connection}' ପାଇଠଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬ '{interface}' ଉପରେ ସକà­à¬°à¬¿à­Ÿ ଅଛି" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "ଅଞà­à¬šà¬³ '{zone}' ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬  '{interface}' ପାଇଠସକà­à¬°à¬¿à­Ÿ ଅଛି" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "ଅଞà­à¬šà¬³ '{zone}' ଉତà­à¬¸ {source} ପାଇଠସକà­à¬°à¬¿à­Ÿ ଅଛି" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "କୌଣସି ସକà­à¬°à¬¿à­Ÿ ଅଞà­à¬šà¬³ ନାହିà¬à¥¤" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallD ସହିତ ସଂଯୋଗ ସà­à¬¥à¬¾à¬ªà¬¨ ହୋଇସାରିଛି।" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallD ସହିତ ସଂଯୋଗ ନଷà­à¬Ÿ ହୋଇଛି।" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD କୠପà­à¬¨à¬°à­à¬¦à­à¬§à¬¾à¬°à¬£ କରାଯାଇଛି।" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "ପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤ ଅଞà­à¬šà¬³ '%s' କୠପରିବରà­à¬¤à­à¬¤à¬¨ ହୋଇଛି।" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "ନେଟୱରà­à¬• ଯାତାୟାତ ବରà­à¬¤à­à¬¤à¬®à¬¾à¬¨ ବନà­à¬¦ ହୋଇନାହିà¬à¥¤" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "ସକà­à¬°à¬¿à­Ÿ କରାଯାଇଛି" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "ନିଷà­à¬•à­à¬°à¬¿à­Ÿ କରାଯାଇଛି" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "ଅଞà­à¬šà¬³ '{zone}' {activated_deactivated} କୠସଂଯୋଗ '{connection}' ପାଇà¬à¬…ନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬  " "'{interface}' ରେ" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "ଅଞà­à¬šà¬³ '{zone}' {activated_deactivated} ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬  '{interface}' ପାଇà¬" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "ଅଞà­à¬šà¬³ '%s' ଟି ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬  '%s' ପାଇଠସକà­à¬°à¬¿à­Ÿ ହୋଇଛି" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "ଅଞà­à¬šà¬³ '{zone}' {activated_deactivated} ଉତà­à¬¸ '{source}' ପାଇà¬" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "ଅଞà­à¬šà¬³ '%s' କୠଉତà­à¬¸ '%s' ପାଇଠସକà­à¬°à¬¿à­Ÿ କରାଯାଇଛି" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "ପରିବରà­à¬¤à­à¬¤à¬¨à¬—à­à¬¡à¬¼à¬¿à¬•à­ ପà­à¬°à­Ÿà­‹à¬— କରାଯାଇଛି।" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "ନେଟୱରà­à¬• ସଂଯୋଗ '%s' ଦà­à­±à¬¾à¬°à¬¾ ବà­à­Ÿà¬¬à¬¹à­ƒà¬¤" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "ସକà­à¬°à¬¿à­Ÿ" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "ନିଷà­à¬•à­à¬°à¬¿à­Ÿ ହୋଇଛି" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ଚିତà­à¬° ସଂକେତ ଧାରଣ କରିବାରେ ଅସଫଳ।" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ ନାମ" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "ଚାଲà­à¬¥à¬¿à¬¬à¬¾ ସମୟ" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "ସà­à¬¥à¬¾à­Ÿà­€" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "ସେବା" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "ସଂଯୋଗିକୀ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "ପà­à¬°à­‹à¬Ÿà­‹à¬•à¬²" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "ସଂଯୋଗିକୀ କà­" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "ଠିକଣା କà­" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp ପà­à¬°à¬•à¬¾à¬°" #: ../src/firewall-config.in:822 msgid "Family" msgstr "ପରିବାର" #: ../src/firewall-config.in:826 msgid "Action" msgstr "କାରà­à¬¯à­à¬¯" #: ../src/firewall-config.in:828 msgid "Element" msgstr "ଉପାଦାନ" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "ଲକà­à¬·à­à¬¯à¬¸à­à¬¥à¬³" #: ../src/firewall-config.in:834 msgid "log" msgstr "ଲଗ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ସମà­à¬ªà¬¾à¬¦à¬¨" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "ଉତà­à¬¸" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "ଚେତାବନୀ" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "ତà­à¬°à­à¬Ÿà¬¿" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "ଗà­à¬°à¬¹à¬£ କରନà­à¬¤à­" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "ଅସà­à¬¬à­€à¬•à¬¾à¬° କରନà­à¬¤à­" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "ପକାଅ" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "ସୀମା" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "ସରà­à¬­à¬¿à¬¸" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "ପୋରà­à¬Ÿ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "ପà­à¬°à­‹à¬Ÿà­‹à¬•à¬²" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "ଛଦà­à¬® ବେଶ" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-ବà­à¬²à¬•" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "ଅଗà­à¬°à¬¸à¬°à¬£-ପୋରà­à¬Ÿ" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "ସà­à¬¤à¬°" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ହà¬" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "କà­à¬·à­‡à¬¤à­à¬°" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "ଅଞà­à¬šà¬³ '%s': ସରà­à¬­à¬¿à¬¸ '%s' ଉପଲବà­à¬§ ନାହିà¬à¥¤" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "ହଟାଅ" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "ଆଗà­à¬°à¬¹à­à¬¯ କରିଦିଅନà­à¬¤à­" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "ଅଞà­à¬šà¬³ '%s': ICMP ପà­à¬°à¬•à¬¾à¬° '%s' ଉପଲବà­à¬§ ନାହିà¬à¥¤" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "ପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬®à¬¿à¬¤ ଅଞà­à¬šà¬³, ପà­à¬¨à¬ƒ ନାମକରଣ ସମରà­à¬¥à¬¿à¬¤ ନà­à¬¹à¬à¥¤" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "ସେକଣà­à¬¡" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "ମିନିଟ" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ଘଣà­à¬Ÿà¬¾" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "ଦିନ" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "ଜରà­à¬°à­€à¬•à¬¾à¬³à­€à¬¨" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "ଚେତାବନୀ" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "ଗà­à¬°à­à¬¤à¬°" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "ତୃଟି" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "ଚେତାବନୀ" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "ଅଧିସୂଚନା" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "ସୂଚନା" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ତୃଟିମà­à¬•à­à¬¤ କରନà­à¬¤à­" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ଅନà­à­Ÿ à¬à¬• ତନà­à¬¤à­à¬°à¬•à­ ପଠାଇବା ଉପଯୋଗୀ ହୋଇଥାଠଯଦି ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬  ଛଦà­à¬®à¬¬à­‡à¬¶ ଧାରଣ କରିଥାà¬à¥¤\n" "ଆପଣ à¬à¬¹à¬¿ ଅଞà­à¬šà¬³à¬•à­ ଛଦà­à¬®à¬¬à­‡à¬¶ ଧାରଣ କରାଇବାକୠଚାହà­à¬à¬›à¬¨à­à¬¤à¬¿ କି?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "ପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬®à¬¿à¬¤ ସରà­à¬­à¬¿à¬¸, ପà­à¬¨à¬ƒ ନାମକରଣ ସମରà­à¬¥à¬¿à¬¤ ନà­à¬¹à¬à¥¤" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "ପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬®à¬¿à¬¤ icmp, ପà­à¬¨à¬ƒ ନାମକରଣ ସମରà­à¬¥à¬¿à¬¤ ନà­à¬¹à¬à¥¤" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "ଉତà­à¬¸ '%s'ପାଇଠଅଞà­à¬šà¬³ ବାଛନà­à¬¤à­" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ଠିକଣା" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "ଦୟାକରି ନିରà­à¬¦à­à¬¦à­‡à¬¶à¬¨à¬¾à¬®à¬¾à¬•à­ ଭରଣ କରନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "ଦୟାକରି ପà­à¬°à¬¸à¬™à­à¬—କୠଭରଣ କରନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "ନିମà­à¬¨à¬²à¬¿à¬–ିତ ତାଲିକାରୠଦୟାକରି ପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤ ଅଞà­à¬šà¬³à¬•à­ ବାଛନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "ସିଧାସଳଖ ସୃଙà­à¬–ଳ" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ଦୟାକରି ipv à¬à¬¬à¬‚ ସାରଣୀକୠବାଛନà­à¬¤à­ à¬à¬¬à¬‚ ଶୃଙà­à¬–ଳ ନାମକୠଭରଣ କରନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "ସୃଙà­à¬–ଳ:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "ସà­à¬°à¬•à­à¬·à¬¾" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "ସାରଣୀ:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "ସିଧାସଳଖ ଅଗà­à¬°à¬—ତି ନିୟମ" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ଦୟାକରି ipv କୠବାଛନà­à¬¤à­ à¬à¬¬à¬‚ args ଭରଣ କରନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "ସଂଯୋଗିକୀ ଅଗà­à¬°à¬¸à¬°à¬£" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "ଆପଣଙà­à¬•à¬° ଆବଶà­à­Ÿà¬•à¬¤à¬¾ ଅନà­à¬¸à¬¾à¬°à­‡ ଦୟାକରି ମୂଳ ସà­à¬¥à¬¾à¬¨ à¬à¬¬à¬‚ ଲକà­à¬·à­à¬¯ ସà­à¬¥à¬³ ବିକଳà­à¬ªà¬—à­à¬¡à¬¼à¬¿à¬•à­ ଚୟନକରନà­à¬¤à­." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "ସଂଯୋଗିକୀ / ସଂଯୋଗିକୀ ପରିସର:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "ଆଇ.ପି. ଠିକଣା:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "ପà­à¬°à­‹à¬Ÿà­‹à¬•à¬²:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "ଲକà­à¬·à­à¬¯à¬¸à­à¬¥à¬³" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "ଯଦି ଆପଣ ସà­à¬¥à¬¾à¬¨à­€à­Ÿ ଅଗà­à¬°à¬¸à¬°à¬£à¬•à­ ସକà­à¬°à¬¿à­Ÿ କରନà­à¬¤à¬¿, ତେବେ ଆପଣଙà­à¬•à­ ଗୋଟିଠସଂଯୋଗିକୀ ଉଲà­à¬²à­‡à¬– କରିବାକୠପଡ଼ିବ. à¬à¬¹à¬¿ " "ସଂଯୋଗିକୀ ଉତà­à¬¸ ସଂଯୋଗିକୀ ଠାରୠଅଲଗା ହୋଇଥିବା ଉଚିତ." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "ସà­à¬¥à¬¾à¬¨à­€à­Ÿ ଅଗà­à¬°à¬¸à¬°à¬£" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "ଅନà­à­Ÿ à¬à¬• ସଂଯୋଗିକୀକୠଅଗà­à¬°à¬¸à¬° ହà­à¬…ନà­à¬¤à­" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "ଗାଢ଼ ନିବେଶଗà­à¬¡à¬¼à¬¿à¬• ବାଧà­à¬¯à¬¤à¬¾à¬®à­‚ଳକ ଅଟେ, ଅନà­à­Ÿ ସମସà­à¬¤à¬—à­à¬¡à¬¼à¬¿à¬• ବୈକଳà­à¬ªà¬¿à¬• ଅଟେ।" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "ନାମ:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "ସଂସà­à¬•à¬°à¬£:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "ସଂକà­à¬·à¬¿à¬ªà­à¬¤ ପଥ:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "ବରà­à¬£à­à¬£à¬¨à¬¾:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "ପରିବାର:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "ଆଧାର ICMP ପà­à¬°à¬•à¬¾à¬° ସେଟିଙà­à¬—ଗà­à¬¡à¬¿à¬•" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "ଦୟାକରି ଆଧାର ICMP ପà­à¬°à¬•à¬¾à¬° ସେଟିଙà­à¬—ଗà­à¬¡à¬¿à¬•à­ ବିନà­à­Ÿà¬¾à¬¸ କରନà­à¬¤à­:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP ପà­à¬°à¬•à¬¾à¬°" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ଦୟାକରି ICMP ପà­à¬°à¬•à¬¾à¬°à¬•à­ ବାଛନà­à¬¤à­" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "ଭରଣ ତଥà­à­Ÿà¬•à­ ଯୋଗକରନà­à¬¤à­" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ଫାଇଲ (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "ବିକଲà­à¬ª (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld କୠପà­à¬¨à¬°à­à¬§à¬¾à¬°à¬£ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ଫୟାରୱାଲ ନିୟମାବଳୀକୠପà­à¬¨à¬°à­à¬¦à­à¬§à¬¾à¬°à¬£ କରିଥାà¬à¥¤ ପà­à¬°à¬šà¬³à¬¿à¬¤ ସà­à¬¥à¬¾à­Ÿà­€ ସଂରଚନାଟି ନୂତନ ଚାଲà­à¬¥à¬¿à¬¬à¬¾ ସଂରଚନାରେ " "ପରିବରà­à¬¤à­à¬¤à¬¨ ହୋଇଥାଠଯେପରିକି କେବଳ ପà­à¬¨à¬°à­à¬¦à­à¬§à¬¾à¬°à¬£ ପରà­à¬¯à­à­Ÿà¬¨à­à¬¤ ପରିବରà­à¬¤à­à¬¤à¬¿à¬¤ ହୋଇଥିବା ସମସà­à¬¤ ଚଳନà­à¬¤à¬¿ ସଂରଚନା " "ନଷà­à¬Ÿ ହୋଇଥାଠଯଦି ସେଗà­à¬¡à¬¼à¬¿à¬• ସà­à¬¥à¬¾à­Ÿà­€ ସଂରଚନାରେ ନଥାà¬à¥¤" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ନେଟୱରà­à¬• ସଂଯୋଗ କେଉଠଅଞà­à¬šà¬³ ଅନà­à¬¤à¬°à­à¬—ତରେ ଆସିଥାଠତାହାକୠପରିବରà­à¬¤à­à¬¤à¬¨ କରନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "ପୂରà­à¬¬ ନିରà­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤ ଅଞà­à¬šà¬³à¬•à­ ପରିବରà­à¬¤à­à¬¤à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "ସଂଯୋଗ ଅଥବା ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬ à¬—à­à¬¡à¬¼à¬¿à¬• ପାଇଠପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤ ଅଞà­à¬šà¬³à¬•à­ ପରିବରà­à¬¤à­à¬¤à¬¨ କରନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "ଆକସà­à¬®à¬¿à¬• ଧାରା ଅରà­à¬¥ ହେଉଛି ସମସà­à¬¤ ଆସà­à¬¥à¬¿à¬¬à¬¾ à¬à¬¬à¬‚ ଯାଉଥିବା ପà­à­Ÿà¬¾à¬•à­‡à¬Ÿà¬—à­à¬¡à¬¼à¬¿à¬•à­ ତà­à­Ÿà¬¾à¬— କରାଯାଇଛି।" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "ଆକସà­à¬®à¬¿à¬• ଭୟ ପରିସà­à¬¥à¬¿à¬¤à¬¿" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "ଲକଡାଉନ ଫାୟାରୱାଲ ସଂରଚନାକୠଅପରିବରà­à¬¤à­à¬¤à¬¨à­€à­Ÿ କରିଥାଠଯାହାଫଳରେ କେବଳ ଲକଡାଉନ ହà­à­±à¬¾à¬‡à¬Ÿà¬²à¬¿à¬·à­à¬Ÿà¬°à­‡ ଥିବା " "ପà­à¬°à­Ÿà­‹à¬—ଗà­à¬¡à¬¼à¬¿à¬• à¬à¬¹à¬¾à¬•à­ ପରିବରà­à¬¤à­à¬¤à¬¨ କରିବାରେ ସକà­à¬·à¬® ହୋଇଥାନà­à¬¤à¬¿à¥¤" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "ଲକଡାଉନ" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "ଅସà­à¬¥à¬¾à­Ÿà­€ ସଂରଚନାକୠସà­à¬¥à¬¾à­Ÿà­€ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "ଚଳନà­à¬¤à¬¿ ସମୟକୠସà­à¬¥à¬¾à­Ÿà­€ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "ଦୃଶà­à¬¯ (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP ପà­à¬°à¬•à¬¾à¬°" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "ସିଧାସଳଖ ସଂରଚନା" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "ଲକଡାଉନ ହà­à­±à¬¾à¬‡à¬Ÿà¬²à¬¿à¬·à­à¬Ÿ" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "ସହାୟତା (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "ସଂରଚନା:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "ବରà­à¬¤à­à¬¤à¬®à¬¾à¬¨ ଦୃଶà­à­Ÿà¬®à¬¾à¬¨ ସଂରଚନା। ଚାଲà­à¬¥à¬¿à¬¬à¬¾ ସମୟର ସଂରଚନା ହେଉଛି ପà­à¬°à¬•à­ƒà¬¤ ସକà­à¬°à¬¿à­Ÿ ସଂରଚନା। ସà­à¬¥à¬¾à­Ÿà­€ " "ସଂରଚନା ସରà­à¬­à¬¿à¬¸ ପରେ କିମà­à¬¬à¬¾ ତନà­à¬¤à­à¬° ପà­à¬¨à¬°à­à¬¦à­à¬§à¬¾à¬°à¬£ କିମà­à¬¬à¬¾ ପà­à¬¨à¬ƒà¬šà¬¾à¬³à¬¨ ପରେ ସକà­à¬°à¬¿à­Ÿ ହେବ।" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "ଗୋଟିଠfirewalld ଅଞà­à¬šà¬³ ନେଟୱରà­à¬• ସଂଯୋଗଗà­à¬¡à¬¼à¬¿à¬•, ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬  à¬à¬¬à¬‚ ଅଞà­à¬šà¬³ ସହିତ ସଂଶà­à¬³à¬¿à¬·à­à¬Ÿ ଉତà­à¬¸ " "ଠିକଣାଗà­à¬¡à¬¼à¬¿à¬• ପାଇଠବିଶà­à­±à¬¾à¬¸à¬° ସà­à¬¤à¬° ବà­à­Ÿà¬¾à¬–à­à­Ÿà¬¾ କରିଥାà¬à¥¤ à¬à¬¹à¬¿ ଅଞà­à¬šà¬³ ସରà­à¬­à¬¿à¬¸, ପୋରà­à¬Ÿ, ପà­à¬°à­‹à¬Ÿà­‹à¬•à¬², ଛଦà­à¬® ବେଶ, " "ପୋରà­à¬Ÿ/ପà­à­Ÿà¬¾à¬•à­‡à¬Ÿ ଅଗà­à¬°à¬¸à¬°à¬£, icmp ଫିଲଟର à¬à¬¬à¬‚ ଶକà­à¬¤ ନିୟମାବଳୀକୠମିଶà­à¬°à¬£ କରିଥାà¬à¥¤ à¬à¬¹à¬¿ ଅଞà­à¬šà¬³ " "ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬ à¬—à­à¬¡à¬¼à¬¿à¬•à­ à¬à¬¬à¬‚ ଠିକଣାଗà­à¬¡à¬¼à¬¿à¬•à­ ବାନà­à¬§à¬¿à¬¥à¬¾à¬à¥¤" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "ଅଞà­à¬šà¬³à¬•à­ ଯୋଗ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "ଅଞà­à¬šà¬³à¬•à­ ସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "ଅଞà­à¬šà¬³à¬•à­ ହଟାନà­à¬¤à­" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "ଅଞà­à¬šà¬³ ପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤à¬•à­ ଧାରଣ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "କେଉଠସେବା ଗà­à¬¡à¬¿à¬• ବିଶà­à¬¯à¬¸à­à¬¤ ଆପଣ ତାହା à¬à¬ à¬¾à¬°à­‡ ବà­à¬¯à¬¾à¬–à­à¬¯à¬¾ କରିପାରିବେ। à¬à¬¹à¬¾à¬° ଅରà­à¬¥ ହେଉଛି ଯେ à¬à¬¹à¬¿ ସେବା " "ଗà­à¬¡à¬¿à¬•à­ ସମସà­à¬¤ ଆଧାର କିମà­à¬¬à¬¾ ନେଟୱାରà­à¬•à¬°à­ ଅଭିଗମ କରିହେବ।" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "ସରà­à¬­à¬¿à¬¸à¬—à­à¬¡à¬¼à¬¿à¬•" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "ଅତିରିକà­à¬¤ ସଂଯୋଗିକୀ କିମà­à¬¬à¬¾ ସଂଯୋଗିକୀ ପରିସର ମାନଙà­à¬•à­ ଯୋଗ କରନà­à¬¤à­, ଯାହାକି ସମସà­à¬¤ ଆଧାର କିମà­à¬¬à¬¾ ନେଟୱାରà­à¬• " "ଦà­à¬¬à¬¾à¬°à¬¾ ଅଭିଗମà­à¬¯ ହେବା ଉଚିତ।" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "ପୋରà­à¬Ÿà¬•à­ ଯୋଗ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "ପୋରà­à¬Ÿà¬•à­ ସଂପାଦନା କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "ପୋରà­à¬Ÿà¬•à­ କାଢ଼ି ଦିଅନà­à¬¤à­" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "ପୋରà­à¬Ÿà¬—à­à¬¡à¬¼à¬¿à¬•" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "ମିଥà­à­Ÿà¬¾à¬­à¬¨à­Ÿ ଆପଣଙà­à¬•à­ ଇଣà­à¬Ÿà¬°à¬¨à­‡à¬Ÿ ସହିତ ଆପଣଙà­à¬• ସà­à¬¥à¬¾à¬¨à­€à­Ÿ ନେଟୱରà­à¬•à¬•à­ ସଂଯୋଗ କରà­à¬¥à¬¿à¬¬à¬¾ ଆଧାର କିମà­à¬¬à¬¾ ରାଉଟରକୠ" "ବିନà­à­Ÿà¬¾à¬¸ କରିବାକୠଅନà­à¬®à¬¤à¬¿ ଦେଇଥାà¬. ଆପଣଙà­à¬•à¬° ସà­à¬¥à¬¾à¬¨à­€à­Ÿ ନେଟୱରà­à¬• ଦେଖାଯିବ ନାହିଠà¬à¬¬à¬‚ ସେହି ଆଧାରଟି " "ଇଣà­à¬Ÿà¬°à¬¨à­‡à¬Ÿà¬°à­‡ ଗୋଟିଠଠିକଣା ପରି ଦେଖାଯିବ. କେବଳ IPv4 ମିଥà­à­Ÿà¬¾à¬­à¬¿à¬¨à­Ÿ କରà­à¬…ଛି." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "ଛଦà­à¬® ବେଶୀ ଅଞà­à¬šà¬³" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "ଯଦି ଆପଣ ଛଦà­à¬® ବେଶ କରିବାରେ ସକà­à¬°à¬¿à­Ÿ ହà­à¬…ନà­à¬¤à¬¿, ତେବେ IP ଅଗà­à¬°à¬¸à¬°à¬£à¬•à­ ଆପଣଙà­à¬• IPv4 ନେଟୱରà­à¬•à¬—à­à¬¡à¬¼à¬¿à¬• " "ପାଇà¬à¬¸à¬•à­à¬°à¬¿à­Ÿ କରାଯିବ।" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "ଛଦà­à¬® ବେଶ" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ସà­à¬¥à¬¾à¬¨à­€à­Ÿ ତନà­à¬¤à­à¬°à¬°à­‡ ଗୋଟିଠସଂଯୋଗିକୀରୠଅନà­à­Ÿ à¬à¬• ସଂଯୋଗିକୀକୠଅଥବା ସà­à¬¥à¬¾à¬¨à­€à­Ÿ ତନà­à¬¤à­à¬°à¬°à­ ଅନà­à­Ÿ à¬à¬• ତନà­à¬¤à­à¬°à¬•à­ " "ଅଗà­à¬°à¬¸à¬°à¬£ ସଂଯୋଗିକୀରେ ଭରଣଗà­à¬¡à¬¼à¬¿à¬•à­ ଯୋଗକରନà­à¬¤à­. ଅନà­à­Ÿ à¬à¬• ତନà­à¬¤à­à¬°à¬•à­ ପଠାଇବା ହିଠକେବଳ ଫଳପà­à¬°à¬¦ ହୋଇଥାଠଯଦି " "ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬  ମିଥà­à­Ÿà¬¾à¬­à¬¿à¬¨à­Ÿ କରà­à¬¥à¬¾à¬. ସଂଯୋଗିକୀ ଆଗେଇବାଟି କେବଳ IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ପୋରà­à¬Ÿ ଅଗà­à¬°à¬¸à¬°à¬£à¬•à­ ଯୋଗ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ପୋରà­à¬Ÿ ଅଗà­à¬°à¬¸à¬°à¬£à¬•à­ ସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ପୋରà­à¬Ÿ ଅଗà­à¬°à¬¸à¬°à¬£à¬•à­ ବାହାର କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ଇଣà­à¬Ÿà¬°à¬¨à­‡à¬Ÿ ନିୟନà­à¬¤à­à¬°à¬£ ସନà­à¬¦à­‡à¬¶ ପà­à¬°à­‹à¬Ÿà­‹à¬•à¬² (ICMP) ଟି ମà­à¬–à­à­Ÿà¬¤à¬ƒ ନେଟୱରà­à¬• କମà­à¬ªà­à¬Ÿà¬°à¬—à­à¬¡à¬¼à¬¿à¬• ମଧà­à­Ÿà¬°à­‡ ତà­à¬°à­à¬Ÿà¬¿ ସନà­à¬¦à­‡à¬¶ " "ପଠାଇବାରେ ବà­à­Ÿà¬¬à¬¹à¬¾à¬° ହୋଇଥାà¬, କିନà­à¬¤à­ ଅତିରିକà­à¬¤ ଭାବରେ ସୂଚନାତà­à¬®à¬• ସନà­à¬¦à­‡à¬¶à¬—à­à¬¡à¬¼à¬¿à¬•à­ ଯେପରି କି ping ଅନà­à¬°à­‹à¬§ " "à¬à¬¬à¬‚ ଉତà­à¬¤à¬°à¬—à­à¬¡à¬¼à¬¿à¬• ପାଇà¬." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "ICMP ପà­à¬°à¬•à¬¾à¬°à¬—à­à¬¡à¬¼à¬¿à¬•à­ ତାଲିକାରେ ଚିହà­à¬¨à¬Ÿà¬•à¬°à¬¨à­à¬¤à­, ଯାହାକୠକି ଅସà­à­±à­€à¬•à¬¾à¬° କରିବା ଉଚିତ. ଅନà­à­Ÿ ସମସà­à¬¤ ICMP " "ପà­à¬°à¬•à¬¾à¬°à¬—à­à¬¡à¬¼à¬¿à¬• ଅଗà­à¬¨à¬¿à¬•à¬¬à¬š ପାରକରିବା ପାଇଠଅନà­à¬®à¬¤à¬¿à¬ªà­à¬°à¬¾à¬ªà­à¬¤. ପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤à¬°à­‡ କୌଣସି ସୀମା ବନà­à¬§à¬¨ ନାହିà¬." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ଫିଲଟର" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "à¬à¬ à¬¾à¬°à­‡ ଆପଣ ଅଞà­à¬šà¬³ ପାଇଠଶକà­à¬¤à¬¿à¬¶à¬¾à¬³à­€ ଭାଷା ନିୟମାବଳୀକୠସେଟ କରିପାରିବେ।" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "ଶକà­à¬¤ ନିୟମ ଯୋଗ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "ଶକà­à¬¤ ନିୟମକୠସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "ଶକà­à¬¤ ନିୟମକୠବାହାର କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "ଶକà­à¬¤à¬¿à¬¶à¬¾à¬³à­€ ନିୟମାବଳୀ" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "à¬à¬¹à¬¿ ଅଞà­à¬šà¬³à¬°à­‡ ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬ à¬—à­à¬¡à¬¼à¬¿à¬•à­ ବାନà­à¬§à¬¿à¬¬à¬¾ ପାଇଠଯୋଗ କରନà­à¬¤à­à¥¤ ଯଦି à¬à¬¹à¬¿ ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬ à¬—à­à¬¡à¬¼à¬¿à¬• କୌଣସି ସଂଯୋଗ " "ଦà­à­±à¬¾à¬°à¬¾ ବà­à­Ÿà¬¬à¬¹à¬¾à¬° ହୋଇଥାà¬, ତେବେ ସେହି ଅଞà­à¬šà¬³à¬Ÿà¬¿ ସଂଯୋଗରେ ଉଲà­à¬²à­‡à¬–ିତ ଅଞà­à¬šà¬³à¬°à­‡ ସେଟ ହେବ।" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬  ଯୋଗ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬ à¬•à­ ସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ଅନà­à¬¤à¬°à¬¾à¬ªà­ƒà¬·à­à¬ à¬•à­ ବାହାର କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "ଉତà­à¬¸ ଯୋଗ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "ଉତà­à¬¸à¬•à­ ସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "ଉତà­à¬¸à¬•à­ ବାହାର କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "ଅଞà­à¬šà¬³" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld ସରà­à¬­à¬¿à¬¸ ହେଉଛି ପୋରà­à¬Ÿ, ପà­à¬°à­‹à¬Ÿà­‹à¬•à¬², ମଡà­à­Ÿà­à¬² à¬à¬¬à¬‚ ଲକà­à¬·à­à¬¯à¬¸à­à¬¥à¬³ ଠିକଣାଗà­à¬¡à¬¼à¬¿à¬•à¬° à¬à¬• ମିଶà­à¬°à¬£à¥¤" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "ସରà­à¬­à¬¿à¬¸ ଯୋଗ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "ସରà­à¬­à¬¿à¬¸à¬•à­ ସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "ସରà­à¬­à¬¿à¬¸à¬•à­ ବାହାର କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "ସରà­à¬­à¬¿à¬¸ ପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤à¬•à­ ଧାରଣ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "ପà­à¬°à¬¬à­‡à¬¶ ସଂପାଦନା କର" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "ଭରଣକୠକାଢ଼ି ଦିଅନà­à¬¤à­" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "ମୋଡà­à­Ÿà­à¬²à¬—à­à¬¡à¬¼à¬¿à¬•" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "ଯଦି ଆପଣ ଲକà­à¬·à­à¬¯à¬¸à­à¬¥à¬³ ଠିକଣାକୠଉଲà­à¬²à­‡à¬– କରନà­à¬¤à¬¿, ତେବେ ସରà­à¬­à¬¿à¬¸ ନିବେଶ ଲକà­à¬·à­à¬¯à¬¸à­à¬¥à¬³ ଠିକଣା à¬à¬¬à¬‚ ପà­à¬°à¬•à¬¾à¬°à¬°à­‡ " "ସିମୀତ ହେବ। ଯଦି ଉଭୟ ନିବେଶଗà­à¬¡à¬¼à¬¿à¬• ଖାଲିଥାà¬, ତେବେ ସେଠାରେ କୌଣସି ସୀମା ନଥାà¬à¥¤" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "ସରà­à¬­à¬¿à¬¸à¬—à­à¬¡à¬¼à¬¿à¬• କେବଳ ସà­à¬¥à¬¾à­Ÿà­€ ବିନà­à­Ÿà¬¾à¬¸ ଦୃଶà­à­Ÿà¬°à­‡ ପରିବରà­à¬¤à­à¬¤à¬¨ ହୋଇପାରିବ। ସରà­à¬­à¬¿à¬¸à¬—à­à¬¡à¬¼à¬¿à¬•à¬° ପà­à¬°à¬šà¬³à¬¿à¬¤ ବିନà­à­Ÿà¬¾à¬¸ ସà­à¬¥à¬¾à­Ÿà­€ " "ଅଟେ।" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "à¬à¬• firewalld icmptype ଇଣà­à¬Ÿà¬°à¬¨à­‡à¬Ÿ ନିୟନà­à¬¤à­à¬°à¬£ ସନà­à¬¦à­‡à¬¶ ପà­à¬°à­‹à¬Ÿà­‹à¬•à¬² (ICMP) ପà­à¬°à¬•à¬¾à¬° ପାଇଠ" "firewalld କୠସୂଚନା ପà­à¬°à¬¦à¬¾à¬¨ କରିଥାà¬à¥¤" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP ପà­à¬°à¬•à¬¾à¬°à¬•à­ ଯୋଗ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP ପà­à¬°à¬•à¬¾à¬°à¬•à­ ସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP ପà­à¬°à¬•à¬¾à¬°à¬•à­ ବାହାର କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP ପà­à¬°à¬•à¬¾à¬° ପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤à¬•à­ ଧାରଣ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" "à¬à¬¹à¬¿ ICMP ପà­à¬°à¬•à¬¾à¬°à¬Ÿà¬¿ IPv4 à¬à¬¬à¬‚/ଅଥବା IPv6 ରେ ଉପଲବà­à¬§ ହୋଇଥାଠକି ନାହିଠତାହା ଉଲà­à¬²à­‡à¬– କରନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP ପà­à¬°à¬•à¬¾à¬°à¬—à­à¬¡à¬¼à¬¿à¬• ସà­à¬¥à¬¾à­Ÿà­€ ବିନà­à­Ÿà¬¾à¬¸ ଦୃଶà­à­Ÿà¬°à­‡ ହିଠକେବଳ ପରିବରà­à¬¤à­à¬¤à¬¿à¬¤ ହୋଇଥାà¬à¥¤ ICMP ପà­à¬°à¬•à¬¾à¬°à¬—à­à¬¡à¬¼à¬¿à¬• ପà­à¬°à¬šà¬³à¬¿à¬¤ " "ବିନà­à­Ÿà¬¾à¬¸ ସà­à¬¥à¬¾à­Ÿà­€ ଅଛି।" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "ସିଧାସଳଖ ସଂରଚନା ଫାୟାରୱାଲରେ ସିଧାସଳଖ ପà­à¬°à¬¬à­‡à¬¶à¬¾à¬¨à­à¬®à¬¤à¬¿ ଦେଇଥାà¬à¥¤ à¬à¬¹à¬¿ ବିକଳà­à¬ªà¬—à­à¬¡à¬¼à¬¿à¬• ପାଇଠ" "ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€à¬™à­à¬• ପାଖରେ ମୌଳିକ iptables ଜà­à¬žà¬¾à¬¨ ଥିବା ଆବଶà­à­Ÿà¬•, ଯେପରିକି ସାରଣୀ, ଶୃଙà­à¬–ଳ, ନିରà­à¬¦à­à¬¦à­‡à¬¶, " "ପà­à¬°à¬¾à¬šà¬³ à¬à¬¬à¬‚ ଲକà­à¬·à­à¬¯à¬¸à­à¬¥à¬³à¥¤ ସିଧାସଳଖ ସଂରଚନାକୠକେବଳ ଶେଷ ଆଶà­à¬°à­Ÿ ଭାବରେ ବà­à­Ÿà¬¬à¬¹à¬¾à¬° କରିବା ଉଚିତ " "ଯେତେବେଳେ ଅନà­à­Ÿ କୌଣସି firewalld ବିଶେଷତା ବà­à­Ÿà¬¬à¬¹à¬¾à¬° କରିବା ସମà­à¬­à¬¬ ହୋଇନଥାà¬à¥¤" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "ପà­à¬°à¬¤à­à­Ÿà­‡à¬• ବିକଳà­à¬ªà¬° ipv ସà­à­±à¬¤à¬¨à­à¬¤à­à¬°à¬šà¬° ipv4 କିମà­à¬¬à¬¾ ipv6 ଅଥବା eb ହୋଇଥିବା ଉଚିତ। ipv4 ସହିତ à¬à¬¹à¬¾ " "iptables ପାଇଠହୋଇଥାà¬, ipv6 ସହିତ ip6tables ପାଇଠà¬à¬¬à¬‚ eb ସହିତ ଇଥରନେଟ ବà­à¬°à¬¿à¬œà¬—à­à¬¡à¬¼à¬¿à¬• ପାଇଠ" "ହୋଇଥାଠ(ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "ନିୟମାବଳୀ ସହିତ ବà­à­Ÿà¬¬à¬¹à¬¾à¬° ହେବାକୠଥିବା ଅତିରିକà­à¬¤ ଶୃଙà­à¬–ଳ।" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "ସୃଙà­à¬–ଳ ଯୋଗ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "ସୃଙà­à¬–ଳକୠସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "ସୃଙà­à¬–ଳକୠବାହାର କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "ସୃଙà­à¬–ଳଗà­à¬¡à¬¼à¬¿à¬•" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "ସà­à­±à¬¤à¬¨à­à¬¤à­à¬°à¬šà¬° args ସହିତ à¬à¬• ଶୃଙà­à¬–ଳରେ ପà­à¬°à¬¾à¬¥à¬®à¬¿à¬•à¬¤à¬¾ ଦେଇ ଗୋଟିଠନିୟମ ଯୋଗ କରନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "ନିୟମାବଳୀକୠକà­à¬°à¬®à¬¾à¬¨à­à­±à­Ÿà¬°à­‡ ରଖିବା ପାଇଠପà­à¬°à¬¾à¬¥à¬®à¬¿à¬•à¬¤à¬¾à¬•à­ ବà­à­Ÿà¬¬à¬¹à¬¾à¬° କରାଯାଇଥାà¬à¥¤ ପà­à¬°à¬¾à¬¥à¬®à¬¿à¬•à¬¤à¬¾ 0 ଅରà­à¬¥ ହେଉଛି " "ଶୃଙà­à¬–ଳ ଉପରେ ନିୟମ ଯୋଗ କରନà­à¬¤à­, ଉଚà­à¬š ପà­à¬°à¬¾à¬¥à¬®à¬¿à¬•à¬¤à¬¾ ସହିତ ନିୟମଟି ତଳେ ଯୋଗ କରାଯାଇଥାà¬à¥¤ ସମାନ " "ପà­à¬°à¬¾à¬¥à¬®à¬¿à¬•à¬¤à¬¾ ବିଶିଷà­à¬Ÿ ନିୟମାବଳୀ ସମାନ ସà­à¬¤à¬°à¬°à­‡ ଥାଠà¬à¬¬à¬‚ ସେହି ନିୟମାବଳୀର କà­à¬°à¬® ସà­à¬¥à¬¾à­Ÿà­€à¬¨à¬¥à¬¾à¬ à¬à¬¬à¬‚ " "ପରିବରà­à¬¤à­à¬¤à¬¨ ହୋଇପାରେ। ଯଦି ଆପଣ ନିଶà­à¬šà¬¿à¬¤ କରିବାକୠଚାହà­à¬à¬›à¬¨à­à¬¤à¬¿ ଯେ ଅନà­à­Ÿ ଗୋଟିଠଉପରେ ନିୟମାବଳୀ ଯୋଗ ହେବ " "ତେବେ, ପà­à¬°à¬¥à¬®à­‡ କମ ପà­à¬°à¬¾à¬¥à¬®à¬¿à¬•à¬¤à¬¾à¬•à­ ବà­à­Ÿà¬¬à¬¹à¬¾à¬° କରନà­à¬¤à­ à¬à¬¬à¬‚ ତାପରେ ଉଚà­à¬š ପà­à¬°à¬¾à¬¥à¬®à¬¿à¬•à¬¤à¬¾à¬•à­ ରଖନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "ନିୟମ ୟୋଗକରନà­à¬¤à­" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "ନିୟମ ସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "ନିୟମକୠବାହାର କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "ନିୟମାବଳୀ" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "ଅଗà­à¬°à¬—ତି ନିୟମାବଳୀ ସିଧାସଳଖ ଭାବରେ ଫାୟାରୱାଲ ମଧà­à¬¯ ଦେଇ ଯାଇଥାଠà¬à¬¬à¬‚ ତାହା ବିଶେଷ ଶୃଙà­à¬–ଳରେ " "ରଖାଯାଇନଥାà¬à¥¤ ସମସà­à¬¤ iptables, ip6tables à¬à¬¬à¬‚ etables ବିକଳà­à¬ªà¬•à­ ବà­à­Ÿà¬¬à¬¹à¬¾à¬° କରାଯାଇପାରିବ।" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "ଅଗà­à¬°à¬—ତି ନିୟମାବଳୀ ସହିତ ଦୟାକରି ସତରà­à¬• ରà­à¬¹à¬¨à­à¬¤à­ ଯେପରି ତାହା ଫାୟାରୱାଲକୠକà­à¬·à¬¤à¬¿ ନକରେ।" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "ଅଗà­à¬°à¬—ତିକୠଯୋଗ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "ଅଗà­à¬°à¬—ତିକୠସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "ଅଗà­à¬°à¬—ତିକୠବାହାର କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "ଅଗà­à¬°à¬—ତି" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "ଲକଡାଉନ ବିଶେଷତାଟି ହେଉଛି firewalld ପାଇଠବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ à¬à¬¬à¬‚ ପà­à¬°à­Ÿà­‹à¬— ନିତୀଗà­à¬¡à¬¼à¬¿à¬•à¬° ହାଲà­à¬•à¬¾ ସଂସà­à¬•à¬°à¬£à¥¤ " "à¬à¬¹à¬¾ ଫାୟାରୱାଲର ପରିବରà­à¬¤à­à¬¤à¬¨à¬•à­ ସିମୀତ କରିଥାà¬à¥¤ ଲକଡାଉନ ହà­à­±à¬¾à¬‡à¬Ÿà¬²à¬¿à¬·à­à¬Ÿ ନିରà­à¬¦à­à¬¦à­‡à¬¶, ପà­à¬°à¬¸à¬™à­à¬—, ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ " "à¬à¬¬à¬‚ ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ id ଗà­à¬¡à¬¼à¬¿à¬•à­ ଧାରଣ କରିଥାà¬à¥¤" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "ପà­à¬°à¬¸à¬™à­à¬—କୠଯୋଗକରନà­à¬¤à­" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "ପà­à¬°à¬¸à¬™à­à¬—କୠସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "ପà­à¬°à¬¸à¬™à­à¬—କୠବାହାର କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "ପà­à¬°à¬¸à¬™à­à¬—" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "ଯଦି ହà­à­±à¬¾à¬‡à¬Ÿà¬²à¬¿à¬·à­à¬Ÿà¬°à­‡ ଗୋଟିଠନିରà­à¬¦à­à¬¦à­‡à¬¶ ନିବେଶ ଆସଟେରିସà­à¬• '*' ରେ ସମାପà­à¬¤ ହୋଇଥାà¬, ତେବେ ସେହି ନିରà­à¬¦à­à¬¦à­‡à¬¶ " "ସହିତ ଆରମà­à¬­ ହେଉଥିବା ସମସà­à¬¤ ନିରà­à¬¦à­à¬¦à­‡à¬¶ ଧାରା ମେଳ ଖାଇବ। ଯଦି ସେହି '*' ସେଠାରେ ନଥାଠତେବେ ସେହି " "ସà­à­±à¬šà¬¨à­à¬¤à­à¬°à¬šà¬° ସହିତ ମେଳଖାଉଥିବା ନିରà­à¬¦à­à¬¦à¬¿à¬·à­à¬Ÿ ନିରà­à¬¦à­à¬¦à­‡à¬¶ ନିଶà­à¬šà¬¿à¬¤ ଭାବରେ ମେଳଖାଇବ।" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "ପାଠà­à¬¯ ନିରà­à¬¦à­à¬¦à­‡à¬¶à¬•à­ ଯୋଗ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "ପାଠà­à¬¯ ନିରà­à¬¦à­à¬¦à­‡à¬¶à¬•à­ ସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "ପାଠà­à¬¯ ନିରà­à¬¦à­à¬¦à­‡à¬¶à¬•à­ ବାହାର କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "ନିରà­à¬¦à­à¬¦à­‡à¬¶ ଧାରା" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ ନାମଗà­à¬¡à¬¼à¬¿à¬•à¥¤" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ ନାମ ଯୋଗ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ ନାମକୠସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ ନାମକୠବାହାର କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ ନାମଗà­à¬¡à¬¼à¬¿à¬•" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ id ଗà­à¬¡à¬¼à¬¿à¬•à¥¤" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ Id ଯୋଗକରନà­à¬¤à­" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ Id ସମà­à¬ªà¬¾à¬¦à¬¨ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ Id ବାହାର କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ Id ଗà­à¬¡à¬¼à¬¿à¬•" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "ତନà­à¬¤à­à¬°à¬° ପà­à¬°à¬šà¬³à¬¿à¬¤ ପୂରà­à¬¬à¬¨à¬¿à¬°à­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤ ଅଞà­à¬šà¬³à¥¤" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "ଆକସà­à¬®à¬¿à¬• ଭୟ ପରିସà­à¬¥à¬¿à¬¤à¬¿:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "ଲକଡାଉନ:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "ପୂରà­à¬¬ ନିରà­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤ ଅଞà­à¬šà¬³:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "ସଂଯୋଗିକୀ à¬à¬¬à¬‚ ପà­à¬°à­‹à¬Ÿà­‹à¬•à¬²" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ଦୟାକରି ଗୋଟିଠପୋରà­à¬Ÿ à¬à¬¬à¬‚ ପà­à¬°à­‹à¬Ÿà­‹à¬•à¬² ଭରଣ କରନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "ସିଧାସଳଖ ନିୟମ" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "ଦୟାକରି ipv à¬à¬¬à¬‚ table, ଶୃଙà­à¬–ଳ ଅଗà­à¬°à¬¾à¬§à­€à¬•à¬¾à¬°à¬•à­ ବାଛନà­à¬¤à­ à¬à¬¬à¬‚ args କୠଭରଣ କରନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "ଅଗà­à¬°à¬¾à¬§à¬¿à¬•à¬¾à¬°:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "ଦୟାକରି ଗୋଟିଠପà­à¬°à­‹à¬Ÿà­‹à¬•à¬² ଭରଣ କରନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "ଅନà­à­Ÿà¬¾à¬¨à­à­Ÿ ପà­à¬°à­‹à¬Ÿà­‹à¬•à¬²:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "ଶକà­à¬¤ ନିୟମ" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "ଦୟାକରି ଗୋଟିଠଶକà­à¬¤ ନିୟମକୠଭରଣ କରନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "ହୋଷà­à¬Ÿ କିମà­à¬¬à¬¾ ନେଟୱରà­à¬• ହà­à­±à¬¾à¬‡à¬Ÿ କିମà­à¬¬à¬¾ ବà­à¬²à¬¾à¬•à¬²à¬¿à¬·à­à¬Ÿ ପାଇଠଉପାଦାନକୠନିଷà­à¬•à­à¬°à¬¿à­Ÿ କରିଥାà¬à¥¤" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "ଉତà­à¬¸:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "ଲକà­à¬·à­à¬¯à¬¸à­à¬¥à¬³:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "ଲଗ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ସମà­à¬ªà¬¾à¬¦à¬¨:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 à¬à¬¬à¬‚ ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "ଓଲଟି ଯାଇଛି" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "à¬à¬¹à¬¾à¬•à­ ସକà­à¬°à¬¿à­Ÿ କରିବା ପାଇଠକାରà­à¬¯à­à­Ÿà¬•à­ 'ପà­à¬°à¬¤à­à­Ÿà¬¾à¬–à­à­Ÿà¬¾à¬¨' କରିବା ଉଚିତ à¬à¬¬à¬‚ 'ipv4' କିମà­à¬¬à¬¾ 'ipv6' ପରିବାରର " "ହୋଇଥିବା ଉଚିତ (ଉଭୟ ନà­à¬¹à¬)।" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "ପà­à¬°à¬•à¬¾à¬° ସହିତ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "ସୀମା ସହିତ:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "ଉପସରà­à¬—:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "ସà­à¬¤à¬°:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "ଉପାଦାନ:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "କାରà­à¬¯à­à­Ÿ:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "ମୂଳ ସରà­à¬­à¬¿à¬¸ ସେଟିଙà­à¬—ଗà­à¬¡à¬¼à¬¿à¬•" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "ମୂଳ ସରà­à¬­à¬¿à¬¸ ସେଟିଙà­à¬—ଗà­à¬¡à¬¼à¬¿à¬•à­ ଦୟାକରି ବିନà­à­Ÿà¬¾à¬¸ କରନà­à¬¤à­:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "ଦୟାକରି ଗୋଟିଠସରà­à¬­à¬¿à¬¸ ବାଛନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ଦୟାକରି ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ id ଭରଣ କରନà­à¬¤à­à¥¤" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "ଦୟାକରି ବà­à­Ÿà¬¬à¬¹à¬¾à¬°à¬•à¬¾à¬°à­€ ନାମ ଭରଣ କରନà­à¬¤à­" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "ମୂଳ ଅଞà­à¬šà¬³ ସଂରଚନା" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "ମୂଳ ଅଞà­à¬šà¬³ ସଂରଚନାକୠବିନà­à­Ÿà¬¾à¬¸ କରନà­à¬¤à­:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "ପୂରà­à¬¬ ନିରà­à¬¦à­à¬§à¬¾à¬°à¬¿à¬¤ ଲକà­à¬·à­à¬¯ ସà­à¬¥à¬³" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "ଲକà­à¬·à­à¬¯ ସà­à¬¥à¬³:" firewalld-1.1.1/po/pa.po0000644000000000000000000020224614217342322015045 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Amandeep Singh Saini , 2013-2014 # Amanpreet Singh Alam , 2004,2006 # Amanpreet Singh Alam , 2005 # A P Singh , 2006 # Amandeep Singh Saini , 2013 # A S Alam , 2006 # A S Alam , 2012 # Automatically generated, 2004 # Automatically generated , 2004 # Jaswinder Singh , 2011 # Jaswinder Singh , 2006-2010 # Jaswinder Singh Phulewala , 2005-2006 # Jaswinder Singh , 2011 # Thomas Woerner , 2016. #zanata # A S Alam , 2017. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2017-11-26 02:37+0000\n" "Last-Translator: A S Alam \n" "Language-Team: Panjabi (Punjabi) (http://www.transifex.com/projects/p/" "firewalld/language/pa/)\n" "Language: pa\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "ਫਾਇਰਵਾਲ à¨à¨ªà¨²à©ˆà©±à¨Ÿ" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ਫਾਇਰਵਾਲ" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ਫਾਇਰਵਾਲ ਸੰਰਚਨਾ" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "ਇੰਟਰਫੇਸ '%s' ਲਈ ਜ਼ੋਨ ਚà©à¨£à©‹" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "ਮੂਲ ਜ਼ੋਨ" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "ਸੰਪਰਕ '%s' ਲਈ ਜ਼ੋਨ ਚà©à¨£à©‹" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "ਸ਼ੀਲਡ ਅੱਪ/ਡਾਊਨ ਜ਼ੋਨ ਸੰਰਚਨਾ" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "ਇੱਥੇ ਤà©à¨¸à©€à¨‚ ਸ਼ੀਲਡ ਅੱਪ ਅਤੇ ਸ਼ੀਲਡ ਡਾਊਨ ਲਈ ਵਰਤੇ ਜਾਣ ਵਾਲੇ ਜ਼ੋਨ ਚà©à¨£ ਸਕਦੇ ਹੋ।" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "ਇਹ ਫ਼ੀਚਰ ਉਹਨਾਂ ਲੋਕਾਂ ਲਈ ਉਪਯੋਗੀ ਹੈ ਜਿਹੜੇ ਜਿਆਦਾਤਰ ਮੂਲ ਜ਼ੋਨ ਵਰਤਦੇ ਹਨ। ਉਹਨਾਂ ਯੂਜ਼ਰਾਂ, ਜਿਹੜੇ " "ਸੰਪਰਕਾਂ ਦੇ ਜੋ਼ਨਾਂ ਨੂੰ ਬਦਲਦੇ ਰਹੇ ਹਨ, ਇਹ ਸੀਮਿਤ ਵਰਤੋਂ ਵਾਲਾ ਹੋ ਸਕਦਾ ਹੈ।" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "ਸ਼ੀਲਡ ਅੱਪ ਜ਼ੋਨ:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "ਮੂਲ ਲਈ ਮà©à©œ-ਸੈੱਟ ਕਰੋ" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "ਸ਼ੀਲਡ ਡਾਊਨ ਜ਼ੋਨ:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "%s ਬਾਰੇ" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "ਲੇਖਕ" #: ../src/firewall-applet.in:393 msgid "License" msgstr "ਲਸੰਸ" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "ਸ਼ੀਲਡ ਅੱਪ ਕਰਦਾ ਹੈ" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "ਸੂਚਨਾਵਾਂ ਚਾਲੂ ਕਰੋ" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "...ਫਾਇਰਵਾਲ ਸੈਟਿੰਗਾਂ ਸੋਧੋ" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "ਸੰਪਰਕਾਂ ਦੇ ਜ਼ੋਨ ਬਦਲੋ..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "...ਸ਼ੀਲਡ ਅੱਪ/ਡਾਊਨ ਜ਼ੋਨ ਸੰਰਚਨਾ" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "ਸਭ ਨੈੱਟਵਰਕ ਆਵਾਜਾਈ ਉੱਤੇ ਪਾਬੰਦੀ" #: ../src/firewall-applet.in:492 msgid "About" msgstr "ਇਸ ਬਾਰੇ" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "ਕੋਈ ਕà©à¨¨à©ˆà¨•à¨¶à¨¨ ਨਹੀਂ" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "ਇੰਟਰਫੇਸ" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "ਸਰੋਤ" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ਪਰਮਾਣਿਕਤਾ ਅਸਫਲ ਹੋਈ।" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "ਅਢà©à¨•à¨µà¨¾à¨‚ ਨਾਂ" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "ਨਾਂ ਪਹਿਲਾਂ ਹੀ ਮੌਜੂਦ ਹੈ" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "ਫਾਇਰਵਾਲ ਡੈਮਨ ਨਾਲ ਕੋਈ ਕà©à¨¨à©ˆà¨•à¨¶à¨¨ ਨਹੀਂ ਹੈ" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "ਸਭ ਨੈੱਟਵਰਕ ਟਰੈਫਿਕ ਉੱਤੇ ਪਾਬੰਦੀ ਲਗਾਈ ਗਈ।" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "ਮੂਲ ਜ਼ੋਨ: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "'{zone}' ਜ਼ੋਨ ਸਰਗਰਮ '{connection}' ਸੰਪਰਕ ਲਈ '{interface}' ਇੰਟਰਫੇਸ ਉੱਤੇ" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "'{zone}' ਜ਼ੋਨ ਸਰਗਰਮ '{interface}' ਇੰਟਰਫੇਸ ਲਈ" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "'{zone}' ਜ਼ੋਨ ਸਰੋਤ {source} ਲਈ ਸਰਗਰਮ" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "ਕੋਈ ਵੀ ਸਰਗਰਮ ਜ਼ੋਨ ਨਹੀਂ।" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "ਫਾਇਰਵਾਲ-ਡੀ ਨਾਲ ਸੰਪਰਕ ਬਣਾਇਆ।" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "ਫਾਇਰਵਾਲ-ਡੀ ਨਾਲ ਕà©à¨¨à©ˆà¨•à¨¶à¨¨ ਖਤਮ ਹੋਇਆ।" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "ਫਾਇਰਵਾਲ-ਡੀ ਨੂੰ ਮà©à©œ-ਲੋਡ ਕੀਤਾ ਜਾ ਚà©à©±à¨•à¨¾ ਹੈ।" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "ਮੂਲ ਜ਼ੋਨ '%s' ਨਾਲ ਬਦਲਿਆ ਗਿਆ।" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "ਨੈੱਟਵਰਕ ਟਰੈਫਿਕ ਉੱਤੇ ਹà©à¨£ ਕੋਈ ਪਾਬੰਦੀ ਨਹੀਂ ਹੈ।" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "ਕਿਰਿਆਸ਼ੀਲ ਕੀਤਾ" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "ਗੈਰ-ਕਿਰਿਆਸ਼ੀਲ ਕੀਤਾ" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "'{zone}' ਜ਼ੋਨ {activated_deactivated} ਸੰਪਰਕ '{connection}' ਲਈ ਇੰਟਰਫੇਸ " "'{interface}' ਉੱਤੇ" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "'{zone}' ਜ਼ੋਨ {activated_deactivated} ਇੰਟਰਫੇਸ '{interface}' ਉੱਤੇ" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr " '%s' ਜ਼ੋਨ ਇੰਟਰਫੇਸ '%s' ਲਈ ਕਿਰਿਆਸ਼ੀਲ ਕੀਤਾ ਗਿਆ" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "'{zone}' ਜ਼ੋਨ {activated_deactivated} ਸਰੋਤ '{source}' ਲਈ" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "'%s' ਜ਼ੋਨ ਸਰੋਤ '%s' ਲਈ ਕਿਰਿਆਸ਼ੀਲ ਕੀਤਾ ਗਿਆ" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "ਬਦਲਾਅ ਲਾਗੂ ਕੀਤੇ।" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "ਨੈੱਟਵਰਕ ਸੰਪਰਕ '%s' ਦà©à¨†à¨°à¨¾ ਵਰਤਿਆ" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "ਯੋਗ ਕੀਤਾ" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "ਅਯੋਗ ਕੀਤਾ" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ਆਈਕਨ ਲੋਡ ਕਰਨ ਵਿੱਚ ਅਸਫਲ ਹੋਇਆ।" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "ਯੂਜ਼ਰ ਨਾਂ" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "ਚੱਲਣ ਸਮਾਂ" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "ਪੱਕਾ" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "ਸੇਵਾ" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "ਪੋਰਟ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "ਜਾਬਤਾ" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "ਪੋਰਟ ਵੱਲ" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "ਪਤੇ ਵੱਲ" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp ਕਿਸਮ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "ਟੱਬਰ" #: ../src/firewall-config.in:826 msgid "Action" msgstr "ਕਾਰਵਾਈ" #: ../src/firewall-config.in:828 msgid "Element" msgstr "ਤੱਤ" #: ../src/firewall-config.in:830 msgid "Src" msgstr "ਸਰੋਤ" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "ਟਿਕਾਣਾ" #: ../src/firewall-config.in:834 msgid "log" msgstr "ਲੌਗ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ਆਡਿਟ" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "ਸਰੋਤ" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "ਚੇਤਾਵਨੀ" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "ਗਲਤੀ" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "ਸਵੀਕਾਰ ਕਰੋ" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "ਅਸਵੀਕਾਰ ਕਰੋ" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "ਸà©à©±à¨Ÿà©‹" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "ਹੱਦ" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "ਸੇਵਾ" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "ਪੋਰਟ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "ਜਾਬਤਾ" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "ਮà©à¨–ੌਟਾ" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "ਪੱਧਰ" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ਹਾਂ" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "ਜ਼ੋਨ" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "ਜ਼ੋਨ '%s': ਸੇਵਾ '%s' ਉਪਲੱਬਧ ਨਹੀਂ ਹੈ।" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "ਜ਼ੋਨ ਹਟਾਉ" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "ਅਣਗੌਲਿਆ ਕਰੋ" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "ਜ਼ੋਨ '%s': ICMP ਕਿਸਮ '%s' ਉਪਲੱਬਧ ਨਹੀਂ।" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "ਬਿਲਟ-ਇਨ ਜ਼ੋਨ, ਨਾਂ-ਬਦਲਣ ਲਈ ਸਹਾਇਕ ਨਹੀਂ।" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "ਦੂਜਾ" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "ਮਿੰਨਟ" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "ਘੰਟਾ" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "ਦਿਨ" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "ਹੰਗਾਮੀ" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "ਖ਼ਬਰਦਾਰ" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "ਨਾਜà©à¨•" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "ਗਲਤੀ" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "ਚੇਤਾਵਨੀ" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "ਸੂਚਨਾ" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "ਜਾਣਕਾਰੀ" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ਡੀਬੱਗ" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ਕਿਸੇ ਹੋਰ ਸਿਸਟਮ ਤੇ ਫਾਰਵਰਡਿੰਗ ਸਿਰਫ ਉਸ ਵੇਲੇ ਹੀ ਵਰਤੋਂਯੋਗ ਹੈ ਜੇ ਇੰਟਰਫੇਸ ਦਾ ਮà©à¨–ੌਟਾਪਨ ਕੀਤਾ ਹੈ।\n" "ਕੀ ਤà©à¨¸à©€à¨‚ ਇਸ ਜ਼ੋਨ ਦਾ ਮà©à¨–ੌਟਾਪਨ ਕਰਨਾ ਚਾਹà©à©°à¨¦à©‡ ਹੋ?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "ਬਿਲਟ-ਇਨ ਸੰਰਚਨਾ, ਨਾਂ-ਬਦਲਣ ਲਈ ਸਹਾਇਕ ਨਹੀਂ ਹੈ।" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "ਬਿਲਟ-ਇਨ icmp, ਨਾਂ-ਬਦਲਣ ਲਈ ਸਹਾਇਕ ਨਹੀਂ ਹੈ।" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "ਸਰੋਤ %s ਲਈ ਜ਼ੋਨ ਚà©à¨£à©‹" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ਪਤਾ" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਕਮਾਂਡ ਲਾਈਨ ਭਰੋ।" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਪà©à¨°à¨¸à©°à¨— ਭਰੋ।" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਹੇਠਾਂ ਦਿੱਤੀ ਸੂਚੀ ਵਿੱਚੋਂ ਮੂਲ ਜ਼ੋਨ ਚà©à¨£à©Œà¥¤" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "ਸਿੱਧੀ ਲੜੀ" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ipv ਅਤੇ ਸਾਰਣੀ ਚà©à¨£à©‹ ਅਤੇ ਲੜੀ ਨਾਂ ਭਰੋ।" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "ਲੜੀ:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "ਕੱਚਾ" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "ਸà©à¨°à©±à¨–ਿਆ" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "ਸਾਰਣੀ:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "ਸਿੱਧਾ ਪਾਸਥਰੂਅ ਨਿਯਮ" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ipv ਚà©à¨£à©‹ ਅਤੇ ਆਰਗੂਮੈਂਟ ਭਰੋ।" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "ਆਰਗੂਮੈਂਟ:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "ਪੋਰਟ ਫਾਰਵਰਡਿੰਗ" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "ਕਿਰਪਾ ਕਰਕੇ ਆਪਣੀ ਲੋੜ ਅਨà©à¨¸à¨¾à¨° ਸਰੋਤ ਤੇ ਨੀਯਤ ਚੋਣਾਂ ਚà©à¨£à©‹à¥¤" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "ਪੋਰਟ / ਪੋਰਟ ਰੇਂਜ:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP ਪਤਾ:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "ਜਾਬਤਾ:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "ਟਿਕਾਣਾ" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "ਜੇ ਤà©à¨¸à©€à¨‚ ਸਥਾਨਕ ਫਾਰਵਰਡਿੰਗ ਯੋਗ ਕਰਦੇ ਹੋ, ਤà©à¨¹à¨¾à¨¨à©‚à©° ਇੱਕ ਪੋਰਟ ਦੇਣੀ ਚਾਹੀਦੀ ਹੈ। ਇਹ ਪੋਰਟ ਸਰੋਤ ਪੋਰਟ ਲਈ " "ਵੱਖਰੀ ਹੋਣੀ ਜਰੂਰੀ ਹੈ।" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "ਸਥਾਨਕ ਫਾਰਵਰਡਿੰਗ" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "ਹੋਰ ਪੋਰਟ ਤੇ ਅੱਗੇ ਭੇਜਿਆ" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "ਗੂੜà©à¨¹à©‡ ਕੀਤੇ ਇੰਦਰਾਜ ਜਰੂਰੀ ਹਨ, ਬਾਕੀ ਸਭ ਚੋਣਵੀਆਂ ਹਨ।" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "ਨਾਂ:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "ਸੰਸਕਰਣ:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "ਸੰਖੇਪ:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "ਵੇਰਵਾ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "ਟੱਬਰ:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "ਮà©à©±à¨¢à¨²à©€ ICMP ਕਿਸਮ ਸੈਟਿੰਗ" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਆਧਾਰ ICMP ਕਿਸਮ ਸੈਟਿੰਗਾਂ ਸੰਰਚਿਤ ਕਰੋ:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP ਕਿਸਮ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ICMP ਕਿਸਮ ਚà©à¨£à©‹" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "à¨à¨‚ਟਰੀ ਜੋੜੋ" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "ਫਾਈਲ (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "ਚੋਣਾਂ (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "ਫਾਇਰਵਾਲ-ਡੀ ਮà©à©œ-ਲੋਡ ਕਰੋ" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ਫਾਇਰਵਾਲ ਨਿਯਮ ਮà©à©œ ਲੋਡ ਕਰੋ। ਮੌਜੂਦਾ ਪੱਕੀ ਸੰਰਚਨਾ ਨਵੀਂ ਚੱਲ ਰਹੀ ਸੰਰਚਨਾ ਬਣ ਜਾਵੇਗੀ। ਮਤਲਬ ਕਿ ਮà©à©œ-" "ਲੋਡ ਕਰਨ ਤੱਕ ਚਾਲੂ ਹਾਲਾਤ ਵਿੱਚ ਕੀਤੇ ਸਾਰੇ ਬਦਲਾਅ ਗà©à©°à¨® ਜਾਂਦੇ ਹਨ ਜੇ ਉਹ ਵੀ ਪੱਕੀ ਸੰਰਚਨਾ ਵਿੱਚ ਨਹੀਂ ਹਨ।" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ਇੱਕ ਨੈੱਟਵਰਕ ਸੰਪਰਕ ਕਿਸ ਜ਼ੋਨ ਨਾਲ ਸੰਬੰਧ ਰੱਖਦਾ ਹੈ ਨੂੰ ਬਦਲੋ।" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "ਮੂਲ ਜ਼ੋਨ ਬਦਲੋ" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "ਸੰਪਰਕਾਂ ਜਾਂ ਇੰਟਰਫੇਸਾਂ ਲਈ ਮੂਲ ਜ਼ੋਨ ਬਦਲੋ।" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "ਖਲਬਲੀ ਮੋਡ ਦਾ ਮਤਲਬ ਕਿ ਸਾਰੇ ਜਾ ਰਹੇ ਅਤੇ ਆ ਰਹੇ ਪੈਕੇਟ ਸà©à©±à¨Ÿ ਦਿੱਤੇ ਜਾਂਦੇ ਹਨ।" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "ਖ਼ਲਬਲੀ ਮੋਡ" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "ਤਾਲਾਬੰਦ ਫਾਇਰਵਾਲ ਸੰਰਚਨਾ ਤੇ ਤਾਲਾ ਲਗਾ ਦਿੰਦਾ ਹੈ ਤਾਂ ਕਿ ਸਿਰਫ਼ ਤਾਲਾਬੰਦੀ ਦੀ ਵਾਈà©à¨¹à¨Ÿà¨²à¨¿à¨¸à¨Ÿ " "ਉੱਪਰਲੀਆਂ à¨à¨ªà¨²à©€à¨•à©‡à¨¶à¨¨à¨¾à¨‚ ਹੀ ਇਸ ਨੂੰ ਬਦਲਣ ਦੇ ਯੋਗ ਹੋਣ।" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "ਤਾਲਾਬੰਦ" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "à¨à¨¾à¨¤ (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP ਕਿਸਮਾਂ" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "ਸਿੱਧੀ ਸੰਰਚਨਾ" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Whitelist ਤਾਲਾਬੰਦ ਕਰੋ" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "ਮਦਦ (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "ਸੰਰਚਨਾ:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "ਮੌਜੂਦਾ ਪਰਗਟ ਸੰਰਚਨਾ। ਚਾਲੂ ਸੰਰਚਨਾ ਹੀ ਅਸਲ ਸਰਗਰਮ ਸੰਰਚਨਾ ਹੈ। ਸਥਾਈ ਸੰਰਚਨਾ ਸੇਵਾ ਜਾਂ ਸਿਸਟਮ ਦੇ " "ਮà©à©œ-ਲੋਡ ਜਾਂ ਮà©à©œ-ਸ਼à©à¨°à©‚ ਹੋਣ ਤੋਂ ਬਾਅਦ ਸਰਗਰਮ ਹੋਵੇਗੀ" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "ਇੱਕ ਫਾਇਰਵਾਲ ਵਾਲਾ ਜ਼ੋਨ ਨੈੱਟਵਰਕ ਸੰਪਰਕਾਂ, ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਜ਼ੋਨ ਨਾਲ ਬੱà¨à©‡ ਸਰੋਤਾਂ ਲਈ ਭਰੋਸੇ ਦਾ ਪੱਧਰ " "ਦਰਸਾਉਂਦਾ ਹੈ। ਜ਼ੋਨ ਸੇਵਾਵਾਂ, ਪੋਰਟਾਂ, ਜਾਬਤਿਆਂ, ਮà©à¨–ੌਟਾਪਨ, ਪੋਰਟ/ਪੈਕੇਟ ਫਾਰਵਰਡ ਕਰਨਾ, icmp ਫਿਲਟਰਾਂ " "ਅਤੇ ਉੱਚ-ਪੱਧਰ ਨਿਯਮਾਂ ਨੂੰ ਇਕੱਠਿਆਂ ਕਰਦਾ ਹੈ। ਜ਼ੋਨ ਨੂੰ ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਸਰੋਤ ਪਤਿਆਂ ਨਾਲ ਬੰਨà©à¨¹à¨¿à¨† ਜਾ ਸਕਦਾ ਹੈ।" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "ਜ਼ੋਨ ਸ਼ਾਮਿਲ ਕਰੋ" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "ਜ਼ੋਨ ਸੋਧੋ" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "ਜ਼ੋਨ ਹਟਾਉ" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "ਜ਼ੋਨ ਮੂਲ ਲੋਡ ਕਰੋ" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "ਇੱਥੇ ਤà©à¨¸à©€à¨‚ ਦੱਸ ਸਕਦੇ ਹੋ ਕਿ ਕਿਹੜੀ ਸੇਵਾ ਭਰੋਸੇਯੋਗ ਜ਼ੋਨ ਵਿੱਚ ਹੈ। ਭਰੋਸੇਯੋਗ ਸੋਵਾਵਾਂ ਸਭ ਮੇਜ਼ਬਾਨਾਂ ਅਤੇ ਨੈੱਟਵਰਕਾਂ " "ਤੋਂ ਵਰਤੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ ਜਿਹੜੇ ਇਸ ਜ਼ੋਨ ਨਾਲ ਬੱà¨à©‡ ਸੰਪਰਕਾਂ, ਇੰਟਰਫੇਸਾਂ ਅਤੇ ਸਰੋਤਾਂ ਤੋਂ ਮਸ਼ੀਨ ਤੱਕ ਪਹà©à©°à¨š " "ਸਕਦੇ ਹਨ।" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "ਸੇਵਾਵਾਂ" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "ਵਾਧੂ ਪੋਰਟਾਂ ਜਾਂ ਪੋਰਟ ਰੇਂਜਾਂ ਸ਼ਾਮਿਲ ਕਰੋ, ਜੋ ਉਹਨਾਂ ਸਭ ਮੇਜ਼ਬਾਨਾਂ ਜਾਂ ਨੈੱਟਵਰਕਾਂ ਲਈ ਦਖਲ ਦੇਣ ਯੋਗ ਹੋਣ " "ਜਿਹੜੇ ਮਸ਼ੀਨ ਨਾਲ ਜà©à©œ ਸਕਦੇ ਹਨ।" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "ਪੋਰਟ ਜੋੜੋ" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "ਜ਼ੋਨ ਸੋਧੋ" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "ਜ਼ੋਨ ਹਟਾਉ" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "ਪੋਰਟ" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "ਮਖੌਟਾ ਤà©à¨¹à¨¾à¨¨à©‚à©° ਮੇਜ਼ਬਾਨ ਜਾਂ ਰਾਊਟਰ ਨਿਰਧਾਰਤ ਕਰਨ ਵਿੱਚ ਮਦਦ ਕਰਦਾ ਹੈ ਜੋ ਤà©à¨¹à¨¾à¨¡à©‡ ਸਥਾਨਕ ਨੈੱਟਵਰਕ ਨੂੰ " "ਇੰਟਰਨੈੱਟ ਨਾਲ ਜੋੜਦਾ ਹੈ। ਤà©à¨¹à¨¾à¨¡à¨¾ ਸਥਾਨਕ ਨੈੱਟਵਰਕ ਦਿੱਖ ਹੋਵੇਗਾ ਅਤੇ ਇੰਟਰਨੈੱਟ ਲਈ ਮੇਜ਼ਬਾਨ ਇੱਕ ਵੱਖਰੇ ਪਤੇ ਵਾਂਗ " "ਦਿਸਦਾ ਹੈ। ਮਖੌਟਾ ਸਿਰਫ IPv4 ਹੈ।" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "ਮà©à¨–ੌਟਾ ਜ਼ੋਨ" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "ਜੇ ਤà©à¨¸à©€à¨‚ ਮà©à¨–ੌਟਾ ਯੋਗ ਕੀਤਾ, IP ਫਾਰਵਰਡਿੰਗ ਵੀ ਤà©à¨¹à¨¾à¨¡à©‡ IPv4 ਨੈੱਟਵਰਕਾਂ ਲਈ ਯੋਗ ਹੋ ਜਾà¨à¨—ੀ।" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "ਮà©à¨–ੌਟਾ" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "ਪੋਰਟਾਂ ਨੂੰ ਸਥਾਨਕ ਸਿਸਟਮ ਉੱਪਰ ਇੱਕ ਪੋਰਟ ਤੋਂ ਦੂਜੀ ਪੋਰਟ ਤੇ ਫਾਰਵਰਡ ਕਰਨ ਲਈ ਜਾਂ ਸਥਾਨਕ ਸਿਸਟਮ ਤੋਂ ਹੋਰ " "ਸਿਸਟਮ ਵੱਲ ਫਾਰਵਰਡ ਕਰਨ ਲਈ ਇੰਦਰਾਜ ਸ਼ਾਮਿਲ ਕਰੋ। ਹੋਰ ਸਿਸਟਮ ਤੇ ਫਾਰਵਰਡ ਕਰਨ ਨਾਲ ਸਿਰਫ ਤਾਂ ਹੀ " "ਲਾਹੇਵੰਦ ਹੈ ਜੇ ਇੰਟਰਫੇਸ ਮਖੌਟਾ ਹੈ। ਪੋਰਟ ਫਾਰਵਰਡਿੰਗ ਸਿਰਫ IPv4 ਹੈ।" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ਫਾਰਵਰਡ ਪੋਰਟ ਜੋੜੋ" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ਫਾਰਵਰਡ ਪੋਰਟ ਸੋਧੋ" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ਪਾਰਵਰਡ ਪੋਰਟ ਹਟਾਉ" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ਇੰਟਰਨੈੱਟ ਕੰਟਰੋਲ ਮੈਸੇਜ ਪਰੋਟੋਕਾਲ (ICMP) ਮà©à©±à¨– ਤੌਰ ਤੇ ਨੈੱਟਵਰਕ ਕੰਪਿਊਟਰਾਂ ਵਿੱਚ ਗਲਤੀ ਸà©à¨¨à©‡à¨¹à©‡ ਭੇਜਣ ਲਈ ਵਰਤਿਆ " "ਜਾਂਦਾ ਹੈ, ਪਰ ਨਾਲ ਹੀ ਵੀ ਭੇਜਦਾ ਹੈ ਜਿਵੇਂ ਪਿੰਗ ਬੇਨਤੀ ਅਤੇ ਜਵਾਬ।" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "ਸੂਚੀ ਵਿੱਚ ICMP ਕਿਸਮਾਂ ਮਾਰਕ ਕਰੋ, ਜੋ ਰੱਧ ਕੀਤੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ਹੋਰ ਸਭ ICMP ਕਿਸਮਾਂ ਫਾਇਰਵਾਲ " "ਵਿੱਚ ਲੰਘ ਸਕਦੀਆਂ ਹਨ। ਮੂਲ ਰੂਪ ਵਿੱਚ ਕੋਈ ਪਾਬੰਦੀ ਨਹੀਂ ਹੈ।" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP ਫਿਲਟਰ" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "ਇੱਥੇ ਤà©à¨¸à©€à¨‚ ਜ਼ੋਨ ਲਈ ਉੱਚ-ਪੱਧਰੀ ਭਾਸ਼ਾ ਨਿਯਮ ਸੈੱਟ ਕਰ ਸਕਦੇ ਹੋ।" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "ਉੱਚ-ਪੱਧਰੀ ਨਿਯਮ ਜੋੜੋ" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "ਉੱਚ-ਪੱਧਰੀ ਨਿਯਮ ਸੋਧੋ" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "ਉੱਚ-ਪੱਧਰੀ ਨਿਯਮ ਹਟਾਉ" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "ਉੱਚ-ਪੱਧਰੀ ਨਿਯਮ" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "ਜ਼ੋਨ ਨਾਲ ਇੰਟਰਫੇਸ ਬੰਨà©à¨¹à¨£ ਲਈ à¨à¨‚ਟਰੀਆਂ ਸਾਮਿਲ ਕਰੋ। ਜੇ ਇੰਟਰਫੇਸ ਸੰਪਰਕ ਦà©à¨†à¨°à¨¾ ਵਰਤਿਆ ਜਾਵੇਗਾ, ਜ਼ੋਨ ਉਸ ਜ਼ੋਨ " "ਵਜੋਂ ਸੈੱਟ ਹੋਵੇਗਾ ਜੋ ਸੰਪਰਕ ਵਿੱਚ ਦਰਸਾਇਆ ਗਿਆ ਹੈ।" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ਇੰਟਰਫੇਸ ਜੋੜੋ" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ਇੰਟਰਫੇਸ ਸੋਧੋ" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ਇੰਟਰਫੇਸ ਹਟਾਉ" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "ਸਰੋਤ ਜੋੜੋ" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "ਸਰੋਤ ਸੋਧੋ" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "ਸਰੋਤ ਹਟਾਉ" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "ਜ਼ੋਨ" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "ਇੱਕ ਫਾਇਰਵਾਲ-ਡੀ ਸੇਵਾ ਪੋਰਟਾਂ, ਜਾਬਤਿਆਂ, ਮੌਡਿਊਲਾਂ ਅਤੇ ਟਿਕਾਣਾ ਪਤਿਆਂ ਦਾ ਮਿਸ਼ਰਣ ਹੈ।" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "ਸੇਵਾ ਜੋੜੋ" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "ਸੇਵਾ ਸੋਧੋ" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "ਸੇਵਾ ਹਟਾਉ" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "ਸੇਵਾ ਮੂਲ ਲੋਡ ਕਰੋ" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "à¨à¨‚ਟਰੀ ਸੋਧੋ" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "à¨à¨‚ਟਰੀ ਹਟਾਉ" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "ਮੌਡਿਊਲ" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "ਜੇ ਤà©à¨¸à©€à¨‚ ਟਿਕਾਣਾ ਪਤੇ ਦਰਸਾਉਂਦੇ ਹੋ, ਸੇਵਾ ਇੰਦਰਾਜ ਟਿਕਾਣੇ ਦੇ ਪਤੇ ਅਤੇ ਕਿਸਮ ਤੱਕ ਸੀਮਿਤ ਰਹੇਗੀ। ਜੇ ਦੋਵੇਂ " "ਇੰਦਰਾਜ ਖਾਲੀ ਹਨ, ਫਿਰ ਕੋਈ ਬੰਦਿਸ਼ ਨਹੀਂ।" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "ਸੇਵਾਵਾਂ ਸਿਰਫ਼ ਸਥਾਈ ਸੰਰਚਨਾ à¨à¨¾à¨¤ ਵਿੱਚ ਹੀ ਬਦਲੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ਸੇਵਾਵਾਂ ਦੀ ਚਾਲੂ ਸੰਰਚਨਾ ਪੱਕੀ ਹੈ।" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "ਫਾਇਰਵਾਲ-ਡੀ icmptype ਫਾਇਰਵਾਲ-ਡੀ ਦੀ ਇੰਟਰਨੈੱਟ ਕੰਟਰੋਲ ਮੈਸੇਜ ਪਰੋਟੋਕੌਲ (ICMP) ਕਿਸਮ ਦੀ " "ਜਾਣਕਾਰੀ ਮà©à¨¹à©±à¨ˆà¨† ਕਰਵਾਉਂਦਾ ਹੈ।" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP ਕਿਸਮ ਜੋੜੋ" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP ਕਿਸਮ ਸੋਧੋ" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP ਕਿਸਮ ਹਟਾਉ" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP ਕਿਸਮ ਮੂਲ ਲੋਡ ਕਰੋ" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "ਦਰਸਾਉ ਕਿ ਜੇ ਇਹ ICMP ਕਿਸਮ IPv4 ਅਤੇ/ਜਾਂ IPv6 ਲਈ ਉਪਲੱਬਧ ਹਨ।" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP ਕਿਸਮਾਂ ਸਿਰਫ਼ ਸਥਾਈ ਸੰਰਚਨਾ à¨à¨¾à¨¤ ਵਿੱਚ ਹੀ ਬਦਲੀਆਂ ਜਾ ਸਕਦੀਆਂ ਹਨ। ICMP ਕਿਸਮ ਦੀ ਚਾਲੂ " "ਸੰਰਚਨਾ ਪੱਕੀ ਹੈ।" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "ਸਿੱਧੀ ਸੰਰਚਨਾ ਫਾਇਰਵਾਲ ਤੱਕ ਹੋਰ ਜਿਆਦਾ ਸਿੱਧਾ ਦਖਲ ਦਿੰਦੀ ਹੈ। ਇਹ ਚੋਣਾਂ ਲਈ ਲੋੜੀਂਦਾ ਹੈ ਕਿ ਯੂਜ਼ਰ ਨੂੰ " "iptables ਦੇ ਮà©à©±à¨¢à¨²à©‡ ਸਿਧਾਂਤ ਪਤਾ ਹੋਣ, i.e. ਸਾਰਣੀਆਂ, ਲੜੀਆਂ, ਕਮਾਂਡਾਂ, ਪੈਰਾਮੀਟਰ ਅਤੇ ਟਿਕਾਣੇ। " "ਸਿੱਧੀ ਸੰਰਚਨਾ ਆਖਿਰੀ ਹੱਲ ਵਜੋਂ ਵਰਤਣੀ ਚਾਹੀਦੀ ਹੈ ਜਦੋਂ ਹੋਰ ਫਾਇਰਵਾਲ-ਡੀ ਫੀਚਰਾਂ ਨੂੰ ਵਰਤਣਾ ਸੰਭਵ ਨਾ " "ਹੋਵੇ।" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "ਹਰੇਕ ਚੋਣ ਦੇ ipv ਆਰਗੂਮੈਂਟ ਦਾ ipv4 ਜਾਂ ipv6 ਜਾਂ eb ਹੋਣਾ ਹੈ। ipv4 ਨਾਲ ਇਹ iptables ਲਈ " "ਹੋਵੇਗਾ, ipv6 ਨਾਲ ਇਹ ip6tables ਲਈ ਅਤੇ eb ਨਾਲ ਇਹ ਈਥਰਨੈੱਟ ਬਰਿੱਜਾਂ (ebtables) ਲਈ।" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "ਨਿਯਮਾਂ ਨਾਲ ਵਰਤਣ ਲਈ ਵਾਧੂ ਲੜੀਆਂ।" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "ਲੜੀ ਜੋੜੋ" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "ਲੜੀ ਸੋਧੋ" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "ਲੜੀ ਹਟਾਉ" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "ਲੜੀਆਂ" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "ਤਰਜੀਹ ਵਾਲੀ ਇੱਕ ਸਾਰਣੀ ਵਿੱਚ ਲੜੀ ਨਾਲ ਆਰਗੂਮੈਂਟਾਂ args ਨਾਲ ਇੱਕ ਨਿਯਮ ਜੋੜੋ" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "ਤਰਜੀਹ ਨਿਯਮਾਂ ਨੂੰ ਤਰਤੀਬ ਦੇਣ ਲਈ ਵਰਤੀ ਜਾਂਦੀ ਹੈ। ਤਰਜੀਹ 0 ਦਾ ਮਤਲਬ ਨਿਯਮ ਨੂੰ ਲੜੀ ਵਿੱਚ ਸਿਖਰ ਤੇ " "ਜੋੜੋ, ਵੱਡੀ ਤਰਜੀਹ ਨਾਲ ਨਿਯਮ ਹੋਰ ਥੱਲੇ ਜੋੜੇ ਜਾਣਗੇ। ਇੱਕੋ ਤਰਜੀਹ ਵਾਲੇ ਨਿਯਮ ਇੱਕੋ ਪੱਧਰ ਤੇ ਹਨ ਅਤੇ ਇਹਨਾਂ " "ਨਿਯਮਾਂ ਦੀ ਤਰਤੀਬ ਪੱਕੀ ਨਹੀਂ ਹੈ ਤੇ ਬਦਲ ਸਕਦੀ ਹੈ। ਜੇ ਤà©à¨¸à©€à¨‚ ਇਹ ਪੱਕਾ ਕਰਨਾ ਚਾਹà©à©°à¨¦à©‡ ਹੋ ਕਿ ਨਿਯਮ ਇੱਕ " "ਦੂਜੇ ਤੋਂ ਬਾਅਦ ਜੋੜੇ ਜਾਣਗੇ, ਪਹਿਲੇ ਲਈ ਘੱਟ ਅਤੇ ਬਾਅਦ ਵਾਲੇ ਲਈ ਵੱਡੀ ਤਰਜੀਹ ਵਰਤੋ।" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "ਨਿਯਮ ਜੋੜੋ" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "ਨਿਯਮ ਸੋਧੋ" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "ਨਿਯਮ ਹਟਾਉ" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "ਨਿਯਮ" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "ਪਾਸਥਰੂਅ ਨਿਯਮ ਸਿੱਧੇ ਫਾਇਰਵਾਲ ਤੱਕ ਲੰਘਾ ਦਿੱਤੇ ਜਾਂਦੇ ਹਨ ਅਤੇ ਖਾਸ ਲੜੀਆਂ ਵਿੱਚ ਨਹੀਂ ਰੱਖੇ ਜਾਂਦੇ। ਸਾਰੀਆਂ " "iptables, ip6tables ਅਤੇ ebtables ਚੋਣਾਂ ਵਰਤੀਆਂ ਜਾ ਸਕਦੀਆਂ।" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਪਾਸਥਰੂਅ ਨਿਯਮਾਂ ਨਾਲ ਸà©à¨šà©‡à¨¤ ਰਹੋ ਕਿਤੇ ਫਾਇਰਵਾਲ ਨੂੰ ਨà©à¨•à¨¸à¨¾à¨¨ ਨਾ ਪਹà©à©°à¨šà©‡à¥¤" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "ਪਾਸਥਰੂਅ ਜੋੜੋ" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "ਪਾਸਥਰੂਅ ਸੋਧੋ" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "ਪਾਸਥਰੂਅ ਹਟਾਉ" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "ਪਾਸਥਰੂਅ" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "ਤਾਲਾਬੰਦ ਗà©à¨£ ਫਾਇਰਵਾਲ-ਡੀ ਲਈ ਯੂਜ਼ਰ ਅਤੇ à¨à¨ªà¨²à©€à¨•à©‡à¨¶à¨¨ ਨੀਤੀਆਂ ਦਾ ਹਲਕਾ ਸੰਸਕਰਣ ਹੈ। ਇਹ ਫਾਇਰਵਾਲ-ਡੀ " "ਵਿੱਚ ਬਦਲਾਆਂ ਨੂੰ ਸੀਮਿਤ ਕਰਦਾ ਹੈ। ਤਾਲਾਬੰਦ ਵਾਈà©à¨¹à¨Ÿà¨²à¨¿à¨¸à¨Ÿ ਵਿੱਚ ਕਮਾਂਡਾਂ, ਪà©à¨°à¨¸à©°à¨—, ਯੂਜ਼ਰ ਅਤੇ ਯੂਜ਼ਰ idਆਂ ਹੋ " "ਸਕਦੀਆਂ ਹਨ।" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "ਪà©à¨°à¨¸à©°à¨— ਜੋੜੋ" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "ਪà©à¨°à¨¸à©°à¨— ਸੋਧੋ" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "ਪà©à¨°à¨¸à©°à¨— ਹਟਾਉ" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "ਪà©à¨°à¨¸à©°à¨—" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "ਜੇ ਵਾਈà©à¨¹à¨Ÿà¨²à¨¿à¨¸à¨Ÿ ਤੇ ਕੋਈ ਕਮਾਂਡ ਇੰਦਰਾਜ '*' ਨਾਲ ਖਤਮ ਹà©à©°à¨¦à¨¾ ਹੈ, ਤਾਂ ਕਮਾਂਡ ਨਾਲ ਸ਼à©à¨°à©‚ ਹà©à©°à¨¦à©€à¨†à¨‚ ਸਾਰੀਆਂ " "ਕਮਾਂਡ ਲਾਈਨਾਂ ਵੀ ਮੇਲ ਖਾਣਗੀਆਂ। ਜੇ '*' ਨਹੀਂ ਲੱਗਾ ਤਾਂ ਕਮਾਂਡ ਆਰਗੂਮੈਂਟਾਂ ਸਮੇਤ ਪੂਰੀ ਤਰà©à¨¹à¨¾à¨‚ ਮੇਲ ਖਾਂਦੀ " "ਹੋਣੀ ਜਰੂਰੀ ਹੈ।" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "ਕਮਾਂਡ ਲਾਈਨ ਜੋੜੋ" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "ਕਮਾਂਡ ਲਾਈਨ ਸੋਧੋ" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "ਕਮਾਂਡ ਲਾਈਨ ਹਟਾਉ" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "ਕਮਾਂਡ ਲਾਈਨਾਂ" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "ਯੂਜ਼ਰ ਨਾਂ।" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "ਯੂਜ਼ਰ ਨਾਂ ਜੋੜੋ" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "ਯੂਜ਼ਰ ਨਾਂ ਸੋਧੋ" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "ਯੂਜ਼ਰ ਨਾਂ ਹਟਾਉ" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "ਯੂਜ਼ਰ ਨਾਂ" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ਯੂਜ਼ਰ id-ਆਂ।" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "ਯੂਜ਼ਰ Id ਜੋੜੋ" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "ਯੂਜ਼ਰ Id ਸੋਧੋ" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "ਯੂਜ਼ਰ Id ਹਟਾਉ" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ਯੂਜ਼ਰ id-ਆਂ" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "ਸਿਸਟਮ ਦਾ ਮੌਜੂਦਾ ਮੂਲ ਜ਼ੋਨ।" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "ਖ਼ਲਬਲੀ ਮੋਡ:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "ਤਾਲਾਬੰਦ:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "ਮੂਲ ਜ਼ੋਨ:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "ਪੋਰਟ ਅਤੇ ਜਾਬਤਾ" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ਪੋਰਟ ਅਤੇ ਜਾਬਤਾ ਦਿਉ ਜੀ।" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "ਸਿੱਧਾ ਨਿਯਮ" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ipv ਅਤੇ ਸਾਰਣੀ, ਲੜੀ ਤਰਜੀਹ ਚà©à¨£à©‹ ਅਤੇ ਆਰਗੂਮੈਂਟ ਭਰੋ।" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "ਤਰਜੀਹ:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਇੱਕ ਜਾਬਤਾ ਭਰੋ।" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "ਹੋਰ ਜਾਬਤਾ:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "ਉੱਚ-ਪੱਧਰੀ ਨਿਯਮ" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਇੱਕ ਉੱਚ-ਪੱਧਰੀ ਨਿਯਮ ਭਰੋ।" #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "ਮੇਜਬਾਨ ਜਾਂ ਨੈੱਟਵਰਕ ਲਈ ਵਾਈà©à¨¹à¨Ÿ ਜਾਂ ਬਲੈਕ-ਲਿਸਟਿੰਗ ਤੱਤ ਨੂੰ ਗੈਰ-ਕਿਰਿਆਸ਼ੀਲ ਕਰਦਾ ਹੈ।" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "ਸਰੋਤ:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "ਟਿਕਾਣਾ:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "ਲੌਗ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ਆਡਿਟ:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 ਅਤੇ ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "ਪਲਟਾਇਆ" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "ਇਸ ਨੂੰ ਯੋਗ ਕਰਨ ਲਈ ਕਾਰਵਾਈ 'reject' ਅਤੇ ਟੱਬਰ ਜਾਂ ਤਾਂ 'ipv4' ਜਾਂ 'ipv6' (ਦੋਵੇਂ ਨਹੀਂ) ਹੋਵੇ।" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "ਕਿਸਮ ਨਾਲ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "ਹੱਦ ਨਾਲ:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "ਅਗੇਤਰ:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "ਪੱਧਰ:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "ਤੱਤ:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "ਕਾਰਵਾਈ:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "ਮà©à©±à¨¢à¨²à©€à¨†à¨‚ ਸੇਵਾ ਸੈਟਿੰਗਾਂ" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "ਮà©à©±à¨¢à¨²à©€à¨†à¨‚ ਸੇਵਾ ਸੈਟਿੰਗਾਂ ਸੰਰਚਿਤ ਕਰੋ:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਇੱਕ ਸੇਵਾ ਚà©à¨£à©‹à¥¤" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ਯੂਜ਼ਰ ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਯੂਜ਼ਰ id ਭਰੋ।" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "ਕਿਰਪਾ ਕਰ ਕੇ ਯੂਜ਼ਰ ਨਾਂ ਭਰੋ।" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "ਮੂਲ ਜ਼ੋਨ ਸੈਟਿੰਗਾਂ" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "ਮੂਲ ਜ਼ੋਨ ਸੈਟਿੰਗਾਂ ਦਿਉ ਜੀ:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "ਮੂਲ ਨਿਸ਼ਾਨਾ" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "ਨਿਸ਼ਾਨਾ:" firewalld-1.1.1/po/pl.po0000644000000000000000000017074514217342322015070 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Andrzej Olszewski , 2004 # Piotr DrÄ…g , 2007,2013-2014, 2020. # Tomasz Chrzczonowicz , 2009 # Tom Berner , 2005 # Tom Berner , 2004 # Piotr DrÄ…g , 2015. #zanata, 2020. # Piotr DrÄ…g , 2016. #zanata, 2020. # Piotr DrÄ…g , 2017. #zanata, 2020. # Eric Garver , 2018. #zanata # Piotr DrÄ…g , 2018. #zanata, 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-06-30 17:57+0000\n" "Last-Translator: Piotr DrÄ…g \n" "Language-Team: Polish \n" "Language: pl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2;\n" "X-Generator: Weblate 4.1.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Aplet zapory sieciowej" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Zapora sieciowa" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Konfiguracja zapory sieciowej" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" "zapora;sieciowa;ogniowa;firewall;sieć;sieci;network;bezpieczeÅ„stwo;" "zabezpieczenia;security;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Wybór strefy dla interfejsu „%sâ€" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "DomyÅ›lna strefa" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Wybór strefy dla poÅ‚Ä…czenia „%sâ€" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" "Ustawienie strefy {zone} dla poÅ‚Ä…czenia {connection_name} siÄ™ nie powiodÅ‚o" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Wybór strefy dla źródÅ‚a „%sâ€" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Konfiguracja stref ochrony wysyÅ‚ania/pobierania" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Tutaj można wybrać strefy używane do ochrony wysyÅ‚ania/pobierania." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Ta funkcja jest przydatna głównie dla użytkowników domyÅ›lnych stref. " "Przydatność dla użytkowników zmieniajÄ…cych strefy poÅ‚Ä…czeÅ„ może być " "ograniczona." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Strefa ochrony wysyÅ‚ania:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Przywróć domyÅ›lne" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Strefa ochrony pobierania:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "O programie %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Autorzy" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licencja" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Ochrona wysyÅ‚ania" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Powiadomienia" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Modyfikuj ustawienia zapory sieciowej…" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "ZmieÅ„ strefy poÅ‚Ä…czeń…" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Skonfiguruj strefy ochrony wysyÅ‚ania/pobierania..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Blokowanie caÅ‚ego ruchu sieciowego" #: ../src/firewall-applet.in:492 msgid "About" msgstr "O programie" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "PoÅ‚Ä…czenia" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfejsy" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "ŹródÅ‚a" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Upoważnienie siÄ™ nie powiodÅ‚o." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "NieprawidÅ‚owa nazwa" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Nazwa już istnieje" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Strefa: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (DomyÅ›lna strefa: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Uzyskanie poÅ‚Ä…czeÅ„ z usÅ‚ugi NetworkManager siÄ™ nie powiodÅ‚o" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Brak dostÄ™pnych importów usÅ‚ugi NetworkManager" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Brak poÅ‚Ä…czenia z usÅ‚ugÄ… zapory sieciowej" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "CaÅ‚y ruch sieciowy jest zablokowany." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "DomyÅ›lna strefa: „%sâ€" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "DomyÅ›lna strefa „{default_zone}†jest aktywna dla poÅ‚Ä…czenia „{connection}†" "na interfejsie „{interface}â€" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Strefa „{zone}†jest aktywna dla poÅ‚Ä…czenia „{connection}†na interfejsie " "„{interface}â€" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Strefa „{zone}†jest aktywna dla interfejsu „{interface}â€" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Strefa „{zone}†jest aktywna dla źródÅ‚a {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Brak aktywnych stref." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "NawiÄ…zano poÅ‚Ä…czenie z usÅ‚ugÄ… firewalld." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Utracono poÅ‚Ä…czenie z usÅ‚ugÄ… firewalld." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "Ponownie wczytano usÅ‚ugÄ™ firewalld." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Zmieniono domyÅ›lnÄ… strefÄ™ na „%sâ€." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Ruch sieciowy nie jest już zablokowany." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "aktywowana" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "dezaktywowana" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "DomyÅ›lna strefa „{default_zone}†zostaÅ‚a {activated_deactivated} dla " "poÅ‚Ä…czenia „{connection}†na interfejsie „{interface}â€" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Strefa „{zone}†zostaÅ‚a {activated_deactivated} dla poÅ‚Ä…czenia " "„{connection}†na interfejsie „{interface}â€" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "Strefa „{zone}†zostaÅ‚a {activated_deactivated} dla interfejsu „{interface}â€" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Strefa „%s†zostaÅ‚a aktywowana dla interfejsu „%sâ€" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Strefa „{zone}†{activated_deactivated} dla źródÅ‚a „{source}â€" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Strefa „%s†zostaÅ‚a aktywowana dla źródÅ‚a „%sâ€" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "NawiÄ…zano poÅ‚Ä…czenie z usÅ‚ugÄ… firewalld." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Próba poÅ‚Ä…czenia z usÅ‚ugÄ… firewalld, oczekiwanie…" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "PoÅ‚Ä…czenie z firewalld nie powiodÅ‚o siÄ™. Sprawdź, czy usÅ‚uga zostaÅ‚a " "poprawnie uruchomiona, i ponów próbÄ™." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Zastosowano zmiany." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Używane przez poÅ‚Ä…czenie sieciowe „%sâ€" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "DomyÅ›lna strefa używana przez poÅ‚Ä…czenie sieciowe „%sâ€" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "wÅ‚Ä…czone" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "wyÅ‚Ä…czone" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Wczytanie ikon siÄ™ nie powiodÅ‚o." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Kontekst" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Wiersz poleceÅ„" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nazwa użytkownika" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Identyfikator użytkownika" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabela" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "ÅaÅ„cuch" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priorytet" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumenty" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Uruchamianie" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "TrwaÅ‚e" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "UsÅ‚uga" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokół" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Do portu" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Do adresu" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "DowiÄ…zania" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Wpis" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Typ ICMP" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Rodzina" #: ../src/firewall-config.in:826 msgid "Action" msgstr "DziaÅ‚anie" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "ŹródÅ‚o" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Cel" #: ../src/firewall-config.in:834 msgid "log" msgstr "dziennik" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audyt" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interfejs" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Komentarz" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "ŹródÅ‚o" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Ostrzeżenie" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "BÅ‚Ä…d" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "akceptuj" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "odmów" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "odrzuć" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "Å›lad" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "ogranicz" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "usÅ‚uga" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokół" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maskarada" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "blokada-icmp" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "typ-icmp" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "przekierowywanie-portu" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "port-źródÅ‚owy" #: ../src/firewall-config.in:2097 msgid "level" msgstr "poziom" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "tak" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Strefa" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "DomyÅ›lna strefa: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Strefa: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Strefa „%sâ€: usÅ‚uga „%s†jest niedostÄ™pna." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "UsuÅ„" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Zignoruj" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Strefa „%sâ€: typ ICMP „%s†jest niedostÄ™pny." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Wbudowana strefa, zmiana nazwy nie jest obsÅ‚ugiwana." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "s" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "min" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "godz." #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dzieÅ„" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "awaria" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alarm" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "krytyczne" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "bÅ‚Ä…d" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "ostrzeżenie" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "uwaga" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "informacje" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debugowanie" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "IPv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "IPv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Przekierowywanie do innego systemu jest przydatne tylko, jeÅ›li interfejs " "jest za maskaradÄ™.\n" "UmieÅ›cić tÄ™ strefÄ™ za maskaradÄ…?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Wbudowana usÅ‚uga, zmiana nazwy nie jest obsÅ‚ugiwana." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "ProszÄ™ podać adres IPv4 w formie adres[/maska]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "Maska może być maskÄ… sieci lub numerem." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "ProszÄ™ podać adres IPv6 w formie adres[/maska]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "Maska jest numerem." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "ProszÄ™ podać adres IPv4 lub IPv6 w formie adres[/maska]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Maska może być maskÄ… sieci lub numerem dla IPv4.\n" "Maska jest numerem dla IPv6." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "Wbudowany zestaw adresów IP, zmiana nazwy nie jest obsÅ‚ugiwana." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "ProszÄ™ wybrać plik" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Pliki tekstowe" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Wszystkie pliki" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Wszystko" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Wbudowany moduÅ‚ pomocniczy, zmiana nazwy nie jest obsÅ‚ugiwana." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Wbudowane ICMP, zmiana nazwy nie jest obsÅ‚ugiwana." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Odczytanie pliku „%s†siÄ™ nie powiodÅ‚o: %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Wybór strefy dla źródÅ‚a %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adres" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatyczne moduÅ‚y pomocnicze" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "ProszÄ™ wybrać wartość automatycznych modułów pomocniczych:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "ProszÄ™ podać wiersz poleceÅ„." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "ProszÄ™ podać kontekst." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "ProszÄ™ wybrać domyÅ›lnÄ… strefÄ™ systemu z poniższej listy." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "BezpoÅ›redni Å‚aÅ„cuch" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ProszÄ™ wybrać ipv i tablicÄ™ oraz podać nazwÄ™ Å‚aÅ„cucha." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "ÅaÅ„cuch:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "zabezpieczenia" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tablica:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "ReguÅ‚a bezpoÅ›redniego przejÅ›cia" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ProszÄ™ wybrać ipv i podać parametry." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Parametry:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Przekierowanie portów" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "ProszÄ™ wybrać wymagane opcje źródÅ‚owe i docelowe." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port/zakres portów:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Adres IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokół:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Cel" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "JeÅ›li wÅ‚Ä…czono lokalne przekierowanie, to należy podać port. Ten port musi " "być różny od portu źródÅ‚owego." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokalne przekierowanie" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Przekierowanie do innego portu" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Ustawienia podstawowego moduÅ‚u pomocniczego" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "ProszÄ™ skonfigurować ustawienia podstawowego moduÅ‚u pomocniczego:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Pogrubione wpisy sÄ… obowiÄ…zkowe, wszystkie pozostaÅ‚e sÄ… opcjonalne." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nazwa:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Wersja:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Krótkie:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Opis:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Rodzina:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "ModuÅ‚:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "ModuÅ‚ pomocniczy" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "ProszÄ™ wybrać moduÅ‚ pomocniczy:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Podstawowe ustawienia typu ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "ProszÄ™ skonfigurować podstawowe ustawienia typu ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Typ ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ProszÄ™ wybrać typ ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Dodaj wpis" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Dodaj wpisy z pliku" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "UsuÅ„ zaznaczony wpis" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "UsuÅ„ wszystkie wpisy" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "UsuÅ„ wpisy z pliku" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Plik" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opcje" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Ponownie wczytaj usÅ‚ugÄ™ firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Ponownie wczytuje reguÅ‚y zapory sieciowej. Bieżąca trwaÅ‚a konfiguracja " "stanie siÄ™ nowÄ… konfiguracjÄ… uruchamiania. Oznacza to, że wszystkie zmiany " "uruchamiania wprowadzone przed ponownym wczytaniem zostanÄ… utracone, jeÅ›li " "nie znajdujÄ… siÄ™ także w trwaÅ‚ej konfiguracji." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Zmiana strefy, do której należy poÅ‚Ä…czenie sieciowe." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "ZmieÅ„ domyÅ›lnÄ… strefÄ™" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Zmiana domyÅ›lnej strefy dla poÅ‚Ä…czeÅ„ lub interfejsów." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "ZmieÅ„ dziennik odmów" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "ZmieÅ„ wartość dziennika odmów." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Skonfiguruj przypisanie automatycznego moduÅ‚u pomocniczego" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Skonfiguruj ustawienia przypisania automatycznego moduÅ‚u pomocniczego." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Tryb paniki oznacza, że wszystkie pakiety przychodzÄ…ce i wychodzÄ…ce sÄ… " "odrzucane." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Tryb paniki" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Blokada blokuje konfiguracjÄ™ zapory sieciowej, wiÄ™c tylko programy na biaÅ‚ej " "liÅ›cie blokady mogÄ… jÄ… zmieniać." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Blokada" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "TrwaÅ‚a konfiguracja podczas uruchamiania" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Uruchamianie na staÅ‚e" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Widok" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "Zestawy adresów IP" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Typy ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "ModuÅ‚y pomocnicze" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "BezpoÅ›rednia konfiguracja" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "BiaÅ‚a lista blokady" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktywne dowiÄ…zania" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "Pomo_c" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "ZmieÅ„ strefÄ™" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "ZmieÅ„ strefÄ™ dowiÄ…zania" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Ukrycie aktywnych dowiÄ…zaÅ„ czasu uruchamiania poÅ‚Ä…czeÅ„, interfejsów i źródeÅ‚ " "do stref" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "WyÅ›wietlenie aktywnych dowiÄ…zaÅ„ czasu uruchamiania poÅ‚Ä…czeÅ„, interfejsów " "i źródeÅ‚ do stref" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Konfiguracja:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Obecnie widoczna konfiguracja. Konfiguracja podczas uruchamiania jest " "wÅ‚aÅ›ciwÄ… aktywnÄ… konfiguracjÄ…. TrwaÅ‚a konfiguracja stanie siÄ™ aktywnÄ… po " "ponownym wczytaniu albo uruchomieniu usÅ‚ugi lub systemu." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Strefa usÅ‚ugi firewalld okreÅ›la poziom zaufania dla poÅ‚Ä…czeÅ„ sieciowych, " "interfejsów i adresów źródÅ‚owych powiÄ…zanych ze strefÄ…. Strefa Å‚Ä…czy usÅ‚ugi, " "porty, protokoÅ‚y, maskarady, przekierowywanie portów/pakietów, filtry ICMP " "i zÅ‚ożone reguÅ‚y. Strefa może być także powiÄ…zana z interfejsami i adresami " "źródÅ‚owymi." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Dodaj strefÄ™" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Modyfikuj strefÄ™" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "UsuÅ„ strefÄ™" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Wczytaj domyÅ›lne ustawienia strefy" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Tutaj można okreÅ›lić zaufane usÅ‚ugi w strefie. Zaufane usÅ‚ugi sÄ… dostÄ™pne ze " "wszystkich komputerów i sieci, które mogÄ… osiÄ…gnąć ten komputer z poÅ‚Ä…czeÅ„, " "interfejsów i źródeÅ‚ powiÄ…zanych z tÄ… strefÄ…." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "UsÅ‚ugi" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Dodanie dodatkowych portów lub zakresów portów, które majÄ… być dostÄ™pne dla " "wszystkich komputerów i sieci, które mogÄ… Å‚Ä…czyć siÄ™ z tym komputerem." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Dodaj port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Modyfikuj port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "UsuÅ„ port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Porty" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Można dodać protokoÅ‚y, które majÄ… być dostÄ™pne dla wszystkich komputerów " "i sieci." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Dodaj protokół" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Modyfikuj protokół" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "UsuÅ„ protokół" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "ProtokoÅ‚y" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Dodanie dodatkowych portów lub zakresów portów źródÅ‚owych, które majÄ… być " "dostÄ™pne dla wszystkich komputerów i sieci, które mogÄ… Å‚Ä…czyć siÄ™ z tym " "komputerem." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Porty źródÅ‚owe" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Maskarada umożliwia ustawienie komputera lub routera Å‚Ä…czÄ…cego lokalny " "komputer z Internetem. Lokalna sieć nie bÄ™dzie widoczna i bÄ™dzie wystÄ™pować " "w Internecie jako jeden adres. MaskaradÄ™ można ustawić tylko dla IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Strefa maskarady" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "JeÅ›li wÅ‚Ä…czono maskaradÄ™, to przekierowanie IP zostanie wÅ‚Ä…czone dla sieci " "IPv4." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskarada" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Można dodać wpisy, aby przekierowywać porty w obrÄ™bie lokalnego systemu lub " "z lokalnego systemu do innego. Przekierowanie do innego systemu jest " "przydatne tylko, jeÅ›li interfejs jest za maskaradÄ…. Przekierowanie portów " "dziaÅ‚a tylko dla IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Dodaj port przekierowywania" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Modyfikuj port przekierowywania" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "UsuÅ„ port przekierowywania" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internetowy protokół kontroli komunikatów (ICMP) jest używany głównie do " "wysyÅ‚ania komunikatów bÅ‚Ä™dów miÄ™dzy komputerami sieciowymi, ale także " "dodatkowo do komunikatów informacyjnych, takich jak żądania i odpowiedzi " "ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Można zaznaczyć typy ICMP na liÅ›cie, które powinny być odrzucane. Wszystkie " "inne typy ICMP bÄ™dÄ… mogÅ‚y przechodzić przez zaporÄ™ sieciowÄ…. DomyÅ›lnie nie " "ma ograniczeÅ„." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "JeÅ›li filtr jest odwrócony, to oznaczone wpisy ICMP sÄ… akceptowane, " "a pozostaÅ‚e sÄ… odrzucane. W strefie z celem DROP sÄ… one odrzucane." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Odwróć filtr" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtr ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Tutaj można ustawić zÅ‚ożone reguÅ‚y dla strefy." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Dodaj zÅ‚ożonÄ… reguÅ‚Ä™" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Modyfikuj zÅ‚ożonÄ… reguÅ‚Ä™" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "UsuÅ„ zÅ‚ożonÄ… reguÅ‚Ä™" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "ZÅ‚ożone reguÅ‚y" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Dodanie wpisów do dowiÄ…zania interfejsów do strefy. JeÅ›li interfejs bÄ™dzie " "używany przez poÅ‚Ä…czenie, to strefa zostanie ustawiona na strefÄ™ podanÄ… " "w poÅ‚Ä…czeniu." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Dodaj interfejs" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Modyfikuj interfejs" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "UsuÅ„ interfejs" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Dodanie wpisów do dowiÄ…zania adresów źródÅ‚owych lub obszarów do strefy. " "Można także dowiÄ…zywać do źródÅ‚owych adresów MAC, ale z ograniczeniami — " "przekierowywanie portów i maskarada nie bÄ™dÄ… dziaÅ‚aÅ‚y." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Dodaj źródÅ‚o" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Modyfikuj źródÅ‚o" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "UsuÅ„ źródÅ‚o" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Strefy" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "UsÅ‚uga firewalld to poÅ‚Ä…czenie portów, protokołów, modułów i adresów " "docelowych." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Dodaj usÅ‚ugÄ™" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Modyfikuj usÅ‚ugÄ™" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "UsuÅ„ usÅ‚ugÄ™" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Wczytaj domyÅ›lne ustawienia usÅ‚ugi" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Można dodać dodatkowe porty lub zakresy portów, które majÄ… być dostÄ™pne dla " "wszystkich komputerów i sieci." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Modyfikuj wpis" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "UsuÅ„ wpis" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Można dodać dodatkowe porty lub zakresy portów źródÅ‚owych, które majÄ… być " "dostÄ™pne dla wszystkich komputerów i sieci." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Port źródÅ‚owy" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "ModuÅ‚y pomocnicze filtra sieci sÄ… wymagane przez niektóre usÅ‚ugi." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "ModuÅ‚y" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "JeÅ›li podano adresy docelowe, to wpis usÅ‚ugi zostanie ograniczony do adresu " "docelowego i typu. JeÅ›li oba wpisy sÄ… puste, to nie ma ograniczenia." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "UsÅ‚ugi mogÄ… być zmieniane tylko w widoku konfiguracji trwaÅ‚ej. Konfiguracja " "usÅ‚ug w czasie uruchamiania jest staÅ‚a." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Zestaw adresów IP może być używany do tworzenia biaÅ‚ych i czarnych list, " "i może przechowywać na przykÅ‚ad adresy IP, numery portów i adresy MAC. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "Zestaw adresów IP" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Dodaj zestaw adresów IP" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Modyfikuj zestaw adresów IP" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "UsuÅ„ zestaw adresów IP" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Wczytaj domyÅ›lny zestaw adresów IP" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Wpisy zestawu adresów IP. BÄ™dÄ… widoczne tylko wpisy zestawów nieużywajÄ…cych " "opcji czasu ograniczenia, a także tylko wpisy dodane przez usÅ‚ugÄ™ firewalld. " "Wpisy dodane bezpoÅ›rednio za pomocÄ… polecenia ipset nie bÄ™dÄ… widoczne." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Ten zestaw adresów IP używa opcji czasu oczekiwania, wiÄ™c wpisy nie sÄ… " "widoczne w tym miejscu. Powinny one być ustawiane bezpoÅ›rednio za pomocÄ… " "polecenia ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Dodaj" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Wpisy" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "Zestawy adresów IP mogÄ… być tworzone i usuwane tylko w widoku konfiguracji " "trwaÅ‚ej." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "icmptype dla firewalld dostarcza informacje o typach ICMP (Internet Control " "Message Protocol) usÅ‚udze firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Dodaj typ ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Modyfikuj typ ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "UsuÅ„ typ ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Wczytaj domyÅ›lne ustawienia typu ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "OkreÅ›la, czy ten typ ICMP jest dostÄ™pny dla IPv4 lub IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Typy ICMP mogÄ… być zmieniane tylko w widoku konfiguracji trwaÅ‚ej. " "Konfiguracja typów ICMP w czasie uruchamiania jest staÅ‚a." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "ModuÅ‚ pomocniczy Å›ledzenia poÅ‚Ä…czenia pomaga w dziaÅ‚aniu protokołów " "używajÄ…cych innych rodzajów sygnalizowania i przesyÅ‚ania danych. PrzesyÅ‚anie " "danych używa portów niepowiÄ…zanych z sygnalizowanym poÅ‚Ä…czeniem, wiÄ™c bez " "moduÅ‚u pomocniczego jest blokowane przez zaporÄ™ sieciowÄ…." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "ProszÄ™ okreÅ›lić porty lub zakresy portów monitorowane przez moduÅ‚ pomocniczy." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "BezpoÅ›rednia konfiguracja umożliwia bardziej bezpoÅ›redni dostÄ™p do zapory " "sieciowej. Te opcje wymagajÄ… od użytkownika znajomoÅ›ci podstawowych pojęć " "iptables, tzn. tablice, Å‚aÅ„cuchy, polecenia, parametry i cele. BezpoÅ›rednia " "konfiguracja powinna być używana tylko w ostatecznoÅ›ci, kiedy nie można użyć " "innych funkcji firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Parametr ipv każdej opcji musi wynosić ipv4, ipv6 lub eb. Parametr ipv4 " "bÄ™dzie używany dla iptables, ipv6 dla ip6tables, a eb dla mostków " "ethernetowych (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Dodatkowe Å‚aÅ„cuchy używane z reguÅ‚ami." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Dodaj Å‚aÅ„cuch" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Modyfikuj Å‚aÅ„cuch" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "UsuÅ„ Å‚aÅ„cuch" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "ÅaÅ„cuchy" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "Dodaje reguÅ‚Ä™ z parametrami do Å‚aÅ„cucha w tablicy z priorytetem." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Priorytet jest używany do porzÄ…dkowania reguÅ‚. Priorytet 0 oznacza dodanie " "reguÅ‚y na górze Å‚aÅ„cucha, reguÅ‚y o wyższym priorytecie bÄ™dÄ… dodawane niżej. " "ReguÅ‚y o tym samym priorytecie sÄ… na tym samym poziomie, a kolejność tych " "reguÅ‚ nie jest staÅ‚a i może ulec zmianie. Aby upewnić siÄ™, że reguÅ‚a " "zostanie dodana po innej, należy użyć niskiego priorytetu dla pierwszej, " "a wyższego dla drugiej." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Dodaj reguÅ‚Ä™" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Modyfikuj reguÅ‚Ä™" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "UsuÅ„ reguÅ‚Ä™" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "ReguÅ‚y" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "ReguÅ‚y przejÅ›cia sÄ… bezpoÅ›rednio przekazywane do zapory sieciowej i nie sÄ… " "umieszczane w specjalnych Å‚aÅ„cuchach. Wszystkie opcje iptables, ip6tables " "i ebtables mogÄ… być używane." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "ProszÄ™ zachować ostrożność przy reguÅ‚ach przejÅ›cia, aby nie uszkodzić zapory " "sieciowej." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Dodaj przejÅ›cie" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Modyfikuj przejÅ›cie" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "UsuÅ„ przejÅ›cie" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "PrzejÅ›cie" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Funkcja blokady jest lekkÄ… wersjÄ… polityk użytkownika i programów dla usÅ‚ugi " "firewalld. Ogranicza ona zmiany do zapory sieciowej. BiaÅ‚a lista blokady " "może zawierać polecenia, konteksty, użytkowników i ich identyfikatory." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Kontekst to kontekst zabezpieczeÅ„ (SELinux) uruchomionego programu lub " "usÅ‚ugi. Należy użyć polecenia ps -e --context, aby uzyskać kontekst " "uruchomionego programu." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Dodaj kontekst" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Modyfikuj kontekst" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "UsuÅ„ kontekst" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Konteksty" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "JeÅ›li wpis polecenia na biaÅ‚ej liÅ›cie koÅ„czy siÄ™ gwiazdkÄ… „*â€, to wszystkie " "wiersze poleceÅ„ zaczynajÄ…ce siÄ™ od danego polecenia bÄ™dÄ… pasowaÅ‚y. JeÅ›li „*†" "nie zostanie użyte, to polecenia bezwzglÄ™dne muszÄ… siÄ™ zgadzać." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Dodaj wiersz poleceÅ„" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Modyfikuj wiersz poleceÅ„" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "UsuÅ„ wiersz poleceÅ„" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Wiersze poleceÅ„" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Nazwy użytkowników." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Dodaj nazwÄ™ użytkownika" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Modyfikuj nazwÄ™ użytkownika" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "UsuÅ„ nazwÄ™ użytkownika" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Nazwy użytkowników" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Identyfikatory użytkowników." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Dodaj identyfikator użytkownika" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Modyfikuj identyfikator użytkownika" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "UsuÅ„ identyfikator użytkownika" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Identyfikatory użytkowników" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Bieżąca domyÅ›lna strefa systemu." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Dziennik odmów:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Tryb paniki:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatyczne moduÅ‚y pomocnicze:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Blokada:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "DomyÅ›lna strefa:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Wprowadź nazwÄ™ initerfejsu:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Podstawowe ustawienia zestawu adresów IP" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "ProszÄ™ skonfigurować podstawowe ustawienia zestawu adresów IP:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Typ:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Czas oczekiwania:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Rozmiar sumy kontrolnej:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maksymalna liczba elementów:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Czas oczekiwania w sekundach" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "PoczÄ…tkowy rozmiar sumy kontrolnej, domyÅ›lnie 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maksymalna liczba elementów, domyÅ›lnie 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "ProszÄ™ wybrać zestaw adresów IP:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Wprowadź wpis zestawu adresów IP:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Dziennik odmów" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "ProszÄ™ wybrać wartoÅ›ci dziennika odmów:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Åšlad" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "ProszÄ™ podać Å›lad z opcjonalnÄ… maskÄ…." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Pola Å›ladu i maski sÄ… 32-bitowymi szerokimi liczbami bez znaku." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Åšlad:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maska:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "ProszÄ™ wybrać moduÅ‚ pomocniczy „conntrack†filtra sieci:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Wybierz -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Inny moduÅ‚:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port i protokół" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ProszÄ™ podać port i protokół." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "ReguÅ‚a bezpoÅ›rednia" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "ProszÄ™ wybrać ipv i tablicÄ™, priorytet Å‚aÅ„cucha i podać parametry." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priorytet:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "ProszÄ™ podać protokół." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Inny protokół:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "ZÅ‚ożona reguÅ‚a" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "ProszÄ™ podać zÅ‚ożonÄ… reguÅ‚Ä™." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" "Aby dodać komputer lub sieć do listy dozwolonych lub zabronionych, należy " "dezaktywować element." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "ŹródÅ‚o:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Cel:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Dziennik:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audyt:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 i IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "odwrócone" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Aby to wÅ‚Ä…czyć, dziaÅ‚anie musi wynosić „rejectâ€, a rodzina „ipv4†lub " "„ipv6†(nie oba)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "z typem:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Z ograniczeniem:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Przedrostek:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Poziom:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "DziaÅ‚anie:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Podstawowe ustawienia usÅ‚ug" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "ProszÄ™ skonfigurować podstawowe ustawienia usÅ‚ug:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "ProszÄ™ wybrać usÅ‚ugÄ™." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Wprowadź źródÅ‚o." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Identyfikator użytkownika" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ProszÄ™ podać identyfikator użytkownika." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "ProszÄ™ podać nazwÄ™ użytkownika." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etykieta" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Podstawowe ustawienia strefy" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "ProszÄ™ skonfigurować podstawowe ustawienia strefy:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "DomyÅ›lny cel" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Cel:" firewalld-1.1.1/po/pt_BR.po0000644000000000000000000017151414217342322015456 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # ataliba , 2013 # ataliba , 2013 # Carlos Adean , 2013 # Cleiton Lima , 2013 # Cleiton Lima , 2013 # Daniel Brooke Peig , 2004 # Daniel Lara , 2013 # Daniel Lara , 2013 # David Barzilay , 2003-2004 # David Reis Jr , 2004-2005 # diegobz1 , 2006 # diegobz1 , 2006 # Fabio Viero , 2005 # Glaucia Freitas , 2010 # Glaucia Freitas , 2010,2014 # Igor Pires Soares , 2006-2009 # Marcelo Barbosa , 2013 # Marina Vieira , 2012 # Ramilton Costa Gomes Junior , 2013 # Rodrigo Padula de Oliveira , 2005-2006 # Taylon Silmer , 2010 # Valnir Ferreira Jr. , 2006-2007 # Daniel Lara , 2016. #zanata # Frederico Henrique Gonçalves Lima , 2017. #zanata # Mateus de Melo Santos , 2017. #zanata # Eric Garver , 2018. #zanata # Renan Marcos Ferreira , 2018. #zanata # Rafael Fontenelle , 2020. # Henrique Roberto Gattermann Mittelstaedt , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-12-01 02:35+0000\n" "Last-Translator: Henrique Roberto Gattermann Mittelstaedt \n" "Language-Team: Portuguese (Brazil) \n" "Language: pt_BR\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n > 1;\n" "X-Generator: Weblate 4.3.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Miniaplicativo do Firewall" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuração do Firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;rede;security;segurança;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Selecionar zona para interface '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona Padrão" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Selecione zona para conexão '%s'" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Falha ao definir o fuso {zone} para conexão{connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Selecionar zona para fonte '%s'" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Configurar Zonas para Levantar/Abaixar Escudos" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Aqui você pode selecionar as zonas utilizadas para Levantar os Escudos e " "Abaixar os Escudos." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Esse recurso é útil para pessoal que utilizam a zona padrão a maior parte do " "tempo. Para usuários que mudam a zona de conexão, ele pode ter uso limitado." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Levantar Escudos da Zona:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Restaurar para o padrão" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Abaixar Escudos da Zona:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Sobre %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Autores" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licença" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Levantar Escudos" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Habilitar Notificações" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Editar Configurações de Firewall..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Alterar as Zonas das Conexões..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Configurar Zonas para Levantar/Baixar Escudos..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Bloquear todo o tráfego de rede" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Sobre" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Conexões" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaces" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Fontes" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Falha de autorização." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Nome inválido" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Nome já existe" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Zona Padrão: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Falha ao obter conexões de NetworkManager" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Sem importações do NetworkManager disponíveis" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Sem conexão com o daemon do firewall" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Todo o tráfego de rede está bloqueado." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Zona Padrão: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona padrão '{default_zone}' ativo para conexão '{connection}' na interface " "'{interface}'" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zona '{zone}' ativada para conexão '{connection}' na interface '{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zona '{zone}' ativada para interface '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zona '{zone}' ativa para a fonte {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Não há zonas ativas." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Conexão com FirewallD estabelecida." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Conexão com FirewallD perdida." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "O FirewallD foi recarregado." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Zona padrão alterada para '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "O tráfego de rede não está mais sendo bloqueado." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "ativado" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "desativado" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Zona padrão '{default_zone}' {activated_deactivated} para a conexão " "'{connection}' na interface '{interface}'" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} para conexão '{connection}' na " "interface '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} ativada para interface '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zona '%s' ativada para interface '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zona '{zone}' {activated_deactivated} para fonte '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zona '%s' ativada para a fonte '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Conexão estabelecida com o firewalld." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Tentando conectar ao firewalld, aguardando..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Falha na conexão com o firewalld. Verifique se o serviço foi iniciado " "corretamente e tente de novo." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Alterações aplicadas." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Usado por conexão de rede \"%s\"" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Zona padrão utilizada pela conexão de rede '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "ativado" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "desabilitado" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Falha ao carregar ícones." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Contexto" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Linha de comando" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nome de usuário" #: ../src/firewall-config.in:244 msgid "User id" msgstr "ID do usuário" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabela" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Cadeia" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioridade" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argum." #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Tempo de Execução" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanente" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Serviço" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Porta" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocolo" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Para a porta" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Para o endereço" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Vinculações" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Entrada" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Tipo icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Família" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Ação" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elemento" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Auditoria" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Interface" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Comentário" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Origem" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Aviso" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Erro" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "aceitar" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "rejeitar" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "descer" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "marcar" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limite" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "serviço" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "porta" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocolo" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "mascaramento" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "porta-origem" #: ../src/firewall-config.in:2097 msgid "level" msgstr "nível" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "sim" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Zona Padrão: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zona: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona '%s': Serviço '%s' não está disponível." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Remover" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ignorar" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona '%s': tipo de ICMP '%s' não está disponível." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Zona embutida, renomeação não é suportada." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "segundo" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuto" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hora" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dia" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergência" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alerta" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "crítico" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "erro" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "aviso" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "aviso" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "depurar" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "O encaminhamento para outro sistema só é útil se a interface estiver " "mascarada. âŽ\n" "Você deseja marcarar esta zona?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Serviço embutido, renomeação não é suportada." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Por favor, insira um endereço ipv4 na forma de endereço[/mask]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "A máscara pode ser uma máscara de rede ou um número." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" "Por favor, insira um endereço ipv6 com o formulário de endereço [/mask]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "A máscara é um número." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" "Por favor, insira um endereço ipv4 ou ipv6 com o formulário de endereços [/" "mask]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "A máscara pode ser uma máscara de rede ou um número para ipv4.\n" "A máscara é um número para ipv6." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "IPset embutido, renomeação não é suportada." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Por favor selecione um arquivo" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Arquivos texto" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Todos os arquivos" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Tudo" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Auxiliar embutido, renomeação não é suportada." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "icmp embutido, renomeação não é suportada." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Falha ao ler o arquivo '%s': %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Selecione zona de fonte '%s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Endereço" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Assistentes Automáticos" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Por favor, selecione o valor dos assistentes automáticos:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Por favor insira a linha de comando." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Por favor insira o contexto." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Por favor seleccione zona padrão na lista abaixo." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Corrente Direta" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Por favor selecione ipv e tabela e digite o nome da corrente." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Corrente:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "segurança" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabela:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Regra Direta de Repasse" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Por favor selecione ipv e entre com os argumentos." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argumentos:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Encaminhamento de portas" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Por favor, selecione as opções de origem e destino de acordo com as suas " "necessidades." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Porta / Intervalo de portas:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Endereço IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocolo:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destino" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Se você habilitar o encaminhamento local, terá que especificar uma porta. " "Essa porta tem que ser diferente da porta de origem." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Encaminhamento local" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Encaminhar para outra porta" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Configurações do Assistente Base" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Por favor, faça as configurações do assistente base:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Entradas em negrito são obrigatórias, todas as outras são opcionais." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nome:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versão:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Abreviação:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Descrição:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Família:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Módulo:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Assistente" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Por favor, selecione um assistente:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Configuração dos tipos de ICMP base" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Por favor configure os tipos de ICMP base:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Tipo de ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Por favor, selecione um tipo de ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Adicionar entrada" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Adicionar Entradas do Arquivo" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Remover Entrada Selecionada" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Remover Todas as Entradas" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Remover Entradas do Arquivo" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Arquivo" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opções" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Recarregar Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Recarrega as regras do firewall. A configuração permanente atual se tornará " "uma configuração de tempo de execução nova, ou seja, as alterações aplicadas " "somente à configuração de tempo de execução feitas até a recarga são " "perdidas, caso não estejam na configuração permanente também." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Altera a zona que uma conexão de rede pertence." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Mudar Zona Padrão" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Altera a zona padrão para conexão ou interface." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Modificação do log negada" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Modificação do valor do log negada." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Configurar Atribuição Automática de Ajuda" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Configurar a definição de Atribuição Automática de Ajuda." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "O Modo Pânico significa que todos os pacotes de entrada e saída são " "ignorados." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Modo de Pânico" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "A configuração de bloqueio permite que a configuração do firewall seja " "alterada apenas pelos aplicativos na lista de permissões de bloqueio." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Bloqueio" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Torna permanente a configuracao de tempo de execução" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Tempo de Execução Para Permanente" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Visão" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Tipos de ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Assistentes" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Configuração Direta" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Bloquear Lista de Permissões" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Vinculações Ativas" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Ajuda" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Mudar Zona" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Mudar zona de vinculação" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Ocultar vinculações ativas de conexões em tempo de execução, interfaces e " "origens para zonas" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Exibir vinculações ativas de conexões em tempo de execução, interfaces e " "origens para zonas" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuração:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Configuração atualmente visível. A configuração de tempo de execução é a " "atual configuração ativa. A configuração permanente será ativada após o " "serviço ou o sistema ser recarregado ou reiniciado." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "A zona firewalld define o nível de confiança para as conexões de rede, " "interfaces e endereços de origem associados à zona. A zona combina serviços, " "portas, protocolos, mascaramento, encaminhamento de pacote/porta, filtros " "ICMP e regras valiosas. A zona pode estar associada a interfaces e endereços " "de origem." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Adicionar Zona" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Editar Zona" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Remover Zona" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Carregar padrões da zona" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Aqui você pode definir quais serviços são confiáveis dentro da zona. Os " "serviços confiáveis são acessíveis a partir de quaisquer equipamentos e " "redes que podem chegar até a máquina a partir de conexões, interfaces e " "origens associadas a esta zona." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Serviços" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Incluir portas adicionais ou intervalos de portas que precisam estar " "acessíveis a todos os hosts ou redes que podem conectar-se à máquina." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Adicionar Porta" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Editar Zona" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Remover Zona" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portas" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Adicionar protocolos que precisam estar acessíveis para todos os hosts ou " "redes." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Adicionar Protocolo" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Editar Protocolo" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Remover Protocolo" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protocolos" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Incluir portas de origem adicionais ou intervalos de portas que precisam " "estar acessíveis a todos os hosts ou redes que podem conectar-se à máquina." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Portas de Origem" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "O uso de mascaramento permite que você configure um host ou roteador que " "conecta a sua rede local à internet. A sua rede local não estará visível e " "os hosts aparecerão como um único endereço na internet. O uso de " "mascaramento é somente para IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zona de mascaramento" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Se você habilitar o uso de mascaramento, o encaminhamento IP também será " "habilitado para as suas redes IPv4." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Mascaramento" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Adicione entradas para o encaminhamento de portas tanto de uma porta para " "outra no sistema local, quanto do sistema local para outro sistema. O " "encaminhamento para outro sistema só é útil se a interface estiver " "mascarada. O encaminhamento de portas é somente para IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Adicionar Redirecionamento de Porta" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Editar Redirecionamento de Porta" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Remover Redirecionamento de Porta" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "O Protocolo ICMP (Internet Control Message Protocol) é usado para enviar " "mensagens de erro entre computadores em rede, assim como para enviar " "mensagens informacionais, como solicitações e respostas de ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Marque na lista os tipos de ICMP que devem ser rejeitados. Todos os outros " "tipos serão permitidos passar pelo firewall. O padrão é não haver limitações." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Se o Filtro Inverter está habilitado, entradas marcadas ICPM são aceitas e " "as outras são rejeitadas. Em uma zona com o alvo DROP, elas serão rejeitadas." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Inverter Filtro" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtro ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Aqui você pode obter regras de linguagem valiosa para a zona." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Adicionar Regra Valiosa" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Editar Regra Valiosa" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Remover Regra Valiosa" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Regra Valiosa" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Adicione entradas para associar interfaces à zona. Se a interface for usada " "por uma conexão, a zona será definida como especificado na conexão." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Adicionar interface" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Editar interface" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Remover interface" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Adicione entradas para associar endereços de origem ou áreas à zona. Você " "pode também fazer a associação a um endereço de origem MAC, mas com " "limitações. O encaminhamento de portas e a aplicação de mascaramento não " "funcionarão para as associações de origem MAC." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Adicionar Origem" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Editar Origem" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Remover Origem" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zonas" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Um serviço firewalld é uma combinação de portas, protocolos, módulos e " "endereços de destino." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Adicionar Serviço" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Editar Serviço" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Remover Serviço" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Carregar Padrões do Serviço" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Incluir portas adicionais ou intervalos de portas que precisam estar " "acessíveis a todos os hosts ou redes." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Editar entrada" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Remover entrada" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Incluir portas de origem adicionais ou intervalos de portas que precisam " "estar acessíveis a todos os hosts ou redes." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Porta de Origem" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Módulos assistentes do Netfilter são necessários para alguns serviços." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Módulos" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Se você especificar endereços de destino, a entrada do serviço será limitada " "ao tipo e ao endereço de destino. Se ambas as entradas estiverem vazias, não " "existe limitação." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Os serviços só podem ser alterados na visualização da configuração " "permanente. A configuração de tempo de execução dos serviços é fixa." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Um IPSet pode ser usado para criar listas brancas ou negras e pode " "armazenar, por exemplo, endereços de IP, números de portas ou endereços MAC. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Adicionar IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Editar IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Remover IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Carregar IPSets padrões" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Entradas de IPSets. Você só será capaz de ver as entradas de ipsets que não " "estão utilizando a opção de tempo limite, além das entradas que foram " "adicionadas pelo firewalld. Entradas que foram diretamente adicionadas com o " "comando ipset não estarão listadas aqui." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Este IPSet utiliza a opção de limite de tempo, portanto nenhuma entrada é " "visível aqui. As entradas devem ser atendidas diretamente pelo comando ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Adicionar" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Entradas" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSets podem somente ser criados ou removidos na visualização de " "configurações permanentes." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Um firewalld tipo icmp fornece as informações para um tipo de Internet " "Control Message Protocol (ICMP) para o firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Adicionar tipo ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Editar tipo ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Remover Tipo ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Carregando os tipos de ICMP padrão" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Especificar se este tipo ICMP está disponível para IPv4 e/ou IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Tipos de ICMP só pode ser alterado na visão de configuração permanente. A " "configuração do tempo de execução de tipos de ICMP é fixo." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Um assistente de rastreio de conexão está auxiliando a fazer com que os " "protocolos que estão usando diferentes fluxos para sinalização e " "transferência de dados funcionem. As transferências de dados estão usando " "portas que não estão relacionadas à conexão de sinalização e, portanto, são " "bloqueadas pelo firewall sem o assistente." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Definir portas ou intervalo de portas; que são monitoradas pelo assistente." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "A configuração direta oferece um acesso mais direto ao firewall. Essas " "opções requerem que o usuário saiba os conceitos básicos do iptables, ou " "seja, tabelas, correntes, comandos, parâmetros e alvos. Configuração direta " "deve ser usado apenas como último recurso, quando não é possível usar outros " "recursos firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "O argumento IPV de cada opção tem de ser IPv4 ou IPv6 ou eb. Com IPv4 será " "para iptables, com ipv6 para ip6tables e com eb para bridges ethernet " "(ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Cadeias adicionais para uso com regras." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Adicione Corrente" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Edite Corrente" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Remova Corrente" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Correntes" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Adicionar uma regra com o argumento args para uma cadeia em uma tabela com " "uma prioridade." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "A prioridade é usado para ordenar as regras. Prioridade 0 significa " "adicionar regra no topo da cadeia, com prioridade maior a regra será " "adicionada mais abaixo. Regras com a mesma prioridade estão no mesmo nível e " "a ordem destas regras não é fixo e pode mudar. Se você quiser ter certeza de " "que a regra será adicionada após outro, use uma prioridade baixa para o " "primeiro e maior para o seguinte." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Adicionar Regra" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Editar Regra" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Remover Regra" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regras" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "As regras de repasse são diretamente repassados para o firewall e não são " "colocados em correntes especiais. Todos iptables, ip6tables e opções " "ebtables podem ser usados." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Por favor tenha cuidado com as regras de repasse para não danificar o " "firewall." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Adicionar Repasse" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Editar Repasse" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Remover Repasse" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Repasse" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "O recurso de bloqueio é uma versão light de políticas de usuário e " "aplicativo para firewalld. Limita alterações no firewall. O bloqueio de " "whitelist pode conter comandos, contextos, usuários e IDs de usuário." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "O contexto é o contexto (SELinux) de segurança da execução de um aplicativo " "ou serviço. Para obter o contexto da execução de um aplicativo use ps -e " "--context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Adicionar Contexto" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Editar Contexto" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Remover Contexto" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contextos" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Se uma entrada de comando na whitelist termina com um asterisco '*', então " "todas as linhas de comando começando com o comando irá corresponder. Se o " "'*' não há argumentos, inclusive o comando absoluto devem corresponder." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Adicionar Linha de Comando" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Editar Linha de Comando" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Remover Linha de Comando" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Linhas de comando" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Nomes de usuários." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Adicionar Nome de Usuário" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Editar Nome de Usuário" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Remover Nome de Usuário" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Nome de usuários" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Ids dos usuários." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Adicionar ID Usuário" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Editar ID Usuário" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Remover ID Usuário" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Ids dos usuários" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Zona padrão atual do sistema." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Log negado:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Modo de Pânico:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Assistentes Automáticos:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Bloqueio:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zona Padrão:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Inserir nome da interface:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Configurações base de IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Por favor, configure ipset base:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tipo:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Tempo limite:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Tamanho de Hash:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Valor de limite de tempo em segundos" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Tamanho inicial de hash, padrão 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Número máximo de elementos, padrão 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Por favor, selecione um ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Inserir entrada ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Log negado" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Por favor, escolha o valor de log negado:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Marcação" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Por favor, insira uma marcação com uma máscara opcional." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "A marcação e os campos de máscara são ambos números de 32 bits de largura " "sem sinais." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Marcação:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Máscara:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Por favor, selecione um assistente netfilter conntrack:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Selecione -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Outro Módulo:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Porta e protocolo" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Por favor entre com uma porta e protocolo." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Regra Direta" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Por favor selecione ipv e tabela, prioridade da cadeia e insira os " "argumentos." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioridade:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Por favor insira um protocolo." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Outro Protocolo:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Regra Valiosa" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Por favor insira uma regra valiosa." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "Para permitir ou negar um host ou rede, desative o elemento." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Origem:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destino:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Auditoria:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 e IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "inverso" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Para habilitar isto, o Action precisa estar definido como 'reject' e Family " "como 'ipv4' ou 'ipv6' (não como ambos)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "com Tipo:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Com limite:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefixo:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Nível:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Elemento:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Ação:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Configurações do serviço base" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Por favor configure o serviço base:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Por favor selecione um serviço." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Insira uma origem." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ID Usuário" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Por favor insira o id do usuário." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Por favor insira o nome do usuário." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "rótulo" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Configurações da Zona Base" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Por favor configure a zona base:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Alvo Padrão" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Alvo:" firewalld-1.1.1/po/pt.po0000644000000000000000000015445314217342322015076 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Pedro Marques Daniel , 2013 # Pedro Marques Daniel , 2013 # Rui Gouveia , 2010 # Miguel Sousa , 2015. #zanata # Manuela Silva , 2019. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2019-09-07 12:26+0000\n" "Last-Translator: Manuela Silva \n" "Language-Team: Portuguese (http://www.transifex.com/projects/p/firewalld/" "language/pt/)\n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Míni aplicação de Firewall" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Configuração da Firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;rede;segurança;tabelas de ip;filtro de rede;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Selecione zona para interface '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona por defeito" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Selecione zona para a ligação '%s'" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Selecione zona para a fonte '%s'" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Redefinir para Predefinições" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Sobre %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Autores" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licença" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Ativar Notificações" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Editar Opções da Firewall..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Modificar Zonas de Ligações..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Bloquear todo o tráfego da rede" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Sobre" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Ligações" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Interfaces" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Fontes" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autorização falhou." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Nome inválido" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "O nome já existe" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zona: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Zone predefinida: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Falha ao obter as ligações do Gestor de Redes" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Sem ligação ao daemon da firewall" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Todo o tráfego da rede está bloqueado." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Zona predefinida: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zona '{zone}' ativa para a ligação '{connection}' na interface '{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zona '{zone}' ativa para a interface '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zona '{zone}' ativa para a fonte {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Sem zonas ativas." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Estabelecida ligação para FirewallD." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Ligação perdida para FirewallD." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD foi recarregada." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Zona predefinida alterada para '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "O tráfico de rede já não está bloqueado." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "ativado" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "desativado" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zona '{zone}' {activated_deactivated} para conexão '{connection}' na " "interface '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zona '{zone}' {activated_deactivated} para interface '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zona '%s' ativada para interface '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zona '{zone}' {activated_deactivated} para fonte '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zona '%s' ativada para fonte '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Estabelecida a ligação para a firewall" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "A tentar ligar à firewalld, a aguardar..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Não foi possível ligar à firewalld. Por favor, certifique-se que o serviço " "foi iniciado corretamente e tente novamente." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Alterações aplicadas." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Utilizado pela ligação de rede '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Zona predefinida utilizada pela ligação de rede '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "ativado" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "desativado" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "O carregamento de ícones falhou." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Contexto" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Linha de comandos" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Nome de utilizador" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Id. do Utilizador" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabela" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Cadeia" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioridade" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumentos" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Tempo de execução" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanente" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Serviço" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Porta" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocolo" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Para Porta" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Para Endereço:" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Tipo Icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Família" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Ação" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Elemento" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Dest" #: ../src/firewall-config.in:834 msgid "log" msgstr "log" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Fonte" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Aviso" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Erro" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "aceite" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "rejeitar" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "cair" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limite" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "serviço" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "porta" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protocolo" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "mascarada" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "nível" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "sim" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zona" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zona '%s': Serviço '%s' indisponível." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Remove" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ignora" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zona '%s': ICMP tipo '%s' indisponível." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Zona construida internamente, renomear não suportado." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "segundo" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuto" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hora" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dia" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergência" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alerta" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "crítico" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "erro" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "aviso" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "nota" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "debug" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Forwarding para outro sistema só é útil se a interface estiver mascarada.\n" "Quer mascarar esta zona?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Serviço pré-definido, não é possível renomear." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "icmp pré-definido, não é possível renomear." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Selecione zona para fonte %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Endereço" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Por favor insira a linha de comando" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Por favor insira o contexto" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Por favor selecione a zona por defeito da lista abaixo." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Corrente Direta" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Por favor selecione tabela e ipv e insira nome da corrente." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Corrente:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "segurança" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabela:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Regra de passagem direta" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Por favor selecione ipv e insira args." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Args:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Reencaminhamento de Porta" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Por favor, seleccione as opções de origem e destino de acordo com as suas " "necessidades." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Porta / Intervalo de portas:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Endereço IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protocolo:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destino" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Se ativar reencaminhamento local, tem de especificar uma porta. Esta porta " "tem de ser diferente da porta de origem." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Reencaminhamento local" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Reencaminhar para outra porta" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Entradas a negrito são obrigatórias, todas as outras são opcionais." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Nome:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Versão:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Curta:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Descrição:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Família:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Definições Base de Tipo ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Por favor configure definições base de tipo ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Tipo ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Por favor selecione um tipo ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Adicionar Entrada" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Ficheiro" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Opções" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Recarregar FireweallD" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Recarrega as regras da firewall. A atual configuração permanent vai tornar-" "se a configuração runtime. i.e. todas as mudanças nas regras na configuração " "runtime são perdidas com o recarregar se não estiverem também na " "configuração permanent." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Modifica a zona a qual uma conexão de rede pertence." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Modifica Zona por Defeito" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Modifica zona por defeito para conexões e interfaces." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "O modo de pânico significa que todos os pacotes de entrada e saída são " "caídos." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Modo de Pânico" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Lockdown fecha a configuração da firewall para que apenas as aplicações na " "lockdown whitelist possam modificá-la." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Lockdown" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Fazer a configuração runtime permanent" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Runtime para Permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Ver" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Tipos ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Configuração Direta" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Lockdown Whitelist" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Ajuda" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Configuração:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Configuração visível atual. Configuração runtime é a configuração atualmente " "ativa. Configuração permanent ficará ativa após reinicio de serviço ou " "sistema." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Uma zona firewall define o nível de confiança nas conexões de rede, " "interfaces e endereços de fontes no limite da zona. A zona combina serviços, " "postas, protocolos, mascaras, rencaminhamento de porta/pacote, filtros icmp " "e regras ricas. A zona pode ser limitada a interfaces e endereços de fontes." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Adicionar Zona" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Editar Zona" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Remover Zona" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Carrega Zona por Defeito" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Aqui pode definir quais os serviços que são confiáveis na zona. Os serviços " "confiáveis são acessíveis de todos os hospedeiros e redes que podem alcançar " "a maquina a partir das ligações, interfaces e fontes no limite desta zona." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Serviços" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Adicione portas ou intervalo de portas, que devem estar disponíveis para " "todos os hospedeiros ou redes que podem ligar-se à maquina." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Adiciona Porta" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Edita Porta" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Remove Porta" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portas" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Adicione protocolos que devem estar acessíveis para todos os hospedeiros ou " "redes." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Adicione portas fonte adicionais ou intervalos de porta que devem estar " "acessíveis para todos os hospedeiros ou redes que podem ligar à máquina." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 #, fuzzy msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Masquerading permite configurar uma máquina ou router que liga a sua rede " "local à Internet. A sua rede local não será visível e as máquinas aparecem " "na Internet com um único endereço. Masquerading é válido apenas em IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Zona Mascarada" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Se ativar as omascarar, o reencaminhamento de IP será ativado para o seu IPv4" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Mascarar" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Adicione entradas ao reencaminhamento de portas de uma porta para outra no " "sistema local ou do sistema local para outro sistema. O reencaminhamento " "para outro sistema só é útil se o interface estiver configurado como " "mascarado. O reencaminhamento de portas só é suportado em IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Adiciona Porta de Reencaminhamento" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Edita Porta de Reencaminhamento" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Remove Porta de Reencaminhamento" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "O protocolo ICMP (Internet Control Message Protocol) é utilizado " "principalmente para enviar mensagens de erro entre computadores em rede, mas " "adicionalmente para mensagens informativas como pedidos e respostas de ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Marque os tipos ICMP, na lista, que devem ser rejeitados. Todos os outros " "tipos ICMP serão permitidos na firewall. Por omissão não existem limitações." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filtro ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Aqui pode definir regras de língua ricas para a zona." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Adiciona Regra Rica" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Edita Regra Rica" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Remove Regra Rica" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Regras Ricas" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Adiciona entradas para vincular interfaces à zona. Se o interface vai se " "utilizado por uma conexão, a zona vai ser definida como a zona especificada " "na conexão." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Adiciona Interface" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Edita Interface" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Remove Interface" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Adiciona Fonte" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Edita Fonte" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Remove Fonte" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zonas" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Um serviço firewall é uma combinação de portas, protocolos, módulos e " "endereços de destino." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Adicionar Serviço" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Editar Serviço" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Remover Serviço" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Carrega Padrão de Serviço" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Editar Entrada" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Remover entrada" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Módulos" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Se especificar endereços de destino, a entrada de serviço vai ser limitada " "ao endereço e tipo de destino. Se ambas as entradas estiverem vazias, não " "existe limite." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Serviços apenas podem ser modificados ca vista de configuração permant. A " "configuração runtime de serviços é fixa." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Um icmtype firewalld dá a informação para um tipo Internet Control Message " "Protocol (ICMP) para firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Adiciona Tipo ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Edita Tipo ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Remove Tipo ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Carrega Tipo ICMP por Defeito" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Especifique se este Tipo ICMP está disponível para IPv4 e/ou IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Tipos ICMP apenas podem ser modificados na visão de configuração permanent. " "A configuração runtime de Tipos ICMP é fixa." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "A configuração direta dá um acesso mais direto à firewall. Estas opções " "requerem que o utilizador conheça conceitos básicos de iptables, i.e., " "tables, correntes, comandos, parametros e alvos. Configuração direta deverá " "apenas ser utilizada como último recurso quando não é possivel utilizar " "outras funcionalidades da firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "O argumento ipv de cada opção tem de ser ipv4 ou ipv6 ou eb. Com ipv4 será " "para iptables, com ipv6 e com eb para pontes ethernet (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Correntes adicionais para utilizar com regras." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Adiciona Corrente" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Edita Corrente" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Remove Corrente" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Correntes" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Adiciona uma regra com argumentos args a uma corrente numa tabela com uma " "prioridade." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "A prioridade é utilizada para ordenar regras. Prioridade 0 significa que " "adiciona a regra no topo da corrente, com uma prioridade mais elevada a " "regra será adicionada mais abaixo. Regras com a mesma prioridade estão ao " "mesmo nível e a ordem destas regras não está fixa e pode mudar. Se quiser " "ter a certeza que uma regra é inserida após outra regra, utilize uma " "prioridade mais baixa para a primeira e uma mais alta para a seguinte." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Adiciona Regra" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Edita Regra" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Remove Regra" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regras" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "A regras de passthrough são passadas diretamente para a firewall e não " "adicionadas em correntes especiais. Podem ser utilizadas todas as opções das " "iptables, ip6tables e ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Por favor tenha cuidado com regras passthrough para uqe não danifiquem a " "firewall." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Adiciona Passthrough" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Edita Passthrough" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Remove Passthrough" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Passthrough" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "A funcionalidade lockdown é uma versão leve de políticas de utilizador e " "aplicações da firewalld. Limita modificações à firewall. A lockdown " "whitelist pode conter correntes, comandos, contextos, utilizadores e ids de " "utilizador." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Adiciona Contexto" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Edita Contexto" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Remove Contexto" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Contextos" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Se uma entrada de comando numa whitelist acaba com um asterisco '*', então " "todas as linhas de comando iniciadas com o comando combinam. Se o '*' não " "estiver aí o comando absoluto inclusive argumentos devem ser iguais." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Adiciona Comando de Linha" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Edita Comando de Linha" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Remove Comando de Linha" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Comandos de Linha" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Nomes de Utilizador" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Adiciona Nome de Utilizador" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Edita Nome de Utilizador" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Remove Nome de Utilizador" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Nomes de Utilizador" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "IDs de utilizador" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Adiciona ID de Utilizador" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Edita ID de Utilizador" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Remove ID de Utilizador" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "IDs de Utilizador" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Atual zona por defeito do sistema." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Modo de Pânico:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Fechar tudo:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Zona por Defeito:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Máscara:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Selecionar -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Outros módulos:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Porta e Protocolo" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Por favor, insira a porta e o protocolo." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Regra Direta" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Por favor, selecione o ipv e a tabela, prioridade de cadeia e insira os " "argumentos." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioridade:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Por favor, insira um protocolo." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Outro protocolo:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Regra Rica" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Por favor, insira uma regra rica." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "Para host ou rede white ou blacklist desativa o elemento." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Origem:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destino:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Log:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audita:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 e ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "invertido" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Para ativar esta Ação tem de ser 'reject' e da Familia 'ipv4' ou 'ipv6' (não " "ambos)" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "com Tipo:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Com limite:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefixo:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Nível:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Elemento:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Ação:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Definições do Serviço Base" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Por favor, configure as definições do serviço base:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Por favor, selecione um serviço." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Por favor, insira uma fonte" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Id. do Utilizador" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Por favor, insira a id. do utilizador." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Por favor, insira um nome de utilizador." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etiqueta" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Definições da Zona Base" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Por favor, configure as definições da zona base:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Destino Predefinido" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Destino:" firewalld-1.1.1/po/ru.po0000644000000000000000000021330514217342322015071 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Alexey Kostyuk , 2009 # Andrew Martynov , 2004-2006,2008 # andzaytsev , 2010 # andzaytsev , 2010 # Leonid Kanter , 2003 # Stanislav Hanzhin , 2012 # Yulia , 2007-2010 # Yulia , 2013-2014 # Игорь Горбунов , 2013 # yuliya , 2015. #zanata # yuliya , 2016. #zanata # Igor Gorbounov , 2017. #zanata # Thomas Woerner , 2017. #zanata # Eric Garver , 2018. #zanata # Igor Gorbounov , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2018-11-16 08:27+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Russian (http://www.transifex.com/projects/p/firewalld/" "language/ru/)\n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Ðпплет межÑетевого Ñкрана" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "МежÑетевой Ñкран" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ÐаÑтройка межÑетевого Ñкрана" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "межÑетевой Ñкран;Ñеть;безопаÑноÑÑ‚ÑŒ;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Выберите зону Ð´Ð»Ñ Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñа «%s»" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Зона по умолчанию" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Выберите зону Ð´Ð»Ñ ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ Â«%s»" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Ðе удалоÑÑŒ уÑтановить зону {zone} Ð´Ð»Ñ ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ {connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Выберите зону Ð´Ð»Ñ Ð¸Ñточника «%s»" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "ÐаÑтроить зоны включениÑ/Ð²Ñ‹ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸Ñ Ð·Ð°Ñ‰Ð¸Ñ‚Ñ‹â€¦" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "ЗдеÑÑŒ можно выбрать зоны, иÑпользуемые Ð´Ð»Ñ Ð²ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸Ñ/Ð¾Ñ‚ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸Ñ Ð·Ð°Ñ‰Ð¸Ñ‚Ñ‹." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Эта возможноÑÑ‚ÑŒ в оÑновном подойдет Ð´Ð»Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»ÐµÐ¹, иÑпользующих " "наÑтроенные по умолчанию зоны. Ð”Ð»Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»ÐµÐ¹, менÑющих зоны ÑоединениÑ, " "Ñто может иметь ограниченное практичеÑкое применение." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "ÐžÑ‚ÐºÑ€Ñ‹Ñ‚Ð°Ñ Ð·Ð¾Ð½Ð°:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "По умолчанию" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Ð—Ð°ÐºÑ€Ñ‹Ñ‚Ð°Ñ Ð·Ð¾Ð½Ð°:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "О %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Ðвторы" #: ../src/firewall-applet.in:393 msgid "License" msgstr "ЛицензиÑ" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Включить защиту" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Включить уведомлениÑ" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Изменить наÑтройки межÑетевого Ñкрана…" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Изменить зоны Ñоединений..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "ÐаÑтроить зоны включениÑ/Ð¾Ñ‚ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸Ñ Ð·Ð°Ñ‰Ð¸Ñ‚Ñ‹â€¦" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Блокировать веÑÑŒ Ñетевой трафик" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Инфо" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "СоединениÑ" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "ИнтерфейÑÑ‹" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "ИÑточники" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ÐÐ²Ñ‚Ð¾Ñ€Ð¸Ð·Ð°Ñ†Ð¸Ñ Ð½Ðµ удалаÑÑŒ." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "ÐедопуÑтимое имÑ" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Указанное Ð¸Ð¼Ñ ÑƒÐ¶Ðµ ÑущеÑтвует" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (зона {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Зона по умолчанию: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Ðе удалоÑÑŒ получить ÑпиÑок наÑтроенных подключений от NetworkManager" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Импорт из NetworkManager недоÑтупен" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Ðет ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ Ñо Ñлужбой межÑетевого Ñкрана" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "БлокируетÑÑ Ð²ÐµÑÑŒ Ñетевой трафик." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Зона по умолчанию: «%s»" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Зона по умолчанию '{default_zone}' активна Ð´Ð»Ñ Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸Ñ '{connection}' на " "интерфейÑе '{interface}'" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Зона '{zone}' активна Ð´Ð»Ñ ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ '{connection}' на интерфейÑе " "'{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Зона '{zone}' активна на интерфейÑе '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Зона '{zone}' включена Ð´Ð»Ñ Ð¸Ñточника {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Ðет активных зон." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Соединение Ñ FirewallD уÑтановлено." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Соединение Ñ FirewallD потерÑно." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD перезапущен." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Зона по умолчанию изменена на «%s»." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Сетевой трафик больше не блокируетÑÑ." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "активирована" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "деактивирована" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Зона по умолчанию '{default_zone}' {activated_deactivated} Ð´Ð»Ñ Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸Ñ " "'{connection}' на интерфейÑе '{interface}'" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Зона '{zone}' {activated_deactivated} Ð´Ð»Ñ ÑÐ¾ÐµÐ´Ð¸Ð½ÐµÐ½Ð¸Ñ '{connection}' на " "интерфейÑе '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Зона '{zone}' {activated_deactivated} на интерфейÑе '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Зона «%s» активирована на интерфейÑе «%s»" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Зона '{zone}' {activated_deactivated} Ð´Ð»Ñ Ð¸Ñточника '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Зона «%s» включена Ð´Ð»Ñ Ð¸Ñточника «%s»" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Подключение к firewalld уÑтановлено." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Попытка Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸Ñ Ðº firewalld. Подождите..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Ðе удалоÑÑŒ подключитьÑÑ Ðº брандмауÑру. Проверьте, запущена ли Ñлужба, и " "повторите попытку." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Ð˜Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð²Ð½ÐµÑены." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "ИÑпользуетÑÑ Ð¿Ð¾Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸ÐµÐ¼ «%s»" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Зона по умолчанию, иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÐµÐ¼Ð°Ñ Ñетевым подключением «%s»" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "включено" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "отключено" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Ðе удалоÑÑŒ загрузить значки." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "КонтекÑÑ‚" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "ÐšÐ¾Ð¼Ð°Ð½Ð´Ð½Ð°Ñ Ñтрока" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Пользователь" #: ../src/firewall-config.in:244 msgid "User id" msgstr "ИД пользователÑ" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Таблица" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Цепочка" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Приоритет" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Ðргументы" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Рабочие" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "ПоÑтоÑннаÑ" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Служба" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Порт" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Протокол" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Ðа порт" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Ðа адреÑ" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "ПривÑзки" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "ЗапиÑÑŒ" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Тип ICMP" #: ../src/firewall-config.in:822 msgid "Family" msgstr "СемейÑтво протоколов" #: ../src/firewall-config.in:826 msgid "Action" msgstr "ДейÑтвие" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Элемент" #: ../src/firewall-config.in:830 msgid "Src" msgstr "ИÑточник" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Получатель" #: ../src/firewall-config.in:834 msgid "log" msgstr "журнал" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Ðудит" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "ИнтерфейÑ" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Комментарий" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "ИÑточник" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Предупреждение" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Ошибка" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "принÑÑ‚ÑŒ" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "отказать" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "отброÑить" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "отметить" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "ограничить" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "Ñлужба" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "порт" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "протокол" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "маÑкировка" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "блокирование icmp" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "Тип ICMP" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "порт переадреÑации" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "уровень" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "да" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Зона" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Зона по умолчанию: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Зона: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Зона «%s»: Ñлужба «%s» недоÑтупна." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Удалить зону" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "ПропуÑтить" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Зона «%s»: ICMP- тип «%s» недоÑтупен." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Ð’ÑÑ‚Ñ€Ð¾ÐµÐ½Ð½Ð°Ñ Ð·Ð¾Ð½Ð°, переименование не поддерживаетÑÑ." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "Ñек." #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "мин." #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "чаÑ" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "д." #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "Ñрочно" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "внимание" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "критично" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "ошибка" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "предупреждение" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "уведомление" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "инфо" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "отладка" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ПереадреÑÐ°Ñ†Ð¸Ñ Ð² другую ÑиÑтему поможет только при маÑкировании интерфейÑа.\n" "ЗамаÑкировать Ñту зону?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Ð’ÑÑ‚Ñ€Ð¾ÐµÐ½Ð½Ð°Ñ Ñлужба, переименование не поддерживаетÑÑ." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Введите Ð°Ð´Ñ€ÐµÑ IPv4 в формате «адреÑ[/маÑка]»." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "МаÑка может Ñодержать маÑку Ñети или чиÑловое предÑтавление." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Введите Ð°Ð´Ñ€ÐµÑ IPv6 в формате «адреÑ[/маÑка]»." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "МаÑка предÑтавлена чиÑловым значением." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Введите Ð°Ð´Ñ€ÐµÑ IPv4 или IPv6 в формате «адреÑ[/маÑка]»." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Ð’ IPv4 маÑка может Ñодержать маÑку подÑети или чиÑловое предÑтавление.\n" "Ð’ IPv6 маÑка Ñодержит чиÑловое предÑтавление." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "Ð˜Ð¼Ñ Ð²Ñтроенного ipset не может быть изменено." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Выберите файл" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "ТекÑтовые файлы" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Ð’Ñе файлы" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Ð’Ñе" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Ð’Ñтроенный модуль поддержки, изменение имени не поддерживаетÑÑ." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Ð’Ñтроенный ICMP, переименование не поддерживаетÑÑ." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Ðе удалоÑÑŒ прочитать файл %s: %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Выберите зону Ð´Ð»Ñ Ð¸Ñточника %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ÐдреÑ" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "ÐвтоматичеÑкие модули поддержки" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Выберите значение автоматичеÑких модулей поддержки:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Введите команду." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Введите контекÑÑ‚." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Выберите Ñтандартную зону." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "ПрÑÐ¼Ð°Ñ Ñ†ÐµÐ¿Ð¾Ñ‡ÐºÐ°" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Выберите IPV и таблицу, и введите Ð¸Ð¼Ñ Ñ†ÐµÐ¿Ð¾Ñ‡ÐºÐ¸." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Цепочка:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "безопаÑноÑÑ‚ÑŒ" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Таблица:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Правило прÑмой транÑлÑции" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Выберите IPV и введите аргументы." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Ðргументы:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Перенаправление портов" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Выберите параметры иÑточника и цели." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Порт/ диапазон портов:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "ÐÐ´Ñ€ÐµÑ IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Протокол:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Ðазначение" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "ЕÑли вы включите локальное перенаправление, то необходимо указать порт. Этот " "порт должен отличатьÑÑ Ð¾Ñ‚ порта иÑточника." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Локальное перенаправление" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Ðаправить другому порту" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "ОÑновные наÑтройки модулей поддержки" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "ÐаÑтройте оÑновные параметры модулей поддержки:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "ПолÑ, выделенные жирным, обÑзательны. ОÑтальные — опциональны." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Ðазвание:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "ВерÑиÑ:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Кратко:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "ОпиÑание:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "СемейÑтво протоколов:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Модуль:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Модуль поддержки" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Выберите модуль поддержки:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Базовые наÑтройки типа ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Укажите базовые наÑтройки типов ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Тип ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Выберите тип ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Добавить запиÑÑŒ" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Добавить запиÑи из файла" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Удалить выбранную запиÑÑŒ" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Удалить вÑе запиÑи" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Удалить запиÑи из файла" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Файл" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Параметры" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Перезагрузить Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Перезагружает правила межÑетевого Ñкрана. Ð¢ÐµÐºÑƒÑ‰Ð°Ñ Ð¿Ð¾ÑтоÑÐ½Ð½Ð°Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ " "Ñтанет новой конфигурацией времени иÑполнениÑ, то еÑÑ‚ÑŒ, вÑе временные " "Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð±ÑƒÐ´ÑƒÑ‚ потерÑны при перезагрузке, еÑли они не вошли в поÑтоÑнную " "конфигурацию." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Выберите зону, которой принадлежит Ñетевое Ñоединение." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Изменить зону по умолчанию" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Изменить Ñтандартную зону Ð´Ð»Ñ Ñоединений и интерфейÑов" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Изменить значение LogDenied" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Изменить правила Ð¾Ð³Ñ€Ð°Ð½Ð¸Ñ‡ÐµÐ½Ð¸Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "ÐаÑтройка Ð½Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡ÐµÑкого Ð¼Ð¾Ð´ÑƒÐ»Ñ Ð¿Ð¾Ð´Ð´ÐµÑ€Ð¶ÐºÐ¸" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "ÐаÑтройка Ð½Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡ÐµÑкого Ð¼Ð¾Ð´ÑƒÐ»Ñ Ð¿Ð¾Ð´Ð´ÐµÑ€Ð¶ÐºÐ¸." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Ð’ режиме уÑиленной защиты вÑе входÑщие и иÑходÑщие пакеты будут " "отбраÑыватьÑÑ." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Режим уÑиленной защиты" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "При блокировке конфигурации межÑетевого Ñкрана только программы из белого " "ÑпиÑка Ñмогут вноÑить изменениÑ." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Блокировка" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Сделать рабочую конфигурацию поÑтоÑнной" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Сохранить рабочие в поÑтоÑнных" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Вид" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSet" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Типы ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Модули поддержки" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "ПрÑÐ¼Ð°Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Белый ÑпиÑок блокировки" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Ðктивные привÑзки" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Справка" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Изменить зону" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Изменить зону привÑзки" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Скрыть активные рабочие привÑзки подключений, интерфейÑов и иÑточников к " "зонам в Ñреде выполнениÑ" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Показать активные рабочие привÑзки подключений, интерфейÑов и иÑточников к " "зонам в Ñреде выполнениÑ" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "КонфигурациÑ:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Ð¢ÐµÐºÑƒÑ‰Ð°Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ. ÐšÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ Ð²Ñ€ÐµÐ¼ÐµÐ½Ð¸ выполнениÑ, иÑÐ¿Ð¾Ð»ÑŒÐ·ÑƒÐµÐ¼Ð°Ñ Ð² данный " "момент. ПоÑтоÑÐ½Ð½Ð°Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ Ð±ÑƒÐ´ÐµÑ‚ активирована поÑле перезапуÑка ÑиÑтемы " "или Ñлужбы." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Зона firewalld определÑет уровень Ð´Ð¾Ð²ÐµÑ€Ð¸Ñ Ð´Ð»Ñ Ñетевых Ñоединений, " "интерфейÑов и адреÑов. Зона объединÑет Ñлужбы, порты, протоколы, " "маÑкирование, переадреÑацию портов и пакетов, фильтры icmp и раÑширенные " "правила. Зоны могут быть привÑзаны к интерфейÑам и адреÑам." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Добавить зону" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Изменить зону" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Удалить зону" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Загрузить Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¿Ð¾ умолчанию" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "ЗдеÑÑŒ можно определить доверенные Ñлужбы Ð´Ð»Ñ Ð·Ð¾Ð½Ñ‹. Доверенные Ñлужбы " "доÑтупны Ñо вÑех узлов и Ñетей, у которых еÑÑ‚ÑŒ доÑтуп к компьютеру." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Службы" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Добавить дополнительные порты или диапазоны, которые должны быть доÑтупны " "узлам и ÑетÑм, подключающимÑÑ Ðº Ñтому компьютеру." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Добавить порт" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Изменить порт" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Удалить порт" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Порты" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Добавьте протоколы, которые должны быть доÑтупны Ñ Ð´Ñ€ÑƒÐ³Ð¸Ñ… узлов и Ñетей." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Добавить протокол" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Изменить протокол" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Удалить протокол" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Протоколы" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Добавьте дополнительные порты-иÑточники или диапазоны портов, которые должны " "быть доÑтупны Ð´Ð»Ñ Ð²Ñех хоÑтов и Ñетей, подключающихÑÑ Ðº машине." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Порты-иÑточники" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "ВозможноÑÑ‚ÑŒ маÑÐºÐ¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ (только Ð´Ð»Ñ IPv4) позволÑет наÑтроить узел или " "маршрутизатор, подключающий локальную Ñеть к Интернету. Ð›Ð¾ÐºÐ°Ð»ÑŒÐ½Ð°Ñ Ñеть при " "Ñтом не будет видна извне, будет лишь доÑтупен один адреÑ." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "МаÑкирование зоны" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "При включении маÑÐºÐ¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ð´Ð»Ñ Ñетей IPv4 будет включено перенаправление IP-" "пакетов." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "МаÑкирование" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Добавьте запиÑи Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ½Ð°Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ð¿Ð¾Ñ€Ñ‚Ð¾Ð² либо Ñ Ð¾Ð´Ð½Ð¾Ð³Ð¾ локального порта " "другому, либо из локальной ÑиÑтемы другой ÑиÑтеме. Перенаправление другой " "ÑиÑтеме имеет ÑмыÑл при маÑкараде интерфейÑа. Перенаправление портов " "иÑпользуетÑÑ Ñ‚Ð¾Ð»ÑŒÐºÐ¾ Ð´Ð»Ñ IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Добавить перенаправлÑемый порт" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Изменить перенаправлÑемый порт" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Удалить перенаправлÑемый порт" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Протокол ICMP (Internet Control Message Protocol) обычно иÑпользуетÑÑ Ð´Ð»Ñ " "обмена ÑообщениÑми об ошибках между компьютерами в Ñети, но Ñ ÐµÐ³Ð¾ помощью " "также можно отправлÑÑ‚ÑŒ информационные ÑообщениÑ, такие как запроÑÑ‹ и ответы " "ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Отметьте в ÑпиÑке типы ICMP, которым Ñледует отказать в прохождении через " "межÑетевой Ñкран. По умолчанию ограничений нет." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "ЕÑли фильтр «ИнверÑиÑ» включен, отмеченные запиÑи ICMP принимаютÑÑ, а " "оÑтальные отклонÑÑŽÑ‚ÑÑ. Ð’ зоне Ñ Ð¾Ñ‚Ð±Ñ€Ð°Ñыванием назначений они будут " "отбраÑыватьÑÑ." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Фильтр «ИнверÑиÑ»" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Фильтр ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "ЗдеÑÑŒ определÑÑŽÑ‚ÑÑ Ñ€Ð°Ñширенные правила Ð´Ð»Ñ Ð·Ð¾Ð½Ñ‹." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Добавить раÑширенное правило" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Изменить раÑширенное правило" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Удалить раÑширенное правило" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "РаÑширенные правила" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Добавьте запиÑи Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð²Ñзки интерфейÑов к зоне. ЕÑли Ñоединение иÑпользует " "интерфейÑ, будет выбрана ÑоответÑÑ‚Ð²ÑƒÑŽÑ‰Ð°Ñ ÐµÐ¼Ñƒ зона." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Добавить интерфейÑ" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Изменить интерфейÑ" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Удалить интерфейÑ" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Добавьте запиÑи, чтобы привÑзать иÑходных адреÑов или Ñегментов к зоне. " "Можно также привÑзать MAC-адреÑ, но Ñ Ð½ÐµÐºÐ¾Ñ‚Ð¾Ñ€Ñ‹Ð¼Ð¸ ограничениÑми: в Ñтом " "Ñлучае перенаправление портов и маÑкирование будут недоÑтупны." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Добавить иÑточник" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Изменить иÑточник" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Удалить иÑточник" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Зоны" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Firewalld объединÑет запиÑи Ð´Ð»Ñ Ð¿Ð¾Ñ€Ñ‚Ð¾Ð², протоколов, модулей и адреÑов " "назначениÑ." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Добавить Ñлужбу" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Правка Ñлужбы" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Удалить Ñлужбу" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Загрузить Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¿Ð¾ умолчанию" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Добавьте дополнительные порты или диапазоны портов, которые должны быть " "доÑтупны из других Ñетей или узлов." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Изменить запиÑÑŒ" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Удалить запиÑÑŒ" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Добавьте дополнительные порты иÑточника или диапазоны портов, которые должны " "быть доÑтупны Ð´Ð»Ñ Ð²Ñех хоÑтов и Ñетей." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Порт иÑточника" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Ð”Ð»Ñ Ð½ÐµÐºÐ¾Ñ‚Ð¾Ñ€Ñ‹Ñ… Ñлужб требуютÑÑ Ð¼Ð¾Ð´ÑƒÐ»Ð¸ поддержки Netfilter" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Модули" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "При указании адреÑа назначениÑ, запиÑÑŒ Ñлужбы будет ограничена адреÑом " "Ð½Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ Ð¸ типом. ЕÑли обе запиÑи пуÑÑ‚Ñ‹, ограничений нет." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Службы можно изменить только в окне поÑтоÑнной конфигурации. ÐšÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ " "Ñлужб во Ð²Ñ€ÐµÐ¼Ñ Ð¸ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð½Ðµ изменÑетÑÑ." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet позволÑет наÑтроить «белые» и «черные» ÑпиÑки, а также Ñохранить IP, " "MAC-адреÑа, а также номера портов. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Добавить IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Изменить IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Удалить IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Загрузить Ñтандартные Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ñ IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "ЗапиÑи IPSet. Ð’ Ñтом ÑпиÑке предÑтавлены только те запиÑи, Ð´Ð»Ñ ÐºÐ¾Ñ‚Ð¾Ñ€Ñ‹Ñ… не " "задано Ð²Ñ€ÐµÐ¼Ñ Ð´ÐµÐ¹ÑтвиÑ, а также запиÑи, которые добавил firewalld. ЗапиÑи, " "которые были добавлены непоÑредÑтвенно командой ipset, не показаны." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Ð’Ñ€ÐµÐ¼Ñ Ð´ÐµÐ¹ÑÑ‚Ð²Ð¸Ñ Ñтого IPSet ограничено, поÑтому его запиÑи здеÑÑŒ не показаны. " "Управление его запиÑÑми должно оÑущеÑтвлÑÑ‚ÑŒÑÑ Ð½Ð°Ð¿Ñ€Ñмую при помощи команды " "ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Добавить" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "ЗапиÑи" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "Управление ÑпиÑками IPSet выполнÑетÑÑ Ð² окне поÑтоÑнной конфигурации." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "icmptype определÑет тип ICMP (Internet Control Message Protocol) Ð´Ð»Ñ " "firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Добавить тип ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Править тип ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Удалить тип ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Загрузить типы ICMP по умолчанию" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Укажите, доÑтупен ли Ñтот тип ICMP Ð´Ð»Ñ IPv4 и IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Типы ICMP можно изменить только в окне поÑтоÑнной конфигурации. ÐšÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ " "типов ICMP во Ð²Ñ€ÐµÐ¼Ñ Ð¸ÑÐ¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð½Ðµ изменÑетÑÑ." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Модуль поддержки отÑÐ»ÐµÐ¶Ð¸Ð²Ð°Ð½Ð¸Ñ Ñоединений помогает Ñделать так, чтобы " "работали протоколы, иÑпользующие различные потоки Ð´Ð»Ñ Ñигналов и передачи " "данных. Передачи данных иÑпользуют порты, не ÑвÑзанные Ñ Ñигнальным " "Ñоединением и поÑтому блокируемые Ñетевым Ñкраном без модулÑ." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Добавьте порты или диапазоны портов, контролируемые модулем поддержки." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "ПрÑÐ¼Ð°Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ Ð¿Ñ€ÐµÐ´Ð¾ÑтавлÑет прÑмой доÑтуп к межÑетевому Ñкрану. Ð”Ð»Ñ ÐµÐµ " "наÑтройки необходимы Ð·Ð½Ð°Ð½Ð¸Ñ iptables (таблицы, цепочки, команды, параметры и " "цели). ПрÑÐ¼Ð°Ñ ÐºÐ¾Ð½Ñ„Ð¸Ð³ÑƒÑ€Ð°Ñ†Ð¸Ñ Ð´Ð¾Ð»Ð¶Ð½Ð° иÑпользоватьÑÑ Ñ‚Ð¾Ð»ÑŒÐºÐ¾ в ÑлучаÑÑ… крайней " "необходимоÑти." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Ðргумент ipv Ð´Ð»Ñ ÐºÐ°Ð¶Ð´Ð¾Ð³Ð¾ из параметров должен Ñодержать ipv4 (Ð´Ð»Ñ iptables), " "ipv6 (Ð´Ð»Ñ ip6tables) или eb (Ð´Ð»Ñ ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Дополнительные цепочки Ð´Ð»Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Добавить цепочку" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Изменить цепочку" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Удалить цепочку" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Цепочки" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Добавьте правило к цепочке в таблице, определив ÑпиÑок аргументов и " "приоритет." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Приоритет определÑет порÑдок правил. Правила Ñ Ð½ÑƒÐ»ÐµÐ²Ñ‹Ð¼ приоритетом " "добавлÑÑŽÑ‚ÑÑ Ð² начало цепочки. ПорÑдок правил Ñ Ð¾Ð´Ð¸Ð½Ð°ÐºÐ¾Ð²Ñ‹Ð¼ приоритетом может " "менÑÑ‚ÑŒÑÑ. Чтобы точно определить порÑдок, приÑвойте им разный приоритет." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Добавить правило" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Изменить правило" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Удалить правило" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Правила" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Правила транÑлÑции передаютÑÑ Ñ‡ÐµÑ€ÐµÐ· межÑетевой Ñкран напрÑмую, а не в " "ÑоÑтаве цепочки. Правила могут Ñодержать параметры iptables, ip6tables и " "ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "УбедитеÑÑŒ, что правила транÑлÑции не нарушают работу межÑетевого Ñкрана." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Добавить транÑлÑцию" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Изменить транÑлÑцию" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Удалить транÑлÑцию" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "ТранÑлÑциÑ" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Ð¤ÑƒÐ½ÐºÑ†Ð¸Ñ Ð±Ð»Ð¾ÐºÐ¸Ñ€Ð¾Ð²ÐºÐ¸ предÑтавлÑет Ñобой облегченную верÑию правил firewalld " "Ð´Ð»Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»ÐµÐ¹ и приложений. Белый ÑпиÑок может Ñодержать команды, " "контекÑÑ‚Ñ‹, идентификаторы и имена пользователей." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Под контекÑтом подразумеваетÑÑ ÐºÐ¾Ð½Ñ‚ÐµÐºÑÑ‚ безопаÑноÑти SELinux программы или " "Ñлужбы. Чтобы узнать контекÑÑ‚ работающей программы, выполните команду ps " "-e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Добавить контекÑÑ‚" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Изменить контекÑÑ‚" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Удалить контекÑÑ‚" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "КонтекÑÑ‚" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Команды в белом ÑпиÑке могут Ñодержать Ñимвол подÑтановки «*». ЕÑли он не " "указан, будут обработаны лишь точные ÑоответÑтвиÑ." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Добавить Ñтроку команды" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Изменить Ñтроку команды" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Удалить Ñтроку команды" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Команды" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Имена пользователей." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Добавить Ð¸Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Изменить Ð¸Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Удалить Ð¸Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Пользователи" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Идентификаторы пользователей." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Добавить идентификатор пользователÑ" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Изменить идентификатор пользователÑ" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Удалить идентификатор пользователÑ" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Идентификаторы пользователей" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Ð¢ÐµÐºÑƒÑ‰Ð°Ñ ÑиÑÑ‚ÐµÐ¼Ð½Ð°Ñ Ð·Ð¾Ð½Ð° по умолчанию." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Запрет журналированиÑ:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Режим уÑиленной защиты:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "ÐвтоматичеÑкие модули поддержки:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Блокировка:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Зона по умолчанию:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Укажите название интерфейÑа:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "ОÑновные параметры IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "ÐаÑтройте оÑновные параметры IPSet:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Тип:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Ð’Ñ€ÐµÐ¼Ñ Ð´ÐµÐ¹ÑтвиÑ:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Размер Ñ…Ñша:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "МакÑ. чиÑло Ñлементов:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Ð’Ñ€ÐµÐ¼Ñ Ð´ÐµÐ¹ÑÑ‚Ð²Ð¸Ñ Ð·Ð°Ð¿Ð¸Ñей в Ñекундах" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "ИÑходный размер Ñ…Ñша (по умолчанию — 1024)" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "МакÑимальное чиÑло Ñлементов в ÑпиÑке (по умолчанию — 65536)" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Выберите ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Укажите запиÑÑŒ IPSet:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Запрет журналированиÑ" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Выберите режим Ð¾Ð³Ñ€Ð°Ð½Ð¸Ñ‡ÐµÐ½Ð¸Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Отметка" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Введите отметку и дополнительно маÑку." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "ÐŸÐ¾Ð»Ñ Ð¾Ñ‚Ð¼ÐµÑ‚ÐºÐ¸ и маÑки должны Ñодержать 32-разрÑдные чиÑла без знака." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Отметка:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "МаÑка:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Выберите модуль поддержки отÑÐ»ÐµÐ¶Ð¸Ð²Ð°Ð½Ð¸Ñ Ñоединений netfilter:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Выберите -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Другой модуль:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Порт и протокол" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Введите порт и протокол." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "ПрÑмое правило" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Выберите IPV, таблицу, приоритет цепочки и введите аргументы." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Приоритет:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Введите протокол." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Другой протокол:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Правило" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Введите правило." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "" "Отключите Ñлемент, чтобы получить возможноÑÑ‚ÑŒ ÑƒÐ¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð¸Ñ Ñ‡ÐµÑ€Ð½Ñ‹Ð¼Ð¸ и белыми " "ÑпиÑками узлов и Ñети." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "ИÑточник:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Получатель:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Журнал:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Ðудит:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 и ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "инверÑиÑ" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Чтобы разрешить, поле «ДейÑтвие» должно иметь значение «отказать», а " "«СемейÑтво протоколов» — «ipv4» или «ipv6»." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "Ñ Ñ‚Ð¸Ð¿Ð¾Ð¼:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "С ограничением:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "ПрефикÑ:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Уровень:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Элемент:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "ДейÑтвие:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "ОÑновные наÑтройки Ñлужбы" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Укажите оÑновные наÑтройки Ñлужбы:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Выберите Ñлужбу." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Укажите иÑточник." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Идентификатор пользователÑ" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Введите идентификатор пользователÑ." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Введите Ð¸Ð¼Ñ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÐµÐ»Ñ." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "метка" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "ÐаÑтройки оÑновной зоны" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Укажите наÑтройки оÑновной зоны:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Цель по умолчанию" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Цель:" firewalld-1.1.1/po/si.po0000644000000000000000000012665114217342322015065 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Hela Basa , 2021. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2021-08-19 06:05+0000\n" "Last-Translator: Hela Basa \n" "Language-Team: Sinhala \n" "Language: si\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n > 1;\n" "X-Generator: Weblate 4.7.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ගිනිපවුර" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "%s පිළිබඳව" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "බලපත්â€à¶»à¶º" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "දà·à¶±à·”ම්දීම් සබල කරන්න" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "ගිනිපවුරෙහි à·ƒà·à¶šà·ƒà·”ම් සංස්කරණය..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "" #: ../src/firewall-applet.in:492 msgid "About" msgstr "පිළිබඳව" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "සම්බන්ධතà·" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "අතුරුමුහුණත්" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "වලංගු නොවන නà·à¶¸à¶ºà¶šà·’" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "නම දà·à¶±à¶§à¶¸à¶­à·Š පවතී" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-1.1.1/po/sk.po0000644000000000000000000016626014217342322015067 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # DuÅ¡an Kazik , 2012-2013 # Marcel Telka , 2004 # Mike Karas , 2006 # feonsu , 2008-2010 # feonsu , 2016. #zanata # feonsu , 2017. #zanata # feonsu , 2018. #zanata # Matej Marusak , 2020. # Ondrej Sulek , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-09-01 09:29+0000\n" "Last-Translator: Ondrej Sulek \n" "Language-Team: Slovak \n" "Language: sk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" "X-Generator: Weblate 4.2.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Aplet pre firewall" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Nastavenia firewallu" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;sieÅ¥;bezpeÄnosÅ¥;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Vyberte zónu pre rozhranie „%s“" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Predvolená zóna" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Vyberte zónu pre rozhranie '%s'" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Nepodarilo sa nastaviÅ¥ zónu {zone} pre pripojenie {connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Vyberte zónu pre zdroj '%s'" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Konfigurácia zóny pre zapnutý/vypnutý Å¡tít" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Tu môžete vybraÅ¥ zóny, ktoré budú použité pre zapnutý a vypnutý Å¡tít." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Táto funkcia je užitoÄná pre ľudí, ktorí prevažne využívajú predvolené zóny. " "Pre používateľov, ktorí menia zóny pripojení, môže byÅ¥ použitie obmedzené." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Zóna pre zapnutý Å¡tít:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "ObnoviÅ¥ predvolené" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Zóna pre vypnutý Å¡tít:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "O %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Autori" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licencia" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Zapnúť Å¡tít" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "PovoliÅ¥ upozornenia" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "UpraviÅ¥ nastavenia firewallu..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "ZmeniÅ¥ zóny pripojení…" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "NastaviÅ¥ zóny pre zapnutý/vypnutý Å¡tít..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "BlokovaÅ¥ vÅ¡etky sieÅ¥ové prenosy" #: ../src/firewall-applet.in:492 msgid "About" msgstr "O aplikácii" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Pripojenia" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Rozhrania" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Zdroje" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Overenie zlyhalo." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Neplatný názov" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Názov už existuje" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zóna: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Predvolená zóna: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Nepodarilo sa získaÅ¥ pripojenia z NetworkManagera" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Nie sú dostupné žiadne importy NetworkManagera" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Žiadne pripojenie k službe firewallu" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "VÅ¡etky sieÅ¥ové prenosy sú blokované." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Predvolená zóna: „%s“" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Predvolená zóna '{default_zone}' je aktívna pre pripojenie '{connection}' na " "rozhraní '{interface}'" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zóna '{zone}' je aktívna pre pripojenie '{connection}' na rozhraní " "'{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zóna '{zone}' je aktívna pre rozhranie '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zóna '{zone}' je aktívna pre zdroj {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Žiadne aktívne zóny." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Pripojenie k službe FirewallD bolo nadviazané." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Pripojenie k službe FirewallD bolo stratené." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "Služba FirewallD bola znovu naÄítaná." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Predvolená zóna bola zmenená na „%s“." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "SieÅ¥ové prenosy už nie sú blokované." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "aktivovaná" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "deaktivovaná" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Predvolená zóna '{default_zone}' je {activated_deactivated} pre pripojenie " "'{connection}' na rozhraní '{interface}'" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zóna '{zone}' je {activated_deactivated} pre pripojenie '{connection}' na " "rozhraní '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zóna '{zone}' je {activated_deactivated} pre rozhranie '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zóna '%s' je aktivovaná pre rozhranie „%s“" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zóna '{zone}' je {activated_deactivated} pre zdroj '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zóna '%s' je aktivovaná pre zdroj '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Pripojenie k službe FirewallD bolo nadviazané." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Pokus o pripojenie k firewalld, Äaká sa..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Zlyhalo pripojenie k firewalld. Uistite sa, že bola služba spustená správne " "a skúste to znovu." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Zmeny boli aplikované." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Použité sieÅ¥ovým pripojením '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Predvolená zóna používaná sieÅ¥ovým pripojením '%s'" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "povolené" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "zakázané" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Nepodarilo sa naÄítaÅ¥ ikony." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Kontext" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Príkazový riadok" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Používateľské meno" #: ../src/firewall-config.in:244 msgid "User id" msgstr "ID používateľa" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabuľka" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "ReÅ¥az" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Priorita" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argumenty" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Bežiaca" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Trvalá" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Služba" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Cieľový port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Cieľová adresa" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Väzby" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Položka" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Typ Icmp" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Rodina" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Akcia" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Zdroj" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Cieľ" #: ../src/firewall-config.in:834 msgid "log" msgstr "záznam" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Audit" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Rozhranie" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Komentár" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Zdroj" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Varovanie" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Chyba" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "prijaÅ¥" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "odmietnuÅ¥" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "zahodiÅ¥" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "oznaÄit" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "služba" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maÅ¡karáda" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-typ" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "zdrojový port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "úroveň" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "áno" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zóna" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Predvolená zóna: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zóna: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zóna „%s“: Služba „%s“ nie je dostupná." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "OdstrániÅ¥" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "IgnorovaÅ¥" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zóna „%s“: Typ ICMP „%s“ nie je dostupný." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Integrovaná zóna, premenovanie nie je podporované." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekunda" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minúta" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "hodina" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "deň" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "núdzové" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "výstraha" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritické" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "chyba" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "upozornenie" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "oznámenie" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "informácia" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "ladenie" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Preposielanie na iný systém je užitoÄné len ak je na rozhraní maÅ¡karáda. \n" "Chcete zamaskovaÅ¥ túto zónu?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Integrovaná služba, premenovanie nie je podporované." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Zadajte ipv4 adresu v tvare adresa[/maska]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "Maska môže byÅ¥ maska siete alebo Äíslo." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Zadajte ipv6 adresu v tvare adresa[/maska]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "Maska je Äíslo." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Zadajte ipv4 alebo ipv6 adresu v tvare adresa[/maska]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Maska môže byÅ¥ maska siete alebo Äíslo pre ipv4.\n" "Maska je Äíslo pre ipv6." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "Integrované ipset, premenovanie nie je podporované." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Vyberte súbor" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Textové súbory" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "VÅ¡etky súbory" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "VÅ¡etko" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Integrovaný pomocník, premenovanie nie je podporované." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Integrované icmp, premenovanie nie je podporované." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Nepodarilo sa naÄítaÅ¥ súbor '%s': %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Vyberte zónu pre zdroj %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresa" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatický pomocníci" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Prosím vyberte hodnotu automatického pomocníka:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Prosím, zadajte príkazový riadok." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Prosím, zadajte kontext." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Prosím vyberte predvolenú zónu zo zoznamu nižšie." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Priama reÅ¥az" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Prosím vyberte ipv a tabuľku a zadajte názov reÅ¥aze." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "ReÅ¥az:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "security" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabuľka:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Priame pravidlo priechodu" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Prosím vyberte ipv a zadajte parametre." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Parametre:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Presmerovanie portov" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Prosím zadajte zdrojové a cieľové možnosti podľa vaÅ¡ich potrieb." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / Rozsah portov:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP adresa:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Cieľ" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Ak povolíte lokálne preposielanie, musíte zadaÅ¥ port. Tento port musí byÅ¥ " "iný ako zdrojový port." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokálne preposielanie" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "PreposlaÅ¥ na iný port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Základné nastavenia pomocníka" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Prosím, nakonfigurujte základné nastavenia pomocníka:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" "Položky zobrazené tuÄným písmom sú povinné, vÅ¡etky ostatné sú voliteľné." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Názov:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Verzia:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Skrátené:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Popis:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Rodina:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modul:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Pomocník" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Vyberte pomocníka:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Základné nastavenia typu ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Prosím, nakonfigurujte základné nastavenia typu ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP typ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Prosím, vyberte typ ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "PridaÅ¥ položku" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "PridaÅ¥ položky zo súboru" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "OdstrániÅ¥ vybrané položky" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "OdstrániÅ¥ vÅ¡etky položky" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "OdstrániÅ¥ položky zo súboru" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Súbor" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "M_ožnosti" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Znovu naÄítaÅ¥ službu FirewallD" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Znovu naÄíta pravidlá firewallu. Aktuálna trvalá konfigurácia sa stane novou " "bežiacou konfiguráciou. Teda vÅ¡etky zmeny vykonané v bežiacej konfigurácii " "pred znovu naÄítaním budú stratené, ak už neboli súÄasÅ¥ou trvalej " "konfigurácie." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Zmení zónu patriacu sieÅ¥ovému pripojeniu." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "ZmeniÅ¥ predvolenú zónu" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Zmení predvolenú zónu pre pripojenia alebo rozhrania." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "ZmeniÅ¥ záznam zamietnutí" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Zmení hodnotu záznamu zamietnutí." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "NastaviÅ¥ automatické priradenie pomocníka" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Nastaví automatické priradenie pomocníka." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Núdzový režim znamená, že vÅ¡etky prichádzajúce a odchádzajúce pakety sa " "zahodia." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Núdzový režim" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Uzamknutie uzamkne konfiguráciu firewallu tak, že iba aplikácie z whitelistu " "pri uzamknutí ju môžu zmeniÅ¥." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Uzamknutie" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Zmení bežiacu konfiguráciu na trvalú" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Bežiaca konfigurácia na trvalú" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_ZobraziÅ¥" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSety" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Typy ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Pomocníci" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Priama konfigurácia" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Whitelist pri uzamknutí" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktívne väzby" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Pomocník" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "ZmeniÅ¥ zónu" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "ZmeniÅ¥ zónu väzby" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "Kryje aktívne bežiace väzby pripojení, rozhraní a zdrojov k zónam" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "Zobrazí aktívne bežiace väzby pripojení, rozhraní a zdrojov k zónam" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Konfigurácia:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Aktuálne viditeľná konfigurácia. Konfigurácia pre reláciu je aktuálna " "konfigurácia. Trvalá konfigurácia bude aktívna aj po znovu naÄítaní alebo " "reÅ¡tarte služby alebo systému." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Zóna služby firewalld urÄuje úroveň dôvery pre sieÅ¥ové pripojenia, rozhrania " "a zdrojové adresy previazané so zónou. Zóna kombinuje služby, porty, " "protokoly, maÅ¡karádu, presmerovanie portov/paketov, filtre icmp a pravidlá " "najvyÅ¡Å¡ej úrovne. Zóna môže byÅ¥ previazaná s rozhraniami a zdrojovými " "adresami." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "PridaÅ¥ zónu" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "UpraviÅ¥ zónu" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "OdstrániÅ¥ zónu" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "NaÄítaÅ¥ predvolené nastavenia zóny" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Tu môžete urÄiÅ¥, ktoré služby sú pre zónu dôveryhodné. Dôveryhodné služby sú " "prístupné zo vÅ¡etkých hostiteľov a sietí, ktoré majú dosah k stroju cez " "pripojenia, rozhrania a zdrojov previazaných s touto zónou." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Služby" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Pridajte dodatoÄné porty alebo rozsahy portov, ktoré musia byÅ¥ prístupné pre " "vÅ¡etky poÄítaÄe alebo siete, ktoré sa môžu pripojiÅ¥ k stroju." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "PridaÅ¥ port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "UpraviÅ¥ port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "OdstrániÅ¥ port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Porty" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Pridajte protokoly, ktoré musia byÅ¥ prístupné pre vÅ¡etky poÄítaÄe alebo " "siete." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "PridaÅ¥ protokol" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "UpraviÅ¥ protokol" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "OdstrániÅ¥ protokol" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokoly" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Pridajte dodatoÄné zdrojové porty alebo rozsahy portov, ktoré musia byÅ¥ " "prístupné pre vÅ¡etky poÄítaÄe alebo siete, ktoré sa môžu pripojiÅ¥ k stroju." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Zdrojové porty" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "MaÅ¡karáda je užitoÄná ak nastavujete poÄítaÄ alebo smerovaÄ, ktorý spája " "vaÅ¡u lokálnu sieÅ¥ s internetom. VaÅ¡a lokálna sieÅ¥ nebude z internetu " "viditeľná a celá bude reprezentovaná iba jednou ip adresou. MaÅ¡karáda " "funguje len pre IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "ZamaskovaÅ¥ zónu" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Ak povolíte maskovanie, bude pre vaÅ¡e siete typu IPv4 povolené presmerovanie " "IP adries." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "MaÅ¡karáda" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Pridajte položky pre preposielanie portov buÄ z jedného portu na druhý na " "lokálnom systéme alebo lokálneho systému do iného systému. Preposielanie na " "iný systém je užitoÄné len ak je na rozhraní maÅ¡karáda. Funguje len na IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "PridaÅ¥ presmerovanie portu" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "UpraviÅ¥ presmerovanie portu" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "OdstrániÅ¥ presmerovanie portu" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Protokol internetových kontrolných správ (ICMP) sa používa predovÅ¡etkým k " "zasielaniu chybových správ medzi poÄítaÄmi v sieti, ale tiež pre informaÄné " "správy typu ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "OznaÄte v zozname typy ICMP, ktoré majú byÅ¥ odmietnuté. VÅ¡etky ostatné typy " "ICMP budú môcÅ¥ prejsÅ¥ firewallom. Predvolené bez obmedzení." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Ak je povolené InvertovaÅ¥ filter, oznaÄené položky ICMP sa príjmu a ostatné " "odmietnu. V zóne s cieľom DROP sa zahodia." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "InvertovaÅ¥ filter" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filter ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Tu môžete nastaviÅ¥ pravidlá jazyka rich (najvyÅ¡Å¡ej úrovne) pre zónu." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "PridaÅ¥ pravidlo rich" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "UpraviÅ¥ pravidlo rich" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "OdstrániÅ¥ pravidlo rich" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Pravidlá rich" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Pridajte záznamy na previazanie rozhraní so zónou. Ak bude rozhranie použité " "pripojením, zóna bude nastavená na zónu urÄenú pre pripojenie." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "PridaÅ¥ rozhranie" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "UpraviÅ¥ rozhranie" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "OdstrániÅ¥ rozhranie" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Pridajte záznamy na previazanie zdrojových adries alebo oblastí so zónou. " "PreviazaÅ¥ tiež môžete zdrojové MAC adresy, ale iba s obmedzeniami. " "Presmerovanie portov a maskovanie nebude fungovaÅ¥ pre previazané zdrojové " "MAC adresy." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "PridaÅ¥ zdroj" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "UpraviÅ¥ zdroj" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "OdstrániÅ¥ zdroj" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zóny" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Služba firewalld je kombináciou portov, protokolov, modulov a cieľových " "adries." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "PridaÅ¥ službu" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "UpraviÅ¥ službu" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "OdstrániÅ¥ službu" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "NaÄítaÅ¥ predvolené nastavenia služby" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Pridajte dodatoÄné porty alebo rozsahy portov, ktoré musia byÅ¥ prístupné pre " "vÅ¡etky poÄítaÄe alebo siete." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "UpraviÅ¥ položku" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "OdstrániÅ¥ položku" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Pridajte dodatoÄné zdrojové porty alebo rozsahy portov, ktoré musia byÅ¥ " "prístupné pre vÅ¡etky poÄítaÄe alebo siete." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Zdrojový port" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Pomocné moduly Netfilter sú potrebné pre niektoré služby." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduly" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Ak urÄíte cieľové adresy, položka so službou bude obmedzená na cieľové " "adresy a typ. Ak sú obidve položky prázdne, bude služba bez obmedzení." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Služby je možné meniÅ¥ iba v zobrazení trvalej konfigurácie. Bežiaca " "konfigurácia služieb je nemenná." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet je možné použiÅ¥ na vytvorenie whitelistu alebo blacklistu. Dokáže " "uložiÅ¥ napríklad IP adresy, Äísla portov a MAC adresy. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "PridaÅ¥ IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "UpraviÅ¥ IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "OdstrániÅ¥ IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "NaÄítaÅ¥ predvolené nastavenia IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Položky IPSet. Zobrazené sú iba položky ipset, ktoré nepoužívajú voľbu " "Äasového limitu a tiež položky, ktoré pridal firewalld. Položky, ktoré boli " "priamo pridané pomocou príkazu ipset sa tu nezobrazia." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Tento IPSet používa voľbu Äasového limitu a preto tu nie sú vidieÅ¥ žiadne " "položky. Položky by mali byÅ¥ priamo nakonfigurované pomocou príkazu ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "PridaÅ¥" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Položky" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSety je možné vytvoriÅ¥ alebo odstrániÅ¥ iba v zobrazení trvalej " "konfigurácie." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Typy ICMP pre firewalld poskytujú informácie pre ICMP (Internet Control " "Message Protocol)." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "PridaÅ¥ typ ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "UpraviÅ¥ typ ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "OdstrániÅ¥ typ ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "NaÄítaÅ¥ predvolené nastavenia typu ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Zadajte, Äi je tento typ ICMP dostupný pre IPv4 alebo IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Typy ICMP je možné meniÅ¥ iba v zobrazení trvalej konfigurácie. Bežiaca " "konfigurácia ICMP typov je nemenná." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Pomocník sledovania pripojení pomáha funkÄnosti protokolov, ktoré používajú " "rôzne toky pre signalizáciu a prenos údajov. Prenosy údajov používajú porty, " "ktoré nesúvisia so signalizaÄnými spojeniami a bez pomocníka ich firewall " "preto zablokuje." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Zadajte porty a rozsahy portov monitorované pomocou pomocníka." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Priama konfigurácia poskytuje priamejší prístup k firewallu. Tieto voľby " "vyžadujú základnú znalosÅ¥ konceptov iptables, napr. tabuľky, reÅ¥aze, " "príkazy, parametre a ciele. Priama konfigurácia by mala byÅ¥ použitá ako " "posledná možnosÅ¥, keÄ už nie je možné použiÅ¥ iné funkcie firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Argument ipv každej voľby musí byÅ¥ typu ipv4, ipv6 alebo eb. Typ ipv4 bude " "pre iptables, ipv6 pre ip6tables a eb pre ethernetové mosty (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "DodatoÄné reÅ¥aze pre použitie s pravidlami." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "PridaÅ¥ reÅ¥az" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "UpraviÅ¥ reÅ¥az" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "OdstrániÅ¥ reÅ¥az" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "ReÅ¥aze" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "Pridajte pravidlo s argumentami args k reÅ¥azi v tabuľke s prioritou." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Priorita sa používa na usporiadanie pravidiel. Priorita 0 znamená pridaj " "pravidlo na vrch reÅ¥aze, s vyÅ¡Å¡ou prioritou bude pravidlo pridané nižšie. " "Pravidlá s rovnakou prioritou budú na rovnakej úrovni a poradie týchto " "pravidiel nie je pevné a môže sa meniÅ¥. Ak si chcete byÅ¥ istý, že sa " "pravidlo pridá za iné, použite nižšiu prioritu pre prvé a vyÅ¡Å¡iu pre " "nasledujúce." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "PridaÅ¥ pravidlo" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "UpraviÅ¥ pravidlo" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "OdstrániÅ¥ pravidlo" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Pravidlá" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Pravidlá priameho priechodu prechádzajú priamo do firewallu a nie sú " "umiestnené v Å¡peciálnych reÅ¥aziach. Je možné použiÅ¥ vÅ¡etky voľby iptables, " "ip6tables a ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "S pravidlami priameho priechodu buÄte opatrný, aby nedoÅ¡lo k poÅ¡kodeniu " "firewallu." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "PridaÅ¥ priamy priechod" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "UpraviÅ¥ priamy priechod" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "OdstrániÅ¥ priamy priechod" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Priamy priechod" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Funkcia uzamknutie je odľahÄenou verziou používateľských a aplikaÄných " "politík pre firewalld. Obmedzuje zmeny vo firewalle. Whitelist pri uzamknutí " "môže obsahovaÅ¥ príkazy, kontexty, používateľov a ID používateľov." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Kontext je kontext zabezpeÄenia (SELinux) bežiacej aplikácie alebo služby. " "Ak chcete zistiÅ¥ kontext bežiacej aplikácie použite ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "PridaÅ¥ kontext" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "UpraviÅ¥ kontext" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "OdstrániÅ¥ kontext" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Kontexty" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Ak položka príkazu z whitelistu konÄí hviezdiÄkou '*', potom sa vÅ¡etky " "príkazové riadky zaÄínajúce príkazom budú zhodovaÅ¥. Ak tam '*' nie je, potom " "sa musí zhodovaÅ¥ absolútny príkaz vrátane argumentov." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "PridaÅ¥ príkazový riadok" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "UpraviÅ¥ príkazový riadok" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "OdstrániÅ¥ príkazový riadok" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Príkazové riadky" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Používateľské mená." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "PridaÅ¥ používateľské meno" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "UpraviÅ¥ používateľské meno" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "OdstrániÅ¥ používateľské meno" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Používateľské mená" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "ID používateľov." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "PridaÅ¥ ID používateľa" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "UpraviÅ¥ ID používateľa" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "OdstrániÅ¥ ID používateľa" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "ID používateľov" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Aktuálna predvolená zóna systému." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Záznam zamietnutí:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Núdzový režim:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatický pomocníci:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Uzamknutie:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Predvolená zóna:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Prosím zadajte názov rozhrania:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Základné nastavenia IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Prosím, nakonfigurujte základné nastavenia ipset:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Typ:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "ÄŒasový limit:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "VeľkosÅ¥ hash:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Hodnota Äasového limitu v sekundách" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "PoÄiatoÄná veľkosÅ¥ hash, Å¡tandardná 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maximálny poÄet elementov, Å¡tandardný 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Prosím vyberte ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Prosím zadajte položku ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Záznam zamietnurí" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Prosím vyberte hodnotu pre záznam zamietnutí:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "ZnaÄka" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Prosím, zadajte znaÄku s voliteľnou maskou." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Polia znaÄka a maska sú obe 32-bitové Äísla bez znamienka." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "ZnaÄka:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maska:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Prosím vyberte pomocníka netfilter conntrack:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Vyberte -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "ÄŽalÅ¡ie moduly:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port a Protokol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Prosím, zadajte port a protokol." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Priame pravidlo" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Prosím vyberte ipv a tabuľku, reÅ¥az a zadajte parametre." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Priorita:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Prosím zadajte protokol." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Iný protokol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Pravidlo rich" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Prosím zadajte pravidlo rich." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" "Pre whitelistovanie alebo blacklistovanie hostiteľa alebo siete deaktivujte " "element." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Zdroj:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Cieľ:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Záznam:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Audit:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 a ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "invertované" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Ak chcete toto povoliÅ¥, akcia musí byÅ¥ 'reject' a rodina buÄ 'ipv4' alebo " "'ipv6' (nie obe)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "s typom:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "S limitom:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Úroveň:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Akcia:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Základné nastavenia služby" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Prosím, nakonfigurujte základné nastavenia služby:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Prosím vyberte službu." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Prosím zadajte zdroj." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "ID používateľa" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Prosím zadajte ID používateľa." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Prosím zadajte používateľské meno." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "menovka" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Základné nastavenia zóny" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Prosím, nakonfigurujte základné nastavenia zóny:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Predvolený cieľ" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Cieľ:" firewalld-1.1.1/po/sq.po0000644000000000000000000012764014217342322015074 0ustar00rootroot00000000000000# Enea Jahollari , 2017. #zanata # Sidorela Uku , 2017. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2017-04-20 11:49+0000\n" "Last-Translator: Sidorela Uku \n" "Language-Team: Albanian\n" "Language: sq\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Zanata 4.6.2\n" "Plural-Forms: nplurals=2; plural=(n != 1)\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Firewall" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Konfigurimi i Firewall" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Zgjidh zonën për ndërfaqen '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Zona e parazgjedhur" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Selektoni zonën për lidhjen '%s'" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Selektoni zonën për burimin '%s'" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Përreth %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Autorët" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licensa" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Mundëso njoftimet" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Blloko të gjithë trafikun në rrjet" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Rreth" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Lidhjet" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Ndërfaqet" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Burimet" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Autorizimi dështoi" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Emër i pavlefshëm" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Emri tashmë ekziston" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zona '{zone}' aktive për burimin {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "aktivizuar" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "çaktivizuar" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zona '%s' aktivizuar për ndërfaqen '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zona '%s' aktivizuar për burimin '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Ndryshimet u aplikuan." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Konteksti" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "I përhershëm" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Shërbim" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Portë" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokoll" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Në Portën" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Në Adresën" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Lidhjet" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Hyrje" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Familje" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Veprim" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Burim" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "pranoj" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "refuzoj" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "shënoj" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "limit" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "shërbim" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "portë" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokoll" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "portë-burim" #: ../src/firewall-config.in:2097 msgid "level" msgstr "nivel" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "po" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zonë" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zona: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Fshij" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Injoro" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekonda" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minuta" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "orë" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "ditë" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "emergjencë" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alarm" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritik" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "gabim" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "njoftim" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Ju lutem zgjidhni një skedar" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Skedarët Tekst" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Të gjithë Skedarët" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Të gjithë" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adresa" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destinacion" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Ndihmuesi" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Shërbimet" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Shto Portë" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Edito Portë" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Fshij Portë" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portat" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Shto Protokoll" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokollet" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Portat burim" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Shto Ndërfaqe" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Porta Burim" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modulet" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Objektivi i paracaktuar" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Objektiv" firewalld-1.1.1/po/sr@latin.po0000644000000000000000000013125314217342322016220 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Igor Miletic , 2008 # MiloÅ¡ KomarÄević , 2005 # Milos Mijatovic , 2008 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2015-02-26 10:03+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Serbian (Latin) (http://www.transifex.com/projects/p/" "firewalld/language/sr@latin/)\n" "Language: sr@latin\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ZaÅ¡titni zid" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "PodeÅ¡avanje zaÅ¡titnog zida" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Neispravan argument %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Servis" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokol" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Na port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Na adresu" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "" #: ../src/firewall-config.in:822 msgid "Family" msgstr "" #: ../src/firewall-config.in:826 msgid "Action" msgstr "" #: ../src/firewall-config.in:828 msgid "Element" msgstr "" #: ../src/firewall-config.in:830 msgid "Src" msgstr "" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "" #: ../src/firewall-config.in:834 msgid "log" msgstr "" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Upozorenje" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "GreÅ¡ka" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "ProsleÄ‘ivanje portova" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Izaberite opcije za izvor i odrediÅ¡te u zavisnosti od potreba." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / opseg portova:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP adresa:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Ako ukljuÄite lokalno prosleÄ‘ivanje, morate navesti port. Taj port se mora " "razlikovati od izvornog porta." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokalno prosleÄ‘ivanje" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Prosledi na neki drugi port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP vrsta" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Dodaj stavku" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "Da_toteka" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "Opcij_e" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Pomoć" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Na port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Maskiranje dozvoljava da postavite domaćina ili ruter koji povezuje vaÅ¡u " "lokalnu mrežu na internet. Lokalna mreža neće biti vidljiva i domaćini će se " "pojaviti kao jedna adresa na internetu. Maskiranje je samo za IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskiranje" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Dodajte stavke za prosleÄ‘ene portove ili sa jednog porta na neki drugi na " "lokalnom sistemu, ili sa lokalnog sistema na drugi sistem. ProsleÄ‘ivanje na " "drugi sistem je korisno samo ako je sprega maskirana. ProsleÄ‘ivanje portova " "je samo za IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Protokol za kontrolisanje internet poruka (ICMP — Internet Control Message " "Protocol) se uglavnom koristi za slanje poruka o greÅ¡kama izmeÄ‘u umreženih " "raÄunara, ali i dodatno za informativne poruke poput ping zahteva i odgovora." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "OznaÄite ICMP vrste na spisku koje želite odbiti. Svim ostalim ICMP vrstama " "je dozvoljeno da proÄ‘u kroz zaÅ¡titni zid. Podrazumevana opcija je bez " "ograniÄenja." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Filter za ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Uredi stavku" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Ukloni stavku" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port i protokol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "" firewalld-1.1.1/po/sr.po0000644000000000000000000017130114217342322015066 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Igor Miletic , 2008 # MiloÅ¡ KomarÄević , 2005 # Milos Mijatovic , 2008 # Momcilo Medic , 2015. #zanata # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2016-01-04 12:42+0000\n" "Last-Translator: Momcilo Medic \n" "Language-Team: Serbian (http://www.transifex.com/projects/p/firewalld/" "language/sr/)\n" "Language: sr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Ðплет заштитног зида" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Заштитни зид" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Подешавање заштитног зида" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "заштитни зид;мрежа;ÑигурноÑÑ‚;iptables;мрежни филтер;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Одаберите зону за Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÑ˜Ñ '%s'" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Подразумевана зона" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Одаберите зону за везу '%s'" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Одаберите зону за извор '%s'" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "ПодеÑи зоне за подигнуте/Ñпуштене штитове" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Овде можете подеÑити зоне које Ñе кориÑте за подигнуте и Ñпуштене штитове." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Ова могућноÑÑ‚ је кориÑна људима који највише кориÑте подразумевану зону. За " "кориÑнике, који мењају зоне веза, она може бити делимично кориÑна." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Зона подигнутих штитова:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Зона Ñпуштених штитова:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "О %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Подигни штитове" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Омогући обавештења" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Измени подешавања заштитног зида..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Промени зоне веза..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "ПодеÑи зоне за подигнуте/Ñпуштене штитове..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "ЗауÑтави Ñав мрежни Ñаобраћај" #: ../src/firewall-applet.in:492 msgid "About" msgstr "О програму" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Везе" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "<Ñпрега>" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Извори" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ÐеуÑпешно овлашћење." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "ÐеиÑправан аргумент %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Име већ поÑтоји" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Зона: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Ðема везе до ÑервиÑа заштитног зида" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Сав мрежни Ñаобраћај је блокиран." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Подразумевана зона: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Зона '{zone}' је активна за везу '{connection}' на интерфејÑу '{interface}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Зона '{zone}' је активна за Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÑ˜Ñ '{interface}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Зона '{zone}' је активна за извор {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Ðема активних зона." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "УпоÑтављена веза Ñа FirewallD-ом." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Изгубљена веза Ñа FirewallD-ом." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD је поново учитан." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Подразумевана зона промењена на '%s'." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Мрежни Ñаобраћај више није блокиран." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "активирана" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "деактивирана" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Зона '{zone}' је {activated_deactivated} за везу '{connection}' на " "интерфејÑу '{interface}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Зона '{zone}' је {activated_deactivated} за Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÑ˜Ñ '{interface}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Зона '%s' је активирана за Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÑ˜Ñ '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Зона '{zone}' је {activated_deactivated} за извор '{source}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Зона '%s' је активирана за извор '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Промене Ñу примењене." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "У употреби на мрежној вези '%s'" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "омогућено" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "онемогућено" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "ÐеуÑпешно учитавање иконица." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "КориÑничко име" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "У току извршавања" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Трајно" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "СервиÑ" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Порт" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Протокол" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Ðа порт" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Ðа адреÑу" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp врÑта" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Породица" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Ðкција" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Елемент" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Извор" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Одредиште" #: ../src/firewall-config.in:834 msgid "log" msgstr "запиÑ" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Провера" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Извор" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Упозорење" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Грешка" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "прихвати" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "одби" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "иÑпуÑти" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "ограничи" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "ÑервиÑ" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "порт" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "протокол" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "маÑкарада" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "проÑлеђивање-порта" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "ниво" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "да" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Зона" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Зона '%s': Ð¡ÐµÑ€Ð²Ð¸Ñ '%s' није доÑтупан." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Уклони" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Занемари" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Зона '%s': ICMP врÑта '%s' није доÑтупна." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Уграђена зона, промена имена није подржана." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "Ñекунд" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "минут" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "Ñат" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "дан" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "хитно" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "упозорење" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "критично" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "грешка" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "упозорење" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "обавештење" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "информација" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "отклањање грешака" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ПреуÑмеравање на други ÑиÑтем је кориÑно Ñамо ако је Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÑ˜Ñ Ð¼Ð°Ñкиран.\n" "Да ли желите маÑкирати ову зону?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Уграђени ÑервиÑ, промена имена није подржана." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Уграђени icmp, промена имена није подржана." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Одаберите зону за извор %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ÐдреÑа" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Молим унеÑите командну линију." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Молим унеÑите контекÑÑ‚." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Молим одаберите подразумевану зону Ñа доњег ÑпиÑка." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Директан ланац" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Молим изаберите ipv и табелу и унеÑите име ланца." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Ланац:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "ÑигурноÑÑ‚" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Табела:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Директно правило пропуштања" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Молим изаберите ipv и унеÑите параметре." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Параметри:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "ПроÑлеђивање портова" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Изаберите опције за извор и одредиште у завиÑноÑти од потреба." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Порт / опÑег портова:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP адреÑа:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Протокол:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Одредиште" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Ðко укључите локално проÑлеђивање, морате навеÑти порт. Тај порт Ñе мора " "разликовати од изворног порта." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Локално проÑлеђивање" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "ПроÑледи на неки други порт" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Подебљана поља Ñу обавезна, Ñве оÑтало је опционо." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Име:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Верзија:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Кратко:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "ОпиÑ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Породица:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "ОÑновна ICMP подешавања" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Молим подеÑите оÑновна ICMP подешавања:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP врÑта" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Молим изаберите ICMP врÑту" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Додај Ñтавку" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "Да_тотека" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "Опциј_е" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Поново учитај Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Поново учитај правила заштитног зида. Тренутна трајна подешавања ће поÑтати " "нова подешавања за време извршавања. нпр. Ñве поÑтављене измене Ñамо за " "време извршавања ће бити изгубљене при поновном учитавању ако ниÑу такође " "биле у трајним подешавањима." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Промени којој зони припада мрежна веза." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Промени подразумевану зону" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Промени подразумевану зону за везе или интерфејÑе." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "Мод панике значи да ће Ñав долазни и одлазни пакети бити иÑпуштени." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Мод панике" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Закључавање закључава подешавање заштитног зида тако да Ñамо програми на " "белој лиÑти закључавања Ñмеју да је мењају." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Закључавање" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Претвори подешавања током извршавања у трајна" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Радна у трајна" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Преглед" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP врÑте" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Директна подешавања" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Бела лиÑта закључавања" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Помоћ" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Подешавање:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Тренутно видљива подешавања. Подешавања у току извршавања Ñу актуелна " "активна подешавања. Трајна подешавања ће бити активна након поновног " "учитавања или покретања ÑервиÑа или ÑиÑтема." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Firewalld зона дефинише ниво поверења у мрежним везама, интерфејÑима и " "изворним адреÑама везаним за зоне. Зона обједињује ÑервиÑе, портове, " "протоколе, маÑкараде, порт/пакет проÑлеђивање, icmp филтере и обогаћена " "правила. Зона може бити повезана Ñа интерфејÑима и изворним адреÑама." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Додај зону" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Измени зону" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Уклони зону" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Учитај подразумеване вредноÑти за зону" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Овде можете одредити којим ÑервиÑима Ñе верује у зони. Ти ÑервиÑи Ñу " "доÑтупни Ñа Ñвих хоÑтова и мрежа који могу доÑегнути до машине кроз везе, " "интерфејÑе и изворе повезане Ñа овом зоном." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "СервиÑи" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Додај додатни порт или опÑег портова, који треба да буду доÑтупни Ñвим " "хоÑтовима или мрежама који могу да Ñе повежу на машину." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Ðа порт" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Измени порт" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Уклони порт" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Портови" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "МаÑкирање дозвољава да поÑтавите домаћина или рутер који повезује вашу " "локалну мрежу на интернет. Локална мрежа неће бити видљива и домаћини ће Ñе " "појавити као једна адреÑа на интернету. МаÑкирање је Ñамо за IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "МаÑкирај зону" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Ðко омогућите маÑкараду, IP проÑлеђивање ће бити омогућено за ваше IPv4 " "мреже." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "МаÑкирање" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Додајте Ñтавке за проÑлеђене портове или Ñа једног порта на неки други на " "локалном ÑиÑтему, или Ñа локалног ÑиÑтема на други ÑиÑтем. ПроÑлеђивање на " "други ÑиÑтем је кориÑно Ñамо ако је Ñпрега маÑкирана. ПроÑлеђивање портова " "је Ñамо за IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Додај порт за проÑлеђивање" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Измени порт за проÑлеђивање" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Уклони порт за проÑлеђивање" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Протокол за контролиÑање интернет порука (ICMP — Internet Control Message " "Protocol) Ñе углавном кориÑти за Ñлање порука о грешкама између умрежених " "рачунара, али и додатно за информативне поруке попут пинг захтева и одговора." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Означите ICMP врÑте на ÑпиÑку које желите одбити. Свим оÑталим ICMP врÑтама " "је дозвољено да прођу кроз заштитни зид. Подразумевана опција је без " "ограничења." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Филтер за ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Овде можете подешавати правила у обогаћеном језику за зону." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Додај обогаћено правило" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Измени обогаћено правило" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Уклони обогаћено правило" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Обогаћена правила" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Додајте уноÑе да Ñе повежу интерфејÑи Ñа зоном. Ðко ће веза кориÑтити " "интерфејÑ, зона ће бити поÑтављена на зону подешену у вези." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Додај интерфејÑ" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Измени интерфејÑ" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Уклони интерфејÑ" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Додај извор" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Измени извор" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Уклони извор" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Зоне" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Firewalld ÑÐµÑ€Ð²Ð¸Ñ Ñ˜Ðµ обједињење портова, протокола, модула и одредишних " "адреÑа." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Додај ÑервиÑ" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Измени ÑервиÑ" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Уклони ÑервиÑ" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Учитај подразумеване вредноÑти ÑервиÑа" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Уреди Ñтавку" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Уклони Ñтавку" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Модули" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Ðко назначите одредишне адреÑе, ÑƒÐ½Ð¾Ñ ÑервиÑа ће бити ограничен Ñамо на " "одредишну адреÑу и врÑту. Ðко Ñу оба уноÑа празна, нема ограничења." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "СервиÑи Ñе могу мењати Ñамо у прегледу трајних подешавања. Подешавање " "ÑервиÑа у време извршавања је Ñтатично." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Firewalld icmptype пружа информације о врÑти протокола интернет контролних " "порука (ICMP - Internet Control Message Protocol) за firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Додај ICMP врÑту" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Измени ICMP врÑту" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Уклони ICMP врÑту" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Учитај подразумеване вредноÑти ICMP врÑта" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Одредите да ли ће ICMP врÑта бити доÑтупна за IPv4 и/или IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP врÑте Ñе могу мењати Ñамо у прегледу трајних подешавања. Подешавање " "ICMP врÑта у време извршавања је Ñтатично." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Диреткна подешавања дају директнији приÑтуп заштитном зиду. Ове опције " "захтевају да кориÑник познаје оÑновне iptables концепте, нпр. табеле, ланце, " "команде, параметре и циљеве. Директно подешавање би требало кориÑтити Ñамо " "као поÑледњу опцију када није могуће кориÑтити оÑтале firewalld могућноÑти." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" " ipv параметар Ñваке опције мора бити IPv4 или IPv6 или eb. Са IPv4 биће за " "iptables, Ñа IPv6 за ip6tables и Ñа eb за мрежне моÑтове (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Додатни ланци у употреби Ñа правилима." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Додај ланац" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Измени ланац" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Уклони ланац" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Ланци" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "Додај правило ланцу Ñа аргументима args у табели Ñа приоритетом." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Приоритет Ñлужи за редоÑлед правила. Приоритет 0 значи да Ñе правило додаје " "на врх ланца, Ñа већим приоритетом правило ће бити додато ниже. Правила Ñа " "иÑтим приоритетом Ñу на иÑтом нивоу и редоÑлед тих правила није Ñтално и " "може бити промењено. Ðко желите да Ñе оÑигурате да ће правило бити додато " "након другог, кориÑтите низак приоритет за прво и виÑок за Ñледеће." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Додај правило" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Измени правило" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Уклони правило" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Правила" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "ПропуÑна правила Ñу директно пружена кроз заштитни зид и ниÑу Ñмештена у " "поÑебне ланце. Све iptables, ip6tables и ebtables опције могу бити " "употребљене." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Молимо да будете пажљиви Ñа пропуÑним правилима да не оштетите заштитни зид." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Додај пропуÑно правило" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Измени пропуÑно правило" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Уклони пропуÑно правило" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "ПропуÑна правила" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "МогућноÑÑ‚ закључавања је лагана верзија полиÑа кориÑника и програма за " "firewalld. Оно ограничава промене на заштитном зиду. Бела лиÑта за " "закључавање може Ñадржати команде, контекÑте, кориÑнике и кориÑничке ID-ове." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Додај контекÑÑ‚" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Измени контекÑÑ‚" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Уклони контекÑÑ‚" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "КонтекÑти" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Ðко ÑƒÐ½Ð¾Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ðµ у белу лиÑту завршава Ñа аÑтериÑком '*', онда ће Ñе Ñве " "командне линије које почињу Ñа командом подударати. Ðко '*' није ту " "апÑолутна команда Ñа аргументима мора да Ñе подудара." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Додај командну линију" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Измени командну линију" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Уклони командну линију" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Командне линије" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "КориÑничка имена." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Додај кориÑничко име" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Измени кориÑничко име" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Уклони кориÑничко име" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "КориÑничка имена" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "КориÑнички ID-ови." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Додај кориÑнички ID" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Измени кориÑнички ID" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Уклони кориÑнички ID" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "КориÑнички ID-ови" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Тренутна подразумевана зона за ÑиÑтем." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Мод панике:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Закључавање:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Подразумевана зона:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Порт и протокол" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Молим унеÑите порт и протокол." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Директно правило" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Молим одаберите ipv и табелу, приоритет ланца и унеÑите аргументе." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Приоритет:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Молим унеÑите протокол." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Други протокол:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Обогаћено правило" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Молим унеÑите обогаћено правило." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "За белу или црну лиÑту домаћина или мреже деактивирајте елемент." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Извор:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Одредиште:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "ЗапиÑ:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Провера:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 и ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "обрнуто" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Да омогућите ово Ðкција мора бити 'одбиј' и Породица или 'ipv4' или " "'ipv6' (не оба)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "Ñа Ð’Ñ€Ñтом:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Са ограничењем:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "ПрефикÑ:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Ðиво:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Елемент:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Ðкција:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "ОÑновна подешавања ÑервиÑа" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Молим поÑтавите оÑновна подешавања ÑервиÑа:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Молим одаберите ÑервиÑ." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "КориÑнички ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Молим унеÑите кориÑнички ID." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Молим унеÑите кориÑничко име." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "ОÑновна подешавања зоне" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Молим поÑтавите оÑновна подешавања зоне:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Подразумевани циљ" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Циљ:" firewalld-1.1.1/po/sv.po0000644000000000000000000016537514217342322015110 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # denka , 2014 # denka , 2014 # Göran Uddeborg , 2012-2014, 2020. # Göran Uddeborg , 2015. #zanata, 2020. # Göran Uddeborg , 2016. #zanata, 2020. # Göran Uddeborg , 2017. #zanata, 2020. # Eric Garver , 2018. #zanata # Göran Uddeborg , 2018. #zanata, 2020. # Luna Jernberg , 2021. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2021-03-31 18:01+0000\n" "Last-Translator: Luna Jernberg \n" "Language-Team: Swedish \n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 4.5.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Panelprogram för brandvägg" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Brandvägg" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Brandväggskonfiguration" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "brandvägg;nätverk;säkerhet;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Välj zon för gränssnittet â€%sâ€" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Standardzon" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Välj zon för anslutningen â€%sâ€" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Kunde inte sätta zonen {zone} för anslutningen {connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Välj zon för källan â€%sâ€" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Konfigurera sköldar upp-/ner-zoner" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Här kan du välja zonerna som skall användas för sköldar upp och sköldar ner." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Denna funktion är användbar för folk som använder standardzoner för det " "mesta. För användare som byter zoner med anslutningar kan det vara av " "begränsad nytta." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Sköldar upp-zon:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Ã…terställ till standard" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Sköldar ner-zon:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Om %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Författare" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Licens" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Sköldarna uppe" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Aktivera notifieringar" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Redigera brandväggsinställningar …" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Ändra zoner för anslutningar…" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Konfigurera sköld upp-/nerzoner …" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Blockera all nätverkstrafik" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Om" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "Anslutningar" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "Gränssnitt" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Källor" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Auktorisering misslyckades." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Ogiltigt namn" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Namnet finns redan" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Zon: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Standardzon: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Misslyckades att hämta anslutningar frÃ¥n Nätverkshanteraren" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Inga importer frÃ¥n Nätverkshanteraren tillgängliga" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Ingen anslutning till brandväggsdemonen" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "All nätverkstrafik är blockerad." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Standardzon: â€%sâ€" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Standardzonen â€{default_zone}†är aktiv för anslutningen â€{connection}†pÃ¥ " "gränssnittet â€{interface}â€" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Zonen â€{zone}†aktiv för anslutningen â€{connection}†pÃ¥ gränssnittet " "â€{interface}â€" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Zonen â€{zone}†aktiv för gränssnittet â€{interface}â€" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Zonen â€{zone}†aktiv för källa {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Inga aktiva zoner." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Anslutning till FirewallD etablerad." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Anslutning till FirewallD förlorad." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD har lästs om." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Standardzon ändrad till â€%sâ€." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Nätverkstrafik är inte längre blockerad." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "aktiverad" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "inaktiverad" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Standardzonen â€{default_zone}†{activated_deactivated} för anslutningen " "â€{connection}†pÃ¥ gränssnittet â€{interface}â€" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Zonen â€{zone}†{activated_deactivated} för anslutningen â€{connection}†pÃ¥ " "gränssnittet â€{interface}â€" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Zonen â€{zone}†{activated_deactivated} för gränssnittet â€{interface}â€" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Zonen â€%s†aktiverad för gränssnittet â€%sâ€" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Zonen â€{zone}†{activated_deactivated} för källa â€{source}â€" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Zonen â€%s†aktiverad för källa â€%sâ€" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Anslutningen till firewalld etablerad." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "Försöker ansluta till firewalld, väntar …" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Det gick inte att ansluta till brandväggen. Kontrollera att tjänsten har " "startats korrekt och försök igen." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Ändringar tillämpade." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "Används av nätverksanslutningen â€%sâ€" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Standardzonen används av nätverksanslutningen â€%sâ€" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "aktiverad" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "inaktiverad" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Misslyckades att läsa in ikoner." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "Kontext" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Kommandorad" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Användarnamn" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Användar-ID" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tabell" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Kedja" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Prioritet" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argument" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Körtillfälle" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Permanent" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Tjänst" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Port" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protokoll" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Till port" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Till adress" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Bindningar" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "Post" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp-typ" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Familj" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Ã…tgärd" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Element" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Källa" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "MÃ¥l" #: ../src/firewall-config.in:834 msgid "log" msgstr "logg" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Granskning" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Gränssnitt" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Kommentar" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Källa" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Varning" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Fel" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "acceptera" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "avvisa" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "kasta" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "märk" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "gräns" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "tjänst" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "port" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokoll" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maskera" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-typ" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "port för vidarebefordran" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "källport" #: ../src/firewall-config.in:2097 msgid "level" msgstr "nivÃ¥" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ja" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Zon" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Standardzon: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Zon: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Zon â€%sâ€: Tjänsten â€%s†är inte tillgänglig." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Radera" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ignorera" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Zon â€%sâ€: ICMP-typen â€%s†är inte tillgänglig." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Inbyggd zon, namnbyte stödjs inte." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "sekund" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "minut" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "timme" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "dag" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "nödläge" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "larm" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritisk" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "fel" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "varning" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "meddelande" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "info" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "felsökning" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "Vidarebefordran till ett annat system är endast användbart om gränssnittet " "är\n" "maskerat. Vill du maskera denna zon?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Inbyggd tjänst, namnbyte stödjs inte." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Ange en ipv4-adress pÃ¥ formen adress[/mask]." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "Masken kan vara en nätverksmask eller ett tal." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Ange en ipv6-adress pÃ¥ formen adress[/mask]." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "Masken är ett tal." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Ange en ipv4- eller ipv6-adress pÃ¥ formen adress[/mask]." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Masken kan vara en nätverksmask eller ett tal för ipv4.\n" "Masken är ett tal för ipv6." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "Inbyggd ipset, byte av namn stödjs inte." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Välj en fil" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Textfiler" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Alla filer" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Alla" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "Inbyggd hjälpare, namnbyte stödjs inte." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Inbyggd icmp, namnbyte stödjs inte." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Misslyckades att läsa filen â€%sâ€: %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Välj zon för källan %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adress" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Automatiska hjälpare" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Välj den automatiska väljaren värde:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Ange kommandoraden." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Ange kontexten." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Välj standardzon frÃ¥n listan nedan." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "Direkt kedja" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Välj ipv och tabell och ange kedjenamnet." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Kedja:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "rÃ¥" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "säkerhet" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tabell:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "Direkt passageregel" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Ange ipv och skriv in argumenten." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Arg:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "Vidarebefordran av port" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Välj de käll- och destinationsalternativ som du behöver." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Port / Portintervall:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP-adress:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokoll:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Destination" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Om du aktiverar lokal vidarebefordran sÃ¥ mÃ¥ste du ange en port. Denna port " "kan inte vara samma port som källporten." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Lokal vidarebefordran" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Vidarebefordra till en annan port" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Inställningar för bashjälpare" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Konfigurera inställningar för bashjälpare:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Poster i fetstil är obligatoriska, alla andra är frivilliga." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Namn:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Version:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Kort:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Beskrivning:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Familj:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modul:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Hjälpare" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Välj en hjälpare:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Grundinställningar för ICMP-typ" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Konfigurera grundinställningar för ICMP-typ:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP-typ" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Välj en ICMP-typ" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Lägg till post" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Lägg till poster frÃ¥n en fil" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Ta bort den valda posten" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Ta bort alla poster" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Ta bort poster frÃ¥n en fil" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Fil" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Alternativ" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Läs om Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Läser om brandväggsregler. Nuvarande permanenta konfiguration kommer bli ny " "körtidskonfiguration. D.v.s., alla ändringar som bara gjorts i det körande " "systemet fram till omläsningen gÃ¥r förlorade vid en omläsning om de inte " "även har gjorts i den permanenta konfigurationen." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Ändra vilken zon en nätverksanslutning hör till." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Ändra standardzon" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Ändra standardzon för anslutningar eller gränssnitt." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Ändra nekningslogg" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Ändra nekningsloggvärde." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Konfigurera tilldelning av automatiska hjälpare" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Konfigurera inställningar för tilldelning av automatiska hjälpare." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "Panikläge betyder att alla inkommande och utgÃ¥ende paket slängs." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Panikläge" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Isolering lÃ¥ser brandväggskonfigurationen sÃ¥ att endast program pÃ¥ " "isoleringens vitlista kan ändra den." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Isolering" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Gör körtidskonfigurationen permanent" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Körtid till permanent" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Vy" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPMängder" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP-typer" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Hjälpare" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "Direkt konfiguration" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Isoleringens vitlista" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Aktiva bindningar" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Hjälp" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Ändra zon" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Byt bindningszon" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Dölj aktiva körtidsbindningar över anslutningar, gränssnitt och källor till " "zoner" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Visa aktiva körtidsbindningar över anslutningar, gränssnitt och källor till " "zoner" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Konfiguration:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Nu synlig konfiguration. Körtidskonfigurationen är den aktiva " "konfigurationen. Permanent konfiguration kommer vara aktiv efter omläsning " "eller omstart av tjänsten eller systemet." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "En firewalld-zon definierar nivÃ¥n av tillit pÃ¥ nätverksförbindelser, " "gränssnitt och källadresser bundna till zonen. Zonen kombinerar tjänster, " "portar, protokoll, maskering, vidarebefordran av portar/paket, icmp-filter " "och rika regler. Zonen kan bindas till gränssnitt och källadresser." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Lägg till zon" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Redigera zon" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Radera zon" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Läs in standardinställningar för zon" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Här kan du definiera vilka tjänster som är betrodda i zonen. Betrodda " "tjänster är Ã¥tkomliga frÃ¥n alla värdar och nätverk som kan nÃ¥ maskinen frÃ¥n " "förbindelser, gränssnitt och källor bundna till denna zon." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Tjänster" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Lägg till ytterligare portar eller portintervall, vilka behöver vara " "Ã¥tkomliga för alla värdar eller nätverk som kan ansluta till maskinen." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Lägg till port" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Redigera port" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Radera port" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Portar" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Lägg till protokoll, som behöver vara Ã¥tkomliga för alla värdar eller " "nätverk." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Lägg till protokoll" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Redigera protokoll" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Ta bort protokoll" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokoll" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Lägg till ytterligare källportar eller portintervall, vilka behöver vara " "Ã¥tkomliga för alla värdar eller nätverk som kan ansluta till maskinen." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Källportar" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Maskering gör att du kan sätta upp en värd eller router som ansluter till " "ditt lokala nätverket till internet. Ditt lokala nätverk syns inte och " "värdarna ser ut som de har en enda adress pÃ¥ internet. Maskering är endast " "för IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Maskerad zon" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Om du aktiverar maskering kommer IP-vidarebefordran aktiveras för dina IPv4-" "nätverk." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskering" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Lägg till poster för att vidarebefordra portar antingen frÃ¥n en port till en " "annan pÃ¥ det lokala systemet eller frÃ¥n det lokala systemet till ett annat " "system. Vidarebefordra till ett annat system är bara användbart om " "gränssnittet är maskerat. Vidarebefordran av portar är endast för IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Lägg till vidarebefordrad port" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Redigera vidarebefordrad port" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Radera vidarebefordrad port" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internet Control Message Protocol (ICMP) används mest för att skicka " "felmeddelanden mellan nätverksdatorer, men ocksÃ¥ för informationsmeddelanden " "som ping-förfrÃ¥gningar och svar." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Markera i listan de ICMP-typer som skall nekas tillträde. Alla andra ICMP-" "typer tillÃ¥ts passera brandväggen. Standardvärdet är ingen begränsning av " "tillträde." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Om inverterat filter är aktivt accepteras märkta ICMP-poster och andra " "avvisas. I en zon med mÃ¥let DROP kastas de." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Invertera filter" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP-filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Här kan du ange regler i rikt sprÃ¥k för zonen." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Lägg till en rik regel" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Redigera en rik regel" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Ta bort en rik regel" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Rika regler" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Lägg till poster för att binda gränssnitt till zonen. Om gränssnittet kommer " "användas av en förbindelse kommer zonen att sättas till zonen som är angiven " "i förbindelsen." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Lägg till gränssnitt" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Redigera gränssnitt" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Radera gränssnitt" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Lägg till poster för att binda källadresser eller omrÃ¥den till zonen. Du kan " "ocksÃ¥ binda till en MAC-källadress, men med begränsningar. Vidarebefordran " "av portar och maskering kommer inte fungera för MAC-källbindningar." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Lägg till källa" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Redigera källa" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Radera källa" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Zoner" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "En firewalld-tjänst är en kombination av portar, protokoll, moduler och " "destinationsadresser." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Lägg till tjänst" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Redigera tjänst" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Radera tjänst" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Läs in standardvärden för tjänster" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Lägg till ytterligare portar eller portintervall, vilka behöver vara " "Ã¥tkomliga för alla värdar eller nätverk." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Redigera post" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "Radera post" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Lägg till ytterligare källportar eller portintervall, vilka behöver vara " "Ã¥tkomliga för alla värdar eller nätverk." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Källport" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Netfilter-hjälpmoduler behövs för vissa tjänster." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Moduler" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Om du anger destinationsadresser kommer tjänsteposten vara begränsad till " "destinationsadressen och typ. Om bÃ¥da posterna är tomma finns det ingen " "sÃ¥dan begränsning." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Tjänster kan endast ändras i vyn över permanent konfiguration. " "Konfigurationen av tjänster i det körande systemet är fast." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "En IPMängd kan användas för att skapa vit- eller svartlistningar och kan " "lagra till exempel IP-adresser, portnummer eller MAC-adresser. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPMängd" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Lägg till IPMängd" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Redigera IPMängd" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Ta bort IPMängd" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Läs in IPMängd-standardvärden" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "Poster i IPMängden. Du kommer bara kunna se poster i ipmängder som inte " "använder alternativet tidsgräns, och endast posterna som har lagts till av " "firewalld. Poster som har lagts till direkt med kommandot ipset kommer inte " "listas här." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Denna IPMängd använder alternativet tidsgräns, därför är inga poster synliga " "här. Posterna skall tas om hand direkt med kommandot ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Lägg till" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Poster" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPMängder kan endast skapas eller tas bort i vyn med permanent konfiguration." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "En firewalld icmp-typ ger information för en Internet Control Message " "Protocol (ICMP)-typ för firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Lägg till ICMP-typ" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Redigera ICMP-typ" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Radera ICMP-typ" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Läs in standardvärden för ICMP-typer" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Ange huruvida denna ICMP-typ är tillgänglig för IPv4 och/eller IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP-typer kan endast ändras i vyn över permanent konfiguration. " "Konfigurationen av ICMP-typer i det körande systemet är fast." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "En hjälpare som följer förbindelser assisterar för att fÃ¥ protokoll som " "använder olika flöden för signalering och dataöverföringar fungera. " "Dataöverföringarna använder portar som är orelaterade till " "signaleringsförbindelsen och blockeras därför av brandväggen utan hjälparen." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "Definiera portar eller portintervall som övervakas av hjälparen." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "Den direkta konfigurationen ger en mer direkt Ã¥tkomst till brandväggen. " "Dessa alternativ förutsätter att användaren känner till grundläggande " "begrepp i iptables, t.ex. tabeller, kedjor, kommandon, parametrar och mÃ¥l. " "Direkt konfiguration bör bara användas som en sista utväg när det inte är " "möjligt att använda andra funktioner i firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Argumentet ipv i varje alternativ mÃ¥ste vara ipv4 eller ipv6 eller eb. Med " "ipv4 som stÃ¥r för iptables, med ipv6 för ip6tables och med eb för " "ethernätsbryggor (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Ytterligare kedjor att använda med regler." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Lägg till kedja" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Redigera kedja" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Ta bort kedja" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Kedjor" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Lägg till en regel med argumenten arg till en kedja i en tabell med en " "prioritet." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Prioriteten används för att sortera regler. Prioritet 0 betyder lägg till en " "regel först i kedjan, med en högre prioritet kommer regeln läggas till " "längre ned. Regler med samma prioritet ligger pÃ¥ samma nivÃ¥ och ordningen " "mellan dessa regler är inte bestämd och kan ändras. Om du vill vara säker pÃ¥ " "att en regel kommer läggas till efter en annan, använd en lägre prioritet " "för den första och en högre för den följande." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Lägg till regel" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Redigera regel" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Radera regel" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Regler" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "Passageregler skickas direkt vidare till brandväggen och placeras inte i " "speciella kedjor. Alla flaggor till iptables, ip6tables och ebtables kan " "användas." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "Var försiktig med passageregler för att inte skada brandväggen." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Lägg till en passageregel" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Redigera passageregel" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Ta bort passageregel" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "Passageregel" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Funktionen isolering är en lättversion av policyer för användare och program " "för firewalld. Det begränsar ändringar av brandväggen. Isoleringens vitlista " "kan innehÃ¥lla kommandon, kontexter, användare och användar-id:n." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "Kontexten är säkerhetskontexten (SELinux) av ett körande program eller " "tjänst. För att fÃ¥ kontexten för ett körande program använd ps -e --" "context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Lägg till kontext" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Redigera kontext" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Ta bort kontext" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "Kontexter" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Om en kommandopost pÃ¥ vitlistan slutar med en asterisk â€*†kommer alla " "kommandorader som startar med kommandot att matcha. Om en â€*†inte finns där " "mÃ¥ste det precisa kommandot inklusive argument matcha." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Lägg till kommandorad" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Redigera kommandorad" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Ta bort kommandorad" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Kommandorader" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Användarnamn." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Lägg till användarnamn" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Redigera användarnamn" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Radera användarnamn" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Användarnamn" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Användar-id:n." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Lägg till användar-id" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Redigera användar-id" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Radera användar-id" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Användar-id:n" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Systemets nuvarande standardzon." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Nekningslogg:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Panikläge:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Automatiska hjälpare:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Isolering:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Standardzon:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Ange ett namn för gränssnittet:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Bas-IPMängd-inställningar" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Konfigurera bas-ipmängd-inställningar:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Typ:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Tidsgräns:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hash-storlek:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelement:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Tidsgränsvärde i sekunder" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Initial hash-storlek, standard 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Maximalt antal element, standar 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Välj en ipmängd:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Ange en ipset-post:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Nekningslogg" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Välj värdet pÃ¥ nekningsloggen:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Märk" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Ange ett märke och eventuellt en mask." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "Märkes- och maskfälten är bÃ¥da 32 bitar breda teckenlösa tal." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Märke:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Mask:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Välj en netfilter conntrack-hjälpare:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Välj -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Annan modul:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Port och protokoll" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Ange en port och ett protokoll." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "Direkt regel" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Välj ipv och tabell, kedjeprioritet och ange argumenten." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Prioritet:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Ange ett protokoll." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Andra protokoll:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Rik regel" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Ange en rik regel." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" "För tillÃ¥t- eller nekalistning av värdar eller nätverk deaktivera elementet." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Källa:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Destination:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Logg:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Granskning:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 och IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "inverterad" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "För att aktivera detta mÃ¥ste Ã…tgärd vara â€avvisa†och Familj antingen â€ipv4†" "eller â€ipv6†(inte bÃ¥da)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "med typ:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Med gräns:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Prefix:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "NivÃ¥:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Element:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Ã…tgärd:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Grundinställningar för tjänster" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Konfigurera grundinställningar för tjänster:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Välj en tjänst." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Ange en källa." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Användar-id" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Ange användar-id." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Ange användarnamnet." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etikett" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Inställningar för baszon" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Konfigurera inställningar för baszon:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "StandardmÃ¥l" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "MÃ¥l:" firewalld-1.1.1/po/ta.po0000644000000000000000000022017614217342322015053 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Felix , 2006-2007 # I felix , 2007 # I Felix , 2010-2011 # I. Felix , 2008-2009 # Jayaradha N , 2004 # Jayaradha N , 2004-2005 # Priyadharsini , 2008,2010 # shkumar , 2013-2014 # shkumar , 2013-2014 msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2015-02-26 10:04+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Tamil (http://www.transifex.com/projects/p/firewalld/language/" "ta/)\n" "Language: ta\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "ஃபயரà¯à®µà®¾à®²à¯ அபà¯à®ªà®²à¯†à®Ÿà¯" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ஃபயரà¯à®µà®¾à®²à¯" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ஃபயரà¯à®µà®¾à®²à¯ கடà¯à®Ÿà®®à¯ˆà®ªà¯à®ªà¯" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "இடைமà¯à®•à®®à¯ '%s' கà¯à®•à¯ மணà¯à®Ÿà®²à®¤à¯à®¤à¯ˆà®¤à¯ தேரà¯à®¨à¯à®¤à¯†à®Ÿà¯à®•à¯à®•à®µà¯à®®à¯" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯ மணà¯à®Ÿà®²à®®à¯" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "இணைபà¯à®ªà¯ %s கà¯à®•à¯ மணà¯à®Ÿà®²à®¤à¯à®¤à¯ˆà®¤à¯ தேரà¯à®¨à¯à®¤à¯†à®Ÿà¯à®•à¯à®•à®µà¯à®®à¯" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "ஷீலà¯à®Ÿà¯à®•à®³à¯ மேலே/கீழே மணà¯à®Ÿà®²à®™à¯à®•à®³à¯ˆ அமைவாகà¯à®•à®®à¯ " #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "இஙà¯à®•à¯ நீஙà¯à®•à®³à¯ ஷீலà¯à®Ÿà¯à®•à®³à¯ மேலே மறà¯à®±à¯à®®à¯ ஷீலà¯à®Ÿà¯à®•à®³à¯ கீழே எனà¯à®ªà®µà®±à¯à®±à¯à®•à¯à®•à¯à®ªà¯ பயனà¯à®ªà®Ÿà¯à®®à¯ மணà¯à®Ÿà®²à®™à¯à®•à®³à¯ˆà®¤à¯ " "தேரà¯à®¨à¯à®¤à¯†à®Ÿà¯à®•à¯à®•à®²à®¾à®®à¯." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "இநà¯à®¤ à®…à®®à¯à®šà®®à¯ பெரà¯à®®à¯à®ªà®¾à®²à¯à®®à¯ à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯ மணà¯à®Ÿà®²à®™à¯à®•à®³à¯ˆà®ªà¯ பயனà¯à®ªà®Ÿà¯à®¤à¯à®¤à¯à®®à¯ நபரà¯à®•à®³à¯à®•à¯à®•à¯à®ªà¯ பயனà¯à®³à¯à®³à®¤à¯. " "இணைபà¯à®ªà¯à®•à®³à®¿à®©à¯ மணà¯à®Ÿà®²à®™à¯à®•à®³à¯ˆ மாறà¯à®±à¯à®®à¯ பயனரà¯à®•à®³à¯à®•à¯à®•à¯ இத௠வரமà¯à®ªà¯à®•à¯à®•à¯à®Ÿà¯à®ªà®Ÿà¯à®Ÿ பயனà¯à®³à¯à®³à®¤à®¾à®• இரà¯à®•à¯à®•à¯à®®à¯." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "ஷீலà¯à®Ÿà¯à®•à®³à¯ மேலே மணà¯à®Ÿà®²à®®à¯:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "ஷீலà¯à®Ÿà¯à®•à®³à¯ கீழே மணà¯à®Ÿà®²à®®à¯:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "ஷீலà¯à®Ÿà¯à®•à®³à¯ மேலே" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "அறிவிபà¯à®ªà¯à®•à®³à¯ˆ செயலà¯à®ªà®Ÿà¯à®¤à¯à®¤à¯" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "ஃபயரà¯à®µà®¾à®²à¯ அமைவà¯à®•à®³à¯ˆà®¤à¯ திரà¯à®¤à¯à®¤à¯..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "இணைபà¯à®ªà¯à®•à®³à®¿à®©à¯ மணà¯à®Ÿà®²à®™à¯à®•à®³à¯ˆ மாறà¯à®±à¯..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "ஷீலà¯à®Ÿà¯à®•à®³à¯ மேலே/கீழே மணà¯à®Ÿà®²à®™à¯à®•à®³à¯ˆ அமைவாகà¯à®•à®®à¯ செயà¯..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "அனைதà¯à®¤à¯ பிணைய போகà¯à®•à¯à®µà®°à®¤à¯à®¤à¯ˆà®¯à¯à®®à¯ தடà¯" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "இணைபà¯à®ªà¯à®•à®³à¯" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "மூலஙà¯à®•à®³à¯" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "à®…à®™à¯à®•à¯€à®•à®¾à®°à®®à¯ தோலà¯à®µà®¿à®¯à¯à®±à¯à®±à®¤à¯." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "தவறான அளவà¯à®°à¯ %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "பெயர௠à®à®±à¯à®•à®©à®µà¯‡ உளà¯à®³à®¤à¯" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "ஃபயரà¯à®µà®¾à®²à¯ டீமனà¯à®Ÿà®©à¯ இணைபà¯à®ªà¯ எதà¯à®µà¯à®®à¯ இலà¯à®²à¯ˆ" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "அனைதà¯à®¤à¯ பிணைய போகà¯à®•à¯à®µà®°à®¤à¯à®¤à¯à®®à¯ தடà¯à®•à¯à®•à®ªà¯à®ªà®Ÿà¯à®Ÿà¯à®³à¯à®³à®¤à¯." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯ மணà¯à®Ÿà®²à®®à¯: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "இடைமà¯à®•à®®à¯ '{interface}' இல௠உளà¯à®³ இணைபà¯à®ªà¯ '{connection}' கà¯à®•à¯ மணà¯à®Ÿà®²à®®à¯ '{zone}' செயலில௠" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "இடைமà¯à®•à®®à¯ '{interface}' கà¯à®•à¯ மணà¯à®Ÿà®²à®®à¯ '{zone}' செயலில௠உளà¯à®³à®¤à¯" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "மூலம௠{source} கà¯à®•à¯ மணà¯à®Ÿà®²à®®à¯ '{zone}' செயலில௠உளà¯à®³à®¤à¯" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "செயலில௠உளà¯à®³ மணà¯à®Ÿà®²à®™à¯à®•à®³à¯ எதà¯à®µà¯à®®à¯ இலà¯à®²à¯ˆ." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallD கà¯à®•à®¾à®© இணைபà¯à®ªà¯ நிறà¯à®µà®ªà¯à®ªà®Ÿà¯à®Ÿà®¤à¯." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallD கà¯à®•à®¾à®© இணைபà¯à®ªà¯ இழகà¯à®•à®ªà®ªà¯à®Ÿà¯à®Ÿà®¤à¯." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD மீளேறà¯à®±à®ªà¯à®ªà®Ÿà¯à®Ÿà®¤à¯." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯ மணà¯à®Ÿà®²à®®à¯ '%s' என மா." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "பிணைய போகà¯à®•à¯à®µà®°à®¤à¯à®¤à¯ இபà¯à®ªà¯‹à®¤à¯ தடà¯à®•à¯à®•à®ªà¯à®ªà®Ÿà¯à®Ÿà®¿à®²à¯à®²à¯ˆ." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "செயலà¯à®ªà®Ÿà¯à®¤à¯à®¤à®ªà¯à®ªà®Ÿà¯à®Ÿà®¤à¯" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "à®®à¯à®Ÿà®•à¯à®•à®ªà¯à®ªà®Ÿà¯à®Ÿà®¤à¯" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "இடைமà¯à®•à®®à¯ '{interface}' இல௠உளà¯à®³ இணைபà¯à®ªà¯ '{connection}' கà¯à®•à®¾à®© மணà¯à®Ÿà®²à®®à¯ " "'{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "இடைமà¯à®•à®®à¯ '{interface}' கà¯à®•à®¾à®© மணà¯à®Ÿà®²à®®à¯ '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "இடைமà¯à®•à®®à¯ '%s' கà¯à®•à®¾à®© மணà¯à®Ÿà®²à®®à¯ '%s' செயலà¯à®ªà®Ÿà¯à®¤à¯à®¤à®ªà¯à®ªà®Ÿà¯à®Ÿà®¤à¯" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "மூலம௠'{source}' கà¯à®•à¯ மணà¯à®Ÿà®²à®®à¯ '{zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "மூலம௠'%s' கà¯à®•à¯ மணà¯à®Ÿà®²à®®à¯ '%s' செயலà¯à®ªà®Ÿà¯à®¤à¯à®¤à®ªà¯à®ªà®Ÿà¯à®Ÿà¯à®³à¯à®³à®¤à¯" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "மாறà¯à®±à®™à¯à®•à®³à¯ செயலà¯à®ªà®Ÿà¯à®¤à¯à®¤à®ªà¯à®ªà®Ÿà¯à®Ÿà®©." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "பிணைய இணைபà¯à®ªà¯ '%s' ஆல௠பயனà¯à®ªà®Ÿà¯à®¤à¯à®¤à®ªà¯à®ªà®Ÿà¯à®µà®¤à¯" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "செயலà¯à®ªà®Ÿà¯à®¤à¯à®¤à®ªà¯à®ªà®Ÿà¯à®Ÿà®¤à¯" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "à®®à¯à®Ÿà®•à¯à®•à®ªà¯à®ªà®Ÿà¯à®Ÿà®¤à¯" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "சினà¯à®©à®™à¯à®•à®³à¯ˆ à®à®±à¯à®±à®¤à¯à®¤à®¿à®²à¯ தோலà¯à®µà®¿à®¯à¯à®±à¯à®±à®¤à¯." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "பயனர௠பெயரà¯" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "நிகழà¯à®¨à¯‡à®°à®®à¯" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "நிரநà¯à®¤à®°à®®à®¾à®©" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "சேவை" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "தà¯à®±à¯ˆ" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "நெறிமà¯à®±à¯ˆ" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "தà¯à®±à¯ˆà®•à¯à®•à¯" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "à®®à¯à®•à®µà®°à®¿à®•à¯à®•à¯" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp வகை" #: ../src/firewall-config.in:822 msgid "Family" msgstr "கà¯à®Ÿà¯à®®à¯à®ªà®®à¯" #: ../src/firewall-config.in:826 msgid "Action" msgstr "செயலà¯" #: ../src/firewall-config.in:828 msgid "Element" msgstr "கூ" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Src" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "இலகà¯à®•à¯" #: ../src/firewall-config.in:834 msgid "log" msgstr "பதிவà¯" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "தணிகà¯à®•à¯ˆ" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "மூலமà¯" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "எசà¯à®šà®°à®¿à®•à¯à®•à¯ˆ" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "பிழை" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "à®" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "நிரா" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "விடà¯à®•" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "வரமà¯à®ªà¯" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "சேவை" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "தà¯à®±à¯ˆ" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "நெறிமà¯à®±à¯ˆ" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "போ" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "à®®à¯à®©à¯à®©à®©à¯à®ªà¯à®ªà®²à¯ தà¯à®±à¯ˆ" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "நிலை" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "ஆமà¯" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "மணà¯à®Ÿà®²à®®à¯" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "மணà¯à®Ÿà®²à®®à¯ '%s': சேவை '%s' கிடைகà¯à®•à®µà®¿à®²à¯à®²à¯ˆ." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "நீகà¯à®•à¯" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "பà¯à®±à®•à¯à®•à®£à®¿" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "மணà¯à®Ÿà®²à®®à¯ '%s': ICMP வகை '%s' கிடைகà¯à®•à®µà®¿à®²à¯à®²à¯ˆ." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "உளà¯à®³à®®à¯ˆà®¨à¯à®¤ மணà¯à®Ÿà®²à®®à¯. மறà¯à®ªà¯†à®¯à®°à®¿à®Ÿ ஆதரவிலà¯à®²à¯ˆ." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "வினா" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "நிமிடமà¯" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "மணி" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "நாளà¯" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "அவசரமà¯" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "எசà¯à®šà®°à®¿à®•à¯à®•à¯ˆ" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "மிக " #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "பிழை" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "எசà¯à®šà®°à®¿à®•à¯à®•à¯ˆ" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "அறிகà¯à®•à¯ˆ" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "தகவலà¯" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "வழ௠நீகà¯à®•à¯" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "இடைமà¯à®•à®®à¯ போலிதà¯à®¤à¯‹à®±à¯à®±à®®à®¾à®•à¯à®•à®ªà¯à®ªà®Ÿà¯à®Ÿà®¿à®°à¯à®¨à¯à®¤à®¾à®²à¯ மடà¯à®Ÿà¯à®®à¯‡ மறà¯à®±à¯Šà®°à¯ கணினிகà¯à®•à¯ à®®à¯à®©à¯à®©à®©à¯à®ªà¯à®ªà¯à®¤à®²à¯ எனà¯à®ªà®¤à¯ " "பயனà¯à®³à¯à®³à®¤à®¾à®• இரà¯à®•à¯à®•à¯à®®à¯.\n" "இநà¯à®¤ மணà¯à®Ÿà®²à®¤à¯à®¤à¯ˆ போலிதà¯à®¤à¯‹à®±à¯à®±à®®à®¾à®•à¯à®• வேணà¯à®Ÿà¯à®®à®¾ ?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "உளà¯à®³à®®à¯ˆà®¨à¯à®¤ சேவை. மறà¯à®ªà¯†à®¯à®°à®¿à®Ÿ ஆதரவிலà¯à®²à¯ˆ." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "உளà¯à®³à®®à¯ˆà®¨à¯à®¤ icmp, மறà¯à®ªà¯†à®¯à®°à®¿à®Ÿ ஆதரவிலà¯à®²à¯ˆ." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "மூலம௠%s கà¯à®•à¯ மணà¯à®Ÿà®²à®¤à¯à®¤à¯ˆà®¤à¯ தேரà¯à®¨à¯à®¤à¯†à®Ÿà¯à®•à¯à®•à®µà¯à®®à¯" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "à®®à¯à®•à®µà®°à®¿" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "கடà¯à®Ÿà®³à¯ˆ வரியை உளà¯à®³à®¿à®Ÿà®µà¯à®®à¯." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "சூழலை உளà¯à®³à®¿à®Ÿà®µà¯à®®à¯." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "கீழே உளà¯à®³ படà¯à®Ÿà®¿à®¯à®²à®¿à®²à¯ இரà¯à®¨à¯à®¤à¯ à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯ மணà¯à®Ÿà®²à®¤à¯à®¤à¯ˆà®¤à¯ தேரà¯à®¨à¯à®¤à¯†à®Ÿà¯à®•à¯à®•à®µà¯à®®à¯." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "நேரடி சஙà¯à®•à®¿à®²à®¿" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "ipv மறà¯à®±à¯à®®à¯ அடà¯à®Ÿà®µà®©à¯ˆà®¯à¯ˆà®¤à¯ தேரà¯à®¨à¯à®¤à¯†à®Ÿà¯à®¤à¯à®¤à¯ சஙà¯à®•à®¿à®²à®¿ பெயரை உளà¯à®³à®¿à®Ÿà®µà¯à®®à¯." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "சஙà¯à®•à®¿à®²à®¿:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "அசலà¯" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "பாதà¯à®•à®¾à®ªà¯à®ªà¯" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "அடà¯à®Ÿà®µà®£à¯ˆ:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "நேரடி பாஸà¯à®¤à¯à®°à¯‚ விதி" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ipv à®à®¤à¯ தேரà¯à®¨à¯à®¤à¯†à®Ÿà¯à®¤à¯à®¤à¯ மதிபà¯à®ªà¯à®°à¯à®•à¯à®•à®³à¯ˆ உளà¯à®³à®¿à®Ÿà®µà¯à®®à¯." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "மதிபà¯à®ªà¯à®°à¯à®•à¯à®•à®³à¯:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "தà¯à®±à¯ˆ à®®à¯à®©à¯à®©à®©à¯à®ªà¯à®ªà¯à®¤à®²à¯" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "உஙà¯à®•à®³à¯ தேவைகà¯à®•à¯‡à®±à¯à®ª மூல மறà¯à®±à¯à®®à¯ இலகà¯à®•à¯ விரà¯à®ªà¯à®ªà®™à¯à®•à®³à¯ˆ தேரà¯à®¨à¯à®¤à¯†à®Ÿà¯à®•à¯à®•à®µà¯à®®à¯." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "தà¯à®±à¯ˆ / தà¯à®±à¯ˆ வரமà¯à®ªà¯:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP à®®à¯à®•à®µà®°à®¿:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "நெறிமà¯à®±à¯ˆ:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "இலகà¯à®•à¯" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "நீஙà¯à®•à®³à¯ உளà¯à®³à®®à¯ˆ à®®à¯à®©à¯à®©à®©à¯à®ªà¯à®ªà¯à®¤à®²à¯ˆ செயலà¯à®ªà®Ÿà¯à®¤à¯à®¤à®¿à®©à®¾à®²à¯, நீஙà¯à®•à®³à¯ ஒர௠தà¯à®±à¯ˆà®¯à¯ˆ கà¯à®±à®¿à®ªà¯à®ªà®¿à®Ÿ வேணà¯à®Ÿà¯à®®à¯. இநà¯à®¤ " "தà¯à®±à¯ˆ மூல தà¯à®±à¯ˆà®•à¯à®•à¯ வேறாக இரà¯à®•à¯à®•à¯à®®à¯." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "உளà¯à®³à®®à¯ˆ à®®à¯à®©à¯à®©à®©à¯à®ªà¯à®ªà¯à®¤à®²à¯" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "வேற௠தà¯à®±à¯ˆà®•à¯à®•à¯ திரà¯à®ªà¯à®ªà®ªà¯à®ªà®Ÿà¯à®•à®¿à®±à®¤à¯" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "தடிமனாக உளà¯à®³ உளà¯à®³à¯€à®Ÿà¯à®•à®³à¯ கடà¯à®Ÿà®¾à®¯à®®à¯ தேவை, மறà¯à®± அனைதà¯à®¤à¯à®®à¯ கடà¯à®Ÿà®¾à®¯à®®à®²à¯à®²." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "பெயரà¯:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "பதிபà¯à®ªà¯:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "சிறிய:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "விளகà¯à®•à®®à¯:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "கà¯à®Ÿà¯à®®à¯à®ªà®®à¯:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "அடிபà¯à®ªà®Ÿà¯ˆ ICMP வகை அமைவà¯à®•à®³à¯" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "அடிபà¯à®ªà®Ÿà¯ˆ ICMP வகை அமைவà¯à®•à®³à¯ˆ அமைவாகà¯à®•à®®à¯ செயà¯à®¯à®µà¯à®®à¯:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP வகை" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "ஒர௠ICMP வகையைத௠தேரà¯à®¨à¯à®¤à¯†à®Ÿà¯à®•à¯à®•à®µà¯à®®à¯" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "உளà¯à®³à¯€à®Ÿà¯à®Ÿà¯ˆà®šà¯ சேரà¯" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "கோபà¯à®ªà¯ (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "விரà¯à®ªà¯à®ªà®™à¯à®•à®³à¯ (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld ஠மீளேறà¯à®±à¯" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ஃபயரà¯à®µà®¾à®²à¯ விதிகளை மீளேறà¯à®±à¯à®®à¯. நடபà¯à®ªà¯ நிரநà¯à®¤à®° அமைவாகà¯à®•à®®à¯ பà¯à®¤à®¿à®¯ நிகழ௠நேர அமைவாகà¯à®•à®®à®¾à®• " "மாறà¯à®®à¯. அதாவதà¯, மீளேறà¯à®±à®®à¯ வரை செயà¯à®¤ நிகழ௠நேரதà¯à®¤à®¿à®±à¯à®•à¯ மடà¯à®Ÿà¯à®®à®¾à®© மாறà¯à®±à®™à¯à®•à®³à¯ அனைதà¯à®¤à¯à®®à¯, அவை " "நிரநà¯à®¤à®° அமைவாகà¯à®•à®¤à¯à®¤à®¿à®²à¯à®®à¯ இலà¯à®²à®¾à®®à®²à¯ இரà¯à®¨à¯à®¤à®¾à®²à¯, மீளேறà¯à®±à¯à®®à¯ போத௠இழகà¯à®•à®ªà¯à®ªà®Ÿà¯à®®à¯." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "ஒர௠பிணைய இணைபà¯à®ªà¯ சாரà¯à®¨à¯à®¤à¯à®³à¯à®³ மணà¯à®Ÿà®²à®¤à¯à®¤à¯ˆ மாறà¯à®±à®µà¯à®®à¯." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯ மணà¯à®Ÿà®²à®¤à¯à®¤à¯ˆ மாறà¯à®±à¯" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "இணைபà¯à®ªà¯à®•à®³à¯ அலà¯à®²à®¤à¯ இடைமà¯à®•à®™à¯à®•à®³à¯à®•à¯à®•à®¾à®© à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯ மணà¯à®Ÿà®²à®¤à¯à®¤à¯ˆ மாறà¯à®±à®µà¯à®®à¯." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "பேனிக௠பயனà¯à®®à¯à®±à¯ˆ எனà¯à®ªà®¤à¯, உளà¯à®µà®°à¯à®®à¯ மறà¯à®±à¯à®®à¯ வெளிசà¯à®šà¯†à®²à¯à®²à¯à®®à¯ சிபà¯à®ªà®™à¯à®•à®³à¯ அனைதà¯à®¤à¯à®®à¯ கைவிடபà¯à®ªà®Ÿà¯à®Ÿà®© " "எனà¯à®ªà®¤à¯ˆà®•à¯ கà¯à®±à®¿à®•à¯à®•à®¿à®±à®¤à¯." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "பேனிக௠பயனà¯à®®à¯à®±à¯ˆ" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "லாகà¯à®Ÿà®µà¯à®©à¯ எனà¯à®ªà®¤à¯ ஃபயரà¯à®µà®¾à®²à¯ அமைவாகà¯à®•à®¤à¯à®¤à¯ˆà®ªà¯ பூடà¯à®Ÿà¯à®®à¯, இதனால௠லாகà¯à®Ÿà®µà¯à®©à¯ வெணà¯à®ªà®Ÿà¯à®Ÿà®¿à®¯à®²à®¿à®²à¯ உளà¯à®³ " "பயனà¯à®ªà®¾à®Ÿà¯à®•à®³à¯ மடà¯à®Ÿà¯à®®à¯‡ இதை மாறà¯à®± à®®à¯à®Ÿà®¿à®¯à¯à®®à¯." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "லாகà¯à®Ÿà®µà¯à®©à¯" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "இயகà¯à®•à®¨à¯‡à®° அமைவாகà¯à®•à®¤à¯à®¤à¯ˆ நிரநà¯à®¤à®°à®®à®¾à®©à®¤à®¾" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "இயகà¯à®• நேரதà¯à®¤à®¿à®²à®¿à®°à¯à®¨à¯à®¤à¯ நிரநà¯à®¤à®° அமைவà¯à®•à¯à®•à¯" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "பாரà¯à®µà¯ˆ (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP வகை" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "நேரடி அமைவாகà¯à®•à®®à¯" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "லாகà¯à®Ÿà®µà¯à®©à¯ வெணà¯à®ªà®Ÿà¯à®Ÿà®¿à®¯à®²à¯" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "உதவி (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "அமைவாகà¯à®•à®®à¯:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "தறà¯à®ªà¯‹à®¤à¯ பà¯à®²à®©à®¾à®•à¯à®®à¯ அமைவாகà¯à®•à®®à¯. நிகழà¯à®¨à¯‡à®° அமைவாகà¯à®•à®®à®¾à®©à®¤à¯ உணà¯à®®à¯ˆà®¯à®¿à®²à¯ செயலில௠உளà¯à®³ " "அமைவாகà¯à®•à®®à®¾à®•à¯à®®à¯. சேவை அலà¯à®²à®¤à¯ கணினி மீளேறà¯à®±à®¿à®¯à®¤à¯à®®à¯ அலà¯à®²à®¤à¯ மறà¯à®¤à¯Šà®Ÿà®•à¯à®•à®ªà¯à®ªà®Ÿà¯à®Ÿà®¤à¯à®®à¯ நிரநà¯à®¤ " "அமைவாகà¯à®•à®®à¯ செயலாகà¯à®®à¯." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "ஒர௠firewalld மணà¯à®Ÿà®²à®®à®¾à®©à®¤à¯ அநà¯à®¤ மணà¯à®Ÿà®²à®¤à¯à®¤à¯à®•à¯à®•à¯à®°à®¿à®¯ பிணைய இணைபà¯à®ªà¯à®•à®³à¯, இடைமà¯à®•à®™à¯à®•à®³à¯ மறà¯à®±à¯à®®à¯ " "மூல à®®à¯à®•à®µà®°à®¿à®•à®³à®¿à®©à¯ நமà¯à®ªà®•à®¤à¯à®¤à®©à¯à®®à¯ˆà®¯à®¿à®©à¯ நிலையை வரையறà¯à®•à¯à®•à®¿à®±à®¤à¯. மணà¯à®Ÿà®²à®®à®¾à®©à®¤à¯ சேவைகளà¯, à®®à¯à®©à¯ˆà®¯à®™à¯à®•à®³à¯, " "நெறிமà¯à®±à¯ˆà®•à®³à¯, masquerading, à®®à¯à®©à¯ˆà®¯à®®à¯/பேகà¯à®•à¯†à®Ÿà¯ பகிரà¯à®¤à®²à¯, icmp வடிகடà¯à®Ÿà®¿à®•à®³à¯ மறà¯à®±à¯à®®à¯ உயர௠" "விதிகள௠ஆகியவறà¯à®±à¯ˆ உளà¯à®³à®Ÿà®•à¯à®•à®¿à®¯à®¤à¯. மணà¯à®Ÿà®²à®®à®¾à®©à®¤à¯ இடைமà¯à®•à®™à¯à®•à®³à¯ மறà¯à®±à¯à®®à¯ மூல à®®à¯à®•à®µà®°à®¿à®•à®³à¯à®•à¯à®•à¯ " "கடà¯à®Ÿà¯à®ªà¯à®ªà®Ÿà¯à®Ÿà®µà¯ˆà®¯à®¾à®• இரà¯à®•à¯à®•à®²à®¾à®®à¯." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "மணà¯à®Ÿà®²à®¤à¯à®¤à¯ˆà®šà¯ சேரà¯" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "மணà¯à®Ÿà®²à®¤à¯à®¤à¯ˆà®¤à¯ திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "மணà¯à®Ÿà®²à®¤à¯à®¤à¯ˆ நீ" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "மணà¯à®Ÿà®²à®¤à¯à®¤à®¿à®©à¯ à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯ மதிபà¯à®ªà¯à®•à®³à¯ˆ à®" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "இஙà¯à®•à¯ மணà¯à®Ÿà®²à®¤à¯à®¤à®¿à®²à¯ எநà¯à®¤ சேவைகளை நமà¯à®ªà®²à®¾à®®à¯ என நீஙà¯à®•à®³à¯ கà¯à®±à®¿à®ªà¯à®ªà®¿à®Ÿà®²à®¾à®®à¯. நமà¯à®ªà®ªà¯à®ªà®Ÿà¯à®Ÿ சேவைகள௠இநà¯à®¤ " "மணà¯à®Ÿà®²à®¤à¯à®¤à¯à®•à¯à®•à¯à®°à®¿à®¯ இணைபà¯à®ªà¯à®•à®³à¯, இடைமà¯à®•à®™à¯à®•à®³à¯ மறà¯à®±à¯à®®à¯ மூலஙà¯à®•à®³à®¿à®²à®¿à®°à¯à®¨à¯à®¤à¯ கணினியை அணà¯à®•à®•à¯à®•à¯‚டிய " "அனைதà¯à®¤à¯ பà¯à®°à®µà®²à®©à¯à®•à®³à¯ மறà¯à®±à¯à®®à¯ பிணையஙà¯à®•à®³à®¿à®²à®¿à®°à¯à®¨à¯à®¤à¯ அணà¯à®•à®ªà¯à®ªà®Ÿ à®®à¯à®Ÿà®¿à®¯à¯à®®à¯." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "சேவைகளà¯" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "கணினியà¯à®Ÿà®©à¯ இணைகà¯à®• à®®à¯à®Ÿà®¿à®•à®¿à®©à¯à®± அனைதà¯à®¤à¯ வழஙà¯à®•à®¿à®•à®³à¯ அலà¯à®²à®¤à¯ பிணையஙà¯à®•à®³à¯à®•à¯à®•à¯à®®à¯ அணà¯à®•à®•à¯à®•à¯‚டியதாக " "இரà¯à®•à¯à®• வேணà¯à®Ÿà®¿à®¯ கூடà¯à®¤à®²à¯ à®®à¯à®©à¯ˆà®¯à®™à¯à®•à®³à¯ அலà¯à®²à®¤à¯ à®®à¯à®©à¯ˆà®¯ வரமà¯à®ªà¯à®•à®³à¯ˆà®šà¯ சேரà¯à®•à¯à®•à®µà¯à®®à¯." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "தà¯à®±à¯ˆà®•à¯à®•à¯" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "தà¯à®±à¯ˆà®¯à¯ˆ திரà¯à®¤à¯à®¤à®µà¯à®®à¯" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "தà¯à®±à¯ˆà®¯à¯ˆ நீகà¯à®•à¯" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "தà¯à®±à¯ˆà®•à®³à¯" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Masquerading உஙà¯à®•à®³à¯ˆ ஒர௠பà¯à®°à®µà®²à®©à¯ அலà¯à®²à®¤à¯ ரௌடà¯à®Ÿà®°à¯ˆ அமைகà¯à®•à®¿à®±à®¤à¯, இத௠இணையதà¯à®¤à®¿à®²à¯ உஙà¯à®•à®³à¯ " "உளà¯à®³à®®à¯ˆ பிணையதà¯à®¤à®¿à®²à¯ இணைகà¯à®•à®¿à®±à®¤à¯. உஙà¯à®•à®³à¯ உளà¯à®³à®®à¯ˆ பிணையம௠தெரியாத௠மறà¯à®±à¯à®®à¯ பà¯à®°à®µà®²à®©à¯à®•à®³à¯ ஒர௠" "à®’à®±à¯à®±à¯ˆ à®®à¯à®•à®µà®°à®¿à®¯à®¿à®²à¯ இணையதà¯à®¤à®¿à®²à¯ தோனà¯à®±à¯à®®à¯ Masquerading IPv4 மடà¯à®Ÿà¯à®®à¯‡." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "போலி மணà¯à®Ÿà®²à®®à¯" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "நீஙà¯à®•à®³à¯ masquerading ஠செயலà¯à®ªà®Ÿà¯à®¤à¯à®¤à®¿à®©à®¾à®²à¯, உஙà¯à®•à®³à¯ IPv4 பிணையஙà¯à®•à®³à¯à®•à¯à®•à¯ IP à®®à¯à®©à¯à®©à®©à¯à®ªà¯à®ªà¯à®¤à®²à¯à®®à¯ " "செயலà¯à®ªà®Ÿà¯à®¤à¯à®¤à®ªà¯à®ªà®Ÿà¯à®®à¯." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "உளà¯à®³à¯€à®Ÿà¯à®•à®³à¯ˆ சேரà¯à®•à¯à®• ஒர௠தà¯à®±à¯ˆà®¯à®¿à®²à®¿à®°à¯à®¨à¯à®¤à¯ மறà¯à®±à¯Šà®©à¯à®±à®¿à®±à¯à®•à¯ உளà¯à®³à®®à¯ˆ கணினி அலà¯à®²à®¤à¯ வேற௠" "கணினியிலிரà¯à®¨à¯à®¤ சேரà¯à®•à¯à®•à®µà¯à®®à¯. வேற௠கணினியை à®®à¯à®©à¯à®©à®©à¯à®ªà¯à®ªà¯à®µà®¤à¯ à®®à¯à®•à®ªà¯à®ªà¯ சரியாக இரà¯à®¨à¯à®¤à®¾à®²à¯ " "மடà¯à®Ÿà¯à®®à¯‡ பயனாக இரà¯à®•à¯à®•à¯à®®à¯. தà¯à®±à¯ˆ à®®à¯à®©à¯à®©à®©à¯à®ªà¯à®ªà¯à®¤à®²à¯ IPv4 இல௠மடà¯à®Ÿà¯à®®à¯." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "à®®à¯à®©à¯à®©à®©à¯à®ªà¯à®ªà®²à¯ தà¯à®±à¯ˆà®¯à¯ˆà®šà¯ சேரà¯" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "à®®à¯à®©à¯à®©à®©à¯à®ªà¯à®ªà®²à¯ தà¯à®±à¯ˆà®¯à¯ˆà®¤à¯ திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "à®®à¯à®©à¯à®©à®©à¯à®ªà¯à®ªà®²à¯ தà¯à®±à¯ˆà®¯à¯ˆ நீகà¯à®•à¯" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internet Control Message Protocol (ICMP) எனà¯à®ªà®¤à¯ à®®à¯à®•à¯à®•à®¿à®¯à®®à®¾à®• பயனà¯à®ªà®Ÿà¯à®¤à¯à®¤à®ªà¯à®ªà®Ÿà¯à®®à¯ " "பிணையபà¯à®ªà®Ÿà¯à®Ÿ கணினிகளà¯à®•à¯à®•à®¿à®Ÿà¯ˆà®¯à¯‡ அனà¯à®ªà¯à®ªà®ªà¯à®ªà®Ÿà¯à®®à¯ பிழை செயà¯à®¤à®¿à®•à®³à¯ ஆனால௠கூடà¯à®¤à®²à®¾à®• தகவல௠" "செயà¯à®¤à®¿à®•à®³à¯‡ வரà¯à®•à®¿à®±à®¤à¯." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "படà¯à®Ÿà®¿à®¯à®²à®¿à®²à¯ ICMP வகைகளை கà¯à®±à®¿à®•à¯à®•à®µà¯à®®à¯, அத௠நிராகரிகà¯à®•à®ªà¯à®ªà®Ÿ வேணà¯à®Ÿà¯à®®à¯. மறà¯à®± அனைதà¯à®¤à¯ ICMP " "வகைகளà¯à®®à¯ ஃபயரà¯à®µà®¾à®²à®¿à®©à¯ வழியாக செலà¯à®²à¯à®®à¯. à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯à®•à¯à®•à¯ வரமà¯à®ªà¯ இலà¯à®²à¯ˆ." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP வடிபà¯à®ªà®¿" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "மணà¯à®Ÿà®²à®¤à¯à®¤à®¿à®±à¯à®•à®¾à®© உயர௠மொழி விதிகளை இஙà¯à®•à¯ நீஙà¯à®•à®³à¯ அமைகà¯à®• à®®à¯à®Ÿà®¿à®¯à¯à®®à¯." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "உயர௠விதியைச௠சேரà¯" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "உயர௠விதியைத௠திரà¯à®¤à¯à®¤à®µà¯à®®à¯" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "உயர௠விதியை நீகà¯à®•à®µà¯à®®à¯" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "உயர௠விதிகளà¯" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "மணà¯à®Ÿà®²à®¤à¯à®¤à®¿à®±à¯à®•à¯ இடைமà¯à®•à®™à¯à®•à®³à¯ˆà®ªà¯ பிணைகà¯à®• உளà¯à®³à¯€à®Ÿà¯à®•à®³à¯ˆà®šà¯ சேரà¯à®•à¯à®•à®µà¯à®®à¯. இடைமà¯à®•à®®à¯ ஒர௠இணைபà¯à®ªà®¾à®²à¯ " "பயனà¯à®ªà®Ÿà¯à®¤à¯à®¤à®ªà¯à®ªà®Ÿà¯à®®à¯ எனிலà¯, மணà¯à®Ÿà®²à®®à®¾à®©à®¤à¯ இணைபà¯à®ªà®¿à®²à¯ கà¯à®±à®¿à®ªà¯à®ªà®¿à®Ÿà®ªà¯à®ªà®Ÿà¯à®Ÿ மணà¯à®Ÿà®²à®®à®¾à®• அமைகà¯à®•à®ªà¯à®ªà®Ÿà¯à®®à¯." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "இடைமà¯à®•à®¤à¯à®¤à¯ˆà®šà¯ சேரà¯" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "இடைமà¯à®•à®¤à¯à®¤à¯ˆà®¤à¯ திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "இடைமà¯à®•à®¤à¯à®¤à¯ˆ நீகà¯à®•à¯" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "மூலதà¯à®¤à¯ˆà®šà¯ சேரà¯" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "மூலதà¯à®¤à¯ˆà®¤à¯ திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "மூலதà¯à®¤à¯ˆ நீகà¯à®•à¯" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "மணà¯à®Ÿà®²à®™à¯à®•à®³à¯" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "ஒர௠firewalld சேவையானத௠மà¯à®©à¯ˆà®¯à®™à¯à®•à®³à¯, நெறிமà¯à®±à¯ˆà®•à®³à¯, தொகà¯à®¤à®¿à®•à¯à®•à¯‚à®±à¯à®•à®³à¯ மறà¯à®±à¯à®®à¯ இலகà¯à®•à¯ " "à®®à¯à®•à®µà®°à®¿à®•à®³à¯ ஆகியவறà¯à®±à®¿à®©à¯ சேரà¯à®•à¯à®•à¯ˆà®¯à®¾à®•à¯à®®à¯." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "சேவையைச௠சேரà¯" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "சேவையைத௠திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "சேவையை நீகà¯à®•à¯" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "சேவை à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯ மதிபà¯à®ªà¯à®•à®³à¯ˆ à®à®±à¯à®±à¯" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "உளà¯à®³à¯€à®Ÿà¯à®Ÿà¯ˆà®¤à¯ திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "உளà¯à®³à¯€à®Ÿà¯à®Ÿà¯ˆ நீகà¯à®•à¯" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "தொகà¯à®¤à®¿à®•à¯à®•à¯‚" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "நீஙà¯à®•à®³à¯ இலகà¯à®•à¯ à®®à¯à®•à®µà®°à®¿à®•à®³à¯ˆà®•à¯ கà¯à®±à®¿à®ªà¯à®ªà®¿à®Ÿà¯à®Ÿà®¾à®²à¯, சேவையின௠நà¯à®´à¯ˆà®µà®¾à®©à®¤à¯ அநà¯à®¤ இலகà¯à®•à¯ à®®à¯à®•à®µà®°à®¿ மறà¯à®±à¯à®®à¯ " "வகைகà¯à®•à¯ மடà¯à®Ÿà¯à®®à¯ என வரமà¯à®ªà¯à®Ÿà¯ˆà®¯à®¤à®¾à®• இரà¯à®•à¯à®•à¯à®®à¯. இரணà¯à®Ÿà¯ உளà¯à®³à¯€à®Ÿà¯à®•à®³à¯à®®à¯ காலியாக இரà¯à®¨à¯à®¤à®¾à®²à¯ வரமà¯à®ªà¯ " "à®à®¤à¯à®®à¯ இலà¯à®²à¯ˆ." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "சேவைகளை நிரநà¯à®¤à®° அமைவாகà¯à®•à®•à¯ காடà¯à®šà®¿à®¯à®¿à®²à¯ மடà¯à®Ÿà¯à®®à¯‡ மாறà¯à®± à®®à¯à®Ÿà®¿à®¯à¯à®®à¯. சேவைகளின௠நிகழà¯à®¨à¯‡à®° " "அமைவாகà¯à®•à®®à¯ நிலையானதà¯. " #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld icmptype ஆனத௠firewalld இன௠இணைய கடà¯à®Ÿà¯à®ªà¯à®ªà®¾à®Ÿà¯à®Ÿà¯ செயà¯à®¤à®¿ நெறிமà¯à®±à¯ˆà®•à¯à®•à®¾à®© " "(ICMP) தகவலை வழஙà¯à®•à¯à®•à®¿à®±à®¤à¯." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP வகையை சேரà¯à®•à¯à®•à®µà¯à®®à¯" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP வகையைத௠திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "தொலைநிலை ICMP வகை" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP வகை à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯ மதிபà¯à®ªà¯à®•à®³à¯ˆ à®" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "இநà¯à®¤ ICMP வகை IPv4 மறà¯à®±à¯à®®à¯/அலà¯à®²à®¤à¯ IPv6 கà¯à®•à¯à®•à¯ கிடைகà¯à®•à¯à®®à®¾ எனà¯à®ªà®¤à¯ˆà®•à¯ கà¯à®±à®¿à®ªà¯à®ªà®¿à®Ÿà®µà¯à®®à¯." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP வகைகளை நிரநà¯à®¤à®° அமைவாகà¯à®•à®•à¯ காடà¯à®šà®¿à®¯à®¿à®²à¯ மடà¯à®Ÿà¯à®®à¯‡ மாறà¯à®±à®šà¯ à®®à¯à®Ÿà®¿à®¯à¯à®®à¯. ICMP வகைகளின௠" "நிகழà¯à®¨à¯‡à®° அமைவாகà¯à®•à®®à¯ நிலையானதà¯." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "நேரடி அமைவாகà¯à®•à®®à®¾à®©à®¤à¯ ஃபயரà¯à®µà®¾à®²à¯à®•à¯à®•à®¾à®© கூடà¯à®¤à®²à¯ நேரடி அணà¯à®•à®²à¯ˆà®•à¯ கொடà¯à®•à¯à®•à®¿à®±à®¤à¯. இநà¯à®¤ " "விரà¯à®ªà¯à®ªà®™à¯à®•à®³à¯ˆà®ªà¯ பயனà¯à®ªà®Ÿà¯à®¤à¯à®¤, பயனரà¯à®•à¯à®•à¯ அடிபà¯à®ªà®Ÿà¯ˆ iptables கரà¯à®¤à¯à®¤à¯à®•à®³à¯ தெரிநà¯à®¤à®¿à®°à¯à®•à¯à®• வேணà¯à®Ÿà¯à®®à¯ " "அதாவதà¯, அடà¯à®Ÿà®µà®£à¯ˆà®•à®³à¯, சஙà¯à®•à®¿à®²à®¿à®•à®³à¯, கடà¯à®Ÿà®³à¯ˆà®•à®³à¯, அளவà¯à®°à¯à®•à¯à®•à®³à¯ மறà¯à®±à¯à®®à¯ இலகà¯à®•à¯à®•à®³à¯ போனà¯à®±à®µà¯ˆ " "தெரிநà¯à®¤à®¿à®°à¯à®•à¯à®• வேணà¯à®Ÿà¯à®®à¯. மறà¯à®± ஃபயரà¯à®µà®¾à®²à¯ à®…à®®à¯à®šà®™à¯à®•à®³à¯ˆ பயனà¯à®ªà®Ÿà¯à®¤à¯à®¤ à®®à¯à®Ÿà®¿à®¯à®¾à®¤à¯ போகà¯à®®à¯ போத௠கடைசி " "விரà¯à®ªà¯à®ªà®®à®¾à®•à®µà¯‡ நேரடி அமைவாகà¯à®•à®®à®¾à®©à®¤à¯ பயனà¯à®ªà®Ÿà¯à®¤à¯à®¤à®ªà¯à®ªà®Ÿ வேணà¯à®Ÿà¯à®®à¯." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "ஒவà¯à®µà¯Šà®°à¯ விரà¯à®ªà¯à®ªà®¤à¯à®¤à®¿à®©à¯ ipv மதிபà¯à®ªà¯à®°à¯à®µà¯à®®à¯ ipv4 அலà¯à®²à®¤à¯ ipv6 அலà¯à®²à®¤à¯ eb ஆக இரà¯à®•à¯à®• வேணà¯à®Ÿà¯à®®à¯. " "ipv4 உடன௠அத௠iptables கà¯à®•à®¾à®• இரà¯à®•à¯à®•à¯à®®à¯, ipv6 உடன௠ip6tables கà¯à®•à®¾à®• இரà¯à®•à¯à®•à¯à®®à¯, eb உடன௠" "ஈதà¯à®¤à®°à¯à®¨à¯†à®Ÿà¯ பாலஙà¯à®•à®³à¯à®•à¯à®•à®¾à®• (ebtables) இரà¯à®•à¯à®•à¯à®®à¯." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "விதிகளà¯à®Ÿà®©à¯ பயனà¯à®ªà®Ÿà¯à®¤à¯à®¤à¯à®µà®¤à®±à¯à®•à®¾à®© கூடà¯à®¤à®²à¯ சஙà¯à®•à®¿à®²à®¿à®•à®³à¯." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "சஙà¯à®•à®¿à®²à®¿à®¯à¯ˆà®šà¯ சேரà¯" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "சஙà¯à®•à®¿à®²à®¿à®¯à¯ˆà®¤à¯ திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "சஙà¯à®•à®¿à®²à®¿à®¯à¯ˆ நீகà¯à®•à¯" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "சஙà¯à®•à®¿à®²à®¿à®•à®³à¯" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "ஒர௠அடà¯à®Ÿà®µà®£à¯ˆà®¯à®¿à®²à¯ உளà¯à®³ ஒர௠சஙà¯à®•à®¿à®²à®¿à®•à¯à®•à¯ மதிபà¯à®ªà¯à®°à¯à®•à¯à®•à®³à¯à®Ÿà®©à¯ à®®à¯à®©à¯à®©à¯à®°à®¿à®®à¯ˆà®¯à¯ˆà®¯à¯à®Ÿà®©à¯ ஒர௠விதியைச௠" "சேரà¯à®•à¯à®•à®µà¯à®®à¯." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "à®®à¯à®©à¯à®©à¯à®°à®¿à®®à¯ˆà®¯à®¾à®©à®¤à¯ விதிகளை வரிசைபà¯à®ªà®Ÿà¯à®¤à¯à®¤à®ªà¯ பயனà¯à®ªà®Ÿà¯à®•à®¿à®±à®¤à¯. à®®à¯à®©à¯à®©à¯à®°à®¿à®®à¯ˆ 0 எனà¯à®±à®¾à®²à¯, விதியை " "சஙà¯à®•à®¿à®²à®¿à®¯à®¿à®©à¯ மேலà¯à®®à®Ÿà¯à®Ÿà®¤à¯à®¤à®¿à®²à¯ சேரà¯à®•à¯à®•à®µà¯à®®à¯ எனà¯à®±à¯ பொரà¯à®³à¯, à®®à¯à®©à¯à®©à¯à®°à®¿à®®à¯ˆ அதிகம௠எனில௠விதியானத௠" "சஙà¯à®•à®¿à®²à®¿à®¯à®¿à®©à¯ கீழ௠பகà¯à®¤à®¿à®•à¯à®•à¯à®šà¯ செலà¯à®²à¯à®®à¯. ஒரே à®®à¯à®©à¯à®©à¯à®°à®¿à®®à¯ˆ கொணà¯à®Ÿ விதிகளà¯, ஒரே நிலையில௠" "இரà¯à®•à¯à®•à¯à®®à¯, இநà¯à®¤ விதிகளின௠வரிசை நிலையானதாக இரà¯à®•à¯à®•à®¾à®¤à¯, மாறகà¯à®•à¯‚டà¯à®®à¯. ஒர௠விதியானத௠" "மறà¯à®±à¯Šà®©à¯à®±à¯à®•à¯à®ªà¯ பிறக௠சேரà¯à®•à¯à®•à®ªà¯à®ªà®Ÿà¯à®µà®¤à¯ˆ நீஙà¯à®•à®³à¯ உறà¯à®¤à®¿à®ªà¯à®ªà®Ÿà¯à®¤à¯à®¤ விரà¯à®®à¯à®ªà®¿à®©à®¾à®²à¯, à®®à¯à®¤à®²à¯ விதிகà¯à®•à¯ " "கà¯à®±à¯ˆà®¨à¯à®¤ à®®à¯à®©à¯à®©à¯à®°à®¿à®®à¯ˆà®¯à¯ˆà®¯à¯à®®à¯ அடà¯à®¤à¯à®¤à®¤à®±à¯à®•à¯ அதிக à®®à¯à®©à¯à®©à¯à®°à®¿à®®à¯ˆà®¯à¯ˆà®¯à¯à®®à¯ பயனà¯à®ªà®Ÿà¯à®¤à¯à®¤à®µà¯à®®à¯." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "விதியைச௠சேரà¯" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "விதியைத௠திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "விதியை நீகà¯à®•à¯" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "விதிகளà¯" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "பாஸà¯à®¤à¯à®°à¯‚ விதிகளà¯, நேரடியாக ஃபயரà¯à®µà®¾à®²à¯à®•à¯à®•à¯ அனà¯à®ªà¯à®ªà®ªà¯à®ªà®Ÿà¯à®•à®¿à®©à¯à®±à®©, இவை சிறபà¯à®ªà¯ சஙà¯à®•à®¿à®²à®¿à®•à®³à®¿à®²à¯ " "வைகà¯à®•à®ªà¯à®ªà®Ÿà¯à®µà®¤à®¿à®²à¯à®²à¯ˆ. iptables, ip6tables மறà¯à®±à¯à®®à¯ ebtables விரà¯à®ªà¯à®ªà®™à¯à®•à®³à¯ அனைதà¯à®¤à¯à®®à¯ " "பயனà¯à®ªà®Ÿà¯à®¤à¯à®¤à®ªà¯à®ªà®Ÿà®²à®¾à®®à¯." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "ஃபயரà¯à®µà®¾à®²à¯ˆ சேதபà¯à®ªà®Ÿà¯à®¤à¯à®¤à®¾à®¤à®ªà®Ÿà®¿à®•à¯à®•à¯ பாஸà¯à®¤à¯à®°à¯‚ விதிகளில௠கவனமாக செயலà¯à®ªà®Ÿà®µà¯à®®à¯." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "பாஸà¯à®¤à¯à®°à¯‚வைச௠சேரà¯" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "பாஸà¯à®¤à¯à®°à¯‚வைத௠திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "பாஸà¯à®¤à¯à®°à¯‚வை நீகà¯à®•à¯" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "பாஸà¯à®¤à¯à®°à¯‚" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "லாகà¯à®Ÿà®µà¯à®©à¯ வசதியானத௠firewalld கà¯à®•à®¾à®© பயனர௠மறà¯à®±à¯à®®à¯ பயனà¯à®ªà®¾à®Ÿà¯à®Ÿà¯à®•à¯ கொளà¯à®•à¯ˆà®•à®³à®¿à®©à¯ லேசான " "பதிபà¯à®ªà®¾à®•à¯à®®à¯. இத௠ஃபயரà¯à®µà®¾à®²à¯à®•à¯à®•à®¾à®© மாறà¯à®±à®™à¯à®•à®³à¯ˆ வரமà¯à®ªà¯à®•à¯à®•à¯à®Ÿà¯à®ªà®Ÿà¯à®¤à¯à®¤à¯à®•à®¿à®±à®¤à¯. லாகà¯à®Ÿà®µà¯à®©à¯ " "வெணà¯à®ªà®Ÿà¯à®Ÿà®¿à®¯à®²à®¿à®²à¯ கடà¯à®Ÿà®³à¯ˆà®•à®³à¯, சூழலà¯à®•à®³à¯, பயனரà¯à®•à®³à¯ மறà¯à®±à¯à®®à¯ பயனர௠idகள௠ஆகியவை இரà¯à®•à¯à®•à®²à®¾à®®à¯." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "சூழலைச௠சேரà¯" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "சூழலைத௠திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "சூழலை நீகà¯à®•à¯" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "சூழலà¯à®•à®³à¯" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "வெணà¯à®ªà®Ÿà¯à®Ÿà®¿à®¯à®²à®¿à®²à¯ உளà¯à®³ ஒர௠கடà¯à®Ÿà®³à¯ˆ உளà¯à®³à¯€à®Ÿà¯ நடà¯à®šà®¤à¯à®¤à®¿à®°à®•à¯à®•à¯à®±à®¿à®¯à¯à®Ÿà®©à¯ '*' à®®à¯à®Ÿà®¿à®¨à¯à®¤à®¾à®²à¯, கடà¯à®Ÿà®³à¯ˆà®¯à¯à®Ÿà®©à¯ " "தொடஙà¯à®•à¯à®®à¯ அனைதà¯à®¤à¯ கடà¯à®Ÿà®³à¯ˆ வரிகளà¯à®®à¯ பொரà¯à®¨à¯à®¤à¯à®®à¯. '*' இலà¯à®²à®¾à®µà®¿à®Ÿà¯à®Ÿà®¾à®²à¯, மதிபà¯à®ªà¯à®°à¯à®•à¯à®•à®³à¯ உடà¯à®ªà®Ÿ " "கடà¯à®Ÿà®³à¯ˆ மடà¯à®Ÿà¯à®®à¯ தà¯à®²à¯à®²à®¿à®¯à®®à®¾à®•à®ªà¯ பொரà¯à®¨à¯à®¤ வேணà¯à®Ÿà¯à®®à¯." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "கடà¯à®Ÿà®³à¯ˆ-வரியைச௠சேரà¯" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "கடà¯à®Ÿà®³à¯ˆ-வரியைத௠திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "கடà¯à®Ÿà®³à¯ˆ-வரியை நீகà¯à®•à¯" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "கடà¯à®Ÿà®³à¯ˆ வரிகளà¯" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "பயனர௠பெயரà¯à®•à®³à¯." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "பயனர௠பெயரைச௠சேரà¯" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "பயனர௠பெயரைத௠திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "பயனர௠பெயரை நீகà¯à®•à¯" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "பயனர௠பெயரà¯à®•à®³à¯" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "பயனர௠idகளà¯" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "பயனர௠id à®à®šà¯ சேரà¯" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "பயனர௠id à®à®¤à¯ திரà¯à®¤à¯à®¤à¯" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "பயனர௠id ஠நீகà¯à®•à¯" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "பயனர௠Idகளà¯" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "கணினியின௠தறà¯à®ªà¯‹à®¤à¯ˆà®¯ à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯ மணà¯à®Ÿà®²à®®à¯." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "பானிக௠பயனà¯à®®à¯à®±à¯ˆ:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "லாகà¯à®Ÿà®µà¯à®©à¯:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯ மணà¯à®Ÿà®²à®®à¯:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "தà¯à®±à¯ˆ மறà¯à®±à¯à®®à¯ நெறிமà¯à®±à¯ˆ" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "ஒர௠தà¯à®±à¯ˆ மறà¯à®±à¯à®®à¯ நெறிமà¯à®±à¯ˆà®¯à¯ˆ உளà¯à®³à®¿à®Ÿà®µà¯à®®à¯." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "நேரடி விதி" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "ipv மறà¯à®±à¯à®®à¯ அடà¯à®Ÿà®µà®£à¯ˆ, சஙà¯à®•à®¿à®²à®¿ à®®à¯à®©à¯à®©à¯à®°à®¿à®®à¯ˆà®¯à¯ˆà®¤à¯ தேரà¯à®¨à¯à®¤à¯†à®Ÿà¯à®¤à¯à®¤à¯ மதிபà¯à®ªà¯à®°à¯à®•à¯à®•à®³à¯ˆ உளà¯à®³à®¿à®Ÿà®µà¯à®®à¯." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "à®®à¯à®©à¯à®©à¯à®°à®¿à®®à¯ˆ:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "ஒர௠நெறிமà¯à®±à¯ˆà®¯à¯ˆ உளà¯à®³à®¿à®Ÿà®µà¯à®®à¯." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "பிற நெறிமà¯à®±à¯ˆ:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "உயர௠விதி" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "ஒர௠உயர௠விதியை உளà¯à®³à®¿à®Ÿà®µà¯à®®à¯." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "பà¯à®°à®µà®²à®©à¯ அலà¯à®²à®¤à¯ பிணைய வெண௠அலà¯à®²à®¤à¯ கரà¯à®ªà¯à®ªà¯à®ªà¯ படà¯à®Ÿà®¿à®¯à®²à®¿à®Ÿà¯à®¤à®²à¯à®•à¯à®•à¯ கூறை à®®à¯à®Ÿà®•à¯à®•à®µà¯à®®à¯." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "மூலமà¯:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "இலகà¯à®•à¯:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "பதிவà¯:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "தணிகà¯à®•à¯ˆ:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 மறà¯à®±à¯à®®à¯ ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "தலைகீழà¯" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "இதைச௠செயலà¯à®ªà®Ÿà¯à®¤à¯à®¤ செயல௠'நிராகரி' எனà¯à®±à¯à®®à¯ கà¯à®Ÿà¯à®®à¯à®ªà®®à¯ 'ipv4' அலà¯à®²à®¤à¯ 'ipv6' " "எனà¯à®±à¯(இரணà¯à®Ÿà¯à®®à®²à¯à®²) இரà¯à®•à¯à®• வேணà¯à®Ÿà¯à®®à¯." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "இநà¯à®¤ வகையà¯à®Ÿà®©à¯:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "இநà¯à®¤ வரமà¯à®ªà¯à®Ÿà®©à¯:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "à®®à¯à®©à¯à®©à¯Šà®Ÿà¯à®Ÿà¯:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "நிலை:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "கூறà¯:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "செயலà¯:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "அடிபà¯à®ªà®Ÿà¯ˆ சேவை அமைவà¯à®•à®³à¯" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "அடிபà¯à®ªà®Ÿà¯ˆ சேவை அமைவà¯à®•à®³à¯ˆ அமைவாகà¯à®•à®®à¯ செயà¯à®¯à®µà¯à®®à¯:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "ஒர௠சேவையைத௠தேரà¯à®¨à¯à®¤à¯†à®Ÿà¯à®•à¯à®•à®µà¯à®®à¯." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "பயனர௠ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "ஒர௠பயனர௠id ஠உளà¯à®³à®¿à®Ÿà®µà¯à®®à¯." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "பயனர௠பெயரை உளà¯à®³à®¿à®Ÿà®µà¯à®®à¯." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "அடிபà¯à®ªà®Ÿà¯ˆ மணà¯à®Ÿà®² அமைவà¯à®•à®³à¯" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "அடிபà¯à®ªà®Ÿà¯ˆ மணà¯à®Ÿà®² அமைவà¯à®•à®³à¯ˆ அமைவாகà¯à®•à®®à¯ செயà¯à®¯à®µà¯à®®à¯:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "à®®à¯à®©à¯à®©à®¿à®°à¯à®ªà¯à®ªà¯ இலகà¯à®•à¯" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "இலகà¯à®•à¯:" firewalld-1.1.1/po/te.po0000644000000000000000000021271314217342322015055 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Krishnababu Krothapalli , 2007-2010 # Krishnababu Krothapalli , 2013 # Krishnababu Krothapalli , 2013 # Krishnababu Krothapalli , 2014 # Sree Ganesh , 2006 # Sudheesh Singanamalla , 2013 # Sudheesh Singanamalla , 2013 # Thomas Woerner , 2016. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2016-01-04 12:44+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Telugu (http://www.transifex.com/projects/p/firewalld/" "language/te/)\n" "Language: te\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "ఫైరà±à°µà°¾à°²à± ఆపà±à°²à±†à°Ÿà±" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "ఫైరà±â€Œà°µà°¾à°²à±" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Firewall ఆకృతీకరణ" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "firewall;network;security;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "ఇంటరà±à°«à±‡à°¸à± '%s' కొరకౠజోనౠఎంపికచేయి" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "à°…à°ªà±à°°à°®à±‡à°¯ à°•à±à°·à±‡à°¤à±à°°à°‚" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "à°…à°¨à±à°¸à°‚ధానం '%s' కొరకౠకà±à°·à±‡à°¤à±à°°à°‚ ఎంపికచేయి" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "అపౠ/ జోనà±à°¸à± డౌనౠషీలà±à°¡à±à°¸à± à°•à°¨à±à°«à°¿à°—రౠచెయà±à°¯à°¿" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "ఇకà±à°•à°¡ మీరౠటాపౠషీలà±à°¡à±à°¸à± మరియౠడౌనౠషీలà±à°¡à±à°¸à± ఉపయోగించే మండలాలౠఎంచà±à°•à±‹à°µà°šà±à°šà±." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "à°ˆ ఫీచరౠఎకà±à°•à±à°µà°—à°¾ డిఫాలà±à°Ÿà± మండలాలà±à°²à±‹ ఉపయోగించడం à°ªà±à°°à°œà°²à± కోసం ఉపయోగపడà±à°¤à±à°‚ది. వినియోగదారà±à°²à± కోసం, " "కనెకà±à°·à°¨à±à°² మండలాలౠమారà±à°¤à±à°¨à±à°¨, అది పరిమిత వినియోగం కావచà±à°šà±." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "అపౠషీలà±à°¡à±à°¸à± జోనà±:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "డౌనౠషీలà±à°¡à±à°¸à± జోనà±:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "" #: ../src/firewall-applet.in:393 msgid "License" msgstr "" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "షీలà±à°¡à± చేయి" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "నోటిఫికేషనà±à°²à°¨à± à°ªà±à°°à°¾à°°à°‚à°­à°¿à°‚à°šà±" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "ఫైరà±à°µà°¾à°²à± సెటà±à°Ÿà°¿à°‚à°—à±à°²à°¨à± సవరించండి..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "à°…à°¨à±à°¸à°‚ధానాల జోనౠమారà±à°šà±..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "అపౠ/ జోనà±à°¸à± డౌనౠషీలà±à°¡à±à°¸à± à°•à°¨à±à°«à°¿à°—రౠచెయà±à°¯à°¿..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "à°…à°¨à±à°¨à±€ నెటà±à°µà°°à±à°•à± à°Ÿà±à°°à°¾à°«à°¿à°•à± నిరోధించà±" #: ../src/firewall-applet.in:492 msgid "About" msgstr "" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "à°…à°¨à±à°¸à°‚ధానాలà±" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "మూలాలà±" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "ధృవీకరణ విఫలమైంది." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "చెలà±à°²à°¨à°¿ ఆరà±à°—à±à°®à±†à°‚à°Ÿà± %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "పేరౠయిపà±à°ªà°Ÿà°¿à°•à±‡ à°µà±à°‚ది" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "ఫైరà±à°µà°¾à°²à± డెమోనౠకోసం కనెకà±à°·à°¨à± లేదà±" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "నెటà±à°µà°°à±à°•à± à°Ÿà±à°°à°¾à°«à°¿à°•à± à°…à°‚à°šà°¾ నిరోధించబడెనà±." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "à°…à°ªà±à°°à°®à±‡à°¯ జోనà±: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "ఇంటరà±à°«à±‡à°¸à± '{interface}' పైన à°…à°¨à±à°¸à°‚ధానం '{connection}' కొరకౠజోనౠ'{zone}' " "à°•à±à°°à°¿à°¯à°¾à°¶à±€à°²à°ªà°°à°šà°¬à°¡à±†à°¨à±" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "ఇంటరà±à°«à±‡à°¸à± '{interface}' కొరకౠజోనౠ'{zone}' à°•à±à°°à°¿à°¯à°¾à°¶à±€à°²à°ªà°°à°šà°¬à°¡à±†à°¨à±" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "జోనౠ'{zone}' మూలం {source} కొరకౠకà±à°°à°¿à°¯à°¾à°¶à±€à°²à°ªà°°à°šà°¬à°¡à±†à°¨à±" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "à°•à±à°°à°¿à°¯à°¾à°¶à±€à°² జోనà±à°¸à± లేవà±." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallD కనెకà±à°·à°¨à± à°¸à±à°¥à°¾à°ªà°¿à°‚చబడింది." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallD కనెకà±à°·à°¨à± కోలà±à°ªà±‹à°¯à°¿à°‚ది." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD తిరిగిలోడైంది." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "à°…à°ªà±à°°à°®à±‡à°¯ జోనౠ'%s' కౠమారà±à°šà°¬à°¡à±†à°¨à±." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "నెటà±à°µà°°à±à°•à± à°Ÿà±à°°à°¾à°«à°¿à°•à± నిరోధించబడà±à°Ÿà°²à±‡à°¦à±." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "à°•à±à°°à°¿à°¯à°¾à°¶à±€à°²à°‚" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "à°•à±à°°à°¿à°¯à°¾à°¹à±€à°¨à°‚" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "జోనౠ'{zone}' {activated_deactivated} à°…à°¨à±à°¸à°‚ధానం '{connection}' కొరకౠఇంటరà±à°«à±‡à°¸à± " "'{interface}' పైన" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "జోనౠ'{zone}' {activated_deactivated} ఇంటరà±à°«à±‡à°¸à± '{interface}' కొరకà±" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "జోనౠ'%s' ఇంటరà±à°«à±‡à°¸à± '%s' కొరకౠకà±à°°à°¿à°¯à°¾à°¶à±€à°²à°®à±ˆà°‚ది" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "జోనౠ'{zone}' {activated_deactivated} వనరౠ'{source}' కొరకà±" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "జోనౠ'%s' మూలం '%s' కొరకౠకà±à°°à°¿à°¯à°¾à°¶à±€à°²à°®à±ˆà°‚ది" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "మారà±à°ªà±à°²à± à°…à°¨à±à°µà°°à±à°¤à°¿à°‚చబడెనà±." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "నెటà±à°µà°°à±à°•à± à°…à°¨à±à°¸à°‚ధానం '%s' చేత à°µà±à°ªà°¯à±‹à°—ించబడింది" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "చేతనమైన" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "అచేతనమైన" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "à°ªà±à°°à°¤à°¿à°®à°²à± లోడà±à°šà±‡à°¯à±à°Ÿà°•à± విఫలమైంది." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "వాడà±à°•à°°à°¿ పేరà±" #: ../src/firewall-config.in:244 msgid "User id" msgstr "" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "à°°à°¨à±â€Œà°Ÿà±ˆà°®à±" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "శాశà±à°µà°¤" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "సేవ" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "పోరà±à°Ÿà±à°¨à±" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "à°šà°Ÿà±à°Ÿà°‚" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "à°ˆ పోరà±à°Ÿà±â€â€Œà°•à±" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "పంపవలిసిన à°šà°¿à°°à±à°¨à°¾à°®à°¾" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp à°°à°•à°‚" #: ../src/firewall-config.in:822 msgid "Family" msgstr "à°«à±à°¯à°¾à°®à°¿à°²à±€" #: ../src/firewall-config.in:826 msgid "Action" msgstr "à°šà°°à±à°¯" #: ../src/firewall-config.in:828 msgid "Element" msgstr "మూలకం" #: ../src/firewall-config.in:830 msgid "Src" msgstr "మూలం" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "à°—à°®à±à°¯à°‚" #: ../src/firewall-config.in:834 msgid "log" msgstr "లాగà±" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "ఆడిటà±" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "మూలం" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "హెచà±à°šà°¿à°°à°•" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "దోషమà±" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "ఆమోదించà±" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "తిరసà±à°•à°°à°¿à°‚à°šà±" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "విడà±à°µà±" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "పరిమితి" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "సేవ" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "పోరà±à°Ÿà±" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "à°ªà±à°°à±Šà°Ÿà±‹à°•à°¾à°²à±" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "మాసà±à°•à±à°µà°°à±‡à°¡à±" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-à°¬à±à°²à°¾à°•à±" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "ఫారà±à°µà°¾à°°à±à°¡à±-పోరà±à°Ÿà±" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "" #: ../src/firewall-config.in:2097 msgid "level" msgstr "à°¸à±à°¥à°¾à°¯à°¿" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "à°…à°µà±à°¨à±" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "జోనà±" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "జోనౠ'%s': సేవ '%s' à°…à°‚à°¦à±à°¬à°¾à°Ÿà±à°²à±‹ లేదà±." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "తీసివేయి" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "విసà±à°®à°°à°¿à°‚à°šà±" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "జోనౠ'%s': ICMP à°°à°•à°‚ '%s' à°…à°‚à°¦à±à°¬à°¾à°Ÿà±à°²à±‹ లేదà±." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "బిలà±à°Ÿà±-ఇనౠజోనà±, తిరిగిపేరౠపెటà±à°Ÿà±à°Ÿà°•à± తోడà±à°ªà°¾à°Ÿà±à°²à±‡à°¦à±." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "à°•à±à°·à°£à°‚" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "నిమిషం" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "à°—à°‚à°Ÿ" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "రోజà±" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "à°…à°¤à±à°¯à°µà°¸à°°" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "జాగరూకత" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "సంకà±à°²à°¿à°·à±à°Ÿ" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "దోషం" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "హెచà±à°šà°°à°¿à°•" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "సూచన" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "సమాచారం" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "డీబగà±" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ఇంటరà±à°«à±‡à°¸à± మారà±à°µà±‡à°·à°‚లో à°µà±à°‚టేనే వేరొక à°µà±à°¯à°µà°¸à±à°¥à°•à± పంపà±à°Ÿ à°µà±à°ªà°¯à±‹à°—à°•à°°à°‚à°—à°¾ à°µà±à°‚à°Ÿà±à°‚ది.\n" "à°ˆ à°•à±à°·à±‡à°¤à±à°°à°¾à°¨à±à°¨à°¿ మారà±à°µà±‡à°·à°‚లో à°µà±à°‚చాలనà±à°•à±Šà°‚à°Ÿà±à°¨à±à°¨à°¾à°°à°¾?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "బిలà±à°Ÿà±-ఇనౠసేవ, తిరిగిపేరౠపెటà±à°Ÿà±à°Ÿà°•à± తోడà±à°ªà°¾à°Ÿà±à°²à±‡à°¦à±." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "బిలà±à°Ÿà±-ఇనౠicmp, తిరిగిపేరౠపెటà±à°Ÿà±à°Ÿà°•à± తోడà±à°ªà°¾à°Ÿà±à°²à±‡à°¦à±." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "మూలం %s కొరకౠజోనౠఎంపికచేయి" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "à°šà°¿à°°à±à°¨à°¾à°®à°¾" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "ఆదేశ వరà±à°¸ à°ªà±à°°à°µà±‡à°¶à°ªà±†à°Ÿà±à°Ÿà°‚à°¡à°¿." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "సందరà±à°­à°‚ à°ªà±à°°à°µà±‡à°¶ పెటà±à°Ÿà°‚à°¡à°¿." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "కింది జాబితా à°¨à±à°‚à°¡à°¿ à°…à°ªà±à°°à°®à±‡à°¯ à°•à±à°·à±‡à°¤à±à°°à°‚ ఎంపికచేయండి." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "డైరెకà±à°Ÿà± చైనà±" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "దయచేసి ipv మరియౠపటà±à°Ÿà°¿à°• ఎంపికచేసి చైనౠపేరౠపà±à°°à°µà±‡à°¶à°ªà±†à°Ÿà±à°Ÿà±à°®à±." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "చైనà±:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "raw" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "à°°à°•à±à°·à°£" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "పటà±à°Ÿà°¿à°•:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "సూటి పాసà±â€Œà°¤à±à°°à±‚ నియమం" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "ipv ఎంపికచేసి ఆరà±à°—à±à°®à±†à°‚à°Ÿà±à°¸à± à°ªà±à°°à°µà±‡à°¶à°ªà±†à°Ÿà±à°Ÿà±." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "ఆరà±à°—à±à°®à±†à°‚à°Ÿà±à°²à±:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "పోరà±à°Ÿà± ఫారà±à°µà°¾à°°à±à°¡à°¿à°‚à°—à±" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "మీ అవసరమà±à°²à°•à± తగినటà±à°²à± à°®à±à°²à°‚ మరియౠగమà±à°¯à°‚ à°à°šà±à°šà°¿à°•à°¾à°²à°¨à± దయచేసి ఎంపికచేసికొనà±à°®à±." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "పోరà±à°Ÿà±/పోరà±à°Ÿà± పరిమితి:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP à°šà°¿à°°à±à°¨à°¾à°®à°¾:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "à°šà°Ÿà±à°Ÿà°‚:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "à°—à°®à±à°¯à°‚" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "మీరౠసà±à°¥à°¾à°¨à°¿à°• ఫారà±à°µà°¾à°°à±à°¡à°¿à°‚à°—à±â€Œà°¨à± చేతనం చేసà±à°¤à±‡, మీరౠపోరà±à°Ÿà±â€â€Œà°¨à± తెలà±à°ªà°µà°²à°¸à°¿ à°µà±à°‚à°Ÿà±à°‚ది. మూలం పోరà±à°Ÿà±â€â€Œà°•à± à°ˆ పోరà±à°Ÿà±â€ " "à°­à°¿à°¨à±à°¨à°‚à°—à°¾ à°µà±à°‚డాలి." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "à°¸à±à°¥à°¾à°¨à°¿à°• ఫారà±à°µà°¾à°°à±à°¡à°¿à°‚à°—à±" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "వేరొక పోరà±à°Ÿà±â€â€Œà°•à± పంపà±à°®à±" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "బోలà±à°¡à± à°—à°¾ à°µà±à°¨à±à°¨ à°ªà±à°°à°µà±‡à°¶à°¾à°²à± తపà±à°ªà°¨à°¿à°¸à°°à°¿, మిగతావి à°…à°¨à±à°¨à±€ à°à°šà±à°šà°¿à°•à°¾à°²à±." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "పేరà±:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "వరà±à°·à°¨à±:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "షారà±à°Ÿà±:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "వివరణ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "à°«à±à°¯à°¾à°®à°¿à°²à°¿:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "ఆధార ICMP à°°à°•à°‚ అమరికలà±" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "దయచేసి ఆధార ICMP à°°à°•à°‚ అమరికలౠఆకృతీకరించà±:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP à°°à°•à°®à±" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "దయచేసి ICMP à°°à°•à°‚ యెంపికచేయి" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "à°ªà±à°°à°µà±‡à°¶à°®à±à°¨à± జతపరచà±à°®à±" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "దసà±à°¤à±à°°à°‚ (_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "à°à°šà±à°šà°¿à°•à°¾à°²à± (_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld తిరిగిలోడà±à°šà±‡à°¯à°¿" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "ఫైరà±â€Œà°µà°¾à°²à± నియమాలౠతిరిగిలోడà±à°šà±‡à°¯à°¿. à°ªà±à°°à°¸à±à°¤à±à°¤ శాశà±à°µà°¤ ఆకృతీకరణ కొతà±à°¤ à°°à°¨à±â€Œà°Ÿà±ˆà°®à± ఆకృతీకరణగా ఆగà±à°¨à±. అనగా తిరిగిలోడౠ" "చేసే వరకౠచేసిన à°…à°¨à±à°¨à°¿ à°°à°¨à±â€Œà°Ÿà±ˆà°®à± మారà±à°ªà±à°²à±‚ శాశà±à°µà°¤ ఆకృతీకరణనందౠలేకపోతే తిరిగిలోడౠచేయగానే పోతాయి." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "నెటà±à°µà°°à±à°•à± à°…à°¨à±à°¸à°‚ధానం à° à°•à±à°·à±‡à°¤à±à°°à°®à±à°¨à°•à± చెందà±à°¨à±‹ మారà±à°šà±à°®à±." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "à°…à°ªà±à°°à°®à±‡à°¯ జోనౠమారà±à°šà±" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "à°…à°¨à±à°¸à°‚ధానాలౠలేదా ఇంటరà±à°«à±‡à°¸à±à°² కొరకౠఅపà±à°°à°®à±‡à°¯ à°•à±à°·à±‡à°¤à±à°°à°‚ మారà±à°šà±à°®à±." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "పానికౠరీతి అనగా లోనికివచà±à°šà± మరియౠబయటకిపోవౠఅనà±à°¨à°¿ పాకెటà±à°²à± వదిలివేయబడà±à°¨à±." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "పానికౠరీతి" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "లాకà±â€Œà°¡à±Œà°¨à± à°…à°¨à±à°¨à°¦à°¿ ఫైరà±â€Œà°µà°¾à°²à± ఆకృతీకరణనౠలాకౠచేయà±à°¨à± అలా లాకà±â€Œà°¡à±Œà°¨à± వైటà±â€Œà°²à°¿à°¸à±à°Ÿà± పైని à°…à°¨à±à°µà°°à±à°¤à°¨à°¾à°²à± మాతà±à°°à°®à±‡ దానిని " "మారà±à°šà°—లవà±." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "లాకà±â€Œà°¡à±Œà°¨à±" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "à°°à°¨à±â€Œà°Ÿà±ˆà°®à± ఆకృతీకరణనౠశాశà±à°µà°¤à°‚ చేయà±à°®à±" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "à°°à°¨à±â€Œà°Ÿà±ˆà°®à± à°¨à±à°‚à°¡à°¿ శాశà±à°µà°¤à°‚" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "దరà±à°¶à°¿à°‚à°šà± (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP రకాలà±" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "సూటి ఆకృతీకరణ" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "లాకà±â€Œà°¡à±Œà°¨à± వైటà±â€Œà°²à°¿à°¸à±à°Ÿà±" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "సహాయం (_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "ఆకృతీకరణ:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "à°ªà±à°°à°¸à±à°¤à±à°¤à°‚ దరà±à°¶à°¨à±€à°¯à°®à±ˆà°¨ ఆకృతీకరణ. à°°à°¨à±â€Œà°Ÿà±ˆà°®à± ఆకృతీకరణ à°…à°¨à±à°¨à°¦à°¿ యథారà±à°§ à°•à±à°°à°¿à°¯à°¾à°¶à±€à°² ఆకృతీకరణ. శాశà±à°µà°¤ ఆకృతీకరణ " "à°…à°¨à±à°¨à°¦à°¿ సేవ తరà±à°µà°¾à°¤ లేదా à°µà±à°¯à°µà°¸à±à°¥ తిరిగిలోడైన తరà±à°µà°¾à°¤ లేదా à°ªà±à°¨à°ƒà°ªà±à°°à°¾à°°à°‚à°­à°‚ తరà±à°µà°¾à°¤ à°•à±à°°à°¿à°¯à°¾à°¶à±€à°²à°®à°—à±à°¨à±." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld జోనౠఅనà±à°¨à°¦à°¿ జోనà±â€Œà°•à± బందనమైన నెటà±à°µà°°à±à°•à± à°…à°¨à±à°¸à°‚ధానాలà±, ఇంటరà±à°«à±‡à°¸à±à°²à± మరియౠమూలపౠచిరà±à°¨à°¾à°®à°¾à°² " "నమà±à°®à°¿à°• à°¸à±à°¥à°¾à°¯à°¿à°¨à± నిరà±à°µà°šà°¿à°‚à°šà±à°¨à±. జోనౠఅనà±à°¨à°¦à°¿ సేవలనà±, పోరà±à°Ÿà±à°²à°¨à±, à°ªà±à°°à±Šà°Ÿà±‹à°•à°¾à°²à±à°¸à±à°¨à±, మాసà±à°•à±à°µà°¾à°°à±‡à°¡à°¿à°‚à°—à±â€Œà°¨à±, పోరà±à°Ÿà±/" "పాకెటౠఫారà±à°µà°¾à°°à±à°¡à°¿à°‚à°—à±â€Œà°¨à±, icmp à°«à°¿à°²à±à°Ÿà°°à±à°²à°¨à± మరియౠరిచౠనియమాలనౠకలà±à°ªà±à°¨à±. జోనౠఅనà±à°¨à°¦à°¿ ఇంటరà±à°«à±‡à°¸à±à°²à°•à± మరియౠ" "మూలపౠచిరà±à°¨à°¾à°®à°¾à°²à°•à± బందనం కాగలదà±." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "జోనౠజతచేయి" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "జోనౠసరికూరà±à°šà±" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "జోనౠతీసివేయి" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "జోనౠఅపà±à°°à°®à±‡à°¯à°¾à°²à± లోడà±à°šà±‡à°¯à°¿" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "జోనౠనందౠఠసేవలౠనమà±à°®à°¦à°—ినవో మీరౠయికà±à°•à°¡ నిరà±à°µà°šà°¿à°‚చవచà±à°šà±. à°ˆ జోనà±â€Œà°•à± బందనం అయిన à°…à°¨à±à°¸à°‚ధానాలà±, " "ఇంటరà±à°«à±‡à°¸à±à°²à± మరియౠమూలాల à°¨à±à°‚à°¡à°¿ మిషనà±â€Œà°¨à± చేరగల à°…à°¨à±à°¨à°¿ అతిధేయలౠమరియౠనెటà±à°µà°°à±à°•à±à°² à°¨à±à°‚à°¡à°¿ నమà±à°®à°¦à°—à°¿à°¨ సేవలౠ" "à°à°•à±à°¸à±†à°¸à± చేయవచà±à°šà±." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "సేవలà±" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "మిషనà±â€Œà°•à± à°…à°¨à±à°¸à°‚ధానం కాగల à°…à°¨à±à°¨à°¿ అతిధేయలౠలేదా నెటà±à°µà°°à±à°•à±à°² à°¨à±à°‚à°¡à°¿ à°à°•à±à°¸à±†à°¸à± కావలసిన, పోరà±à°Ÿà±à°²à± లేదా పోరà±à°Ÿà±à°² " "విసà±à°¤à±ƒà°¤à°¿à°¨à°¿ జతచేయి." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "à°ˆ పోరà±à°Ÿà±â€â€Œà°•à±" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "పోరà±à°Ÿà± సరికూరà±à°šà±" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "పోరà±à°Ÿà± తీసివేయి" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "పోరà±à°Ÿà±à°²à±" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "మీరౠఅతిధేయ à°¨à±à°—ాని లేదా రూటరౠనౠగాని మీ à°¸à±à°¥à°¾à°¨à°¿à°• నెటà±à°µà°°à±à°•à±à°¨à± ఇంటరà±â€Œà°¨à±†à°Ÿà± à°•à± à°…à°¨à±à°¸à°‚ధానించà±à°Ÿà°•à± " "మారà±à°µà±‡à°·à°¦à°¾à°°à°£ ఉపయోగకరంగా ఉంటà±à°‚ది.మీ à°¸à±à°¥à°¾à°¨à°¿à°• నెటà±à°µà°°à±à°•à± కనిపించదౠమరియౠఇంటరà±â€Œà°¨à±†à°Ÿà± à°•à± à°’à°• అతిధేయ లాగా " "కనబడà±à°¤à±à°‚ది. మారà±à°µà±‡à°·à°¦à°¾à°°à°£ IPv4 మాతà±à°°à°®à±‡." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "మాసà±à°•à±à°µà°°à±‡à°¡à± జోనà±" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "మీరౠమాసà±à°•à±à°µà°°à±‡à°¡à°¿à°‚గౠచేతనంచేసà±à°¤à±‡, à°à°ªà°¿ ఫారà±à°µà°¾à°°à±à°¡à°¿à°‚à°—à± à°…à°¨à±à°¨à°¦à°¿ మీ IPv4 నెటà±à°µà°°à±à°•à±à°² కొరకౠచేతనమగà±à°¨à±." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Masquerading" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "à°’à°• పరà±à°Ÿà±â€ à°¨à±à°‚à°¡à°¿ వేరక పోరà±à°Ÿà±â€â€Œà°•à± à°¸à±à°¥à°¾à°¨à°¿à°• సిసà±à°Ÿà°®à± నందౠపంపà±à°Ÿà°•à± లేదా à°¸à±à°¥à°¾à°¨à°¿à°• సిసà±à°Ÿà°®à± à°¨à±à°‚à°¡à°¿ వేరొక సిసà±à°Ÿà°®à±â€Œà°•à± " "పంపà±à°Ÿà°•à± à°ªà±à°°à°µà±‡à°¶à°¾à°²à°¨à± పోరà±à°Ÿà±à°¸à±â€â€Œà°•à± జతచేయà±à°®à±. వేరొక సిసà±à°Ÿà°®à±â€Œà°•à± పంపà±à°Ÿ ఇంటరà±â€Œà°«à±‡à°¸à± మారà±à°µà±‡à°·à°‚లోవà±à°‚టేనే " "ఉపయోగకరంగా à°µà±à°‚à°Ÿà±à°‚ది. పోరà±à°Ÿà±â€ పంపà±à°Ÿ IPv4 మాతà±à°°à°®à±‡." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "ఫారà±à°µà°¾à°°à±à°¡à± పోరà±à°Ÿà± జతచేయి" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "ఫారà±à°µà°¾à°°à±à°¡à± పోరà±à°Ÿà± సరికూరà±à°šà±" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "ఫారà±à°µà°¾à°°à±à°¡à± పోరà±à°Ÿà± తీసివేయి" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "ఇంటరà±à°¨à±†à°Ÿà± à°•à°‚à°Ÿà±à°°à±‹à°²à± మెసేజౠపà±à°°à±‹à°Ÿà±‹à°•à°¾à°²à± (ICMP) à°®à±à°–à±à°¯à°‚à°—à°¾ నెటà±à°µà°°à±à°•à±â€â€Œà°¡à± à°•à°‚à°ªà±à°¯à±‚à°Ÿà°°à±à°¸à±â€ మదà±à°¯ దోషపౠసందేశాలనౠ" "పంపà±à°Ÿà°•à± ఉపయోగించబడà±à°¤à±à°‚ది, అయితే అదనంగా పింగౠఅభà±à°¯à°°à±à°¦à°¨à°²à± మరియౠపà±à°°à°¤à±à°¯à±à°¤à±à°¤à°°à°¾à°²à± వంటి సమాచార " "సందేశాలౠకà±." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "జాబితానందౠICMP రకాలనౠగà±à°°à±à°¤à±à°‚à°šà±à°®à±, à°à°µà±ˆà°¤à±‡ తిరసà±à°•à°°à°¿à°‚చాలో. à°…à°¨à±à°¨à°¿ ఇతర ICMP à°°à°•à°®à±à°²à± ఫైరà±â€Œà°µà°¾à°²à± దాటà±à°Ÿà°•à± " "à°…à°¨à±à°®à°¤à°¿à°‚చబడినవి. à°…à°ªà±à°°à°®à±‡à°¯à°‚à°—à°¾ ఠపరిమితి లేదà±." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP వడపోత" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "జోనౠకొరకౠఇకà±à°•à°¡ మీరౠరిచౠభాషా నియమాలనౠఅమరà±à°šà°µà°šà±à°šà±." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "రిచౠనియమం జతచేయి" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "రిచౠనియమం సరికూరà±à°šà±" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "రిచౠనియమం తీసివేయి" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "రిచౠనియమాలà±" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "ఇంటరà±à°«à±‡à°¸à±à°²à°¨à± జోనà±â€Œà°•à± బందనం చేయà±à°Ÿà°•à± à°ªà±à°°à°µà±‡à°¶à°¾à°²à°¨à± జతచేయి. ఒకవేళ ఇంటరà±à°«à±‡à°¸à± à°…à°¨à±à°¨à°¦à°¿ à°…à°¨à±à°¸à°‚ధానం చేత " "à°µà±à°ªà°¯à±‹à°—ించబడితే, జోనౠఅనà±à°¨à°¦à°¿ à°…à°¨à±à°¸à°‚ధానం నందౠతెలిపిన జోనà±â€Œà°•à± అమరà±à°šà°¬à°¡à±à°¨à±." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "ఇంటరà±à°«à±‡à°¸à± జతచేయి" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "ఇంటరà±à°«à±‡à°¸à± సరికూరà±à°šà±" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "ఇంటరà±à°«à±‡à°¸à± తీసివేయి" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "మూలం జతచేయి" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "మూలం సరికూరà±à°šà±" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "మూలం తీసివేయి" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "జోనà±à°¸à±" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld సేవ à°…à°¨à±à°¨à°¦à°¿ పోరà±à°Ÿà±à°²à±, à°ªà±à°°à±Šà°Ÿà±‹à°•à°¾à°²à±à°¸à±, మాడà±à°¯à±‚à°³à±à°³à± మరియౠగమà±à°¯à°ªà± à°šà°¿à°°à±à°¨à°¾à°®à°¾à°² సమà±à°®à±‡à°³à°¨à°‚." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "సేవ జతచేయి" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "సేవ సరికూరà±à°šà±" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "సేవ తీసివేయి" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "సేవా à°…à°ªà±à°°à°®à±‡à°¯à°¾à°²à± లోడà±à°šà±‡à°¯à°¿" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "à°ªà±à°°à°µà±‡à°¶à°®à±à°¨à± సరిచేయà±à°®à±" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "à°ªà±à°°à°µà±‡à°¶à°®à±à°¨à± తీసివేయి" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "మాడà±à°¯à±‚à°³à±à°³à±" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "ఒకవేళ మీరౠగమà±à°¯à°ªà± à°šà°¿à°°à±à°¨à°¾à°®à°¾à°²à°¨à± తెలిపితే, సేవా à°ªà±à°°à°µà±‡à°¶à°‚ à°…à°¨à±à°¨à°¦à°¿ à°—à°®à±à°¯à°ªà± à°šà°¿à°°à±à°¨à°¾à°®à°¾ మరియౠరకమà±à°¨à°•à± పరిమితం " "à°…à°—à±à°¨à±. ఒకవేళ రెండౠపà±à°°à°µà±‡à°¶à°¾à°²à± ఖాళీ అయితే, à°…à°ªà±à°ªà±à°¡à± ఠపరిమితి à°µà±à°‚à°¡à°¦à±." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "సేవలౠఅనà±à°¨à°µà°¿ శాశà±à°µà°¤ ఆకృతీకరణ దరà±à°¶à°¨à°¿ నందౠమాతà±à°°à°®à±‡ మారగలవà±. సేవల యొకà±à°• à°°à°¨à±â€Œà°Ÿà±ˆà°®à± ఆకృతీకరణ à°…à°¨à±à°¨à°¦à°¿ " "నిరà±à°§à°¿à°·à±à°Ÿà°‚." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld icmptype à°…à°¨à±à°¨à°¦à°¿ firewalld కొరకౠఇంటరà±à°¨à±†à°Ÿà± à°•à°‚à°Ÿà±à°°à±‹à°²à± మెసేజౠపà±à°°à±Šà°Ÿà±‹à°•à°¾à°²à± (ICMP) à°•à± " "చెందిన సమాచారం ఇచà±à°šà±à°¨à±." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP à°°à°•à°‚ జతచేయి" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP à°°à°•à°‚ సరికూరà±à°šà±" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP à°°à°•à°‚ తీసివేయి" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP à°°à°•à°‚ à°…à°ªà±à°°à°®à±‡à°¯à°¾à°²à± లోడà±à°šà±‡à°¯à°¿" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "IPv4 మరియà±/లేదా IPv6 కొరకౠఈ ICMP à°°à°•à°‚ à°…à°‚à°¦à±à°¬à°¾à°Ÿà±à°²à±‹ à°µà±à°‚దో లేదో తెలà±à°ªà±à°®à±." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP రకాలౠఅనà±à°¨à°µà°¿ శాశà±à°µà°¤ ఆకృతీకరణ దరà±à°¶à°¨à°¿ నందౠమాతà±à°°à°®à±‡ మారగలవà±. ICMP రకాల యొకà±à°• à°°à°¨à±â€Œà°Ÿà±ˆà°®à± " "ఆకృతీకరణ à°…à°¨à±à°¨à°¦à°¿ నిరà±à°§à°¿à°·à±à°Ÿà°‚." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "సూటి ఆకృతీకరణ à°…à°¨à±à°¨à°¦à°¿ ఫైరà±â€Œà°µà°¾à°²à±â€Œà°•à± మరింత సూటిగా à°à°•à±à°¸à±†à°¸à± ఇచà±à°šà±à°¨à±. à°ˆ à°à°šà±à°šà°¿à°•à°¾à°²à± à°µà±à°ªà°¯à±‹à°—à°¿à°‚à°šà±à°Ÿà°•à± వాడà±à°•à°°à°¿à°•à°¿ " "à°ªà±à°°à°¾à°¥à°®à°¿à°• à°à°ªà°¿à°ªà°Ÿà±à°Ÿà°¿à°•à°² విషయాలౠతెలవాలి, అనగా పటà±à°Ÿà°¿à°•à°²à±, చైనà±à°¸à±, ఆదేశాలà±, పారామితà±à°²à± మరియౠలకà±à°·à±à°¯à°¾à°²à±. ఇతర " "firewalld విశేషణాలౠà°à°µà±€ à°µà±à°ªà°¯à±‹à°—à°¿à°‚à°šà±à°Ÿà°•à± సాధà±à°¯à°•à°¾à°¨à°ªà±à°ªà±à°¡à± మాతà±à°°à°®à±‡ సూటి ఆకృతీకరణనౠవà±à°ªà°¯à±‹à°—ించాలి." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "à°ªà±à°°à°¤à°¿ à°à°šà±à°šà°¿à°•à°‚ యొకà±à°• ipv ఆరà±à°—à±à°®à±†à°‚à°Ÿà± ipv4 లేదా ipv6 లేదా eb కావాలి. ipv4 తో అది à°à°ªà°¿à°ªà°Ÿà±à°Ÿà°¿à°•à°² కొరకà±, " "ipv6 కొరకౠà°à°ªà°¿6పటà±à°Ÿà°¿à°•à°² కొరకౠమరియౠeb తో ఈథరà±à°¨à±†à°Ÿà± à°¬à±à°°à°¿à°¡à±à°œà±à°²à± (ఈబిపటà±à°Ÿà°¿à°•à°²à±) కొరకà±." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "నియమాలతో à°µà±à°ªà°¯à±‹à°—à°¿à°‚à°šà±à°Ÿà°•à± అదనపౠచైనà±à°¸à±." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "చైనౠజతచేయి" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "చైనౠసరికూరà±à°šà±" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "చైనౠతీసివేయి" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "చైనà±à°¸à±" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "పటà±à°Ÿà°¿à°• నందలి చైనà±â€Œà°•à± à°ªà±à°°à°¾à°®à±à°–à±à°¯à°¤à°¤à±‹ ఆరà±à°—à±à°®à±†à°‚à°Ÿà±à°¸à± args à°µà±à°ªà°¯à±‹à°—à°¿à°‚à°šà°¿ నియమం జతచేయి." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "ఆరà±à°¡à°°à± నియమాలనౠవà±à°ªà°¯à±‹à°—ించటమే à°ªà±à°°à°¾à°®à±à°–à±à°¯à°‚. à°ªà±à°°à°¾à°®à±à°–à±à°¯à°¤ 0 అనగా నియమానà±à°¨à°¿ చైనౠపైన జతచేయమని, à°…à°¤à±à°¯à°§à°¿à°• " "à°ªà±à°°à°¾à°®à±à°–à±à°¯à°¤à°¤à±‹ నియమం à°…à°¨à±à°¨à°¦à°¿ ఇంకా కిందకౠచేరà±à°šà°¬à°¡à±à°¨à±. ఒకే à°ªà±à°°à°¾à°®à±à°–à±à°¯à°¤à°¤à±‹ à°µà±à°¨à±à°¨ నియమాలౠఒకే à°¸à±à°¥à°¾à°¯à°¿à°²à±‹ à°µà±à°‚టాయి " "మరియౠఈ నియమాల à°•à±à°°à°®à°‚ నిరà±à°¦à°¿à°·à±à°Ÿà°‚కాదౠమారవచà±à°šà±. ఒకదాని తరà±à°µà°¾à°¤ మళà±à°³à±€ à°’à°• నియమం జతచేయబడà±à°¨à± అనేది " "నిరà±à°¥à°¾à°°à°¿à°‚à°šà±à°•à±Šà°¨à±à°Ÿà°•à±, ఒకదానికి తకà±à°•à±à°µ à°ªà±à°°à°¾à°®à±à°–à±à°¯à°¤ ఇచà±à°šà°¿ తరà±à°µà°¾à°¤à°¦à°¾à°¨à°¿à°•à°¿ à°Žà°•à±à°•à±à°µ à°ªà±à°°à°¾à°®à±à°–à±à°¯à°¤ ఇవà±à°µà°‚à°¡à°¿." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "నియమం జతచేయి" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "నియమం సరికూరà±à°šà±" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "నియమం తీసివేయి" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "నియమాలà±" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "పాసà±â€Œà°¤à±à°°à±‚ నియమాలౠఅనà±à°¨à°µà°¿ నేరà±à°—à°¾ ఫైరà±â€Œà°µà°¾à°²à±â€Œà°•à± పంపà±à°¬à°¡à±à°¨à± మరియౠపà±à°°à°¤à±à°¯à±‡à°• చైనà±à°¸à± నందౠవà±à°‚చబడవà±. à°…à°¨à±à°¨à°¿ " "à°à°ªà°¿à°ªà°Ÿà±à°Ÿà°¿à°•à°²à±, à°à°ªà°¿6పటà±à°Ÿà°¿à°•à°²à± మరియౠఈబిపటà±à°Ÿà°¿à°•à°² à°à°šà±à°šà°¿à°•à°¾à°²à± à°µà±à°ªà°¯à±‹à°—ించవచà±à°šà±." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "ఫైరà±â€Œà°µà°¾à°²à±â€Œà°•à± నషà±à°Ÿà°‚వాటిలà±à°²à°•à±à°‚à°¡à°¾ à°µà±à°‚à°¡à±à°Ÿà°•à± పాసà±â€Œà°¤à±à°°à±‚ నియమాలతో జాగà±à°°à°¤à±à°¤à°—à°¾ à°µà±à°‚à°¡à°‚à°¡à°¿." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "పాసà±â€Œà°¤à±à°°à±‚ జతచేయి" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "పాసà±â€Œà°¤à±à°°à±‚ సరికూరà±à°šà±" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "పాసà±â€Œà°¤à±à°°à±‚ తీసివేయి" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "పాసà±â€Œà°¤à±à°°à±‚" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "లాకà±â€Œà°¡à±Œà°¨à± విశేషణం à°…à°¨à±à°¨à°¦à°¿ firewalld కొరకౠవాడà±à°•à°°à°¿ మరియౠఅనà±à°µà°°à±à°¤à°¨à°‚ విధానాల లైటౠవరà±à°·à°¨à±. ఇది మారà±à°ªà±à°²à°¨à± " "ఫైరà±â€Œà°µà°¾à°²à±â€Œà°•à± పరిమితం చేయà±à°¨à±. లాకà±â€Œà°¡à±Œà°¨à± వైటà±â€Œà°²à°¿à°¸à±à°Ÿà± à°…à°¨à±à°¨à°¦à°¿ ఆదేశాలనà±, సందరà±à°­à°¾à°²à°¨à±, వాడà±à°•à°°à±à°²à°¨à± మరియౠవాడà±à°•à°°à°¿ " "à°à°¡à°¿à°²à°¨à± కలిగివà±à°‚డవచà±à°šà±." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "సందరà±à°­à°‚ జతచేయి" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "సందరà±à°­à°‚ సరికూరà±à°šà±" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "సందరà±à°­à°‚ తీసివేయి" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "సందరà±à°­à°¾à°²à±" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "వైటà±â€Œà°²à°¿à°¸à±à°Ÿà± పైన ఆదేశం à°ªà±à°°à°µà±‡à°¶à°‚ à°à°¸à±à°Ÿà±à°°à°¿à°•à± '*' తో à°®à±à°—à°¿à°¸à±à°¤à±‡, à°…à°ªà±à°ªà±à°¡à± à°† ఆదేశంతో à°ªà±à°°à°¾à°°à°‚భమయà±à°¯à±‡ à°…à°¨à±à°¨à°¿ ఆదేశ " "వరà±à°¸à°²à± సరిపోలà±à°¨à±. ఒకవేళ '*' లేకపోతే à°…à°ªà±à°ªà±à°¡à± ఆదేశం à°…à°¨à±à°¨à°¦à°¿ ఆరà±à°—à±à°®à±†à°‚à°Ÿà±à°²à°¤à±‹ సహా à°–à°šà±à°šà°¿à°¤à°‚à°—à°¾ సరిపోలాలి." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "ఆదేశ వరà±à°¸ జతచేయి" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "ఆదేశ వరà±à°¸ సరికూరà±à°šà±" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "ఆదేశ వరà±à°¸ తీసివేయి" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "ఆదేశ వరà±à°¸à°²à±" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "వాడà±à°•à°°à°¿ పేరà±à°²à±." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "వాడà±à°•à°°à°¿ పేరౠజతచేయి" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "వాడà±à°•à°°à°¿ పేరౠజతచేయి" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "వాడà±à°•à°°à°¿ పేరౠతీసివేయి" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "వాడà±à°•à°°à°¿ పేరà±à°²à±" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "వాడà±à°•à°°à°¿ à°à°¡à°¿à°²à±." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "వాడà±à°•à°°à°¿ à°à°¡à°¿ జతచేయి" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "వాడà±à°•à°°à°¿ à°à°¡à°¿ సరికూరà±à°šà±" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "వాడà±à°•à°°à°¿ à°à°¡à°¿ తీసివేయి" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "వాడà±à°•à°°à°¿ à°à°¡à°¿à°²à±" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "à°µà±à°¯à°µà°¸à±à°¥ యొకà±à°• à°ªà±à°°à°¸à±à°¤à±à°¤ à°…à°ªà±à°°à°®à±‡à°¯ జోనà±." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "పానికౠమోడà±:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "లాకà±â€Œà°¡à±Œà°¨à±:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "à°…à°ªà±à°°à°®à±‡à°¯ జోనà±:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "పోరà±à°Ÿà±â€ మరియౠనియమం" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "దయచేసి పోరà±à°Ÿà± మరియౠపà±à°°à±Šà°Ÿà±‹à°•à°¾à°²à± à°ªà±à°°à°µà±‡à°¶à°ªà±†à°Ÿà±à°Ÿà°‚à°¡à°¿." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "సూటి నియమం" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "దయచేసి ipv మరియౠపటà±à°Ÿà°¿à°•, చైనౠపà±à°°à°¾à°®à±à°–à±à°¯à°¤ ఎంపికచేసి ఆరà±à°—à±à°®à±†à°‚à°Ÿà±à°²à± à°ªà±à°°à°µà±‡à°¶à°ªà±†à°Ÿà±à°Ÿà±." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "à°ªà±à°°à°¾à°®à±à°–à±à°¯à°¤:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "దయచేసి à°ªà±à°°à±Šà°Ÿà±‹à°•à°¾à°²à± à°ªà±à°°à°µà±‡à°¶à°ªà±†à°Ÿà±à°Ÿà°‚à°¡à°¿." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "ఇతర à°ªà±à°°à±Šà°Ÿà±‹à°•à°¾à°²à±:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "రిచౠనియమం" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "దయచేసి రిటౠనియమం à°ªà±à°°à°µà±‡à°¶à°ªà±†à°Ÿà±à°Ÿà°‚à°¡à°¿." #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "అతిధేయ లేదా నెటà±à°µà°°à±à°•à±à°¨à°•à± వైటౠలేదా à°¬à±à°²à°¾à°•à±â€Œà°²à°¿à°¸à±à°Ÿà°¿à°‚à°—à± à°…à°¨à±à°¨à°¦à°¿ మూలకం à°•à±à°°à°¿à°¯à°¾à°¹à±€à°¨à°‚ చేయà±à°¨à±." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "మూలం:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "à°—à°®à±à°¯à°‚:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "లాగà±:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "ఆడిటà±:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 మరియౠipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "తిరగతిపà±à°ªà°¿à°¨" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "దీనిని చేతనం చేయà±à°Ÿà°•à± à°šà°°à±à°¯ అనేది 'తిరసà±à°•à°°à°¿à°‚à°šà±' à°…à°µà±à°µà°¾à°²à°¿ మరియౠఫà±à°¯à°¾à°®à°¿à°²à±€ 'ipv4' లేదా 'ipv6' à°…à°µà±à°µà°¾à°²à°¿ " "(రెండూ కాదà±)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "à°°à°•à°‚ తో:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "పరిమితి తో:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "à°ªà±à°°à°¿à°«à°¿à°•à±à°¸à±:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "à°¸à±à°¥à°¾à°¯à°¿:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "మూలకం:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "à°šà°°à±à°¯:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "à°ªà±à°°à°¾à°§à°®à°¿à°• సేవ అమరికలà±" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "దయచేసి à°ªà±à°°à°¾à°§à°®à°¿à°• సేవ అమరికలౠఆకృతీకరించà±:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "దయచేసి సేవనౠఎంపికచేయి." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "వాడà±à°•à°°à°¿ à°à°¡à°¿" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "దయచేసి వాడà±à°•à°°à°¿ à°à°¡à°¿à°¨à± à°ªà±à°°à°µà±‡à°¶à°ªà±†à°Ÿà±à°Ÿà±à°®à±." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "దయచేసి వాడà±à°•à°°à°¿ పేరౠపà±à°°à°µà±‡à°¶à°ªà±†à°Ÿà±à°Ÿà±à°®à±." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "ఆధార జోనౠఅమరికలà±" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "దయచేసి ఆధార జోనౠఅమరికలౠఆకృతీకరించà±:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "à°…à°ªà±à°°à°®à±‡à°¯ లకà±à°·à±à°¯à°‚" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "లకà±à°·à±à°¯à°‚:" firewalld-1.1.1/po/tr.po0000644000000000000000000017111214217342322015067 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Automatically generated, 2004 # Hasan Alp Ä°NAN, 2011 # Irmak Bıçakçıgil , 2014 # Onuralp SEZER , 2012 # Serdar SaÄŸlam , 2019. #zanata # OÄŸuz Ersen , 2020. # Burak Yavuz , 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-11-07 16:35+0000\n" "Last-Translator: Burak Yavuz \n" "Language-Team: Turkish \n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n>1);\n" "X-Generator: Weblate 4.3.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Güvenlik Duvarı Uygulaması" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Güvenlik Duvarı" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "Güvenlik Duvarı Yapılandırması" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" "firewall;network;security;iptables;netfilter;güvenlik duvarı;aÄŸ;koruma;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "'%s' arayüzü için bölge seç" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Öntanımlı Bölge" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "'%s' baÄŸlantısı için bölge seç" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "{connection_name} baÄŸlantısı için {zone} bölgesi ayarlanamadı" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "'%s' kaynağı için bölge seç" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "Kalkanlar Yukarı/AÅŸağı Bölgelerini Yapılandır" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "" "Burada Kalkanlar Yukarı ve Kalkanlar AÅŸağı için kullanılan bölgeleri " "seçebilirsiniz." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Bu özellik çoÄŸunlukla öntanımlı bölgeleri kullanan kiÅŸiler için " "kullanışlıdır. BaÄŸlantı bölgelerini deÄŸiÅŸtiren kullanıcılar için kullanımı " "sınırlı olabilir." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Kalkanlar Yukarı Bölgesi:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Öntanımlılara Sıfırla" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Kalkanlar AÅŸağı Bölgesi:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "%s hakkında" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Yazarlar" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Lisans" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Kalkanlar Yukarı" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Bildirimler açık" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Güvenlik Duvarı ayarlarını deÄŸiÅŸtir..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "BaÄŸlantı Bölgelerini DeÄŸiÅŸtir..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Kalkanlar Yukarı/AÅŸağı Bölgelerini Yapılandır..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Tüm aÄŸ trafiÄŸini engelle" #: ../src/firewall-applet.in:492 msgid "About" msgstr "Hakkında" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "BaÄŸlantılar" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Kaynaklar" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Yetkilendirme baÅŸarısız oldu." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Argumento inválido %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Bu isim zaten kullanılıyor" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Bölge: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Öntanımlı Bölge: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "NetworkManager'dan baÄŸlantılar alınamadı" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Kullanılabilir NetworkManager içe aktarımı yok" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Güvenlik duvarı arka plan programı ile baÄŸlantı yok" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "Tüm aÄŸ trafiÄŸi engellendi." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Öntanımlı Bölge: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Öntanımlı Bölge '{default_zone}', '{interface}' arayüzünde '{connection}' " "baÄŸlantısı için etkin" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "'{zone}' bölgesi, '{interface}' arayüzünde '{connection}' baÄŸlantısı için " "etkin" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "'{zone}' bölgesi '{interface}' arayüzü için etkin" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "'{zone}' bölgesi, {source} kaynağı için etkin" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Etkin Bölge Yok." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "FirewallD ile baÄŸlantı saÄŸlandı." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "FirewallD ile baÄŸlantı kaybedildi." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD yeniden yüklendi." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Öntanımlı bölge '%s' olarak deÄŸiÅŸtirildi." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Artık aÄŸ trafiÄŸi engellenmiyor." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "etkinleÅŸtirildi" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "devreden çıkarıldı" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Öntanımlı bölge '{default_zone}', '{interface}' arayüzünde '{connection}' " "baÄŸlantısı için {activated_deactivated}" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "'{zone}' bölgesi, '{interface}' arayüzünde '{connection}' baÄŸlantısı için " "{activated_deactivated}" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "'{zone}' bölgesi, '{interface}' arayüzü için {activated_deactivated}" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "'%s' bölgesi, '%s' arayüzü için etkinleÅŸtirildi" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "'{zone}' bölgesi, '{source}' kaynağı için {activated_deactivated}" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "'%s' bölgesi, '%s' kaynağı için etkinleÅŸtirildi" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Firewalld ile baÄŸlantı kuruldu." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "firewalld'ye baÄŸlanmaya çalışılıyor, bekleyin..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "firewalld'ye baÄŸlanılamadı. Lütfen hizmetin doÄŸru ÅŸekilde baÅŸlatıldığından " "emin olun ve tekrar deneyin." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "DeÄŸiÅŸiklikler uygulandı." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "'%s' aÄŸ baÄŸlantısı tarafından kullanılıyor" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "'%s' aÄŸ baÄŸlantısı tarafından kullanılan öntanımlı bölge" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "etkin" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "devre dışı" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Ikonların yüklenmesi baÅŸarısız." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "İçerik" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Komut satırı" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Kullanıcı adı" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Kullanıcı kimliÄŸi" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "Tablo" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Zincir" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "Öncelik" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Argümanlar" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "Çalışma zamanı" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "Kalıcı" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Hizmet" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "BaÄŸlantı noktası" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Protocolo" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Hedef BaÄŸlantı Noktası" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Hedef Adres" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "BaÄŸlamalar" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "GiriÅŸ" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp Türü" #: ../src/firewall-config.in:822 msgid "Family" msgstr "Aile" #: ../src/firewall-config.in:826 msgid "Action" msgstr "Eylem" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Eleman" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Kaynak" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Hedef" #: ../src/firewall-config.in:834 msgid "log" msgstr "günlük" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Denetim" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "Arayüz" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Açıklama" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Kaynak" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "Uyarı" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Erro" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "kabul et" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "reddet" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "yok say" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "iÅŸaretle" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "sınırla" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "hizmet" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "baÄŸlantı noktası" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "protokol" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "maskeleme" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-engelleme" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-türü" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "baÄŸlantı-noktası-yönlendirme" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "kaynak-baÄŸlantı-noktası" #: ../src/firewall-config.in:2097 msgid "level" msgstr "seviye" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "evet" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Bölge" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Öntanımlı Bölge: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Bölge: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Bölge '%s': '%s' hizmeti kullanılamıyor." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Kaldır" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Yoksay" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Bölge '%s': '%s' ICMP türü kullanılamıyor." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "YerleÅŸik bölge, yeniden adlandırma desteklenmiyor." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "saniye" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "dakika" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "saat" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "gün" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "acil durum" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "alarm" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "kritik" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "hata" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "uyarı" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "ikaz" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "bilgi" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "hata ayıkla" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "BaÅŸka bir sisteme yönlendirme, sadece arayüz maskelenmiÅŸ ise faydalıdır.\n" "Bu bölgeyi maskelemek ister misiniz?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "YerleÅŸik hizmet, yeniden adlandırma desteklenmiyor." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Lütfen adres[/maske] biçiminde bir ipv4 adresi girin." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "Maske, bir aÄŸ maskesi veya bir sayı olabilir." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Lütfen adres[/maske] biçiminde bir ipv6 adresi girin." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "Maske bir sayıdır." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Lütfen adres[/maske] biçiminde bir ipv4 veya ipv6 adresi girin." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Maske, ipv4 için bir aÄŸ maskesi veya bir sayı olabilir.\n" "Maske, ipv6 için bir sayıdır." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "YerleÅŸik ipset, yeniden adlandırma desteklenmiyor." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Lütfen bir dosya seç" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "Metin Dosyası" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "Tüm Dosyalar" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "Tümü" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "YerleÅŸik yardımcı, yeniden adlandırma desteklenmiyor." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Dahili icmp, Yeniden isimlendirme desteklenmiyor." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "'%s' dosyası okunamadı: %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "%s kaynağı için bölge seç" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "Adres" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Otomatik Yardımcılar" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Lütfen otomatik yardımcıların deÄŸerini seçin:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Lütfen komut satırını girin." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Lütfen içeriÄŸi girin." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Lütfen aÅŸağıdaki listeden öntanımlı bölgeyi seçin." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "DoÄŸrudan Zincir" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "Lütfen ipv ve tabloyu seçin ve zincir adını girin." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Zincir:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "ham" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "güvenlik" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "Tablo:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "DoÄŸrudan GeçiÅŸ Kuralı" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Lütfen ipv'yi seçin ve argümanları girin." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Argümanlar:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "BaÄŸlantı Noktası Yönlendirme" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "" "Por favor, seleccione as opções de origem e destino de acordo com as suas " "necessidades." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "BaÄŸlantı Noktası / BaÄŸlantı Noktası Aralığı:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "Endereço IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Protokol:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "Hedef" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Yerel yönlendirmeyi etkinleÅŸtirirseniz, bir baÄŸlantı noktası belirtmeniz " "gerekir. Bu baÄŸlantı noktasının kaynak baÄŸlantı noktasından farklı olması " "gerekir." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Yerel Yönlendirme" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "BaÅŸka bir baÄŸlantı noktasına yönlendir" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Temel Yardımcı Ayarları" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Lütfen temel yardımcı ayarlarını yapılandırın:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "Kalın giriÅŸlerin hepsi zorunludur. DiÄŸer tüm giriÅŸler isteÄŸe baÄŸlıdır." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Ä°sim:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "Sürüm:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "Kısa:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "Açıklama:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "Aile:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Modül:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Yardımcılar" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Lütfen bir yardımcı seçin:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Temel ICMP Türü Ayarları" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Lütfen temel ICMP türü ayarlarını yapılandırın:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP Türü" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Lütfen bir ICMP türü seçin" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Adicionar Entrada" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Dosyadan Girdi Ekle" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Seçilen Girdiyi Kaldır" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Tüm Girdileri Kaldır" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Girdileri Dosyadan Kaldır" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Dosya" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Seçenekler" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Firewalld 'yi yeniden yükle" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Güvenlik duvarı kurallarını yeniden yükler. Mevcut kalıcı yapılandırma yeni " "çalışma zamanı yapılandırması haline gelecektir. DiÄŸer bir deyiÅŸle, yeniden " "yükleme zamanına kadar yapılan, sadece çalışma zamanına ait tüm " "deÄŸiÅŸiklikler, aynı zamanda kalıcı yapılandırmada da bulunmadıkları takdirde " "kaybolacaktır." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Bir aÄŸ baÄŸlantısının ait olduÄŸu bölgeyi deÄŸiÅŸtirin." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Öntanımlı Bölgeyi DeÄŸiÅŸtir" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "BaÄŸlantılar veya arayüzler için öntanımlı bölgeyi deÄŸiÅŸtirin." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Reddedilen Log Kaydını DeÄŸiÅŸtir" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "LogDenied deÄŸerini deÄŸiÅŸtirin." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "Otomatik Yardımcı Atamasını Yapılandır" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "Otomatik Yardımcı Atama ayarını yapılandırın." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Panik modu, gelen ve giden tüm paketlerin yok sayıldığı anlamına gelir." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Panik Modu" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "Kilitleme, sadece kilitleme beyaz listesindeki uygulamaların " "deÄŸiÅŸtirebilmesi için güvenlik duvarı yapılandırmasını kilitler." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "Kilitleme" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Çalışma zamanı yapılandırmasını kalıcı duruma getir" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "Çalışma Zamanından Kalıcı Duruma" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "_Görünüm" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSet'ler" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP Türleri" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Yardımcılar" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "DoÄŸrudan Yapılandırma" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "Kilitleme Beyaz Listesi" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Etkin BaÄŸlamalar" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Yardım" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Bölge DeÄŸiÅŸtir" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "BaÄŸlamanın bölgesini deÄŸiÅŸtir" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "BaÄŸlantıların, arayüzlerin ve kaynakların bölgelere etkin çalışma zamanı " "baÄŸlamalarını gizle" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "BaÄŸlantıların, arayüzlerin ve kaynakların bölgelere etkin çalışma zamanı " "baÄŸlamalarını göster" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "Yapılandırma:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "EÄŸer belirli bir adres belirlediyseniz, ICMP tipi giriÅŸi bu hedefle sınırlı " "olacaktır." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Bir firewalld bölgesi, bölgeye baÄŸlı aÄŸ baÄŸlantıları, arayüzler ve kaynak " "adresleri için güven seviyesini tanımlar. Bölge; hizmetleri, baÄŸlantı " "noktalarını, protokolleri, maskelemeyi, baÄŸlantı noktası/paket " "yönlendirmeyi, icmp filtrelerini ve zengin kuralları bir araya getirir. " "Bölge, arayüzlere ve kaynak adreslere baÄŸlanabilir." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Bölge Ekle" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Bölge Düzenle" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Bölge Kaldır" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Bölge Öntanımlılarını Yükle" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Burada, bölgede hangi hizmetlere güvenileceÄŸini tanımlayabilirsiniz. " "Güvenilir hizmetlere, bu bölgeye baÄŸlanmış baÄŸlantılar, arayüzler ve " "kaynaklardan makineye eriÅŸebilen tüm ana makinelerden ve aÄŸlardan " "eriÅŸilebilir." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Hizmetler" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Makineye baÄŸlanabilen tüm ana makineler veya aÄŸlar için eriÅŸilebilir olması " "gereken ilave baÄŸlantı noktaları veya baÄŸlantı noktası aralıkları ekleyin." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "BaÄŸlantı Noktası Ekle" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "BaÄŸlantı Noktası Düzenle" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "BaÄŸlantı Noktası Kaldır" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "BaÄŸlantı noktaları" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Tüm ana makineler veya aÄŸlar için eriÅŸilebilir olması gereken protokoller " "ekleyin." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Protokol Ekle" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Protokol Düzenle" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Protokol Kaldır" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Protokoller" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Makineye baÄŸlanabilen tüm ana makineler veya aÄŸlar için eriÅŸilebilir olması " "gereken ilave kaynak baÄŸlantı noktaları veya baÄŸlantı noktası aralıkları " "ekleyin." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Kaynak BaÄŸlantı Noktaları" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "Maskeleme, yerel ağınızı internete baÄŸlayan bir ana makine veya yönlendirici " "kurmanıza olanak saÄŸlar. Yerel ağınız görünür olmayacaktır ve ana makineler " "internette tek bir adres olarak görünecektir. Maskeleme yalnızca IPv4 " "içindir mevcuttur." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "Bölgeyi maskele" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Maskelemeyi etkinleÅŸtirirseniz, IP yönlendirmesi IPv4 ağınız için " "etkinleÅŸtirilecektir." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "Maskeleme" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "BaÄŸlantı noktalarını yerel sistemdeki bir baÄŸlantı noktasından diÄŸerine veya " "yerel sistemden baÅŸka bir sisteme yönlendirmek için girdiler ekleyin. BaÅŸka " "bir sisteme yönlendirme yalnızca arayüz maskelenmiÅŸse yararlıdır. BaÄŸlantı " "noktası yönlendirme sadece IPv4 için kullanılabilir." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Yönlendirme BaÄŸlantı Noktası Ekle" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Yönlendirme BaÄŸlantı Noktası Düzenle" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Yönlendirme BaÄŸlantı Noktası Kaldır" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Internet Denetim Mesajı Protokolü (Internet Control Message Protocol - " "ICMP), esas olarak aÄŸa baÄŸlı bilgisayarlar arasında hata mesajları göndermek " "için kullanılır, ancak ek olarak ping istekleri ve yanıtları gibi bilgi " "mesajları için de kullanılır." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Reddedilmesi gereken ICMP türlerini listeden iÅŸaretleyin. DiÄŸer bütün ICMP " "türleri güvenlik duvarından geçebilecektir. Öntanımlı olarak herhangi bir " "sınırlama yoktur." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Filtreyi Ters Çevirme etkinse, iÅŸaretli ICMP girdileri kabul edilir ve " "diÄŸerleri reddedilir. Hedefin DROP olduÄŸu bir bölgede yok sayılırlar." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Filtreyi Ters Çevir" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP Filter" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Burada bölge için zengin dil kuralları ayarlayabilirsiniz." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "GeliÅŸtirilmiÅŸ Kural Ekle" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "GeliÅŸtirilmiÅŸ Kural Düzenle" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "GeliÅŸtirilmiÅŸ Kural Kaldır" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "GeliÅŸtirilmiÅŸ Kurallar" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Arayüzleri bölgeye baÄŸlamak için girdiler ekleyin. Arayüz bir baÄŸlantı " "tarafından kullanılacaksa, bölge baÄŸlantıda belirtilen bölgeye " "ayarlanacaktır." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Arayüz Ekle" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Arayüz Düzenle" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Arayüz Kaldır" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Kaynak adresleri veya alanları bölgeye baÄŸlamak için girdiler ekleyin. Bir " "MAC kaynak adresine de baÄŸlayabilirsiniz, ancak sınırlamalar vardır. " "BaÄŸlantı noktası yönlendirme ve maskeleme, MAC kaynak baÄŸlamaları için " "çalışmaz." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Kaynak Ekle" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Kaynak Düzenle" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Kaynak Kaldır" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Bölgeler" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "Bir firewalld hizmeti; baÄŸlantı noktaları, protokoller, modüller ve hedef " "adreslerin bir birleÅŸimidir." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Hizmet Ekle" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Hizmeti Düzenle" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Hizmeti Kaldır" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Hizmet Öntanımlılarını Yükle" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Tüm ana makineler veya aÄŸlar için eriÅŸilebilir olması gereken ilave baÄŸlantı " "noktaları veya baÄŸlantı noktası aralıkları ekleyin." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Editar Entrada" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "GiriÅŸi sil" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Tüm ana makineler veya aÄŸlar için eriÅŸilebilir olması gereken ilave kaynak " "baÄŸlantı noktaları veya baÄŸlantı noktası aralıkları ekleyin." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Kaynak BaÄŸlantı Noktası" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Bazı hizmetler için netfilter yardımcı modülleri gereklidir." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Modüller" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "EÄŸer belirli bir hedef adres belirlediyseniz, hizmet giriÅŸi hedef adres ve " "türü ile sınırlı olacaktır. EÄŸer ikisi de boÅŸ ise , herhangi bir sınırlama " "yoktur." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "Hizmetler sadece kalıcı yapılandırma görünümünde deÄŸiÅŸtirilebilir. " "Hizmetlerin çalışma zamanı yapılandırması sabittir." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "Bir IPSet, beyaz veya kara listeler oluÅŸturmak için kullanılabilir ve " "örneÄŸin IP adreslerini, baÄŸlantı noktası numaralarını veya MAC adreslerini " "depolayabilir. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "IPSet Ekle" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "IPSet Düzenle" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "IPSet Kaldır" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "IPSet Öntanımlılarını Yükle" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "IPSet girdileri. Sadece zaman aşımı seçeneÄŸini kullanmayan ipset'lerin " "girdilerini, ayrıca sadece firewalld tarafından eklenen girdileri " "görebilirsiniz. DoÄŸrudan ipset komutuyla eklenen girdiler burada " "listelenmeyecektir." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "Bu IPSet zaman aşımı seçeneÄŸini kullanmaktadır, bu nedenle burada hiçbir " "girdi görünmez. Girdilere ipset komutu ile doÄŸrudan bakılmalıdır." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Ekle" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "Girdiler" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSet'ler sadece kalıcı yapılandırma görünümünde oluÅŸturulabilir veya " "silinebilir." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Bir firewalld icmptype, firewalld için bir Ä°nternet Denetim Mesajı Protokolü " "(Internet Control Message Protocol - ICMP) türü için bilgi saÄŸlar." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "ICMP Türü Ekle" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "ICMP Türünü Düzenle" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "ICMP Türünü Kaldır" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "ICMP Türü Öntanımlılarını Yükle" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "" "Bu ICMP Türünün IPv4 ve/veya IPv6 için kullanılabilir olup olmadığını " "belirtin." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP Türleri sadece kalıcı yapılandırma görünümünde deÄŸiÅŸtirilebilir. ICMP " "Türlerinin çalışma zamanı yapılandırması sabittir." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Bir baÄŸlantı izleme yardımcısı, iÅŸaretleÅŸme ve veri aktarımları için farklı " "akışlar kullanan protokollerin çalışmasına yardımcı olmaktadır. Veri " "aktarımları, iÅŸaretleÅŸme baÄŸlantısıyla ilgisi olmayan baÄŸlantı noktaları " "kullanmakta ve bu nedenle yardımcı olmadan güvenlik duvarı tarafından " "engellenmektedir." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Yardımcı tarafından izlenen baÄŸlantı noktalarını veya baÄŸlantı noktası " "aralıklarını tanımlayın." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "DoÄŸrudan yapılandırma, güvenlik duvarına daha doÄŸrudan bir eriÅŸim saÄŸlar. Bu " "seçenekler kullanıcının temel iptables kavramlarını, yani tabloları, " "zincirleri, komutları, parametreleri ve hedefleri bilmesini gerektirir. " "DoÄŸrudan yapılandırma, diÄŸer firewalld özelliklerini kullanmanın mümkün " "olmadığı durumlarda sadece son çare olarak kullanılmalıdır." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Her seçeneÄŸin ipv argümanı ipv4 veya ipv6 veya eb olmalıdır. ipv4 ile " "iptables için, ipv6 ile ip6tables için ve eb ile ethernet köprüleri " "(ebtables) için olacaktır." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Kurallarla kullanım için ilave zincirler." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Zincir Ekle" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Zincir Düzenle" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Zincir Kaldır" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Zincirler" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Öncelikli bir tablodaki bir zincire args argümanları ile bir kural ekleyin." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "Öncelik, kuralları sıralamak için kullanılır. Öncelik 0, zincirin üstüne " "kural eklemek anlamına gelir, daha yüksek bir önceliÄŸe sahip kural daha " "aÅŸağıya eklenir. Aynı önceliÄŸe sahip kurallar aynı seviyededir ve bu " "kuralların sırası sabit deÄŸildir ve deÄŸiÅŸebilir. Bir kuralın bir diÄŸeri " "ardına ekleneceÄŸinden emin olmak istiyorsanız, birincisi için düşük öncelik " "ve diÄŸeri için daha yüksek öncelik kullanın." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Kural Ekle" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Kural Düzenle" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Kural Kaldır" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Kurallar" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "GeçiÅŸ kuralları doÄŸrudan güvenlik duvarına iletilir ve özel zincirlere " "yerleÅŸtirilmez. Tüm iptables, ip6tables ve ebtables seçenekleri " "kullanılabilir." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Güvenlik duvarına zarar vermemek için lütfen geçiÅŸ kurallarına dikkat edin." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "GeçiÅŸ Ekle" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "GeçiÅŸ Düzenle" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "GeçiÅŸ Kaldır" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "GeçiÅŸ" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "Kilitleme özelliÄŸi, firewalld için kullanıcı ve uygulama politikalarının " "hafif bir biçimidir. Güvenlik duvarındaki deÄŸiÅŸiklikleri sınırlar. Kilitleme " "beyaz listesi komutlar, baÄŸlamlar, kullanıcılar ve kullanıcı kimlikleri " "içerebilir." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "BaÄŸlam, çalışan bir uygulamanın veya hizmetin güvenlik (SELinux) baÄŸlamıdır. " "Çalışan bir uygulamanın baÄŸlamını almak için ps -e --context " "komutunu kullanın." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "İçerik Ekle" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "İçerik Düzenle" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "İçerik Kaldır" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "İçerikler" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Beyaz listedeki bir komut girdisi yıldız iÅŸareti '*' ile bitiyorsa, o " "komutla baÅŸlayan tüm komut satırları eÅŸleÅŸecektir. '*' yok ise, argümanlar " "dahil komut tamamen eÅŸleÅŸmelidir." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Komut Satırı Ekle" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Komut Satırı Düzenle" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Komut Satırı Kaldır" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "Komut satırları" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Kullanıcı adları." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Kullanıcı Adı Ekle" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Kullanıcı Adı Düzenle" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Kullanıcı Adı Kaldır" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Kullanıcı isimleri" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Kullanıcı kimlikleri." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Kullanıcı KimliÄŸi Ekle" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Kullanıcı KimliÄŸi Düzenle" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Kullanıcı KimliÄŸi Kaldır" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Kullanıcı Kimlikleri" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Sistemin geçerli öntanımlı bölgesi." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Reddedilen Log Kaydı:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Panik Modu:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Otomatik Yardımcılar:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "Kilitleme:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Öntanımlı Bölge:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Lütfen bir arayüz adı girin:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Temel IPSet Ayarları" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Lütfen temel ipset ayarlarını yapılandırın:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Tür:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Zaman aşımı:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hash boyutu:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maks. eleman:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Saniye cinsinden zaman aşımı deÄŸeri" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "BaÅŸlangıç hash boyutu, öntanımlı olarak 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "Azami eleman sayısı, öntanımlı olarak 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Lütfen bir ipset seçin:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Lütfen bir ipset girdisi girin:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Reddedilen Log Kaydı" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Lütfen reddedilen log kaydı deÄŸerini seçin:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Ä°ÅŸaret" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Lütfen isteÄŸe baÄŸlı bir maske ile bir iÅŸaret girin." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "Ä°ÅŸaret ve maske alanlarının her ikisi de 32 bit geniÅŸliÄŸinde iÅŸaretsiz " "sayılardır." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Ä°ÅŸaret:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "Maske:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "Lütfen bir netfilter conntrack yardımcısı seçin:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Seç -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "DiÄŸer Modüller:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "BaÄŸlantı Noktası ve Protokol" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Lütfen bir baÄŸlantı noktası ve protokol girin." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "DoÄŸrudan Kural" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "Lütfen ipv ve tablo, zincir önceliÄŸi seçin ve argümanları girin." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "Öncelik:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Lütfen bir protokol girin." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "DiÄŸer Protokol:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "GeliÅŸtirilmiÅŸ Kural" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Lütfen bir zengin kural girin." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" "Ana makine veya aÄŸ için, izin veya ret listesine almak elemanı devreden " "çıkarır." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Kaynak:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "Hedef:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Günlük:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Denetim:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 ve ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "ters" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Bunu etkinleÅŸtirmek için, Eylem 'reject' ve Aile 'ipv4' veya 'ipv6' " "olmalıdır (her ikisi birden deÄŸil)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "Tür:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "Limit:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "Ön ek:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Seviye:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Eleman:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "Eylem:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Temel Hizmet Ayarları" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Lütfen temel hizmet ayarlarını yapılandırın:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Lütfen bir hizmet seçin." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Lütfen bir kaynak girin." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Kullanıcı kimliÄŸi" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Lütfen kullanıcı kimliÄŸini girin." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Lütfen kullanıcı adını gir." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "etiket" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Temel Bölge Ayarları" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Lütfen temel bölge ayarlarını yapılandırın:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Öntanımlı Hedef" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "Hedef:" firewalld-1.1.1/po/uk.po0000644000000000000000000022110014217342322015052 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Maxim Dubovoy , 2003 # Yuri Chornoivan , 2010-2014, 2020. # Yuri Chornoivan , 2012, 2020. # Yuri Chornoivan , 2015. #zanata, 2020. # Yuri Chornoivan , 2016. #zanata, 2020. # Yuri Chornoivan , 2017. #zanata, 2020. # Yuri Chornoivan , 2018. #zanata, 2020. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2020-07-01 19:40+0000\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" "X-Generator: Weblate 4.1.1\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "Ðплет брандмауера" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "Мережний екран" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼ÐµÑ€ÐµÐ¶Ð½Ð¾Ð³Ð¾ екрану" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "" "firewall;network;security;iptables;netfilter;брандмауер;файрвол;екран;мережа;" "безпека;захиÑÑ‚;айпітейблÑ;нетфільтр;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "Виберіть зону Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу «%s»" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "Типова зона" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "Виберіть зону Ð´Ð»Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Â«%s»" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "Ðе вдалоÑÑ Ð²Ñтановити зону {zone} Ð´Ð»Ñ Ð·Ê¼Ñ”Ð´Ð½Ð°Ð½Ð½Ñ {connection_name}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "Виберіть зону Ð´Ð»Ñ Ð´Ð¶ÐµÑ€ÐµÐ»Ð° «%s»" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¾Ñ— Ñ– закритої зон" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "Тут ви можете вибрати відкриту Ñ– закриту зони." #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "Ð¦Ñ Ð¼Ð¾Ð¶Ð»Ð¸Ð²Ñ–ÑÑ‚ÑŒ буде кориÑною Ð´Ð»Ñ Ñ‚Ð¸Ñ…, хто переважно викориÑтовує типові зони. " "ДоцільніÑÑ‚ÑŒ Ñ—Ñ— викориÑÑ‚Ð°Ð½Ð½Ñ Ñƒ ÑиÑтемах, де зони змінюютьÑÑ Ð·Ð°Ð»ÐµÐ¶Ð½Ð¾ від " "з’єднань, Ñ” доволі Ñумнівною." #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "Відкрита зона:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "Скинути до типового" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "Закрита зона:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "Про %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "Ðвтори" #: ../src/firewall-applet.in:393 msgid "License" msgstr "Умови ліцензуваннÑ" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "Відкрити" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "Увімкнути ÑповіщеннÑ" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "Змінити параметри брандмауера…" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "Змінити зони з’єднань…" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "Ðалаштувати відкриту Ñ– закриту зони…" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "Заблокувати веÑÑŒ обмін даними мережею" #: ../src/firewall-applet.in:492 msgid "About" msgstr "ВідомоÑÑ‚Ñ–" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "З’єднаннÑ" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "<інтерфейÑ>" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "Джерела" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "Спроба ÑƒÐ¿Ð¾Ð²Ð½Ð¾Ð²Ð°Ð¶ÐµÐ½Ð½Ñ Ð·Ð°Ð·Ð½Ð°Ð»Ð° невдачі." #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "Ðеправильний аргумент %s" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "Ðазва вже Ñ–Ñнує" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (Зона: {zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (Типова зона: {default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "Ðе вдалоÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ ÑпиÑок з’єднань від NetworkManager" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "Ðемає доÑтупних джерел Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð· NetworkManager" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "Ðемає зв’Ñзку з фоновою Ñлужбою брандмауера" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "ВеÑÑŒ обмін даними мережею заблоковано." #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "Типова зона: «%s»" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "Типова зона «{default_zone}» активна Ð´Ð»Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Â«{connection}» на " "інтерфейÑÑ– «{interface}»" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "" "Зона «{zone}» викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Â«{connection}» на інтерфейÑÑ– " "«{interface}»" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "Ðа інтерфейÑÑ– «{interface}» працює зона «{zone}»" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "Зону «{zone}» задіÑно Ð´Ð»Ñ Ð´Ð¶ÐµÑ€ÐµÐ»Ð° {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "Ðемає активних зон." #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "Ð’Ñтановлено зв’Ñзок з FirewallD." #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "Зв’Ñзок з FirewallD втрачено." #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD перезавантажено." #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "Типову зону змінено на «%s»." #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "Обмін даними мережею повніÑÑ‚ÑŽ розблоковано." #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "увімкнено" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "вимкнено" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "Типову зону «{default_zone}» {activated_deactivated} Ð´Ð»Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ " "«{connection}» на інтерфейÑÑ– «{interface}»" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "Зону «{zone}» {activated_deactivated} Ð´Ð»Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Â«{connection}» на " "інтерфейÑÑ– «{interface}»" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "Зону «{zone}» {activated_deactivated} Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу «{interface}»" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "Ð”Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу «%2$s» задіÑно зону «%1$s»" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "Зону «{zone}» {activated_deactivated} Ð´Ð»Ñ Ð´Ð¶ÐµÑ€ÐµÐ»Ð° «{source}»" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "Зону «%s» задіÑно Ð´Ð»Ñ Ð´Ð¶ÐµÑ€ÐµÐ»Ð° «%s»" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "Ð’Ñтановлено Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· firewalld." #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "ÐамагаємоÑÑ Ð²Ñтановити Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ñ–Ð· firewalld, зачекайте…" #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "" "Ðе вдалоÑÑ Ð²Ñтановити зв'Ñзок із firewalld. Будь лаÑка, переконайтеÑÑ, що " "Ñлужбу запущено належним чином, потім повторіть Ñпробу." #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "Зміни заÑтоÑовано." #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "ВикориÑтано мережевим з’єднаннÑм «%s»" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "Типова зона, що викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Â«%s»" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "увімкнено" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "вимкнено" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "Ðе вдалоÑÑ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶Ð¸Ñ‚Ð¸ піктограми." #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "КонтекÑÑ‚" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "Командний Ñ€Ñдок" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "Ð†Ð¼â€™Ñ ÐºÐ¾Ñ€Ð¸Ñтувача" #: ../src/firewall-config.in:244 msgid "User id" msgstr "Ід. кориÑтувача" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "ТаблицÑ" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "Ланцюжок" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "ПріоритетніÑÑ‚ÑŒ" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "Ðргументи" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "ТимчаÑові" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "ОÑтаточні" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "Служба" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "Порт" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "Протокол" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "Ðа порт" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "Ðа адреÑу" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "Прив’Ñзки" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "ЗапиÑ" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Тип ICMP" #: ../src/firewall-config.in:822 msgid "Family" msgstr "СімейÑтво" #: ../src/firewall-config.in:826 msgid "Action" msgstr "ДіÑ" #: ../src/firewall-config.in:828 msgid "Element" msgstr "Елемент" #: ../src/firewall-config.in:830 msgid "Src" msgstr "Дж." #: ../src/firewall-config.in:832 msgid "Dest" msgstr "Призн." #: ../src/firewall-config.in:834 msgid "log" msgstr "журнал" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "Ðудит" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "ІнтерфейÑ" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "Коментар" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "Джерело" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "ПопередженнÑ" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "Помилка" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "прийманнÑ" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "відмова" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "відкиданнÑ" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "позначка" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "обмеженнÑ" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "Ñлужба" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "порт" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "протокол" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "підробка" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-блокуваннÑ" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-тип" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "переÑпрÑÐ¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ€Ñ‚Ñ–Ð²" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "порт джерела" #: ../src/firewall-config.in:2097 msgid "level" msgstr "рівень" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "так" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "Зона" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "Типова зона: %s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "Зона: %s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "Зона «%s»: немає доÑтупу до Ñлужби «%s»." #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "Вилучити зону" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "Ігнорувати" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "Зона «%s»: тип ICMP «%s» недоÑтупний." #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "Вбудована зона, підтримки Ð¿ÐµÑ€ÐµÐ¹Ð¼ÐµÐ½ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ðµ передбачено." #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "Ñекунда" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "хвилина" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "година" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "день" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "надзвичайний Ñтан" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "нагадуваннÑ" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "критичний" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "помилка" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "попередженнÑ" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "зауваженнÑ" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "інформаціÑ" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "діагноÑтика" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "ПереÑпрÑÐ¼Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð¾ іншої ÑиÑтеми працюватиме, лише Ñкщо Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ " "замаÑковано.\n" "Хочете увімкнути маÑÐºÑƒÐ²Ð°Ð½Ð½Ñ Ñ†Ñ–Ñ”Ñ— зони?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "Вбудована Ñлужба, підтримки Ð¿ÐµÑ€ÐµÐ¹Ð¼ÐµÐ½ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ðµ передбачено." #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "Будь лаÑка, введіть адреÑу IPv4 у форматі «адреÑа[/маÑка]»." #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "МаÑку можна вказати у форматі маÑки мережі або чиÑла." #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "Будь лаÑка, введіть адреÑу IPv6 у форматі «адреÑа[/маÑка]»." #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "МаÑку Ñлід вказати у форматі чиÑла." #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "Будь лаÑка, введіть адреÑу IPv4 або IPv6 у форматі «адреÑа[/маÑка]»." #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "Ð”Ð»Ñ IPv4 маÑку можна вказати у форматі маÑки мережі або чиÑла.\n" "Ð”Ð»Ñ IPv6 маÑку Ñлід вказати у форматі чиÑла." #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "Вбудований ipset, підтримки Ð¿ÐµÑ€ÐµÐ¹Ð¼ÐµÐ½ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ðµ передбачено." #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "Будь лаÑка, виберіть файл" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "текÑтові файли" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "уÑÑ– файли" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "УÑе" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "" "Вбудований допоміжний заÑіб, підтримки Ð¿ÐµÑ€ÐµÐ¹Ð¼ÐµÐ½Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ðµ передбачено." #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "Вбудований ICMP, підтримки Ð¿ÐµÑ€ÐµÐ¹Ð¼ÐµÐ½ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ðµ передбачено." #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "Ðе вдалоÑÑ Ð¿Ñ€Ð¾Ñ‡Ð¸Ñ‚Ð°Ñ‚Ð¸ файл «%s»: %s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "Виберіть зону Ð´Ð»Ñ Ð´Ð¶ÐµÑ€ÐµÐ»Ð° %s" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ÐдреÑа" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "Ðвтоматичні допоміжні заÑоби" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "Будь лаÑка, вибреіть Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¸Ñ… допоміжних заÑобів:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "Будь лаÑка, вкажіть Ñ€Ñдок команди." #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "Будь лаÑка, вкажіть контекÑÑ‚." #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "Будь лаÑка, виберіть типову зону ÑиÑтеми з наведеного нижче ÑпиÑку." #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "БезпоÑередній ланцюжок" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "" "Будь лаÑка виберіть верÑÑ–ÑŽ протоколу IP та таблицю та введіть назву ланцюжка." #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "Ланцюжок:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "без захиÑту" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "з захиÑтом" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "ТаблицÑ:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "БезпоÑереднє правило транÑлÑції" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "Будь лаÑка виберіть верÑÑ–ÑŽ протоколу IP та введіть аргументи." #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "Ðргументи:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "ÐŸÐµÑ€ÐµÐ½Ð°Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð¾Ñ€Ñ‚Ñ–Ð²" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "Виберіть параметри джерела та цілі." #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "Порт / діапазон портів:" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "ÐдреÑа IP:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "Протокол:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "ПризначеннÑ" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "Якщо ви увімкнете перенаправленнÑ, треба вказати порт. Цей порт має " "відрізнÑтиÑÑ Ð²Ñ–Ð´ порту джерела." #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "Локальне перенаправленнÑ" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "Ðаправити іншому порту" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "Параметри базового допоміжного заÑобу" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "Будь лаÑка, налаштуйте параметри базового допоміжного заÑобу:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "" "Пункти, позначені жирним, Ñлід визначити обов’Ñзково. Ð’Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ–Ð½ÑˆÐ¸Ñ… " "пунктів Ñ” необов’Ñзковим." #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "Ðазва:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "ВерÑÑ–Ñ:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "СкороченнÑ:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "ОпиÑ:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "СімейÑтво:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "Модуль:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "Допоміжний заÑіб" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "Будь лаÑка, виберіть допоміжний заÑіб:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "Параметри оÑновного типу ICMP" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "Будь лаÑка, налаштуйте параметри оÑновного типу ICMP:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "Тип ICMP" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "Будь лаÑка, виберіть тип ICMP" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "Додати запиÑ" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "Додати запиÑи з файла" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "Вилучити позначений запиÑ" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "Вилучити уÑÑ– запиÑи" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "Вилучити запиÑи з файла" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "_Файл" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "_Параметри" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "Перезавантажити Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "Перезавантажити правила брандмауера. Поточні збережені Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñтануть " "новими робочими налаштуваннÑми, тобто уÑÑ– зміни у робочому проÑторі, внеÑені " "до Ð¿ÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð», буде втрачено, Ñкщо Ñ—Ñ… не було у збережених " "налаштуваннÑÑ…." #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "Змінити зону, до Ñкої належить Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· мережею." #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "Змінити типову зону" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "Змінити типову зону Ð´Ð»Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½ÑŒ або інтерфейÑів." #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "Змінити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð°Ð±Ð¾Ñ€Ð¾Ð½Ð¸ журналюваннÑ" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "Змінити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ LogDenied." #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¾Ð³Ð¾ Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð¾Ð¿Ð¾Ð¼Ñ–Ð¶Ð½Ð¸Ñ… заÑобів" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° автоматичного Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð¾Ð¿Ð¾Ð¼Ñ–Ð¶Ð½Ð¸Ñ… заÑобів." #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "" "Режим Ñупербезпеки означає, що уÑÑ–Ñ… вхідні та вихідні пакети відкидатимутьÑÑ." #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "Режим Ñупербезпеки" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "У режимі Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð±ÑƒÐ´Ðµ заблоковано Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð±Ñ€Ð°Ð½Ð´Ð¼Ð°ÑƒÐµÑ€Ð° так, щоб лише " "програми з «білого» ÑпиÑку Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ð¾Ð³Ð»Ð¸ вноÑити до них зміни." #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "БлокуваннÑ" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "Зробити тимчаÑові Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñтійними" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "ТимчаÑові на поÑтійні" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "П_ереглÑд" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSet" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "Типи ICMP" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "Допоміжні заÑоби" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "БезпоÑереднє налаштовуваннÑ" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "«Білий» ÑпиÑок блокуваннÑ" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "Ðктивні прив’Ñзки" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "_Довідка" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "Змінити зону" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "Змінити зону прив’Ñзки" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Приховати активні динамічні прив’Ñзки з’єднань, інтерфейÑів або джерел до зон" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "" "Показати активні динамічні прив’Ñзки з’єднань, інтерфейÑів або джерел до зон" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "ÐалаштуваннÑ:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "Поточні видимі налаштуваннÑ. ТимчаÑові Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ â€” це поточні активні " "налаштуваннÑ. Сталі Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð±ÑƒÐ´Ðµ викориÑтано піÑÐ»Ñ Ð¿ÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ " "Ñлужби або ÑиÑтеми." #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "Зона firewalld визначає рівень довіри до з’єднань у мережі, інтерфейÑів та " "Ð°Ð´Ñ€ÐµÑ Ð´Ð¶ÐµÑ€ÐµÐ», пов’Ñзаних із зоною. У запиÑÑ– зони поєднуютьÑÑ Ð´Ð°Ð½Ñ– щодо " "Ñлужб, портів, протоколів, підробки адреÑ, переÑпрÑÐ¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ€Ñ‚Ñ–Ð² та " "пакетів, фільтрів icmp та розширених правил. Зону можна пов’Ñзати з " "інтерфейÑами або адреÑами джерел." #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "Додати зону" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "Змінити зону" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "Вилучити зону" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "Завантажити типові параметри зони" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "Тут можна визначити, Ñкі Ñлужби Ñ” довіреними у зоні. Довірені Ñлужби будуть " "доÑтупними з уÑÑ–Ñ… вузлів чи мереж, Ñкі мають доÑтуп до комп’ютера за " "допомогою з’єднань, інтерфейÑів та прив’Ñзок джерел до цієї зони." #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "Служби" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "" "Додати додаткові порти або діапазон портів, Ñкі мають бути доÑтупні Ð´Ð»Ñ Ð²ÑÑ–Ñ… " "вузлів чи мереж, з Ñкими може з’єднуватиÑÑ ÐºÐ¾Ð¼Ð¿â€™ÑŽÑ‚ÐµÑ€." #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "Ðа порт" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "Змінити зону" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "Вилучити зону" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "Порти" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "" "Додати протоколи, доÑтуп до Ñких має бути забезпечено Ð´Ð»Ñ ÑƒÑÑ–Ñ… вузлів або " "мереж." #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "Додати протокол" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "Змінити протокол" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "Вилучити протокол" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "Протоколи" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "Додати додаткові порти або діапазони портів джерела, доÑтуп до Ñких має бути " "забезпечено Ð´Ð»Ñ ÑƒÑÑ–Ñ… вузлів або мереж, Ñкі вÑтановлюють Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· " "комп’ютером." #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "Порти походженнÑ" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "МаÑкарад кориÑний Ð´Ð»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð²ÑƒÐ·Ð»Ð° чи маршрутизатора, що з'єднує " "локальну мережу з Інтернет. Локальна мережа не буде видимою, у Інтернет буде " "видимий лише один вузол. МаÑкарад заÑтоÑовуєтьÑÑ Ð»Ð¸ÑˆÐµ до IPv4." #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "ЗамаÑкувати зону" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "" "Якщо ви увімкнете маÑкарад, буде увімкнено переÑпрÑÐ¼Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ IP Ð´Ð»Ñ Ð²Ð°ÑˆÐ¸Ñ… " "мереж IPv4." #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "МаÑкарад" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "Додайте запиÑи Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ½Ð°Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð¾Ñ€Ñ‚Ñ–Ð² або з одного порту другому в " "локальній ÑиÑтемі, або з локальної ÑиÑтеми іншій ÑиÑтемі. ÐŸÐµÑ€ÐµÐ½Ð°Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð½Ñ " "іншій ÑиÑтемі має ÑÐµÐ½Ñ Ð¿Ñ€Ð¸ маÑкараді інтерфейÑу. ÐŸÐµÑ€ÐµÐ½Ð°Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð¾Ñ€Ñ‚Ñ–Ð² " "викориÑтовуєтьÑÑ Ð»Ð¸ÑˆÐµ Ð´Ð»Ñ IPv4." #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "Додати порт переÑпрÑмовуваннÑ" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "Змінити порт переÑпрÑмовуваннÑ" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "Вилучити порт переÑпрÑмовуваннÑ" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "Протокол ICMP (Internet Control Message Protocol) зазвичай викориÑтовуєтьÑÑ " "Ð´Ð»Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ повідомленнÑми про помилки між комп'ютерами у мережі, але також " "можна надÑилати інформаційні повідомленнÑ, такі Ñк запити та відповіді ping." #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "Позначте у ÑпиÑку типи ICMP, Ñким Ñлід відмовити у проходженні через " "мережний екран. Типово обмежень немає." #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "Якщо увімкнено Ñ–Ð½Ð²ÐµÑ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ„Ñ–Ð»ÑŒÑ‚Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ, позначені запиÑи ICMP " "вважатимутьÑÑ Ð¿Ñ€Ð¸Ð¹Ð½Ñтними, а інші відхилÑтимутьÑÑ. У зоні із ціллю DROP, " "такі запити проÑто відкидатимутьÑÑ." #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "Інвертувати фільтруваннÑ" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "Фільтр ICMP" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "Тут ви можете вÑтановити розширені правила мови Ð´Ð»Ñ Ð·Ð¾Ð½Ð¸." #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "Додати розширене правило" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "Змінити розширене правило" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "Вилучити розширене правило" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "Розширені правила" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "Додайте запиÑи Ð´Ð»Ñ Ð¿Ð¾Ð²â€™ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ Ñ–Ð· зоною інтерфейÑів. Якщо у з’єднанні буде " "викориÑтано вказаний інтерфейÑ, зону буде вÑтановлено відповідно до зони, " "вказаної у запиÑÑ– з’єднаннÑ." #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "Додати інтерфейÑ" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "Змінити інтерфейÑ" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "Вилучити інтерфейÑ" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "Додати запиÑи Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð²â€™ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ Ð°Ð´Ñ€ÐµÑ Ð´Ð¶ÐµÑ€ÐµÐ»Ð° або облаÑтей до зони. Можна " "також виконати прив’ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð¾ MAC-адреÑи джерела, але із обмеженнÑми. Ð”Ð»Ñ " "прив’Ñзок MAC-джерел не працюватимуть переÑпрÑÐ¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ€Ñ‚Ñ–Ð² та маÑкарад." #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "Додати джерело" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "Змінити джерело" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "Вилучити джерело" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "Зони" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "" "У запиÑÑ– Ñлужби firewalld поєднуютьÑÑ Ð´Ð°Ð½Ñ– щодо портів, протоколів, модулів " "та Ð°Ð´Ñ€ÐµÑ Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ." #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "Додати Ñлужбу" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "Змінити Ñлужбу" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "Вилучити Ñлужбу" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "Завантажити типові параметри Ñлужби" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "" "Додати додаткові порти або діапазон портів, Ñкі мають бути доÑтупні Ð´Ð»Ñ Ð²ÑÑ–Ñ… " "вузлів чи мереж." #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "Змінити запиÑ" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "ВИдалити запиÑ" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "" "Додати додаткові порти або діапазони портів джерела, доÑтуп до Ñких має бути " "забезпечено Ð´Ð»Ñ ÑƒÑÑ–Ñ… вузлів або мереж." #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "Порт джерела" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "Модулі допоміжних заÑобів Ñ„Ñ–Ð»ÑŒÑ‚Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼ÐµÑ€ÐµÐ¶Ñ– потребують певних Ñлужб." #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "Модулі" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "Якщо вами вказано адреÑу призначеннÑ, Ð·Ð°Ð¿Ð¸Ñ Ñлужби діÑтиме лише Ð´Ð»Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾Ñ— " "адреÑи Ñ– типу призначеннÑ. Якщо не буде вказано ні адреÑи, ні типу, Ð·Ð°Ð¿Ð¸Ñ " "Ñлужби діÑтиме Ð´Ð»Ñ Ð²ÑÑ–Ñ… Ð°Ð´Ñ€ÐµÑ Ñ– типів." #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "" "ЗапиÑи Ñлужб можна змінювати лише у оÑтаточних налаштуваннÑÑ…. Динамічні " "Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñлужб змінювати не можна." #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet може бути викориÑтано Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Â«Ð±Ñ–Ð»Ð¸Ñ…Â» або «чорних» ÑпиÑків, у " "ньому можуть зберігатиÑÑ, наприклад, IP-адреÑи, номери портів або MAC-" "адреÑи. " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "Додати IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "Змінити IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "Вилучити IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "Завантажити типові параметри IPSet" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "ЗапиÑи IPSet. Видимими будуть лише запиÑи, у Ñких не викориÑтовуєтьÑÑ " "параметр чаÑу очікуваннÑ, а також лише запиÑи, Ñкі було додано firewalld. " "ЗапиÑи, Ñкі було додано безпоÑередньо командою ipset, у цьому ÑпиÑку " "показано не буде." #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "У цьому IPSet викориÑтано параметр чаÑу очікуваннÑ, тому запиÑи тут не " "показуютьÑÑ. Про Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ ÑпиÑку запиÑів має безпоÑередньо подбати команда " "ipset." #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "Додати" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "ЗапиÑи" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "" "IPSet можна Ñтворювати або вилучати лише за допомогою панелі поÑтійних " "налаштувань." #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "Тип ICMP firewalld міÑтить дані щодо типу Internet Control Message Protocol " "(ICMP) Ð´Ð»Ñ firewalld." #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "Додати тип ICMP" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "Змінити тип ICMP" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "Вилучити тип ICMP" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "Завантажити типові параметри типу ICMP" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "Вкажіть, чи цей тип ICMP доÑтупний Ð´Ð»Ñ IPv4 Ñ–/або IPv6." #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "Ð—Ð°Ð¿Ð¸Ñ Ñ‚Ð¸Ð¿Ñ–Ð² ICMP можна змінювати лише у оÑтаточних налаштуваннÑÑ…. Динамічні " "Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð¸Ð¿Ñ–Ð² ICMP змінювати не можна." #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "Допоміжний заÑіб ÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð·Ð° з’єднаннÑм призначено Ð´Ð»Ñ Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ " "працездатноÑÑ‚Ñ– протоколів, у Ñких викориÑтовуютьÑÑ Ñ€Ñ–Ð·Ð½Ñ– потоки Ð´Ð»Ñ " "Ð¿ÐµÑ€ÐµÐ´Ð°Ð²Ð°Ð½Ð½Ñ Ñигналів та даних. Ð”Ð»Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ð²Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… викориÑтовуютьÑÑ Ð¿Ð¾Ñ€Ñ‚Ð¸, " "Ñкі не пов’Ñзано із з’єднаннÑм Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ð²Ð°Ð½Ð½Ñ Ñигналів, тому без " "допоміжного заÑобу Ð¿ÐµÑ€ÐµÐ´Ð°Ð²Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… такими портами блокуватиметьÑÑ " "брандмауером." #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "" "Ð’Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð¾Ñ€Ñ‚Ñ–Ð² або діапазонів портів, за Ñкими Ñтежитиме допоміжний заÑіб." #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "БезпоÑереднє Ð½Ð°Ð»Ð°ÑˆÑ‚Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð´Ð°Ñ” ширший доÑтуп до брандмауера. Ð”Ð»Ñ " "ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð°Ð¼Ð¸ Ð½Ð°Ð»Ð°ÑˆÑ‚Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ¾Ñ€Ð¸Ñтувач має бути ознайомлений з " "базовими елементами роботи iptables, зокрема таблицÑми, ланцюжками, " "командами, параметрами та призначеннÑми фільтрів. БезпоÑереднім " "налаштовуваннÑм Ñлід кориÑтуватиÑÑ Ð»Ð¸ÑˆÐµ, Ñкщо бажаного не можна доÑÑгти за " "допомогою інших можливоÑтей firewalld." #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "Ðргументом верÑÑ–Ñ— протоколу IP (ipv) Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ параметра має бути ipv4, " "ipv6 або eb. Ðргументу ipv4 відповідає iptables, аргументу ipv6 — ip6tables, " "а аргументу eb — міÑтки ethernet (ebtables)." #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "Додаткові ланцюжки, Ñкі Ñлід викориÑтати з правилами." #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "Додати ланцюжок" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "Змінити ланцюжок" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "Вилучити ланцюжок" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "Ланцюжки" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "" "Додати правило з аргументами до ланцюжка у таблицю з рівнем пріоритетноÑÑ‚Ñ–." #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "ПріоритетніÑÑ‚ÑŒ викориÑтовуєтьÑÑ Ð´Ð»Ñ ÑƒÐ¿Ð¾Ñ€ÑÐ´ÐºÐ¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð». Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ " "пріоритетноÑÑ‚Ñ– 0 відповідає додаванню правила на початок ланцюжка, правила з " "більшими значеннÑми пріоритетноÑÑ‚Ñ– розташовуютьÑÑ Ð´Ð°Ð»Ñ– за ланцюжком. Правила " "з одним рівнем пріоритетноÑÑ‚Ñ– перебувають на одному рівні, порÑдок таких " "правил не Ñ” фікÑованим Ñ– може змінюватиÑÑ. Якщо ви хочете забезпечити певну " "поÑлідовніÑÑ‚ÑŒ правил, ÑкориÑтайтеÑÑ Ð¼ÐµÐ½ÑˆÐ¸Ð¼ значеннÑм пріоритетноÑÑ‚Ñ– Ð´Ð»Ñ " "першого з правил Ñ– більшим Ð´Ð»Ñ Ð´Ñ€ÑƒÐ³Ð¾Ð³Ð¾." #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "Додати правило" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "Змінити правило" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "Вилучити правило" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "Правила" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "ТранÑлÑційні правила буде безпоÑередньо передано брандмауеру без " "Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÐ¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ñƒ Ñпеціальних ланцюжках. Можна викориÑтовувати уÑÑ– параметри " "iptables, ip6tables та ebtables." #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "" "Будь лаÑка, будьте обережні з правилами транÑлÑції, щоб не зашкодити роботі " "брандмауера." #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "Додати транÑлÑцію" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "Змінити транÑлÑцію" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "Вилучити транÑлÑцію" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "ТранÑлÑціÑ" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "МожливіÑÑ‚ÑŒ з Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ñ” Ñпрощеною верÑією правил firewalld Ð´Ð»Ñ " "кориÑтувачів Ñ– програм. Вона обмежує зміни, Ñкі можна вноÑити до параметрів " "роботи брандмауера. «Білий» ÑпиÑок Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ð¾Ð¶Ðµ міÑтити команди, " "контекÑти, імена та ідентифікатори кориÑтувачів." #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "КонтекÑÑ‚ — контекÑÑ‚ безпеки (SELinux) запущеної програми або Ñлужби. Ð”Ð»Ñ " "Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… щодо контекÑту запущеної програми ÑкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ " "ps -e --context." #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "Додати контекÑÑ‚" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "Змінити контекÑÑ‚" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "Вилучити контекÑÑ‚" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "КонтекÑти" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "Якщо Ð·Ð°Ð¿Ð¸Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸ у «білому» ÑпиÑку завершуєтьÑÑ Ð·Ñ–Ñ€Ð¾Ñ‡ÐºÐ¾ÑŽ, «*», його буде " "викориÑтано Ð´Ð»Ñ Ð¾Ð±Ñ€Ð¾Ð±ÐºÐ¸ уÑÑ–Ñ… Ñ€Ñдків команд, що починаютьÑÑ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¸Ð¼ " "чином. Якщо у запиÑÑ– немає «*», обробка виконуватиметьÑÑ Ð»Ð¸ÑˆÐµ Ð´Ð»Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾ " "разом з аргументами команди." #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "Додати Ñ€Ñдок команди" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "Змінити Ñ€Ñдок команди" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "Вилучити Ñ€Ñдок команди" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "РÑдки команд" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "Імена кориÑтувачів." #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "Додати Ñ–Ð¼â€™Ñ ÐºÐ¾Ñ€Ð¸Ñтувача" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "Змінити Ñ–Ð¼â€™Ñ ÐºÐ¾Ñ€Ð¸Ñтувача" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "Вилучити Ñ–Ð¼â€™Ñ ÐºÐ¾Ñ€Ð¸Ñтувача" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "Імена кориÑтувачів" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "Ід. кориÑтувачів." #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "Додати ідентифікатор кориÑтувача" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "Змінити ідентифікатор кориÑтувача" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "Вилучити ідентифікатор кориÑтувача" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "Ід. кориÑтувачів" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "Поточна типова зона ÑиÑтеми." #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "Заборона журналюваннÑ:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "Режим Ñупербезпеки:" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "Ðвтоматичні допоміжні заÑоби:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "БлокуваннÑ:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "Типова зона:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "Будь лаÑка, вкажіть назву інтерфейÑу:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "Параметри оÑновного IPSet" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "Будь лаÑка, вкажіть параметри оÑновного ipset:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "Тип:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "Ð§Ð°Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Розмір хешу:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "МакÑ. ел.:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "Ð§Ð°Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ñƒ Ñекундах" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "Початковий розмір хешу, типово 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "МакÑимальна кількіÑÑ‚ÑŒ елементів, типово 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "Будь лаÑка, виберіть ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "Будь лаÑка, вкажіть Ð·Ð°Ð¿Ð¸Ñ ipset:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "Ð–ÑƒÑ€Ð½Ð°Ð»ÑŽÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð±Ð¾Ñ€Ð¾Ð½ÐµÐ½Ð¾" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "Будь лаÑка, виберіть Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð°Ð±Ð¾Ñ€Ð¾Ð½Ð¸ журналюваннÑ:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "Позначка" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "Будь лаÑка, вкажіть позначку із додатковою маÑкою." #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "" "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð¾Ð»Ñ–Ð² позначки Ñ– маÑки мають бути 32-бітовими широкими цілими " "чиÑлами без знаку." #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "Позначка:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "МаÑка:" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "" "Будь лаÑка, виберіть допоміжний заÑіб ÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð·Ð° з’єднаннÑм фільтра мережі:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- Вибір -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "Інший модуль:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "Порт та протокол" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "Будь лаÑка, вкажіть порт Ñ– протокол." #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "БезпоÑереднє правило" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "" "Будь лаÑка виберіть верÑÑ–ÑŽ протоколу IP та таблицю, пріоритетніÑÑ‚ÑŒ ланцюжка " "та введіть аргументи." #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "ПріоритетніÑÑ‚ÑŒ:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "Будь лаÑка, вкажіть протокол." #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "Інший протокол:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "Розширене правило" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "Будь лаÑка, вкажіть розширене правило." #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "" "Ð”Ð»Ñ Ð²ÑƒÐ·Ð»Ð° або мережі Ð´Ð¾Ð´Ð°Ð²Ð°Ð½Ð½Ñ Ð´Ð¾ ÑпиÑку дозволу або заборони виключає " "елемент з правила." #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "Джерело:" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "ПризначеннÑ:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "Журнал:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "Ðудит:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 та ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "інвертуваннÑ" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "Щоб можна було ÑкориÑтатиÑÑ Ñ†Ð¸Ð¼, Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Â«Ð”Ñ–Ñ» має бути «відмова», а " "«СімейÑтвом» має бути «ipv4» або «ipv6» (не обидва)." #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "з типом:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "З обмеженнÑм:" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "ПрефікÑ:" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "Рівень:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "Елемент:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "ДіÑ:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "Параметри оÑновної Ñлужби" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "Будь лаÑка, налаштуйте параметри оÑновної Ñлужби:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "Будь лаÑка, виберіть Ñлужбу." #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "Будь лаÑка, вкажіть джерело." #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "Ід. кориÑтувача" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "Будь лаÑка, вкажіть ідентифікатор кориÑтувача." #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "Будь лаÑка, вкажіть Ñ–Ð¼â€™Ñ ÐºÐ¾Ñ€Ð¸Ñтувача." #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "мітка" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "Параметри оÑновної зони" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "Будь лаÑка, налаштуйте параметри оÑновної зони:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "Типове призначеннÑ" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "ПризначеннÑ:" firewalld-1.1.1/po/zh_CN.po0000644000000000000000000016055014217342322015447 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Translators: # Alick Zhao , 2013 # Christopher Meng , 2012-2013 # Leah Liu , 2007-2010 # Leah Liu , 2005-2006 # Sarah Wang , 2003-2005 # Tommy He , 2012-2013 # Wei Liu , 2014 # Zamir SUN , 2013-2014 # Zamir SUN , 2013 # Zamir SUN , 2015. #zanata # Leah Liu , 2016. #zanata # Zamir SUN , 2016. #zanata # xhuang , 2016. #zanata # Zamir SUN , 2017. #zanata # Eric Garver , 2018. #zanata # Qiyu Yan , 2018. #zanata # Pany , 2019. #zanata # Pany , 2020. # Charles Lee , 2020. # Tianhao Chai , 2021. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2021-03-27 23:01+0000\n" "Last-Translator: Tianhao Chai \n" "Language-Team: Chinese (Simplified) \n" "Language: zh_CN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Weblate 4.5.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "防ç«å¢™å°ç¨‹åº" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "防ç«å¢™" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "防ç«å¢™é…ç½®" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "防ç«å¢™;网络;安全;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "ä¸ºç½‘å¡ '%s' 选择区域" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "默认区域" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "为连接 '%s' 选择区域" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "设置 {connection_name} 的区域 {zone} 失败" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "为æ¥æº '%s' 选择区域" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "é…置开å¯/关闭ä¿æŠ¤çš„区域" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "在这里您å¯ä»¥é€‰æ‹©ç”¨äºŽå¼€å¯ä¿æŠ¤å’Œå…³é—­ä¿æŠ¤çš„区域。" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "这项功能对于在ç»å¤§å¤šæ•°æ—¶é—´é‡Œä½¿ç”¨é»˜è®¤åŒºåŸŸçš„人有用。对于ç»å¸¸æ”¹å˜è¿žæŽ¥åŒºåŸŸçš„用户" "æ¥è¯´ï¼Œç”¨å¤„有é™ã€‚" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "å¼€å¯ä¿æŠ¤çš„区域:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "é‡è®¾ä¸ºé»˜è®¤è®¾ç½®" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "关闭ä¿æŠ¤çš„区域:" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "关于 %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "作者" #: ../src/firewall-applet.in:393 msgid "License" msgstr "许å¯è¯" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "å¼€å¯ä¿æŠ¤" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "å¯ç”¨é€šçŸ¥" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "编辑防ç«å¢™è®¾ç½®â€¦â€¦" #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "更改连接区域……" #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "é…置开å¯/关闭ä¿æŠ¤çš„区域……" #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "拦截所有网络传输" #: ../src/firewall-applet.in:492 msgid "About" msgstr "关于" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "连接" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "网å¡" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "æ¥æº" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "认è¯å¤±è´¥ã€‚" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "无效的å称" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "å称已存在" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (区域:{zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (默认区域:{default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "从 NetworkManager 获å–连接失败" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "没有å¯ç”¨çš„ NetworkManager 导入" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "未连接至防ç«å¢™å®ˆæŠ¤è¿›ç¨‹" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "拦截所有网络传输。" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "默认区域: '%s'" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "ç½‘å¡ '{interface}' 上的连接 '{connection}' 正在使用默认区域 '{default_zone}'" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "ç½‘å¡ '{interface}' 上的连接 '{connection}' 正在使用区域 '{zone}'" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "åœ¨ç½‘å¡ '{interface}' å¯ç”¨åŒºåŸŸ '{zone}'" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "在æ¥æº {source} å¯ç”¨åŒºåŸŸ '{zone}'" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "没有å¯ç”¨åŒºåŸŸã€‚" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "已建立与 FirewallD 的连接。" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "已失去与 FirewallD 的连接。" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD å·²é‡æ–°åŠ è½½ã€‚" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "默认区域已改为 '%s'。" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "ä¸å†æ‹¦æˆªç½‘络传输。" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "å·²å¯ç”¨" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "å·²ç¦ç”¨" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "ç½‘å¡ '{interface}' 上连接 '{connection}' 的默认区 " "'{default_zone}' {activated_deactivated}" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "åœ¨ç½‘å¡ '{interface}' {activated_deactivated} 连接 '{connection}' 的区域 " "'{zone}'" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "åœ¨ç½‘å¡ '{interface}' {activated_deactivated} 区域 '{zone}'" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "åœ¨ç½‘å¡ '%s' å¯ç”¨åŒºåŸŸ '%s'" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "在æ¥æº '{source}' {activated_deactivated} 区域 '{zone}'" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "在æ¥æº '%s' å·²å¯ç”¨åŒºåŸŸ '%s'" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "已建立至 firewalld 的连接。" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "试图连接至 firewalld,等待中..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "连接 firewalld 失败。请确ä¿è¯¥æœåŠ¡å·²æ­£å¸¸å¯åŠ¨ï¼Œç„¶åŽé‡è¯•ã€‚" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "å˜æ›´å·²ç”Ÿæ•ˆã€‚" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "被网络连接 '%s' 使用" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "网络连接 '%s' 使用的默认区" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "å¯ç”¨" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "ç¦ç”¨" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "载入图标失败。" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "上下文" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "命令行" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "用户å" #: ../src/firewall-config.in:244 msgid "User id" msgstr "用户 ID" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "表" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "链" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "优先级" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "å‚æ•°" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "è¿è¡Œæ—¶" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "永久" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "æœåŠ¡" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "端å£" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "åè®®" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "目的端å£" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "目的地å€" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "绑定" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "æ¡ç›®" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "ICMP 类型" #: ../src/firewall-config.in:822 msgid "Family" msgstr "家æ—" #: ../src/firewall-config.in:826 msgid "Action" msgstr "æ“作" #: ../src/firewall-config.in:828 msgid "Element" msgstr "元素" #: ../src/firewall-config.in:830 msgid "Src" msgstr "æ¥æº" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "目的" #: ../src/firewall-config.in:834 msgid "log" msgstr "日志" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "审计" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "网å¡" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "注释" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "æ¥æº" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "警告" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "错误" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "接å—" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "æ‹’ç»" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "丢弃" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "标记" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "é™åˆ¶" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "æœåŠ¡" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "端å£" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "åè®®" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "伪装" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "ICMP 拦截" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "ICMP 类型" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "转å‘端å£" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "等级" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "是" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "区域" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "默认区:%s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "区:%s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "区域 '%s': æœåŠ¡ '%s' ä¸å¯ç”¨ã€‚" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "移除" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "忽略" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "区域 '%s': ICMP 类型 '%s' ä¸å¯ç”¨ã€‚" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "内建区域ä¸æ”¯æŒé‡å‘½å。" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "秒" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "分" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "å°æ—¶" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "天" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "紧急" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "警告" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "严é‡" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "错误" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "警告" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "æ醒" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "ä¿¡æ¯" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "除错" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "转å‘至其他系统仅在网å¡ä¼ªè£…æ—¶æ‰æœ‰ç”¨ã€‚\n" "您想è¦ä¼ªè£…该区域å—?" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "内置æœåŠ¡ä¸æ”¯æŒé‡å‘½å。" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "请输入 ipv4 地å€ï¼Œæ ¼å¼ä¸º address[/mask]。" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "该掩ç å¿…须为网络掩ç æˆ–一个数字。" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "请输入 ipv6 地å€ï¼Œæ ¼å¼ä¸º address[/mask]。" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "该掩ç ä¸ºä¸€ä¸ªæ•°å­—。" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "请输入 ipv4 或者 ipv6 地å€ï¼Œæ ¼å¼ä¸º address[/mask]。" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "对于 ipv4 地å€ï¼Œè¯¥æŽ©ç å¿…须为网络掩ç æˆ–一个数字。\n" "对于 ipv6 地å€ï¼Œåˆ™è¯¥æŽ©ç ä¸ºä¸€ä¸ªæ•°å­—。" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "内置 ipset ä¸æ”¯æŒé‡å‘½å。" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "请选择一个文件" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "文本文件" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "所有文件" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "全部" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "内置帮助程åºä¸æ”¯æŒé‡å‘½å。" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "内置 ICMP ä¸æ”¯æŒé‡å‘½å。" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "读å–文件 %s 失败:%s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "选择æ¥æº %s 的区域" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "地å€" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "自动帮助程åº" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "请选择自动帮助程åºçš„值:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "请输入命令行。" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "请输入上下文。" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "请从下é¢åˆ—表选择默认区域。" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "直接链" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "请选择 IPV åŠè¡¨å¹¶è¾“入链å。" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "链:" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "原始" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "安全性" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "表:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "直接穿通规则" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "请选择 IPV 并输入å‚数。" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "å‚数:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "端å£è½¬å‘" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "请根æ®æ‚¨çš„需è¦é€‰æ‹©æ¥æºå’Œç›®çš„选项。" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "端å£æˆ–端å£èŒƒå›´ï¼š" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP 地å€:" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "å议:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "目标地å€" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "如果您å…许本地转å‘,您必须指定一个端å£ã€‚ 这个端å£ä¸èƒ½å’Œæºç«¯å£ç›¸åŒã€‚" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "本地转å‘" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "转å‘到å¦ä¸€ç«¯å£" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "基础帮助程åºè®¾ç½®" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "请é…置基础帮助程åºè®¾ç½®ï¼š" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "粗体项目为必需,其余为å¯é€‰ã€‚" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "å称:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "版本:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "简称:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "æè¿°:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "地å€ç±»åž‹ï¼š" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "模å—:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "帮助程åº" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "请选择帮助程åºï¼š" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "基本 ICMP 类型设定" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "请é…置基本 ICMP 类型设定:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP 类型" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "请选择 ICMP 类型" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "添加æ¡ç›®" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "以文件添加æ¡ç›®" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "移除所选æ¡ç›®" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "移除全部项" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "从文件中移除æ¡ç›®" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "文件(_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "选项(_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "é‡è½½é˜²ç«å¢™" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "é‡è½½é˜²ç«å¢™è§„则。è¿è¡Œæ—¶é…置将从永久é…ç½®é‡æ–°åŠ è½½ã€‚所有仅在è¿è¡Œæ—¶é…置但未写入永" "ä¹…é…置的å˜æ›´å°†åœ¨é‡è½½åŽä¸¢å¤±ã€‚" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "更改网络连接所属的区域。" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "改å˜é»˜è®¤åŒºåŸŸ" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "更改连接或网å¡çš„默认区域。" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "修改 LogDenied" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "修改 LogDenied 值。" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "é…置自动帮助程åºæŒ‡æ´¾" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "é…置自动帮助程åºæŒ‡æ´¾è®¾ç½®ã€‚" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "应急模å¼æ„味ç€å°†ä¸¢å¼ƒæ‰€æœ‰ä¼ å…¥å’Œä¼ å‡ºçš„包。" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "应急模å¼" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "é”定å¯ä»¥å¯¹é˜²ç«å¢™é…置进行加é”,åªå…许é”定白åå•ä¸Šçš„应用程åºè¿›è¡Œæ”¹åŠ¨ã€‚" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "é”定" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "å°†è¿è¡Œæ—¶é…置记录到永久é…ç½®" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "å°†è¿è¡Œæ—¶é…置设定为永久é…ç½®" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "查看 (_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSets" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP 类型" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "帮助程åº" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "直接é…ç½®" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "é”定白åå•" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "活动的绑定" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "帮助(_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "更改区域" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "修改绑定的区" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "对区域éšè—连接ã€ç½‘å¡å’ŒæºæœåŠ¡å™¨çš„激活的è¿è¡Œæ—¶ç»‘定" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "对区域显示连接ã€ç½‘å¡å’ŒæºæœåŠ¡å™¨çš„激活的è¿è¡Œæ—¶ç»‘定" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "é…置:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "当å‰å¯è§é…置。è¿è¡Œæ—¶é…置为实际å¯ç”¨çš„é…置。永久é…置则会在æœåŠ¡æˆ–系统é‡è½½æˆ–é‡å¯" "æ—¶å¯ç”¨ã€‚" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "FirewallD 区域定义了绑定的网络连接ã€ç½‘å¡ä»¥åŠæºåœ°å€çš„å¯ä¿¡ç¨‹åº¦ã€‚区域是æœåŠ¡ã€ç«¯" "å£ã€åè®®ã€IP伪装ã€ç«¯å£/报文转å‘ã€ICMP过滤以åŠå¯Œè§„则的组åˆã€‚区域å¯ä»¥ç»‘定到网å¡" "以åŠæºåœ°å€ã€‚" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "添加区域" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "编辑区域" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "移除区域" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "载入默认区域" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "å¯ä»¥åœ¨è¿™é‡Œå®šä¹‰åŒºåŸŸä¸­å“ªäº›æœåŠ¡æ˜¯å¯ä¿¡çš„。å¯è¿žæŽ¥è‡³ç»‘定到这个区域的连接ã€ç½‘å¡å’Œæº" "的所有主机和网络åŠå¯ä»¥è®¿é—®å¯ä¿¡æœåŠ¡ã€‚" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "æœåŠ¡" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "添加å¯è®©å…许访问的主机或者网络访问的附加端å£æˆ–者端å£èŒƒå›´ã€‚" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "添加端å£" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "编辑端å£" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "移除端å£" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "端å£" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "添加所有主机或网络å‡å¯è®¿é—®çš„å议。" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "添加åè®®" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "编辑åè®®" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "删除åè®®" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "åè®®" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "" "添加é¢å¤–çš„æºç«¯å£æˆ–范围,它们对于所有å¯ä»¥è¿žæŽ¥è‡³è¿™å°ä¸»æœºçš„所有主机或网络都需è¦" "是å¯ä»¥è®¿é—®çš„。" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "æºç«¯å£" #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "如果您è¦è®¾ç½®ä¸€å°å°†æ‚¨çš„本地网络连接到互è”网的主机或者路由器,伪装是很有用的。" "您的本地网络将ä¸å¯è§ï¼Œä¸”该主机是以å•ä¸€åœ°å€çš„å½¢å¼å‡ºçŽ°åœ¨äº’è”网中。伪装仅适用于 " "IPv4。" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "伪装区域" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "如果您å¯ç”¨ä¼ªè£…,将会为您的 IPv4 网络å¯ç”¨ IP 转å‘。" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "伪装" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "添加æ¡ç›®æ¥è½¬å‘端å£ï¼Œå¯ä»¥æ˜¯ä»Žæœ¬åœ°ç³»ç»Ÿçš„一个端å£åˆ°å¦ä¸€ä¸ªç«¯å£ï¼Œä¹Ÿå¯ä»¥æ˜¯ä»Žæœ¬åœ°ç³»" "统到å¦ä¸€ä¸ªç³»ç»Ÿã€‚转å‘到å¦ä¸€ä¸ªç³»ç»Ÿåªåœ¨ç½‘å¡ä¼ªè£…时有用。端å£è½¬å‘åªé€‚用于 IPv4。" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "添加转å‘端å£" #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "编辑转å‘端å£" #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "移除转å‘端å£" #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "互è”网控制报文å议(ICMP)主è¦ç”¨äºŽåœ¨è”网的计算机间å‘é€å‡ºé”™ä¿¡æ¯ï¼Œä½†ä¹Ÿå‘é€ç±»ä¼¼ " "ping 请求以åŠå›žåº”等信æ¯ã€‚" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "在列表中标记应该被拒ç»çš„ ICMP 类型。所有其它 ICMP 类型则被å…许通过防ç«å¢™ã€‚默" "认设置是没有é™åˆ¶ã€‚" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "如果å¯ç”¨äº†åå‘过滤器(Invert Filter),作了标记的 ICMP æ¡ç›®éƒ½è¢«ä¼šè¢«æŽ¥å—,而其" "ä»–æ¡ç›®åˆ™ä¼šè¢«æ‹’ç»ã€‚在带有目标 DROP 的区里,它们会被丢弃。" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "åå‘过滤器" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP 过滤器" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "å¯ä»¥åœ¨è¿™é‡Œä¸ºåŒºåŸŸè®¾å®šå¯Œè¯­è¨€è§„则。" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "添加富规则" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "编辑富规则" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "移除富规则" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "富规则" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "增加入å£ä»¥å°†ç½‘å¡åŠ å…¥åŒºåŸŸã€‚若网å¡å·²ç»è¢«è¿žæŽ¥å ç”¨ï¼ŒåŒºåŸŸå°†è¢«è®¾å®šä¸ºè¿žæŽ¥æ‰€æŒ‡å®šçš„区" "域。" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "添加网å¡" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "编辑网å¡" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "移除网å¡" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "添加æ¡ç›®ä»¥ä¾¿åœ¨è¯¥åŒºåŸŸç»‘定æºåœ°å€æˆ–范围。还å¯ä»¥ç»‘定到 MAC æºåœ°å€ï¼Œä½†ä¼šæœ‰æ‰€é™åˆ¶ã€‚" "端å£è½¬å‘åŠä¼ªè£…ä¸é€‚用于 MAC æºç»‘定。" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "添加æ¥æº" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "编辑æ¥æº" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "移除æ¥æº" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "区域" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "FirewallD æœåŠ¡æ˜¯ç«¯å£ã€åè®®ã€æ¨¡å—和目的地å€çš„组åˆã€‚" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "添加æœåŠ¡" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "编辑æœåŠ¡" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "移除æœåŠ¡" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "载入默认æœåŠ¡" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "添加å¯è®©æ‰€æœ‰ä¸»æœºæˆ–者网络访问的附加端å£æˆ–者端å£èŒƒå›´ã€‚" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "编辑æ¡ç›®" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "删除æ¡ç›®" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "添加å¯è®©æ‰€æœ‰ä¸»æœºæˆ–者网络访问的其他æºç«¯å£æˆ–者端å£èŒƒå›´ã€‚" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "æºç«¯å£" #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "需è¦å¯¹æŸäº›æœåŠ¡ä½¿ç”¨ç½‘络过滤帮助程åºæ¨¡å—。" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "模å—" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "如果您指定了目的地å€ï¼ŒæœåŠ¡é¡¹ç›®å°†ä»…é™äºŽç›®çš„地å€å’Œç±»åž‹ã€‚如果两个项目å‡ä¸ºç©ºï¼Œåˆ™" "没有é™åˆ¶ã€‚" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "ä»…å¯ä»¥åœ¨æ°¸ä¹…é…置视图中修改æœåŠ¡ã€‚è¿è¡Œæ—¶é…置中的æœåŠ¡æ˜¯ä¸å¯ä¿®æ”¹çš„。" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "å¯ä½¿ç”¨ IPSet 创建白åå•æˆ–黑åå•ï¼Œä»¥ä¾¿ä¿å­˜ IP 地å€ã€ç«¯å£å·æˆ–者 MAC 地å€ã€‚ " #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "添加 IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "编辑 IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "删除 IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "载入 IPSet 默认设置" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "IPSet æ¡ç›®ã€‚åªèƒ½çœ‹åˆ°ä¸ä½¿ç”¨ timeout 选项的 ipset æ¡ç›®ä»¥åŠå·²ç»ç”± firewalld 添加" "çš„æ¡ç›®ã€‚这里ä¸ä¼šåˆ—出直接由 ipset 命令添加的æ¡ç›®ã€‚" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "这个 IPSet 使用 timeout 选项,因此在这个看ä¸åˆ°ã€‚应直接使用 ipset 命令处ç†è¯¥æ¡" "目。" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "新增" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "æ¡ç›®" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "åªèƒ½åœ¨æ°¸ä¹…é…置视图中创建或删除 IPSet。" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "FirewallD ICMP 类型为 firewallD æ供因特网控制报文åè®® (ICMP) çš„ä¿¡æ¯ã€‚" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "添加 ICMP 类型" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "编辑 ICMP 类型" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "移除 ICMP 类型" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "载入默认 ICMP 类型" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "指定是å¦è¯¥ ICMP 类型å¯ç”¨äºŽ IPv4 å’Œ/或 IPv6。" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ä»…å¯ä»¥åœ¨æ°¸ä¹…é…置视图中修改 ICMP 类型。è¿è¡Œæ—¶é…置中的 ICMP 类型是固定的。" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "正在指派连接跟踪帮助程åºï¼Œä»¥ç¡®ä¿ä½¿ç”¨ä¸åŒä¿¡å·å‘é€å’Œæ•°æ®ä¼ è¾“æµç¨‹çš„å议正常工" "作。数æ®ä¼ è¾“使用的是与信å·å‘é€è¿žæŽ¥ä¸ç›¸å…³çš„端å£ï¼Œå› æ­¤è‹¥æ²¡æœ‰è¯¥å¸®åŠ©ç¨‹åºå°†ä¼šè¢«é˜²" "ç«å¢™æ‹¦æˆªã€‚" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "定义帮助程åºå°†ç›‘视的端å£æˆ–端å£èŒƒå›´ã€‚" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "直接é…置给予直接访问防ç«å¢™æ–¹å¼ã€‚这些选项需è¦ç”¨æˆ·äº†è§£åŸºæœ¬çš„ iptables 概念,比" "如表ã€é“¾ã€å‘½ä»¤ã€å‚数和目标。直接é…置应该仅用于当其他 firewalld 功能都ä¸å¯ç”¨æ—¶" "的最åŽæ‰‹æ®µã€‚" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "æ¯ä¸ªæ“作的 IPV å‚数应为 ipv4 或 ipv6 或 eb。ipv4 用于 iptables,ipv6 用于 " "ip6tables,eb 用于以太网桥接(ebtables)。" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "与规则共åŒç”Ÿæ•ˆçš„附加链。" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "添加链" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "编辑链" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "移除链" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "链" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "添加一个包å«å‚数的规则至具备优先级信æ¯çš„表中。" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "优先级用于规则排åºã€‚优先级0 代表在链顶端添加规则,更大的优先级将添加到链下" "方。优先级相åŒçš„规则将具备相åŒçš„级别,排åºå¹¶ä¸å›ºå®šå¹¶æœ‰å¯èƒ½å˜åŒ–。如果您想è¦ç¡®" "ä¿ä¸€ä¸ªè§„则会在å¦å¤–一个åŽæ·»åŠ ï¼Œéœ€ä¸ºå‰è€…指定低优先级而为åŽè€…指定高优先级。" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "添加规则" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "编辑规则" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "移除规则" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "规则" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "穿通规则将被直接传递给防ç«å¢™è€Œä¸ä¼šæ”¾ç½®åˆ°ç‰¹æ®Šé“¾ä¸­ã€‚å¯ä»¥ä½¿ç”¨æ‰€æœ‰ iptablesã€" "ip6tables å’Œ ebtables 选项。" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "请å°å¿ƒä½¿ç”¨ç©¿é€šè§„则,ä¸è¦æŸå®³é˜²ç«å¢™ã€‚" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "添加穿通" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "编辑穿通" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "移除穿通" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "穿通" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "é”定功能是适用于 firewalld çš„è½»é‡çº§ç”¨æˆ·å’Œåº”用程åºè§„范。它ä¿è¯å˜æ›´ä»…é™äºŽé˜²ç«" "墙。é”定白åå•å¯ä»¥åŒ…å«å‘½ä»¤ã€ä¸Šä¸‹æ–‡ã€ç”¨æˆ·å’Œç”¨æˆ· ID。" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "上下文是正在è¿è¡Œçš„应用程åºæˆ–æœåŠ¡çš„安全(SELinux)上下文。请使用 ps -e --" "context 获å–正在è¿è¡Œçš„应用程åºçš„上下文。" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "添加上下文" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "编辑上下文" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "移除上下文" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "上下文" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "如果在白åå•è¾“入的命令以 '*' 星å·ç»“尾,则匹é…所有以其开头的命令。如果ä¸å« " "'*' 则命令和其中的å‚æ•°å¿…é¡»ç»å¯¹åŒ¹é…。" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "添加命令行" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "编辑命令行" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "移除命令行" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "命令行" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "用户å。" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "添加用户å" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "编辑用户å" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "移除用户å" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "用户å" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "用户 ID。" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "添加用户 ID" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "编辑用户 ID" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "移除用户 ID" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "用户 ID" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "当å‰ç³»ç»Ÿçš„默认区域。" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "LogDenied:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "应急模å¼ï¼š" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "自动帮助程åºï¼š" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "é”定:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "默认区域:" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "请输入网å¡å称:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "基础 IPSet 设置" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "请é…置基础 ipset 设置:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "类型:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "超时:" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "哈希大å°ï¼š" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "最大元素数:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "以秒为å•ä½çš„超时值" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "起始哈希大å°ï¼Œé»˜è®¤ä¸º 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "最大元素数,默认为 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "请选择 ipset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "请输入 ipset æ¡ç›®ï¼š" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "已拒ç»çš„日志" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "请选择 Log Denied 值:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "掩ç " #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "请输入具有å¯é€‰æŽ©ç çš„掩ç ã€‚" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "掩ç å’ŒæŽ©ç å­—段都是 32 ä½çš„无符å·æ•°å­—。" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "标记:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "掩ç ï¼š" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "请选择网络过滤 conntrack 帮助程åºï¼š" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- 选择 -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "其他模å—:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "端å£å’Œåè®®" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "请输入端å£å’Œå议。" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "直接规则" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "请选择 IPV åŠè¡¨ã€é“¾ä¼˜å…ˆçº§å¹¶è¾“å…¥å‚数。" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "优先级:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "请输入å议。" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "其他åè®®:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "富规则" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "请输入富规则(rich rule)。" #: ../src/firewall-config.glade.h:255 msgid "For host or network allow or denylisting deactivate the element." msgstr "é…置适用于主机或网络的å…许或阻止规则时,请ç¦ç”¨â€å…ƒç´ â€œé€‰é¡¹ã€‚" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "æºï¼š" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "目标:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "日志:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "审计:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "IPv4 åŠ IPv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "å转" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "è‹¥å¯ç”¨è¯¥é¡¹ï¼Œæ“作需为'reject'并且家æ—选择'ipv4'或'ipv6'(但ä¸èƒ½åŒæ—¶é€‰æ‹©)。" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "åŠç±»åž‹ï¼š" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "包å«é™åˆ¶ï¼š" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "å‰ç¼€ï¼š" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "等级:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "元素:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "æ“作:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "基本æœåŠ¡è®¾å®š" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "请é…置基本æœåŠ¡è®¾å®š:" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "请选择一个æœåŠ¡ã€‚" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "请输入æ¥æºã€‚" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "用户 ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "请输入用户 ID。" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "请输入用户å。" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "标签" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "基本区域设定" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "请é…置基本区域设定:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "默认目标" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "目标:" firewalld-1.1.1/po/zh_TW.po0000644000000000000000000016172014217342322015501 0ustar00rootroot00000000000000# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # # Translators: # Ben Wu , 2002-2004 # Chester Cheng , 2004-2006,2010,2014 # Chester Cheng , 2004 # Chester Cheng , 2010 # Chester Cheng , 2010 # Terry Chuang , 2008-2009,2014 # Waika Liu , 2005 # Walter Cheuk , 2005 # Cheng-Chia Tseng , 2016. #zanata # Chester Cheng , 2016. #zanata # Terry Chuang , 2016. #zanata # Cheng-Chia Tseng , 2017. #zanata # Eric Garver , 2018. #zanata # Peter Pan , 2018. #zanata msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-05-25 10:54-0400\n" "PO-Revision-Date: 2018-11-16 08:29+0000\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/" "firewalld/language/zh_TW/)\n" "Language: zh_TW\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Zanata 4.6.2\n" #: ../config/firewall-applet.desktop.in.h:1 ../src/firewall-applet.in:408 msgid "Firewall Applet" msgstr "防ç«ç‰†é¢æ¿ç¨‹å¼" #: ../config/firewall-config.desktop.in.h:1 msgid "Firewall" msgstr "防ç«ç‰†" #: ../config/firewall-config.desktop.in.h:2 ../src/firewall-config.glade.h:55 msgid "Firewall Configuration" msgstr "防ç«ç‰†çµ„æ…‹" #. Translators: These are searchable keywords for the firewall configuration tool #: ../config/firewall-config.desktop.in.h:4 msgid "firewall;network;security;iptables;netfilter;" msgstr "防ç«ç‰†;網路;安全性;iptables;netfilter;" #: ../src/firewall-applet.in:84 ../src/firewall-config.in:7986 #, c-format msgid "Select zone for interface '%s'" msgstr "é¸å–「%sã€ä»‹é¢çš„界域" #: ../src/firewall-applet.in:124 ../src/firewall-applet.in:131 #: ../src/firewall-applet.in:137 ../src/firewall-config.in:2446 #: ../src/firewall-config.in:8031 ../src/firewall-config.in:8039 #: ../src/firewall-config.in:8072 ../src/firewall-config.glade.h:8 msgid "Default Zone" msgstr "é è¨­ç•ŒåŸŸ" #: ../src/firewall-applet.in:158 ../src/firewall-config.in:8065 #, c-format msgid "Select zone for connection '%s'" msgstr "é¸å–「%sã€é€£ç·šçš„界域" #: ../src/firewall-applet.in:168 ../src/firewall-config.in:3925 msgid "Failed to set zone {zone} for connection {connection_name}" msgstr "無法為連線 {connection_name} 設定å€åŸŸ {zone}" #: ../src/firewall-applet.in:182 #, c-format msgid "Select zone for source '%s'" msgstr "é¸å–「%sã€ä¾†æºçš„界域" #: ../src/firewall-applet.in:199 msgid "Configure Shields Up/Down Zones" msgstr "設定防禦展開/å¸ä¸‹ç•ŒåŸŸ" #: ../src/firewall-applet.in:212 msgid "Here you can select the zones used for Shields Up and Shields Down." msgstr "您å¯ä»¥åœ¨é€™è£¡é¸å–「防禦展開ã€èˆ‡ã€Œé˜²ç¦¦å¸ä¸‹ã€æ‰€è¦ä½¿ç”¨çš„界域。" #: ../src/firewall-applet.in:218 msgid "" "This feature is useful for people using the default zones mostly. For users, " "that are changing zones of connections, it might be of limited use." msgstr "" "此功能å°æ–¼å¤§å¤šæ•¸ä½¿ç”¨é è¨­ç•ŒåŸŸçš„人來說很有用處。至於更改連線的界域之使用者,這" "å¯èƒ½ç”¨è™•ä¸å¤§ã€‚" #: ../src/firewall-applet.in:227 msgid "Shields Up Zone:" msgstr "防禦展開界域:" #: ../src/firewall-applet.in:236 ../src/firewall-applet.in:249 msgid "Reset To Default" msgstr "é‡è¨­å›žé è¨­å€¼" #: ../src/firewall-applet.in:240 msgid "Shields Down Zone:" msgstr "防禦å¸ä¸‹ç•ŒåŸŸï¼š" #: ../src/firewall-applet.in:332 #, c-format msgid "About %s" msgstr "關於 %s" #: ../src/firewall-applet.in:383 msgid "Authors" msgstr "作者" #: ../src/firewall-applet.in:393 msgid "License" msgstr "授權æ¢æ¬¾" #: ../src/firewall-applet.in:462 msgid "Shields Up" msgstr "防禦展開" #: ../src/firewall-applet.in:469 msgid "Enable Notifications" msgstr "啟用通知" #: ../src/firewall-applet.in:475 msgid "Edit Firewall Settings..." msgstr "編輯防ç«ç‰†è¨­å®š..." #: ../src/firewall-applet.in:479 ../src/firewall-config.glade.h:61 msgid "Change Zones of Connections..." msgstr "變更連線的界域..." #: ../src/firewall-applet.in:483 msgid "Configure Shields UP/Down Zones..." msgstr "設定防禦展開/å¸ä¸‹ç•ŒåŸŸ..." #: ../src/firewall-applet.in:487 msgid "Block all network traffic" msgstr "å°éŽ–所有網路交通" #: ../src/firewall-applet.in:492 msgid "About" msgstr "關於" #: ../src/firewall-applet.in:500 ../src/firewall-config.in:618 #: ../src/firewall-config.in:2387 ../src/firewall-config.in:2668 #: ../src/firewall-config.in:2694 msgid "Connections" msgstr "連線" #: ../src/firewall-applet.in:504 ../src/firewall-config.in:620 #: ../src/firewall-config.in:2475 ../src/firewall-config.in:2671 #: ../src/firewall-config.in:2696 ../src/firewall-config.glade.h:130 msgid "Interfaces" msgstr "介é¢" #: ../src/firewall-applet.in:508 ../src/firewall-config.in:622 #: ../src/firewall-config.in:2506 ../src/firewall-config.in:2674 #: ../src/firewall-config.in:2698 ../src/firewall-config.glade.h:135 msgid "Sources" msgstr "來æº" #: ../src/firewall-applet.in:579 ../src/firewall-config.in:2288 msgid "Authorization failed." msgstr "授權失敗。" #: ../src/firewall-applet.in:581 ../src/firewall-config.in:2290 msgid "Invalid name" msgstr "無效的å稱" #: ../src/firewall-applet.in:585 ../src/firewall-config.in:2293 msgid "Name already exists" msgstr "å稱已經存在" #: ../src/firewall-applet.in:677 msgid "{entry} (Zone: {zone})" msgstr "{entry} (界域:{zone})" #: ../src/firewall-applet.in:684 msgid "{entry} (Default Zone: {default_zone})" msgstr "{entry} (é è¨­ç•ŒåŸŸï¼š{default_zone})" #: ../src/firewall-applet.in:762 ../src/firewall-config.in:1574 msgid "Failed to get connections from NetworkManager" msgstr "從 NetworkManager å–得連線失敗" #: ../src/firewall-applet.in:774 ../src/firewall-config.in:1386 msgid "No NetworkManager imports available" msgstr "ç„¡å¯ç”¨çš„ NetworkManager 匯入" #: ../src/firewall-applet.in:851 msgid "No connection to firewall daemon" msgstr "未有連接防ç«ç‰†å¹•å¾Œç¨‹å¼çš„連線" #: ../src/firewall-applet.in:857 ../src/firewall-applet.in:994 msgid "All network traffic is blocked." msgstr "所有網路交通已å°éŽ–。" #: ../src/firewall-applet.in:860 #, c-format msgid "Default Zone: '%s'" msgstr "é è¨­ç•ŒåŸŸï¼šã€Œ%sã€" #: ../src/firewall-applet.in:866 msgid "" "Default Zone '{default_zone}' active for connection '{connection}' on " "interface '{interface}'" msgstr "" "é è¨­ç•ŒåŸŸã€Œ{default_zone}ã€ä½¿ç”¨ä¸­ï¼šé€£ç·šã€Œ{connection}ã€ï¼Œä»‹é¢ã€Œ{interface}ã€" #: ../src/firewall-applet.in:869 msgid "" "Zone '{zone}' active for connection '{connection}' on interface '{interface}'" msgstr "界域「{zone}ã€ä½¿ç”¨ä¸­ï¼šé€£ç·šã€Œ{connection}ã€ï¼Œä»‹é¢ã€Œ{interface}ã€" #: ../src/firewall-applet.in:881 msgid "Zone '{zone}' active for interface '{interface}'" msgstr "界域「{zone}ã€ä½¿ç”¨ä¸­ï¼šä»‹é¢ã€Œ{interface}ã€" #: ../src/firewall-applet.in:889 msgid "Zone '{zone}' active for source {source}" msgstr "界域「{zone}ã€ä½¿ç”¨ä¸­ï¼šä¾†æº {source}" #: ../src/firewall-applet.in:893 msgid "No Active Zones." msgstr "無使用中界域。" #: ../src/firewall-applet.in:952 msgid "Connection to FirewallD established." msgstr "與 FirewallD 的連線已建立。" #: ../src/firewall-applet.in:964 msgid "Connection to FirewallD lost." msgstr "與 FirewallD 的連線已中斷。" #: ../src/firewall-applet.in:969 msgid "FirewallD has been reloaded." msgstr "FirewallD å·²é‡æ–°è¼‰å…¥ã€‚" #: ../src/firewall-applet.in:976 #, c-format msgid "Default zone changed to '%s'." msgstr "é è¨­ç•ŒåŸŸè®Šæ›´ç‚ºã€Œ%sã€ã€‚" #: ../src/firewall-applet.in:995 msgid "Network traffic is not blocked anymore." msgstr "網路交通已ä¸å†å°éŽ–。" #: ../src/firewall-applet.in:1021 ../src/firewall-applet.in:1075 msgid "activated" msgstr "已啟動" #: ../src/firewall-applet.in:1022 ../src/firewall-applet.in:1076 msgid "deactivated" msgstr "å·²åœæ­¢" #: ../src/firewall-applet.in:1027 msgid "" "Default zone '{default_zone}' {activated_deactivated} for connection " "'{connection}' on interface '{interface}'" msgstr "" "é è¨­ç•ŒåŸŸã€Œ{default_zone}ã€{activated_deactivated}:連線「{connection}ã€ï¼Œä»‹é¢" "「{interface}ã€" #: ../src/firewall-applet.in:1032 msgid "" "Zone '{zone}' {activated_deactivated} for connection '{connection}' on " "interface '{interface}'" msgstr "" "界域「{zone}ã€{activated_deactivated}:連線「{connection}ã€ï¼Œä»‹é¢" "「{interface}ã€" #: ../src/firewall-applet.in:1037 msgid "Zone '{zone}' {activated_deactivated} for interface '{interface}'" msgstr "界域「{zone}ã€{activated_deactivated}:介é¢ã€Œ{interface}ã€" #: ../src/firewall-applet.in:1060 #, c-format msgid "Zone '%s' activated for interface '%s'" msgstr "界域「%sã€å·²å•Ÿå‹•ï¼šä»‹é¢ã€Œ%sã€" #: ../src/firewall-applet.in:1077 msgid "Zone '{zone}' {activated_deactivated} for source '{source}'" msgstr "界域「{zone}ã€{activated_deactivated}:來æºã€Œ{source}ã€" #: ../src/firewall-applet.in:1101 #, c-format msgid "Zone '%s' activated for source '%s'" msgstr "界域「%sã€å·²å•Ÿå‹•ï¼šä¾†æºã€Œ%sã€" #: ../src/firewall-config.in:89 msgid "Connection to firewalld established." msgstr "連至 firewalld 的連線已建立。" #: ../src/firewall-config.in:91 msgid "Trying to connect to firewalld, waiting..." msgstr "正在嘗試連上 firewalld,等待中..." #: ../src/firewall-config.in:93 msgid "" "Failed to connect to firewalld. Please make sure that the service has been " "started correctly and try again." msgstr "連接 firewalld 失敗。請確定該æœå‹™å·²æ­£å¸¸å•Ÿå‹•ï¼Œç„¶å¾Œé‡è©¦ã€‚" #: ../src/firewall-config.in:95 msgid "Changes applied." msgstr "變更已套用。" #: ../src/firewall-config.in:96 #, c-format msgid "Used by network connection '%s'" msgstr "由「%sã€ç¶²è·¯é€£ç·šä½¿ç”¨" #: ../src/firewall-config.in:97 #, c-format msgid "Default zone used by network connection '%s'" msgstr "網路連線 '%s' 所使用的é è¨­ç•ŒåŸŸ" #: ../src/firewall-config.in:99 msgid "enabled" msgstr "已啟用" #: ../src/firewall-config.in:100 msgid "disabled" msgstr "å·²åœç”¨" #: ../src/firewall-config.in:125 msgid "Failed to load icons." msgstr "無法載入圖示。" #: ../src/firewall-config.in:187 ../src/firewall-config.glade.h:6 msgid "Context" msgstr "情境" #: ../src/firewall-config.in:206 ../src/firewall-config.glade.h:4 msgid "Command line" msgstr "指令列" #: ../src/firewall-config.in:225 ../src/firewall-config.glade.h:300 msgid "User name" msgstr "使用者å稱" #: ../src/firewall-config.in:244 msgid "User id" msgstr "使用者 ID" #: ../src/firewall-config.in:284 ../src/firewall-config.in:318 msgid "Table" msgstr "表" #: ../src/firewall-config.in:286 ../src/firewall-config.in:320 msgid "Chain" msgstr "éˆ" #: ../src/firewall-config.in:322 ../src/firewall-config.in:824 msgid "Priority" msgstr "優先程度" #: ../src/firewall-config.in:324 ../src/firewall-config.in:361 msgid "Args" msgstr "引數" #: ../src/firewall-config.in:401 ../src/firewall-config.in:2336 msgid "Runtime" msgstr "執行時期" #: ../src/firewall-config.in:402 msgid "Permanent" msgstr "永久" #: ../src/firewall-config.in:481 ../src/firewall-config.glade.h:138 msgid "Service" msgstr "æœå‹™" #: ../src/firewall-config.in:488 ../src/firewall-config.in:535 #: ../src/firewall-config.in:560 ../src/firewall-config.in:802 #: ../src/firewall-config.in:996 ../src/firewall-config.in:1030 msgid "Port" msgstr "連接埠" #: ../src/firewall-config.in:490 ../src/firewall-config.in:510 #: ../src/firewall-config.in:537 ../src/firewall-config.in:562 #: ../src/firewall-config.in:804 ../src/firewall-config.in:998 #: ../src/firewall-config.in:1013 ../src/firewall-config.in:1032 #: ../src/firewall-config.glade.h:250 msgid "Protocol" msgstr "å”定" #: ../src/firewall-config.in:564 msgid "To Port" msgstr "至連接埠" #: ../src/firewall-config.in:566 msgid "To Address" msgstr "至ä½å€" #: ../src/firewall-config.in:616 msgid "Bindings" msgstr "ç¶å®š" #: ../src/firewall-config.in:651 ../src/firewall-config.glade.h:233 msgid "Entry" msgstr "æ¢ç›®" #: ../src/firewall-config.in:777 msgid "Icmp Type" msgstr "Icmp é¡žåž‹" #: ../src/firewall-config.in:822 msgid "Family" msgstr "家庭" #: ../src/firewall-config.in:826 msgid "Action" msgstr "動作" #: ../src/firewall-config.in:828 msgid "Element" msgstr "元素" #: ../src/firewall-config.in:830 msgid "Src" msgstr "來æº" #: ../src/firewall-config.in:832 msgid "Dest" msgstr "目標" #: ../src/firewall-config.in:834 msgid "log" msgstr "記錄" #: ../src/firewall-config.in:836 msgid "Audit" msgstr "稽核" #: ../src/firewall-config.in:940 ../src/firewall-config.glade.h:221 msgid "Interface" msgstr "介é¢" #: ../src/firewall-config.in:942 msgid "Comment" msgstr "備註" #: ../src/firewall-config.in:961 ../src/firewall-config.glade.h:27 msgid "Source" msgstr "來æº" #: ../src/firewall-config.in:1615 ../src/firewall-config.in:2809 #: ../src/firewall-config.in:2857 msgid "Warning" msgstr "警告" #: ../src/firewall-config.in:1624 ../src/firewall-config.in:1630 msgid "Error" msgstr "錯誤" #: ../src/firewall-config.in:2044 ../src/firewall-config.in:3209 #: ../src/firewall-config.in:3707 ../src/firewall-config.glade.h:262 msgid "accept" msgstr "接å—" #: ../src/firewall-config.in:2046 ../src/firewall-config.in:3211 #: ../src/firewall-config.in:3709 ../src/firewall-config.in:3857 #: ../src/firewall-config.glade.h:263 msgid "reject" msgstr "拒絕" #: ../src/firewall-config.in:2050 ../src/firewall-config.in:3226 #: ../src/firewall-config.in:3714 ../src/firewall-config.glade.h:264 msgid "drop" msgstr "丟è½" #: ../src/firewall-config.in:2052 ../src/firewall-config.in:3228 #: ../src/firewall-config.in:3716 ../src/firewall-config.in:3858 #: ../src/firewall-config.glade.h:265 msgid "mark" msgstr "標記" #: ../src/firewall-config.in:2055 ../src/firewall-config.in:2099 #: ../src/firewall-config.in:2104 msgid "limit" msgstr "é™åˆ¶" #: ../src/firewall-config.in:2071 ../src/firewall-config.in:3163 #: ../src/firewall-config.in:3343 ../src/firewall-config.in:3654 #: ../src/firewall-config.glade.h:284 msgid "service" msgstr "æœå‹™" #: ../src/firewall-config.in:2073 ../src/firewall-config.in:3169 #: ../src/firewall-config.in:3345 ../src/firewall-config.in:3657 #: ../src/firewall-config.glade.h:285 msgid "port" msgstr "接埠" #: ../src/firewall-config.in:2076 ../src/firewall-config.in:3174 #: ../src/firewall-config.in:3354 ../src/firewall-config.in:3667 #: ../src/firewall-config.glade.h:286 msgid "protocol" msgstr "å”定" #: ../src/firewall-config.in:2078 ../src/firewall-config.in:3179 #: ../src/firewall-config.in:3684 ../src/firewall-config.in:3870 #: ../src/firewall-config.glade.h:291 msgid "masquerade" msgstr "å½è£" #: ../src/firewall-config.in:2080 ../src/firewall-config.in:3182 #: ../src/firewall-config.in:3356 ../src/firewall-config.in:3670 #: ../src/firewall-config.in:3885 ../src/firewall-config.glade.h:287 msgid "icmp-block" msgstr "icmp-block" #: ../src/firewall-config.in:2082 ../src/firewall-config.in:3187 #: ../src/firewall-config.in:3358 ../src/firewall-config.in:3673 #: ../src/firewall-config.glade.h:288 msgid "icmp-type" msgstr "icmp-type" #: ../src/firewall-config.in:2084 ../src/firewall-config.in:3192 #: ../src/firewall-config.in:3360 ../src/firewall-config.in:3676 #: ../src/firewall-config.in:3878 ../src/firewall-config.glade.h:289 msgid "forward-port" msgstr "forward-port" #: ../src/firewall-config.in:2088 ../src/firewall-config.in:3201 #: ../src/firewall-config.in:3362 ../src/firewall-config.in:3686 #: ../src/firewall-config.glade.h:290 msgid "source-port" msgstr "source-port" #: ../src/firewall-config.in:2097 msgid "level" msgstr "等級" #: ../src/firewall-config.in:2101 ../src/firewall-config.in:2106 msgid "yes" msgstr "是" #: ../src/firewall-config.in:2450 ../src/firewall-config.in:2490 #: ../src/firewall-config.in:2520 ../src/firewall-config.glade.h:89 msgid "Zone" msgstr "界域" #: ../src/firewall-config.in:2463 #, c-format msgid "Default Zone: %s" msgstr "é è¨­ç•ŒåŸŸï¼š%s" #: ../src/firewall-config.in:2470 ../src/firewall-config.in:2501 #: ../src/firewall-config.in:2531 #, c-format msgid "Zone: %s" msgstr "界域:%s" #: ../src/firewall-config.in:2806 #, c-format msgid "Zone '%s': Service '%s' is not available." msgstr "界域「%sã€ï¼šæœå‹™ã€Œ%sã€ç„¡æ³•ä½¿ç”¨ã€‚" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 #: ../src/firewall-config.glade.h:163 msgid "Remove" msgstr "移除" #: ../src/firewall-config.in:2810 ../src/firewall-config.in:2858 msgid "Ignore" msgstr "忽略" #: ../src/firewall-config.in:2854 #, c-format msgid "Zone '%s': ICMP type '%s' is not available." msgstr "界域「%sã€ï¼šICMP 類型「%sã€ç„¡æ³•ä½¿ç”¨ã€‚" #: ../src/firewall-config.in:3009 msgid "Built-in zone, rename not supported." msgstr "內建界域,ä¸æ”¯æ´é‡æ–°å‘½å。" #: ../src/firewall-config.in:3124 ../src/firewall-config.in:3624 #: ../src/firewall-config.glade.h:270 msgid "second" msgstr "秒" #: ../src/firewall-config.in:3125 ../src/firewall-config.in:3625 #: ../src/firewall-config.glade.h:271 msgid "minute" msgstr "分é˜" #: ../src/firewall-config.in:3126 ../src/firewall-config.in:3626 #: ../src/firewall-config.glade.h:272 msgid "hour" msgstr "å°æ™‚" #: ../src/firewall-config.in:3127 ../src/firewall-config.in:3627 #: ../src/firewall-config.glade.h:273 msgid "day" msgstr "æ—¥" #: ../src/firewall-config.in:3128 ../src/firewall-config.in:3628 #: ../src/firewall-config.glade.h:276 msgid "emergency" msgstr "緊急" #: ../src/firewall-config.in:3129 ../src/firewall-config.in:3629 #: ../src/firewall-config.glade.h:277 msgid "alert" msgstr "警示" #: ../src/firewall-config.in:3130 ../src/firewall-config.in:3630 #: ../src/firewall-config.glade.h:278 msgid "critical" msgstr "åš´é‡" #: ../src/firewall-config.in:3131 ../src/firewall-config.in:3631 #: ../src/firewall-config.glade.h:279 msgid "error" msgstr "錯誤" #: ../src/firewall-config.in:3132 ../src/firewall-config.in:3632 #: ../src/firewall-config.glade.h:280 msgid "warning" msgstr "警告" #: ../src/firewall-config.in:3133 ../src/firewall-config.in:3633 #: ../src/firewall-config.glade.h:281 msgid "notice" msgstr "注æ„" #: ../src/firewall-config.in:3134 ../src/firewall-config.in:3634 #: ../src/firewall-config.glade.h:282 msgid "info" msgstr "資訊" #: ../src/firewall-config.in:3135 ../src/firewall-config.in:3635 #: ../src/firewall-config.glade.h:283 msgid "debug" msgstr "除錯" #: ../src/firewall-config.in:3335 ../src/firewall-config.in:3560 #: ../src/firewall-config.in:3584 ../src/firewall-config.in:3639 #: ../src/firewall-config.in:3774 ../src/firewall-config.in:3821 msgid "ipv4" msgstr "ipv4" #: ../src/firewall-config.in:3337 ../src/firewall-config.in:3562 #: ../src/firewall-config.in:3586 ../src/firewall-config.in:3641 #: ../src/firewall-config.in:3776 ../src/firewall-config.in:3823 msgid "ipv6" msgstr "ipv6" #: ../src/firewall-config.in:5029 msgid "" "Forwarding to another system is only useful if the interface is " "masqueraded.\n" "Do you want to masquerade this zone ?" msgstr "" "轉é€è‡³å…¶ä»–系統的功能僅在介é¢ç‚ºå½è£ä¹‹æ™‚æ‰æœƒæœ‰ç”¨ã€‚\n" "您是å¦æƒ³è¦å½è£æ­¤ç•ŒåŸŸï¼Ÿ" #: ../src/firewall-config.in:5391 msgid "Built-in service, rename not supported." msgstr "內建æœå‹™ï¼Œä¸æ”¯æ´é‡æ–°å‘½å。" #: ../src/firewall-config.in:5600 msgid "Please enter an ipv4 address with the form address[/mask]." msgstr "請從格å¼ä½å€ï¼ˆæˆ–é®ç½©ï¼‰è¼¸å…¥ IPV4 ä½å€" #: ../src/firewall-config.in:5601 msgid "The mask can be a network mask or a number." msgstr "é®ç½©å¯ä»¥æ˜¯ç¶²è·¯é®ç½©æˆ–數字。" #: ../src/firewall-config.in:5603 msgid "Please enter an ipv6 address with the form address[/mask]." msgstr "請從格å¼ä½å€ï¼ˆæˆ–é®ç½©ï¼‰è¼¸å…¥ IPV6 ä½å€" #: ../src/firewall-config.in:5604 msgid "The mask is a number." msgstr "é®ç½©ç‚ºæ•¸å­—。" #: ../src/firewall-config.in:5606 msgid "Please enter an ipv4 or ipv6 address with the form address[/mask]." msgstr "請從格å¼ä½å€ï¼ˆæˆ–é®ç½©ï¼‰è¼¸å…¥ IPV4 或 IPV6 ä½å€ã€‚" #: ../src/firewall-config.in:5607 msgid "" "The mask can be a network mask or a number for ipv4.\n" "The mask is a number for ipv6." msgstr "" "IPv4 é®ç½©å¯ä»¥æ˜¯ç¶²è·¯é®ç½©æˆ–數字。\n" "IPv6 é®ç½©æ˜¯æ•¸å­—。" #: ../src/firewall-config.in:5791 msgid "Built-in ipset, rename not supported." msgstr "內建 ipset,ä¸æ”¯æ´é‡æ–°å‘½å。" #: ../src/firewall-config.in:5883 ../src/firewall-config.in:5965 msgid "Please select a file" msgstr "è«‹é¸æ“‡ä¸€å€‹æª”案" #: ../src/firewall-config.in:5890 ../src/firewall-config.in:5972 msgid "Text Files" msgstr "文字檔案" #: ../src/firewall-config.in:5895 ../src/firewall-config.in:5977 msgid "All Files" msgstr "所有檔案" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:40 msgid "All" msgstr "全部" #: ../src/firewall-config.in:6398 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:41 msgid "IPv4" msgstr "IPv4" #: ../src/firewall-config.in:6399 ../src/firewall-config.in:6427 #: ../src/firewall-config.glade.h:42 msgid "IPv6" msgstr "IPv6" #: ../src/firewall-config.in:6404 msgid "Built-in helper, rename not supported." msgstr "內建輔助器,ä¸æ”¯æ´é‡æ–°å‘½å。" #: ../src/firewall-config.in:6882 msgid "Built-in icmp, rename not supported." msgstr "內建 icmp,ä¸æ”¯æ´é‡æ–°å‘½å。" #: ../src/firewall-config.in:7954 #, c-format msgid "Failed to read file '%s': %s" msgstr "讀å–檔案 '%s' 失敗:%s" #: ../src/firewall-config.in:8087 #, c-format msgid "Select zone for source %s" msgstr "é¸å– %s 來æºçš„界域" #. implies all other actions #: ../src/firewall-config.glade.h:1 msgid "Address" msgstr "ä½å€" #: ../src/firewall-config.glade.h:2 msgid "Automatic Helpers" msgstr "自動輔助器" #: ../src/firewall-config.glade.h:3 msgid "Please select the automatic helpers value:" msgstr "è«‹é¸å–自動輔助器之值:" #: ../src/firewall-config.glade.h:5 msgid "Please enter the command line." msgstr "請輸入指令列。" #: ../src/firewall-config.glade.h:7 msgid "Please enter the context." msgstr "請輸入情境。" #: ../src/firewall-config.glade.h:9 msgid "Please select default zone from the list below." msgstr "請從下列清單中é¸å–é è¨­ç•ŒåŸŸã€‚" #: ../src/firewall-config.glade.h:10 msgid "Direct Chain" msgstr "直接éˆæ¢" #: ../src/firewall-config.glade.h:11 msgid "Please select ipv and table and enter the chain name." msgstr "è«‹é¸å– ipv 與表格,並輸入éˆæ¢å稱" #: ../src/firewall-config.glade.h:12 msgid "ipv:" msgstr "ipv:" #: ../src/firewall-config.glade.h:13 msgid "eb" msgstr "eb" #: ../src/firewall-config.glade.h:14 msgid "Chain:" msgstr "éˆæ¢ï¼š" #: ../src/firewall-config.glade.h:15 msgid "nat" msgstr "nat" #: ../src/firewall-config.glade.h:16 msgid "raw" msgstr "原始" #: ../src/firewall-config.glade.h:17 msgid "security" msgstr "安全性" #: ../src/firewall-config.glade.h:18 msgid "Table:" msgstr "表格:" #: ../src/firewall-config.glade.h:19 msgid "Direct Passthrough Rule" msgstr "直接通é€è¦å‰‡" #: ../src/firewall-config.glade.h:20 msgid "Please select ipv and enter the args." msgstr "è«‹é¸å– ipv 並輸入引數。" #: ../src/firewall-config.glade.h:21 msgid "Args:" msgstr "引數:" #: ../src/firewall-config.glade.h:22 msgid "Port Forwarding" msgstr "連接埠轉é€" #: ../src/firewall-config.glade.h:23 msgid "" "Please select the source and destination options according to your needs." msgstr "請根據您的需求é¸æ“‡ä¾†æºä»¥åŠç›®çš„地é¸é …。" #: ../src/firewall-config.glade.h:24 msgid "Port / Port Range:" msgstr "連接埠 / 連接埠範åœï¼š" #: ../src/firewall-config.glade.h:25 msgid "IP address:" msgstr "IP ä½å€ï¼š" #: ../src/firewall-config.glade.h:26 msgid "Protocol:" msgstr "通訊å”定:" #: ../src/firewall-config.glade.h:28 msgid "Destination" msgstr "目的地" #: ../src/firewall-config.glade.h:29 msgid "" "If you enable local forwarding, you have to specify a port. This port has to " "be different to the source port." msgstr "" "若您啟用本地端轉é€ï¼Œæ‚¨å°±å¿…é ˆè¦æŒ‡å®šé€£æŽ¥åŸ ã€‚這個連接埠必須和來æºé€£æŽ¥åŸ ä¸åŒã€‚" #: ../src/firewall-config.glade.h:30 msgid "Local forwarding" msgstr "本地端轉é€" #: ../src/firewall-config.glade.h:31 msgid "Forward to another port" msgstr "轉é€è‡³å…¶ä»–連接埠" #: ../src/firewall-config.glade.h:32 msgid "Base Helper Settings" msgstr "基礎輔助器設定" #: ../src/firewall-config.glade.h:33 msgid "Please configure base helper settings:" msgstr "請設定基礎輔助器設定值:" #: ../src/firewall-config.glade.h:34 msgid "Bold entries are mandatory, all others are optional." msgstr "粗體的æ¢ç›®ç‚ºå¼·åˆ¶é …目,其他æ¢ç›®å‰‡ç‚ºé¸ç”¨é …目。" #: ../src/firewall-config.glade.h:35 msgid "Name:" msgstr "å稱:" #: ../src/firewall-config.glade.h:36 msgid "Version:" msgstr "版本:" #: ../src/firewall-config.glade.h:37 msgid "Short:" msgstr "簡短:" #: ../src/firewall-config.glade.h:38 msgid "Description:" msgstr "æ述:" #: ../src/firewall-config.glade.h:39 msgid "Family:" msgstr "家庭:" #: ../src/firewall-config.glade.h:43 msgid "Module:" msgstr "模組:" #: ../src/firewall-config.glade.h:44 msgid "Helper" msgstr "輔助器" #: ../src/firewall-config.glade.h:45 msgid "Please select a helper:" msgstr "è«‹é¸å–輔助器:" #: ../src/firewall-config.glade.h:46 msgid "Base ICMP Type Settings" msgstr "基礎 ICMP 類型設定" #: ../src/firewall-config.glade.h:47 msgid "Please configure base ICMP type settings:" msgstr "請調整基礎 ICMP 類型設定:" #: ../src/firewall-config.glade.h:48 msgid "ICMP Type" msgstr "ICMP é¡žåž‹" #: ../src/firewall-config.glade.h:49 msgid "Please select an ICMP type" msgstr "è«‹é¸å– ICMP é¡žåž‹" #: ../src/firewall-config.glade.h:50 msgid "Add Entry" msgstr "加入æ¢ç›®" #: ../src/firewall-config.glade.h:51 msgid "Add Entries From File" msgstr "從檔案新增項目" #: ../src/firewall-config.glade.h:52 msgid "Remove Selected Entry" msgstr "移除é¸æ“‡çš„é …ç›®" #: ../src/firewall-config.glade.h:53 msgid "Remove All Entries" msgstr "移除所有項目" #: ../src/firewall-config.glade.h:54 msgid "Remove Entries From File" msgstr "從檔案中移除項目" #: ../src/firewall-config.glade.h:56 msgid "_File" msgstr "檔案(_F)" #: ../src/firewall-config.glade.h:57 msgid "_Options" msgstr "é¸é …(_O)" #: ../src/firewall-config.glade.h:58 msgid "Reload Firewalld" msgstr "é‡æ–°è¼‰å…¥ Firewalld" #: ../src/firewall-config.glade.h:59 msgid "" "Reloads firewall rules. Current permanent configuration will become new " "runtime configuration. i.e. all runtime only changes done until reload are " "lost with reload if they have not been also in permanent configuration." msgstr "" "é‡æ–°è¼‰å…¥é˜²ç«ç‰†è¦å‰‡ã€‚ç›®å‰çš„永久組態會變æˆæ–°çš„執行時期組態。舉例,所有的執行時" "期下的變動直到é‡æ–°è¼‰å…¥å‰éƒ½æœƒæœ‰æ•ˆï¼šåªè¦æ”¹è®Šä¸æ˜¯è¨­åœ¨æ°¸ä¹…組態中,那麼一旦é‡æ–°è¼‰" "入後所有改動都會消失。" #: ../src/firewall-config.glade.h:60 msgid "Change which zone a network connection belongs to." msgstr "變更網路連線所屬的界域。" #: ../src/firewall-config.glade.h:62 msgid "Change Default Zone" msgstr "變更é è¨­ç•ŒåŸŸ" #: ../src/firewall-config.glade.h:63 msgid "Change default zone for connections or interfaces." msgstr "變更連線或介é¢çš„é è¨­ç•ŒåŸŸã€‚" #: ../src/firewall-config.glade.h:64 msgid "Change Log Denied" msgstr "變更日誌被拒" #: ../src/firewall-config.glade.h:65 msgid "Change LogDenied value." msgstr "變更 LogDenied 值。" #: ../src/firewall-config.glade.h:66 msgid "Configure Automatic Helper Assigment" msgstr "設定自動輔助器指派" #: ../src/firewall-config.glade.h:67 msgid "Configure Automatic Helper Assignment setting." msgstr "設定自動輔助器指派設定。" #: ../src/firewall-config.glade.h:68 msgid "Panic mode means that all incoming and outgoing packets are dropped." msgstr "æ慌模å¼ä»£è¡¨æ‰€æœ‰é€£å…¥èˆ‡å‚³å‡ºå°åŒ…都會直接丟棄。" #: ../src/firewall-config.glade.h:69 msgid "Panic Mode" msgstr "æ慌模å¼" #: ../src/firewall-config.glade.h:70 msgid "" "Lockdown locks firewall configuration so that only applications on lockdown " "whitelist are able to change it." msgstr "" "å°éŽ–管制會鎖上防ç«ç‰†çµ„態,åªæœ‰å°éŽ–管制白å單中列出的應用程å¼å¯ä»¥æ”¹å‹•çµ„態。" #: ../src/firewall-config.glade.h:71 msgid "Lockdown" msgstr "å°éŽ–管制" #: ../src/firewall-config.glade.h:72 msgid "Make runtime configuration permanent" msgstr "使 runtime é…置永久化" #: ../src/firewall-config.glade.h:73 msgid "Runtime To Permanent" msgstr "使 Runtime 永久化" #: ../src/firewall-config.glade.h:74 msgid "_View" msgstr "檢視(_V)" #: ../src/firewall-config.glade.h:75 msgid "IPSets" msgstr "IPSet" #: ../src/firewall-config.glade.h:76 msgid "ICMP Types" msgstr "ICMP é¡žåž‹" #: ../src/firewall-config.glade.h:77 msgid "Helpers" msgstr "輔助器" #: ../src/firewall-config.glade.h:78 msgid "Direct Configuration" msgstr "直接組態" #: ../src/firewall-config.glade.h:79 msgid "Lockdown Whitelist" msgstr "å°éŽ–管制白åå–®" #: ../src/firewall-config.glade.h:80 msgid "Active Bindings" msgstr "使用中的ç¶å®š" #: ../src/firewall-config.glade.h:81 msgid "_Help" msgstr "求助(_H)" #: ../src/firewall-config.glade.h:82 msgid "Change Zone" msgstr "變更å€åŸŸ" #: ../src/firewall-config.glade.h:83 msgid "Change zone of binding" msgstr "變更ç¶å®šçš„界域" #: ../src/firewall-config.glade.h:84 msgid "" "Hide active runtime bindings of connections, interfaces and sources to zones" msgstr "在界域中隱è—連線ã€ä»‹é¢åŠä¾†æºçš„使用中執行時期ç¶å®š" #: ../src/firewall-config.glade.h:85 msgid "" "Show active runtime bindings of connections, interfaces and sources to zones" msgstr "在界域中顯示連線ã€ä»‹é¢åŠä¾†æºçš„使用中執行時期ç¶å®š" #: ../src/firewall-config.glade.h:86 msgid "Configuration:" msgstr "組態:" #: ../src/firewall-config.glade.h:87 msgid "" "Currently visible configuration. Runtime configuration is the actual active " "configuration. Permanent configuration will be active after service or " "system reload or restart." msgstr "" "ç›®å‰å¯è¦‹çš„組態。執行時期組態為實際使用中組態。永久組態將在æœå‹™æˆ–系統é‡æ–°è¼‰å…¥" "或é‡æ–°å•Ÿå‹•ä¹‹å¾Œå•Ÿå‹•ã€‚" #: ../src/firewall-config.glade.h:88 msgid "" "A firewalld zone defines the level of trust for network connections, " "interfaces and source addresses bound to the zone. The zone combines " "services, ports, protocols, masquerading, port/packet forwarding, icmp " "filters and rich rules. The zone can be bound to interfaces and source " "addresses." msgstr "" "firewalld 界域所定義的是ç¶å®šè©²ç•ŒåŸŸä¹‹ç¶²è·¯é€£ç·šã€ä»‹é¢ã€ä¾†æºä½å€çš„信任等級。界域" "能çµåˆæœå‹™ã€é€£æŽ¥åŸ ã€å”定ã€å½è£ã€é€£æŽ¥åŸ /å°åŒ…轉é€ã€icmp éŽæ¿¾ã€è±å¯Œè¦å‰‡ç­‰ã€‚界域" "å¯ä»¥èˆ‡ä»‹é¢ã€ä¾†æºä½å€ç­‰ç¶å®šã€‚" #: ../src/firewall-config.glade.h:90 msgid "Add Zone" msgstr "加入界域" #: ../src/firewall-config.glade.h:91 msgid "Edit Zone" msgstr "編輯界域" #: ../src/firewall-config.glade.h:92 msgid "Remove Zone" msgstr "移除界域" #: ../src/firewall-config.glade.h:93 msgid "Load Zone Defaults" msgstr "載入界域é è¨­å€¼" #: ../src/firewall-config.glade.h:94 msgid "" "Here you can define which services are trusted in the zone. Trusted services " "are accessible from all hosts and networks that can reach the machine from " "connections, interfaces and sources bound to this zone." msgstr "" "ä½ å¯ä»¥åœ¨æ­¤è™•å®šç¾©è©²ç•ŒåŸŸä¸­æœ‰å“ªäº›æœå‹™å€¼å¾—信任。åªè¦æ­¤ç•ŒåŸŸæ‰€ç¶å®šä¹‹é€£ç·šã€ä»‹é¢ã€ä¾†" "æºçš„主機與網路能觸åŠæœ¬æ©Ÿï¼Œå‰‡çš†å¯å­˜å–這些信任的æœå‹™ã€‚" #: ../src/firewall-config.glade.h:95 msgid "Services" msgstr "æœå‹™" #: ../src/firewall-config.glade.h:96 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks that can connect to the machine." msgstr "請添加其他連接埠或連接埠範åœï¼Œè®“所有å¯é€£æŽ¥è‡³æœ¬æ©Ÿçš„主機或網路存å–。" #: ../src/firewall-config.glade.h:97 msgid "Add Port" msgstr "加入連接埠" #: ../src/firewall-config.glade.h:98 msgid "Edit Port" msgstr "編輯連接埠" #: ../src/firewall-config.glade.h:99 msgid "Remove Port" msgstr "移除連接埠" #: ../src/firewall-config.glade.h:100 msgid "Ports" msgstr "連接埠" #: ../src/firewall-config.glade.h:101 msgid "Add protocols, which need to be accessible for all hosts or networks." msgstr "新增通訊å”定,並且必須能被所有主機或網路存å–。" #: ../src/firewall-config.glade.h:102 msgid "Add Protocol" msgstr "加入å”定" #: ../src/firewall-config.glade.h:103 msgid "Edit Protocol" msgstr "編輯å”定" #: ../src/firewall-config.glade.h:104 msgid "Remove Protocol" msgstr "移除å”定" #: ../src/firewall-config.glade.h:105 msgid "Protocols" msgstr "å”定" #: ../src/firewall-config.glade.h:106 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks that can connect to the machine." msgstr "加入其他來æºé€£æŽ¥åŸ æˆ–連接埠範åœï¼Œè®“所有å¯é€£æŽ¥è‡³æœ¬æ©Ÿçš„主機或網路存å–。" #: ../src/firewall-config.glade.h:107 msgid "Source Ports" msgstr "來æºé€£æŽ¥åŸ " #: ../src/firewall-config.glade.h:108 msgid "" "Masquerading allows you to set up a host or router that connects your local " "network to the internet. Your local network will not be visible and the " "hosts appear as a single address on the internet. Masquerading is IPv4 only." msgstr "" "å½è£å¯è®“您設置個能讓您本本地端網路連至網際網路的主機或路由器。您的本地端網路" "ä¸æœƒè¢«çœ‹è¦‹ï¼Œä¸”眾主機在網際網路上會顯示æˆå–®ä¸€ä½å€ã€‚å½è£åŠŸèƒ½åƒ…é©ç”¨æ–¼ IPv4。" #: ../src/firewall-config.glade.h:109 msgid "Masquerade zone" msgstr "å½è£ç•ŒåŸŸ" #: ../src/firewall-config.glade.h:110 msgid "" "If you enable masquerading, IP forwarding will be enabled for your IPv4 " "networks." msgstr "若您啟用å½è£ï¼Œå°‡ç‚ºæ‚¨çš„ IPv4 網路啟用 IP 轉é€åŠŸèƒ½ã€‚" #: ../src/firewall-config.glade.h:111 msgid "Masquerading" msgstr "å½è£" #: ../src/firewall-config.glade.h:112 msgid "" "Add entries to forward ports either from one port to another on the local " "system or from the local system to another system. Forwarding to another " "system is only useful if the interface is masqueraded. Port forwarding is " "IPv4 only." msgstr "" "新增æ¢ç›®ä¾†å¾žæœ¬åœ°ç«¯ç³»çµ±ä¸Šçš„一個連接埠轉é€è‡³å¦ä¸€å€‹é€£æŽ¥åŸ ï¼Œæˆ–由本地端系統轉é€è‡³" "å¦ä¸€éƒ¨ç³»çµ±ã€‚僅在介é¢å¡å½è£æ™‚æ‰èƒ½è½‰é€è‡³å¦ä¸€éƒ¨ç³»çµ±ã€‚連接埠轉é€åŠŸèƒ½åƒ…é©ç”¨æ–¼ " "IPv4。" #: ../src/firewall-config.glade.h:113 msgid "Add Forward Port" msgstr "加入轉é€é€£æŽ¥åŸ " #: ../src/firewall-config.glade.h:114 msgid "Edit Forward Port" msgstr "編輯轉é€é€£æŽ¥åŸ " #: ../src/firewall-config.glade.h:115 msgid "Remove Forward Port" msgstr "移除轉é€é€£æŽ¥åŸ " #: ../src/firewall-config.glade.h:116 msgid "" "The Internet Control Message Protocol (ICMP) is mainly used to send error " "messages between networked computers, but additionally for informational " "messages like ping requests and replies." msgstr "" "網際網路控制訊æ¯é€šè¨Šå”定 (Internet Control Message Protocol, ICMP) 主è¦ç”¨åœ¨é€£" "網電腦間錯誤訊æ¯çš„傳é€ï¼Œä¸éŽä¹Ÿèƒ½è¢«ç”¨ä¾†å‚³é€åƒæ˜¯ ping 請求和回應的資訊訊æ¯ã€‚" #: ../src/firewall-config.glade.h:117 msgid "" "Mark the ICMP types in the list, which should be rejected. All other ICMP " "types are allowed to pass the firewall. The default is no limitation." msgstr "" "將清單中應被拒絕的 ICMP 類型標記起來。其他所有 ICMP 則å…許通éŽé˜²ç«ç‰†ã€‚é è¨­å€¼" "為無é™åˆ¶ã€‚" #: ../src/firewall-config.glade.h:118 msgid "" "If Invert Filter is enabled, marked ICMP entries are accepted and the others " "are rejected. In a zone with the target DROP, they are dropped." msgstr "" "如果啟用了å轉篩é¸å™¨ï¼Œç³»çµ±æœƒæŽ¥å—已標示的 ICMP 項目,但拒絕其他項目。在目標為 " "DROP 的界域中,它們會被丟棄。" #: ../src/firewall-config.glade.h:119 msgid "Invert Filter" msgstr "å轉篩é¸å™¨" #: ../src/firewall-config.glade.h:120 msgid "ICMP Filter" msgstr "ICMP éŽæ¿¾å™¨" #: ../src/firewall-config.glade.h:121 msgid "Here you can set rich language rules for the zone." msgstr "您å¯ä»¥åœ¨é€™è£¡è¨­å®šç•ŒåŸŸçš„è±å¯Œèªžè¨€è¦å‰‡ã€‚" #: ../src/firewall-config.glade.h:122 msgid "Add Rich Rule" msgstr "加入è±å¯Œè¦å‰‡" #: ../src/firewall-config.glade.h:123 msgid "Edit Rich Rule" msgstr "編輯è±å¯Œè¦å‰‡" #: ../src/firewall-config.glade.h:124 msgid "Remove Rich Rule" msgstr "移除è±å¯Œè¦å‰‡" #: ../src/firewall-config.glade.h:125 msgid "Rich Rules" msgstr "è±å¯Œè¦å‰‡" #: ../src/firewall-config.glade.h:126 msgid "" "Add entries to bind interfaces to the zone. If the interface will be used by " "a connection, the zone will be set to the zone specified in the connection." msgstr "" "請添加æ¢ç›®ä¾†å°‡ä»‹é¢èˆ‡æ­¤ç•ŒåŸŸç¶å®šã€‚如果介é¢æœƒè¢«æŸé€£ç·šä½¿ç”¨ï¼Œå‰‡ç•ŒåŸŸå°‡è¢«è¨­ç‚ºé€£ç·šä¸­" "所指定的界域。" #: ../src/firewall-config.glade.h:127 msgid "Add Interface" msgstr "加入介é¢" #: ../src/firewall-config.glade.h:128 msgid "Edit Interface" msgstr "編輯介é¢" #: ../src/firewall-config.glade.h:129 msgid "Remove Interface" msgstr "移除介é¢" #: ../src/firewall-config.glade.h:131 msgid "" "Add entries to bind source addresses or areas to the zone. You can also bind " "to a MAC source address, but with limitations. Port forwarding and " "masquerading will not work for MAC source bindings." msgstr "" "請添加æ¢ç›®ä¾†å°‡ä¾†æºä½å€æˆ–å€åŸŸèˆ‡æ­¤ç•ŒåŸŸç¶å®šã€‚您也å¯ä»¥ç¶å®šè‡³ MAC 來æºä½å€ï¼Œä½†æœ‰é™" "制。port forwarding 與 masquerading 都無法在 MAC 來æºç¶å®šä¸Šé‹ä½œã€‚" #: ../src/firewall-config.glade.h:132 msgid "Add Source" msgstr "加入來æº" #: ../src/firewall-config.glade.h:133 msgid "Edit Source" msgstr "編輯來æº" #: ../src/firewall-config.glade.h:134 msgid "Remove Source" msgstr "移除來æº" #: ../src/firewall-config.glade.h:136 msgid "Zones" msgstr "界域" #: ../src/firewall-config.glade.h:137 msgid "" "A firewalld service is a combination of ports, protocols, modules and " "destination addresses." msgstr "firewalld æœå‹™å¯ç”±é€£æŽ¥åŸ ã€å”定ã€æ¨¡çµ„ã€ç›®çš„地ä½å€ç­‰çµ„åˆè€Œæˆã€‚" #: ../src/firewall-config.glade.h:139 msgid "Add Service" msgstr "加入æœå‹™" #: ../src/firewall-config.glade.h:140 msgid "Edit Service" msgstr "編輯æœå‹™" #: ../src/firewall-config.glade.h:141 msgid "Remove Service" msgstr "移除æœå‹™" #: ../src/firewall-config.glade.h:142 msgid "Load Service Defaults" msgstr "載入æœå‹™é è¨­å€¼" #: ../src/firewall-config.glade.h:143 msgid "" "Add additional ports or port ranges, which need to be accessible for all " "hosts or networks." msgstr "新增é¡å¤–的通訊埠或通訊埠範åœï¼Œä¸¦ä¸”必須能被所有主機或網路存å–。" #: ../src/firewall-config.glade.h:144 msgid "Edit Entry" msgstr "編輯æ¢ç›®" #: ../src/firewall-config.glade.h:145 msgid "Remove Entry" msgstr "移除æ¢ç›®" #: ../src/firewall-config.glade.h:146 msgid "" "Add additional source ports or port ranges, which need to be accessible for " "all hosts or networks." msgstr "加入其他來æºé€£è¨ŠåŸ æˆ–連接埠範åœï¼Œè®“所有主機或網路å‡å¯å­˜å–。" #: ../src/firewall-config.glade.h:147 msgid "Source Port" msgstr "來æºé€£æŽ¥åŸ " #: ../src/firewall-config.glade.h:148 msgid "Netfilter helper modules are needed for some services." msgstr "有些æœå‹™å¿…須有 Netfilter 輔助器模組。" #: ../src/firewall-config.glade.h:149 msgid "Modules" msgstr "模組" #: ../src/firewall-config.glade.h:150 msgid "" "If you specify destination addresses, the service entry will be limited to " "the destination address and type. If both entries are empty, there is no " "limitation." msgstr "" "若您指定目標ä½å€ï¼Œæœå‹™æ¢ç›®å°‡é™æ–¼ç›®çš„地ä½å€èˆ‡é¡žåž‹ã€‚若兩æ¢ç›®çš†ç©ºï¼Œå‰‡æ²’有é™åˆ¶ã€‚" #: ../src/firewall-config.glade.h:151 msgid "IPv4:" msgstr "IPv4:" #: ../src/firewall-config.glade.h:152 msgid "IPv6:" msgstr "IPv6:" #: ../src/firewall-config.glade.h:153 msgid "" "Services can only be changed in the permanent configuration view. The " "runtime configuration of services is fixed." msgstr "æœå‹™åƒ…å¯ä»¥åœ¨æ°¸ä¹…組態檢視下更動。æœå‹™çš„執行時期組態是固定ä¸è®Šçš„。" #: ../src/firewall-config.glade.h:154 msgid "" "An IPSet can be used to create white or black lists and is able to store for " "example IP addresses, port numbers or MAC addresses. " msgstr "" "IPSet å¯ä»¥ç”¨ä¾†å»ºç«‹ç™½å單或黑å單,且å¯ä»¥å„²å­˜ä¾‹å¦‚ IP ä½å€ã€é€£æŽ¥åŸ è™Ÿã€æˆ– MAC ä½" "å€ç­‰ã€‚" #: ../src/firewall-config.glade.h:155 msgid "IPSet" msgstr "IPSet" #: ../src/firewall-config.glade.h:156 msgid "Add IPSet" msgstr "加入 IPSet" #: ../src/firewall-config.glade.h:157 msgid "Edit IPSet" msgstr "編輯 IPSet" #: ../src/firewall-config.glade.h:158 msgid "Remove IPSet" msgstr "移除 IPSet" #: ../src/firewall-config.glade.h:159 msgid "Load IPSet Defaults" msgstr "載入 IPSet é è¨­å€¼" #: ../src/firewall-config.glade.h:160 msgid "" "Entries of the IPSet. You will only be able to see entries of ipsets that " "are not using the timeout option, also only the entries, that have been " "added by firewalld. Entries, that have been directly added with the ipset " "command wil not be listed here." msgstr "" "IPSet çš„æ¢ç›®ã€‚您åªèƒ½çœ‹åˆ°æœªä½¿ç”¨é€¾æ™‚é¸é …çš„ IPset æ¢ç›®ï¼Œä»¥åŠåŠ å…¥ firewalld çš„æ¢" "目。已經é€éŽ ipset 指令直接加入的æ¢ç›®ä¸æœƒåœ¨æ­¤åˆ—出。" #: ../src/firewall-config.glade.h:161 msgid "" "This IPSet uses the timeout option, therefore no entries are visible here. " "The entries should be taken care directly with the ipset command." msgstr "" "這 IPSet 使用逾時值,因此此處看ä¸åˆ°ä»»ä½•æ¢ç›®ã€‚這些æ¢ç›®æ‡‰è©²ç›´æŽ¥é€éŽ ipset 指令" "來處ç†ã€‚" #: ../src/firewall-config.glade.h:162 msgid "Add" msgstr "加入" #: ../src/firewall-config.glade.h:164 msgid "Entries" msgstr "æ¢ç›®" #: ../src/firewall-config.glade.h:165 msgid "" "IPSets can only be created or deleted in the permanent configuration view." msgstr "IPSet åªèƒ½åœ¨æ°¸ä¹…é…置檢視下建立或刪除。" #: ../src/firewall-config.glade.h:166 msgid "" "A firewalld icmptype provides the information for an Internet Control " "Message Protocol (ICMP) type for firewalld." msgstr "" "firewalld icmptype 為 firewalld æ供網際網路控制訊æ¯å”定 (ICMP,Internet " "Control Message Protocol) 類型資訊。" #: ../src/firewall-config.glade.h:167 msgid "Add ICMP Type" msgstr "加入 ICMP é¡žåž‹" #: ../src/firewall-config.glade.h:168 msgid "Edit ICMP Type" msgstr "編輯 ICMP é¡žåž‹" #: ../src/firewall-config.glade.h:169 msgid "Remove ICMP Type" msgstr "移除 ICMP é¡žåž‹" #: ../src/firewall-config.glade.h:170 msgid "Load ICMP Type Defaults" msgstr "載入 ICMP é¡žåž‹é è¨­å€¼" #: ../src/firewall-config.glade.h:171 msgid "Specify whether this ICMP Type is available for IPv4 and/or IPv6." msgstr "指明此 ICMP 類型在 IPv4 與/或 IPv6 中是å¦å¯ç”¨ã€‚" #: ../src/firewall-config.glade.h:172 msgid "" "ICMP Types can only be changed in the permanent configuration view. The " "runtime configuration of ICMP Types is fixed." msgstr "" "ICMP 類型僅å¯ä»¥åœ¨æ°¸ä¹…組態檢視下更動。ICMP 類型的執行時期組態是固定ä¸è®Šçš„。" #: ../src/firewall-config.glade.h:173 msgid "" "A connection tracking helper is assisting to make protocols work that are " "using different flows for signaling and data transfers. The data transfers " "are using ports that are unrelated to the signaling connection and are " "therefore blocked by the firewall without the helper." msgstr "" "連線追蹤輔助器是è¦è¼”助使用ä¸åŒè¨Šè™Ÿã€è³‡æ–™å‚³è¼¸æµå‘çš„å”定é‹ä½œã€‚資料傳輸若使用無" "關訊號連線的連接埠,在沒有輔助器的情æ³ä¸‹æœƒè¢«é˜²ç«ç‰†å°éŽ–。" #: ../src/firewall-config.glade.h:174 msgid "Define ports or port ranges, which are monitored by the helper." msgstr "定義連接埠或連接埠範åœï¼Œç”±è¼”助器監控。" #: ../src/firewall-config.glade.h:175 msgid "" "The direct configuration gives a more direct access to the firewall. These " "options require user to know basic iptables concepts, i.e. tables, chains, " "commands, parameters and targets. Direct configuration should be used only " "as a last resort when it is not possible to use other firewalld features." msgstr "" "直接組態讓您å¯ä»¥æ›´ç›´æŽ¥åœ°å­˜å–防ç«ç‰†ã€‚這些é¸é …需è¦ä½¿ç”¨è€…知曉基礎的 iptables 概" "念,例如表格ã€éˆæ¢ã€æŒ‡ä»¤ã€åƒæ•¸ã€ç›®æ¨™ç­‰ã€‚直接組態應該謹以「最後的é¿é¢¨æ¸¯ã€çš„心" "æ…‹å°å¾…,åªåœ¨ç„¡æ³•ä½¿ç”¨å…¶ä»– firewalld 功能時æ‰ä½¿ç”¨ã€‚" #: ../src/firewall-config.glade.h:176 msgid "" "The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it " "will be for iptables, with ipv6 for ip6tables and with eb for ethernet " "bridges (ebtables)." msgstr "" "æ¯å€‹é¸é …çš„ ipv 引數必須是 ipv4 或 ipv6 或 eb。ipv4 用於 iptables,ipv6 用於 " "ip6tables,而 eb 用於乙太網路接橋 (ebtables)。" #: ../src/firewall-config.glade.h:177 msgid "Additional chains for use with rules." msgstr "è¦ä½¿ç”¨çš„è¦å‰‡çš„é¡å¤–éˆæ¢ã€‚" #: ../src/firewall-config.glade.h:178 msgid "Add Chain" msgstr "加入éˆæ¢" #: ../src/firewall-config.glade.h:179 msgid "Edit Chain" msgstr "編輯éˆæ¢" #: ../src/firewall-config.glade.h:180 msgid "Remove Chain" msgstr "移除éˆæ¢" #: ../src/firewall-config.glade.h:181 msgid "Chains" msgstr "éˆæ¢" #: ../src/firewall-config.glade.h:182 msgid "" "Add a rule with the arguments args to a chain in a table with a priority." msgstr "加入有 args 引數的è¦å‰‡åˆ°æœ‰å„ªå…ˆç­‰ç´šçš„表格的éˆæ¢ä¸­ã€‚" #: ../src/firewall-config.glade.h:183 msgid "" "The priority is used to order rules. Priority 0 means add rule on top of the " "chain, with a higher priority the rule will be added further down. Rules " "with the same priority are on the same level and the order of these rules is " "not fixed and may change. If you want to make sure that a rule will be added " "after another one, use a low priority for the first and a higher for the " "following." msgstr "" "優先等級用來排åºè¦å‰‡ã€‚優先等級 0 代表將è¦å‰‡åŠ åˆ°éˆæ¢é ‚端;優先等級數字越高,è¦" "則會越往後擺放。相åŒå„ªå…ˆç­‰ç´šçš„è¦å‰‡ä½åœ¨åŒå€‹ç­‰ç´šä¸­ï¼Œè€Œé€™äº›è¦å‰‡çš„é †åºä¸¦éžå›ºå®šè€Œ" "å¯èƒ½è®Šå‹•ã€‚如果您想è¦ç¢ºä¿æŸè¦å‰‡åœ¨æŸå€‹è¦å‰‡ä¹‹å¾Œæ‰åŠ å…¥ï¼Œå‰è€…請使用較低的優先等" "級,後者請使用較高的優先等級。" #: ../src/firewall-config.glade.h:184 msgid "Add Rule" msgstr "加入è¦å‰‡" #: ../src/firewall-config.glade.h:185 msgid "Edit Rule" msgstr "編輯è¦å‰‡" #: ../src/firewall-config.glade.h:186 msgid "Remove Rule" msgstr "移除è¦å‰‡" #: ../src/firewall-config.glade.h:187 msgid "Rules" msgstr "è¦å‰‡" #: ../src/firewall-config.glade.h:188 msgid "" "The passthrough rules are directly passed through to the firewall and are " "not placed in special chains. All iptables, ip6tables and ebtables options " "can be used." msgstr "" "通é€è¦å‰‡æœƒç›´æŽ¥å‚³éžçµ¦é˜²ç«ç‰†ï¼Œè€Œä¸æœƒæ”¾å…¥ç‰¹æ®Šéˆæ¢ä¸­ã€‚所有的 iptablsã€ip6tables " "與 ebtables é¸é …皆å¯ä½¿ç”¨ã€‚" #: ../src/firewall-config.glade.h:189 msgid "Please be careful with passthrough rules to not damage the firewall." msgstr "使用通é€è¦å‰‡æ™‚請務必å°å¿ƒä»¥å…æ壞防ç«ç‰†ã€‚" #: ../src/firewall-config.glade.h:190 msgid "Add Passthrough" msgstr "加入通é€" #: ../src/firewall-config.glade.h:191 msgid "Edit Passthrough" msgstr "編輯通é€" #: ../src/firewall-config.glade.h:192 msgid "Remove Passthrough" msgstr "移除通é€" #: ../src/firewall-config.glade.h:193 msgid "Passthrough" msgstr "通é€" #: ../src/firewall-config.glade.h:194 msgid "" "The lockdown feature is a light version of user and application policies for " "firewalld. It limits changes to the firewall. The lockdown whitelist can " "contain commands, contexts, users and user ids." msgstr "" "å°éŽ–管制功能是 firewalld 其使用者與應用程å¼æ–¹é‡çš„輕é‡ç‰ˆã€‚它會é™åˆ¶é˜²ç«ç‰†çš„æ›´" "動。å°éŽ–管制白åå–®å¯ä»¥åŒ…å«æŒ‡ä»¤ã€æƒ…境ã€ä½¿ç”¨è€…與使用者 ID。" #: ../src/firewall-config.glade.h:195 msgid "" "The context is the security (SELinux) context of a running application or " "service. To get the context of a running application use ps -e --" "context." msgstr "" "情境是指執行中應用程å¼æˆ–æœå‹™çš„安全情境 (SELinux 情境)。若è¦å–得執行中應用程å¼" "的情境,請使用指令 ps -e --context。" #: ../src/firewall-config.glade.h:196 msgid "Add Context" msgstr "加入情境" #: ../src/firewall-config.glade.h:197 msgid "Edit Context" msgstr "編輯情境" #: ../src/firewall-config.glade.h:198 msgid "Remove Context" msgstr "移除情境" #: ../src/firewall-config.glade.h:199 msgid "Contexts" msgstr "情境" #: ../src/firewall-config.glade.h:200 msgid "" "If a command entry on the whitelist ends with an asterisk '*', then all " "command lines starting with the command will match. If the '*' is not there " "the absolute command inclusive arguments must match." msgstr "" "如果白å單中的指令æ¢ç›®æ˜¯ä»¥ç±³å­—號「*ã€çµå°¾ï¼Œå‰‡æ‰€æœ‰ä»¥è©²æŒ‡ä»¤åˆ—開頭的任何指令皆會" "匹é…。如果「*ã€ä¸¦éžçµå°¾ï¼Œå‰‡å¿…須精確符åˆè©²æŒ‡ä»¤èˆ‡ç›¸é—œå¼•æ•¸ã€‚" #: ../src/firewall-config.glade.h:201 msgid "Add Command Line" msgstr "加入指令列" #: ../src/firewall-config.glade.h:202 msgid "Edit Command Line" msgstr "編輯指令列" #: ../src/firewall-config.glade.h:203 msgid "Remove Command Line" msgstr "移除指令列" #: ../src/firewall-config.glade.h:204 msgid "Command lines" msgstr "指令列" #: ../src/firewall-config.glade.h:205 msgid "User names." msgstr "使用者å稱。" #: ../src/firewall-config.glade.h:206 msgid "Add User Name" msgstr "加入使用者å稱" #: ../src/firewall-config.glade.h:207 msgid "Edit User Name" msgstr "編輯使用者å稱" #: ../src/firewall-config.glade.h:208 msgid "Remove User Name" msgstr "移除使用者å稱" #: ../src/firewall-config.glade.h:209 msgid "User names" msgstr "使用者å稱" #: ../src/firewall-config.glade.h:210 msgid "User ids." msgstr "使用者 ID。" #: ../src/firewall-config.glade.h:211 msgid "Add User Id" msgstr "加入使用者 ID" #: ../src/firewall-config.glade.h:212 msgid "Edit User Id" msgstr "編輯使用者 ID" #: ../src/firewall-config.glade.h:213 msgid "Remove User Id" msgstr "移除使用者 ID" #: ../src/firewall-config.glade.h:214 msgid "User Ids" msgstr "使用者 ID" #: ../src/firewall-config.glade.h:215 msgid "Current default zone of the system." msgstr "系統的目å‰é è¨­ç•ŒåŸŸã€‚" #: ../src/firewall-config.glade.h:216 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Log Denied:" msgstr "已拒絕的日誌:" #: ../src/firewall-config.glade.h:217 msgid "Panic Mode:" msgstr "æ慌模å¼ï¼š" #: ../src/firewall-config.glade.h:218 msgctxt "" "Meaning: Log of denied packets. But this is too long. LogDenied is also the " "parameter used in firewalld.conf." msgid "Automatic Helpers:" msgstr "自動輔助器:" #: ../src/firewall-config.glade.h:219 msgid "Lockdown:" msgstr "å°éŽ–管制:" #: ../src/firewall-config.glade.h:220 msgid "Default Zone:" msgstr "é è¨­åŸŸï¼š" #: ../src/firewall-config.glade.h:222 msgid "Please enter an interface name:" msgstr "請輸入介é¢å稱:" #: ../src/firewall-config.glade.h:223 msgid "Base IPSet Settings" msgstr "基礎 IPSet 設定值" #: ../src/firewall-config.glade.h:224 msgid "Please configure base ipset settings:" msgstr "請調整基礎 IPSet 設定值組態:" #: ../src/firewall-config.glade.h:225 msgid "Type:" msgstr "類型:" #: ../src/firewall-config.glade.h:226 msgid "Timeout:" msgstr "時é™ï¼š" #: ../src/firewall-config.glade.h:227 msgid "Hashsize:" msgstr "Hashsize:" #: ../src/firewall-config.glade.h:228 msgid "Maxelem:" msgstr "Maxelem:" #: ../src/firewall-config.glade.h:229 msgid "Timeout value in seconds" msgstr "時é™å€¼ï¼Œå–®ä½ç‚ºç§’" #: ../src/firewall-config.glade.h:230 msgid "Initial hash size, default 1024" msgstr "åˆå§‹é›œæ¹Šå¤§å°ï¼Œé è¨­ 1024" #: ../src/firewall-config.glade.h:231 msgid "Max number of elements, default 65536" msgstr "元素最大數,é è¨­ 65536" #: ../src/firewall-config.glade.h:232 msgid "Please select an ipset:" msgstr "è«‹é¸å– IPset:" #: ../src/firewall-config.glade.h:234 msgid "Please enter an ipset entry:" msgstr "請輸入 ipset 項目:" #: ../src/firewall-config.glade.h:235 msgid "Log Denied" msgstr "已拒絕的日誌" #: ../src/firewall-config.glade.h:236 msgid "Please select the log denied value:" msgstr "è«‹é¸æ“‡å·²æ‹’絕的日誌值:" #: ../src/firewall-config.glade.h:237 msgid "Mark" msgstr "標記" #: ../src/firewall-config.glade.h:238 msgid "Please enter a mark with an optional mask." msgstr "請輸入標記與é¸ç”¨çš„é®ç½©ã€‚" #: ../src/firewall-config.glade.h:239 msgid "The mark and the mask fields are both 32 bits wide unsigned numbers." msgstr "標記與é®ç½©æ¬„ä½éƒ½æ˜¯ 32 ä½å…ƒå¯¬çš„無正負號數字。" #: ../src/firewall-config.glade.h:240 msgid "Mark:" msgstr "標記:" #: ../src/firewall-config.glade.h:241 msgid "Mask:" msgstr "é®ç½©ï¼š" #: ../src/firewall-config.glade.h:242 msgid "Please select a netfilter conntrack helper:" msgstr "è«‹é¸å– netfilter 連接追蹤輔助器:" #: ../src/firewall-config.glade.h:243 msgid "- Select -" msgstr "- é¸å– -" #: ../src/firewall-config.glade.h:244 msgid "Other Module:" msgstr "其他模組:" #: ../src/firewall-config.glade.h:245 msgid "Port and Protocol" msgstr "連接埠與通訊å”定" #: ../src/firewall-config.glade.h:246 msgid "Please enter a port and protocol." msgstr "請輸入連接埠與å”定。" #: ../src/firewall-config.glade.h:247 msgid "Direct Rule" msgstr "直接è¦å‰‡" #: ../src/firewall-config.glade.h:248 msgid "Please select ipv and table, chain priority and enter the args." msgstr "è«‹é¸å– ipv 與表格ã€éˆæ¢å„ªå…ˆç­‰ç´šï¼Œä¸¦è¼¸å…¥å¼•æ•¸ã€‚" #: ../src/firewall-config.glade.h:249 msgid "Priority:" msgstr "優先等級:" #: ../src/firewall-config.glade.h:251 msgid "Please enter a protocol." msgstr "請輸入å”定。" #: ../src/firewall-config.glade.h:252 msgid "Other Protocol:" msgstr "其他å”定:" #: ../src/firewall-config.glade.h:253 msgid "Rich Rule" msgstr "è±å¯Œè¦å‰‡" #: ../src/firewall-config.glade.h:254 msgid "Please enter a rich rule." msgstr "請輸入è±å¯Œè¦å‰‡ã€‚" #: ../src/firewall-config.glade.h:255 #, fuzzy msgid "For host or network allow or denylisting deactivate the element." msgstr "主機或網路白åå–®ã€é»‘å單來åœç”¨å…ƒç´ ã€‚" #: ../src/firewall-config.glade.h:256 msgid "Source:" msgstr "來æºï¼š" #: ../src/firewall-config.glade.h:257 msgid "Destination:" msgstr "目標:" #: ../src/firewall-config.glade.h:258 msgid "Log:" msgstr "記錄:" #: ../src/firewall-config.glade.h:259 msgid "Audit:" msgstr "稽核:" #: ../src/firewall-config.glade.h:260 msgid "ipv4 and ipv6" msgstr "ipv4 與 ipv6" #: ../src/firewall-config.glade.h:261 msgid "inverted" msgstr "å轉" #: ../src/firewall-config.glade.h:266 msgid "" "To enable this Action has to be 'reject' and Family either 'ipv4' or " "'ipv6' (not both)." msgstr "" "è¦å•Ÿç”¨æ­¤åŠŸèƒ½ï¼Œã€Œå‹•ä½œã€å¿…須是「拒絕ã€è€Œã€Œå®¶æ—ã€å¿…須是「ipv4ã€æˆ–「ipv6ã€ï¼ˆè€Œéž" "兩者)。" #: ../src/firewall-config.glade.h:267 msgid "with Type:" msgstr "此類型:" #: ../src/firewall-config.glade.h:268 msgid "With limit:" msgstr "有é™åˆ¶ï¼š" #: ../src/firewall-config.glade.h:269 msgid "/" msgstr "/" #: ../src/firewall-config.glade.h:274 msgid "Prefix:" msgstr "å‰ç¶´ï¼š" #: ../src/firewall-config.glade.h:275 msgid "Level:" msgstr "等級:" #: ../src/firewall-config.glade.h:292 msgid "Element:" msgstr "元素:" #: ../src/firewall-config.glade.h:293 msgid "Action:" msgstr "動作:" #: ../src/firewall-config.glade.h:294 msgid "Base Service Settings" msgstr "基礎æœå‹™è¨­å®š" #: ../src/firewall-config.glade.h:295 msgid "Please configure base service settings:" msgstr "請設定基礎æœå‹™è¨­å®šï¼š" #: ../src/firewall-config.glade.h:296 msgid "Please select a service." msgstr "è«‹é¸å–æœå‹™ã€‚" #: ../src/firewall-config.glade.h:297 msgid "Please enter a source." msgstr "請輸入來æºã€‚" #: ../src/firewall-config.glade.h:298 msgid "User ID" msgstr "使用者 ID" #: ../src/firewall-config.glade.h:299 msgid "Please enter the user id." msgstr "請輸入使用者 ID。" #: ../src/firewall-config.glade.h:301 msgid "Please enter the user name." msgstr "請輸入使用者å稱。" #: ../src/firewall-config.glade.h:302 msgid "label" msgstr "標籤" #: ../src/firewall-config.glade.h:303 msgid "Base Zone Settings" msgstr "基礎界域設定" #: ../src/firewall-config.glade.h:304 msgid "Please configure base zone settings:" msgstr "請設定基礎界域設定:" #: ../src/firewall-config.glade.h:305 msgid "Default Target" msgstr "é è¨­ç›®æ¨™" #: ../src/firewall-config.glade.h:306 msgid "Target:" msgstr "目標:" firewalld-1.1.1/po/POTFILES.skip0000644000000000000000000000000014217342322016202 0ustar00rootroot00000000000000firewalld-1.1.1/po/LINGUAS0000644000000000000000000000026514217352317015134 0ustar00rootroot00000000000000ar as ast bg bn_IN ca cs da de el en_GB en_US es et eu fa fi fr gl gu hi hr hu ia id it ja ka kn ko lt ml mr nl or pa pl pt_BR pt ru si sk sq sr@latin sr sv ta te tr uk zh_CN zh_TW firewalld-1.1.1/shell-completion/0000755000000000000000000000000014217353174016746 5ustar00rootroot00000000000000firewalld-1.1.1/shell-completion/bash/0000755000000000000000000000000014217353174017663 5ustar00rootroot00000000000000firewalld-1.1.1/shell-completion/bash/firewall-cmd0000644000000000000000000002433714217342322022156 0ustar00rootroot00000000000000# bash completion for firewall-cmd -*- shell-script -*- # Copyright (C) 2013 Red Hat, Inc. # # Authors: # Jiri Popelka # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # TODO: find a way how to get the following options from firewall-cmd OPTIONS_LOCKDOWN="--add-lockdown-whitelist-command= --remove-lockdown-whitelist-command= \ --query-lockdown-whitelist-command= --list-lockdown-whitelist-commands \ --add-lockdown-whitelist-context= --remove-lockdown-whitelist-context= \ --query-lockdown-whitelist-context= --list-lockdown-whitelist-contexts \ --add-lockdown-whitelist-uid= --remove-lockdown-whitelist-uid= \ --query-lockdown-whitelist-uid= --list-lockdown-whitelist-uids \ --add-lockdown-whitelist-user= --remove-lockdown-whitelist-user= \ --query-lockdown-whitelist-user= --list-lockdown-whitelist-users" # can be used as standalone or with --permanent OPTIONS_CONFIG="--get-zones --get-services --get-icmptypes --get-helpers \ ${OPTIONS_LOCKDOWN} --list-all-zones \ --info-zone= --info-service= --info-icmptype= \ --info-ipset= --info-helper=" OPTIONS_ZONE_INTERFACES_SOURCES="\ --add-interface= --remove-interface= --query-interface= \ --list-interfaces --change-interface= --change-zone= \ --add-source= --remove-source= --query-source= \ --change-source= --list-sources" OPTIONS_ZONE_ACTION_ACTION="--add-service= --remove-service= --query-service= \ --add-port= --remove-port= --query-port= \ --add-source-port= --remove-source-port= --query-source-port= \ --add-protocol= --remove-protocol= --query-protocol= \ --add-icmp-block= --remove-icmp-block= --query-icmp-block= \ --add-forward-port= --remove-forward-port= --query-forward-port=" OPTIONS_ZONE_ADAPT_QUERY="--add-rich-rule= --remove-rich-rule= --query-rich-rule= \ --add-icmp-block-inversion --remove-icmp-block-inversion \ --query-icmp-block-inversion \ --add-forward --remove-forward --query-forward \ --add-masquerade --remove-masquerade --query-masquerade \ --list-services --list-ports --list-protocols \ --list-source-ports --list-icmp-blocks \ --list-forward-ports --list-rich-rules --list-all" OPTIONS_ZONE_PERMANENT_ONLY="--get-description --get-short \ --set-description= --set-short=" OPTIONS_IPSET_ACTION_ACTION="--add-entry= --remove-entry= --query-entry= --add-entries-from-file= --remove-entries-from-file" OPTIONS_IPSET_ADAPT_QUERY="--list-entries" # can be used with/without preceding --zone= OPTIONS_ZONE="${OPTIONS_ZONE_INTERFACES_SOURCES} \ ${OPTIONS_ZONE_ACTION_ACTION} ${OPTIONS_ZONE_ADAPT_QUERY} ${OPTIONS_ZONE_PERMANENT_ONLY}" OPTIONS_IPSET="${OPTIONS_IPSETACTION_ACTION} ${OPTIONS_IPSET_ADAPT_QUERY}" OPTIONS_PERMANENT_ONLY="--new-icmptype= --new-icmptype-from-file= --delete-icmptype= \ --new-service= --new-service-from-file= --delete-service= \ --new-zone= --new-zone-from-file= --delete-zone= \ --new-ipset= --new-helper-from-file= --delete-ipset= \ --new-helper= --new-helper-from-file= --delete-helper= \ --get-target --set-target= \ --path-zone= --path-service= --path-icmptype= \ --path-ipset= --path-helper=" OPTIONS_NEW_IPSET="--type= --option=" OPTIONS_NEW_HELPER="--module= --family=" OPTIONS_HELPER="" # can be used after --permanent OPTIONS_PERMANENT="${OPTIONS_CONFIG} --zone= ${OPTIONS_ZONE} \ ${OPTIONS_PERMANENT_ONLY}" OPTIONS_DIRECT="--passthrough \ --add-chain --remove-chain --query-chain --get-chains --get-all-chains \ --add-rule --remove-rule --remove-rules --query-rule --get-rules --get-all-rules \ --add-passthrough --remove-passthrough \ --query-passthrough --get-passthroughs --get-all-passthroughs" # these all can be used as a "first" option OPTIONS_GENERAL="--help --version \ --state --reload --complete-reload \ --panic-on --panic-off --query-panic \ --get-log-denied --set-log-denied= --get-ipset-types \ --lockdown-on --lockdown-off --query-lockdown \ --get-default-zone --set-default-zone= --get-active-zones \ --get-zone-of-interface= --get-zone-of-interface= \ ${OPTIONS_CONFIG} \ --zone= ${OPTIONS_ZONE} \ --permanent --direct" _firewall_cmd() { local cur prev words cword split _init_completion -s || return case $prev in --*-entries-from-file|--new-*-from-file) _filedir return ;; --new-ipset*) if [[ "$cur" == -* ]]; then COMPREPLY=( $( compgen -W "${OPTIONS_NEW_IPSET}" -- "$cur") ) fi ;; --new-helper*) if [[ "$cur" == -* ]]; then COMPREPLY=( $( compgen -W "${OPTIONS_NEW_HELPER}" -- "$cur") ) fi ;; --new-*) ;; --zone|--set-default-zone|--info-zone|--path-zone) if [[ ${words[@]} == *--permanent* ]]; then COMPREPLY=( $( compgen -W '`firewall-cmd --permanent --get-zones`' -- "$cur" ) ) else COMPREPLY=( $( compgen -W '`firewall-cmd --get-zones`' -- "$cur" ) ) fi ;; --zone=*) COMPREPLY=( $( compgen -W "${OPTIONS_ZONE}" -- "$cur" ) ) ;; --ipset=*) COMPREPLY=( $( compgen -W "${OPTIONS_IPSET}" -- "$cur" ) ) ;; --*-ipset) if [[ ${words[@]} == *--permanent* ]]; then COMPREPLY=( $( compgen -W '`firewall-cmd --permanent --get-ipsets`' -- "$cur" ) ) else COMPREPLY=( $( compgen -W '`firewall-cmd --get-ipsets`' -- "$cur" ) ) fi ;; --*-service) if [[ ${words[@]} == *--permanent* ]]; then COMPREPLY=( $( compgen -W '`firewall-cmd --permanent --get-services`' -- "$cur" ) ) else COMPREPLY=( $( compgen -W '`firewall-cmd --get-services`' -- "$cur" ) ) fi ;; --helper|--info-helper|--path-helper) if [[ ${words[@]} == *--permanent* ]]; then COMPREPLY=( $( compgen -W '`firewall-cmd --permanent --get-helpers`' -- "$cur" ) ) else COMPREPLY=( $( compgen -W '`firewall-cmd --get-helpers`' -- "$cur" ) ) fi ;; --helper=*) COMPREPLY=( $( compgen -W "${OPTIONS_HELPER}" -- "$cur" ) ) ;; --*-icmp-block|--info-icmptype|--path-icmptype) if [[ ${words[@]} == *--permanent* ]]; then COMPREPLY=( $( compgen -W '`firewall-cmd --permanent --get-icmptypes`' -- "$cur" ) ) else COMPREPLY=( $( compgen -W '`firewall-cmd --get-icmptypes`' -- "$cur" ) ) fi ;; --list-services|--add-service=*|--remove-service=*|--query-service=*|\ --list-ports|--add-port=*|--remove-port=*|--query-port=*|\ --list-source-ports|--add-source-port=*|--remove-source-port=*|--query-source-port=*|\ --list-protocols|--add-protocol=*|--remove-protocol=*|--query-protocol=*|\ --list-icmp-blocks|--add-icmp-block=*|--remove-icmp-block=*|--query-icmp-block=*|\ --list-forward-ports|--add-forward-port=*|--remove-forward-port=*|--query-forward-port=*|\ --list-interfaces|--add-interface=*|--remove-interface=*|--query-interface=*|\ --list-sources|--add-source=*|--remove-source=*|--query-source=*|\ --add-forward|--remove-forward|--query-forward|\ --add-masquerade|--remove-masquerade|--query-masquerade|--list-all|\ --get-description|--get-short|--set-description=*|--set-short=*) opts="" # --add and --remove can be used multiple times if [[ ( ${prev} == --add-* ) || ( ${prev} == --remove-* ) ]]; then [[ ${prev} == *=* ]] && opts="${prev%=*}=" || opts="${prev}" fi if [[ ! ${words[@]} == *--permanent* ]]; then opts="${opts} --permanent" [[ ${prev} == --add-* ]] && opts="${opts} --timeout=" fi [[ ! ${words[@]} == *--zone=* ]] && opts="${opts} --zone=" if [ -n "${opts}" ]; then COMPREPLY=( $( compgen -W "${opts}" -- "$cur" ) ) fi ;; --*-interface|--change-zone) _available_interfaces ;; --permanent) [[ ${words[@]} == *--direct* ]] && opts="${OPTIONS_DIRECT}" || opts="${OPTIONS_PERMANENT} --direct" COMPREPLY=( $( compgen -W "${opts}" -- "$cur" ) ) ;; --direct) [[ ${words[@]} == *--permanent* ]] && opts="${OPTIONS_DIRECT}" || opts="${OPTIONS_DIRECT} --permanent" COMPREPLY=( $( compgen -W "${opts}" -- "$cur" ) ) ;; --*-rich-rule) # to not be matched with --*-rule below return 0 ;; --passthrough|--*-chain|--get-chains|--*-rule|--get-rules|--remove-rules) COMPREPLY=( $( compgen -W 'ipv4 ipv6 eb' -- "$cur" ) ) ;; ipv4|ipv6|eb) if [[ ${words[@]} == *--passthrough* ]]; then return 0 else COMPREPLY=( $( compgen -W 'nat filter mangle' -- "$cur" ) ) fi ;; *) if [[ "$cur" == -* ]]; then if [[ ${words[@]} == *--new-ipset* ]]; then COMPREPLY=( $( compgen -W "${OPTIONS_NEW_IPSET}" -- "$cur") ) else COMPREPLY=( $( compgen -W "${OPTIONS_GENERAL}" -- "$cur") ) fi fi ;; esac # do not append a space to words that end with = [[ $COMPREPLY == *= ]] && compopt -o nospace } && complete -F _firewall_cmd firewall-cmd firewalld-1.1.1/shell-completion/zsh/0000755000000000000000000000000014217353174017552 5ustar00rootroot00000000000000firewalld-1.1.1/shell-completion/zsh/_firewalld0000644000000000000000000005037614217342322021611 0ustar00rootroot00000000000000#compdef firewall-cmd firewall-offline-cmd local curcontext="$curcontext" name nm="$compstate[nmatches]" local -a state line expl direct args auxargs opargs suf typeset -A opt_args direct=( '--get-all-chains[get all chains]' '--get-chains[get all chains added to the table]:family:(ipv4 ipv6 eb):table:->tables' '--add-chain[add a new chain to the table]:family:(ipv4 ipv6 eb):table:->tables:new chain' '--remove-chain[remove a chain from the table]:family:(ipv4 ipv6 eb):table:->tables:chain:->chains' '--query-chain[return whether the chain has been added to the table]:family:(ipv4 ipv6 eb):table:->tables:chain:->chains' '--get-all-rules[get all rules]' '--get-rules[get all rules added to chain in table]:family:(ipv4 ipv6 eb):table:->tables:chain:->chains' '--add-rule[add rule to chain in table]:family:(ipv4 ipv6 eb):table:->tables:chain:->chains:priority: :*:argument' '--remove-rule[remove rule with priority from chain in table]:family:(ipv4 ipv6 eb):table:->tables:chain:->chains:priority: :*:argument' '--remove-rules[remove rules from chain in table]:family:(ipv4 ipv6 eb):table:->tables:chain->chains' '--query-rule[chain in table]:family:(ipv4 ipv6 eb):table:->tables:chain: :priority: :*:argument' '--get-all-passthroughs[get all tracked passthrough rules]' '--get-passthroughs[get tracked passthrough rules]:family:(ipv4 ipv6 eb):*:: : _iptables' '--add-passthrough[add a new tracked passthrough rule]:family:(ipv4 ipv6 eb):*:: : _iptables' '--remove-passthrough[remove a tracked passthrough rule]:family:(ipv4 ipv6 eb):*:: : _iptables' '--query-passthrough[return whether the tracked passthrough rule has been added]:family:(ipv4 ipv6 eb):*:: : _iptables' ) name='--name=[specify new name]:name' case $service in firewall-cmd) direct+=( '--passthrough[pass a command through (untracked by firewalld)]:family:(ipv4 ipv6 eb):*:: : _iptables' ) args=( '(--timeout)--permanent[set an option permanently]' ) auxargs=( '(--permanent)--timeout=[specify time for rule to be active]:time value (seconds)' ) opargs=( '(aux --permanent --zone)--state[print firewalld state]' '(aux --permanent --zone)--reload[reload firewall and keep state information]' '(aux --permanent --zone)--complete-reload[reload firewall and lose state information]' '(aux --permanent --zone)--runtime-to-permanent[create permanent from runtime configuration]' '(aux --permanent --zone -q --quiet)--get-active-zones[print currently active zones]' '*--remove-service=[remove a service from a zone]:service:->services' '(aux --permanent --zone)--panic-on[enable panic mode]' '(aux --permanent --zone)--panic-off[disable panic mode]' '(aux --permanent --zone)--query-panic[query whether panic mode is enabled]' ) ;; firewall-offline-cmd) args=( '--system-config[specify path to firewalld system configuration]:path:_directories' '--default-config[specify path to firewalld default configuration]:path:_directories' '--migrate-system-config-firewall=[import configuration data from the given configuration file]:file:_files' '--disabled[disable the firewall by disabling the firewalld service]' '!(--disabled)--enabled' '!--'{add,remove}'module=:iptables module' '!--custom-rules=:type:table:filename (ignored' \*{-s+,--service=}'[enable a service in the default zone]:service:->services' '*--remove-service=[disable a service in the default zone]:service:->services' \*{-p+,--port=}'[enable a port in the default zone]:port:->ports' \*{-t+,--trust=}'[bind an interface to the trusted zone]:interface:_net_interfaces' {-m+,--masq=}'[enable masquerading in the default zone, IPv4 only]:interface (ignored)' '--forward-port=[add port forward in the default zone]:port forward:->port-forwards' '--block-icmp=[block this ICMP type in the default zone]:icmp type:->icmp-types' "--policy-server[change Polkit actions to 'server' (more restricted)]" "--policy-desktop[change Polkit actions to 'desktop' (less restricted)]" ) opargs=( '*--remove-service-from-zone[remove a service from a zone]:service:->services' ) ;; esac # option ordering doesn't matter but listing fewer options makes # completion more useful: (( $words[(I)--direct] )) || direct=( \!$^direct ) # only list direct options after --direct (( $words[(I)--new-*-from-file*] )) || name="!$name" # also check for required options before listing --name _arguments -C -s $args $direct \ '!(-q --quiet)'{-v,--verbose} \ '(-q --quiet --list-all --list-all-zones --list-lockdown-whitelist-commands --list-lockdown-whitelist-contexts --list-lockdown-whitelist-uids --list-lockdown-whitelist-users --list-services --list-ports --list-protocols --list-icmp-blocks --list-forward-ports --list-rich-rules --list-interfaces --list-sources --get-default-zone --get-active-zones --get-zone-of-interface --get-zone-of-source --get-zones --get-services --get-icmptypes --get-target --info-zone --info-icmptype --info-service --info-ipset --get-ipsets --get-entries --info-helper --get-helpers --get-destinations --get-description --version -h --help)'{-q,--quiet}"[don't print status messages]" \ '*--zone=[use this zone to set or query options, else default zone]:zone:->zones' \ + aux \ $auxargs $name \ '*--option=[specify option]:option (key=value)' \ '--type=[specify ipset type]:ipset type:->ipset-types' \ '--ipset=[specify ipset]:ipset:->ipsets' \ '--icmptype=[specify icmp type]:icmp type:->icmp-types' \ '--service=[specify service]:service:->services' \ '--helper=[specify helper]:helper:->helpers' \ '--family=[specify family]:family:(ipv4 ipv6)' \ '--module=[specify module]:module' \ + '(op)' \ $opargs \ '(aux -)'{-h,--help}'[display usage information]' \ '(aux -)'{-V,--version}'[display version information]' \ '(aux --permanent --zone)--get-log-denied[print the log denied value]' \ '(aux --permanent --zone)--set-log-denied=[set log denied value]:value:(all unicast broadcast multicast off)' \ '(aux --permanent --zone)--get-automatic-helpers[print the automatic helpers value]' \ '(aux --permanent --zone)--set-automatic-helpers=[set automatic helpers value]:value:(yes no system)' \ '(aux --permanent --zone -q --quiet)--get-default-zone[print default zone for connections and interfaces]' \ '(aux --permanent --zone)--set-default-zone=[set default zone]:zone:->zones' \ '(--zone -q --quiet)--get-zones[print predefined zones]' \ '(--zone -q --quiet)--get-services[print predefined services]' \ '(--zone -q --quiet)--get-icmptypes[print predefined icmptypes]' \ '(-q --quiet)*--get-zone-of-interface=[print name of the zone the interface is bound to]:interface:_net_interfaces' \ '(-q --quiet)*--get-zone-of-source=[print name of the zone a source is bound to]:source' \ '(-q --quiet)--list-all-zones[list everything added for or enabled in all zones]' \ '--new-zone=[add a new zone]:zone:->zones' \ '--new-zone-from-file=[add a new zone from file with optional name]:filename:_files' \ '--delete-zone=[delete an existing zone]:zone:->zones' \ '--load-zone-defaults=[load zone default settings]:zone:->zones' \ '(-q --quiet)--get-target[get the zone target]' \ '--set-target=[set the zone target]:target:(default ACCEPT DROP REJECT)' \ '(-q --quiet)--info-zone=[print information about a zone]:zone:->zones' \ '--path-zone=[print file path of a zone]:zone:->zones' \ '(aux --permanent --zone)--get-ipset-types[print the supported ipset types]' \ '--new-ipset=[add a new ipset]:ipset:->ipsets' \ '--new-ipset-from-file=[add a new ipset from file with optional name]:filename:_files' \ '--delete-ipset=[delete an existing ipset]:ipset:->ipsets' \ '--load-ipset-defaults=[load ipset default settings]:ipset:->ipsets' \ '(-q --quiet)--info-ipset=[print information about an ipset]:ipset' \ '--path-ipset=[print file path of an ipset]:ipset' \ '(aux --permanent --zone -q --quiet)--get-ipsets[print predefined ipsets]' \ '--set-description=[set new description]:description' \ '(-q --quiet)--get-description[print description]' \ '--set-short=[set new short description]:description' \ '--get-short[print short description]' \ '*--add-entry=[add a new entry to an ipset]:entry' \ '*--remove-entry=[remove an entry from an ipset]:entry' \ '*--query-entry=[return whether ipset has an entry]:entry' \ '(-q --quiet)--get-entries[list entries of an ipset]' \ '*--add-entries-from-file=[add a new entries to an ipset]:entry' \ '--remove-entries-from-file=[remove entries from an ipset]:entry' \ '--new-icmptype=[add a new icmptype]:icmp type:->icmp-types' \ '--new-icmptype-from-file=[add a new icmptype from file with optional name]:file:_files' \ '--delete-icmptype=[delete an existing icmptype]:icmp type:->icmp-types' \ '--load-icmptype-defaults=[load icmptype default settings]:icmp type:->icmp-types' \ '(-q --quiet)--info-icmptype=[print information about an icmptype]:icmp type:->icmp-types' \ '--path-icmptype=[print file path of an icmptype]:icmp type:->icmp-types' \ '*--add-destination=[enable destination for ipv in icmptype]:destination:->destinations' \ '*--remove-destination=[disable destination for ipv in service or icmp-type]:destination:->destinations' \ '(-q --quiet)--get-destinations[list destinations]' \ '--new-service=[add a new service]:service' \ '--new-service-from-file=[add a new service from file with optional name]:file:_files' \ '--delete-service=[delete an existing service]:service:->services' \ '--load-service-defaults=[load icmptype default settings]:service:->services' \ '(-q --quiet)--info-service=[print information about a service]:service:->services' \ '--path-service=[print file path of a service]:service:->services' \ '*--add-port=[add a new port to service, zone or helper]:port:->ports' \ '*--remove-port=[remove a port from a service, zone or helper]:port:->ports' \ '*--query-port=[return whether the port has been added for service, zone or helper]:port:->ports' \ '--get-ports[list ports of service or helper]' \ '*--add-protocol=[add a new protocol to service or zone]:protocol' \ '*--remove-protocol=[remove a protocol from service or zone]:protocol' \ '*--query-protocol=[return whether the protocol has been added for service or zone]:protocol' \ '--get-protocols[list protocols of service]' \ '*--add-source-port=[add a new source port to service or zone]:port:->ports' \ '*--remove-source-port=[remove a source port from service or zone]:port:->ports' \ '*--query-source-port=[return whether the source port has been added for service or zone]:port:->ports' \ '--get-source-ports[list source ports of service]' \ '*--add-module=[add a new module to service]:module' \ '*--remove-module=[remove a module from service]:module' \ '*--query-module=[return whether the module has been added for service]:module' \ '--get-modules[list modules of service]' \ '*--set-destination=[set destination for ipv to address in service]:destination:->destinations' \ '--query-destination=[return whether destination ipv is set for service or enabled for icmptype]:destination:->destinations' \ '(-q --quiet)--list-all[list everything added for or enabled in a zone]' \ '(-q --quiet)--list-services[list services added for a zone]' \ '*--add-service=[add a service for a zone]:service:->services' \ '*--query-service=[return whether service has been added for a zone]:service:->services' \ '(-q --quiet)--list-ports[list ports added for a zone]' \ '(-q --quiet)--list-protocols[list protocols added for a zone]' \ '--list-source-ports[list source ports added for a zone]' \ '(-q --quiet)--list-icmp-blocks[list Internet ICMP type blocks added for a zone]' \ '*--add-icmp-block=[add an ICMP block for a zone]:icmp type:->icmp-types' \ '*--remove-icmp-block=[remove the ICMP block from a zone]:icmp type:->icmp-types' \ '*--query-icmp-block=[return whether an ICMP block has been added for a zone]:icmp type:->icmp-types' \ '--add-icmp-block-inversion[enable inversion of icmp blocks for a zone]' \ '--remove-icmp-block-inversion[disable inversion of icmp blocks for a zone]' \ '--query-icmp-block-inversion[return whether inversion of icmp blocks has been enabled for a zone]' \ '(-q --quiet)--list-forward-ports[list IPv4 forward ports added for a zone]' \ '*--add-forward-port=[add the IPv4 forward port for a zone]: :->port-forwards' \ '*--remove-forward-port=[remove the IPv4 forward port from a zone]: :->port-forwards' \ '*--query-forward-port=[return whether the IPv4 forward port has been added for a zone]: :->port-forwards' \ '--add-forward[enable forwarding between interfaces and sources in a zone]' \ '--remove-forward[disable forwarding between interfaces and sources in a zone]' \ '--query-forward[return whether forwarding has been enabled for a zone]' \ '--add-masquerade[enable IPv4 masquerade for a zone]' \ '--remove-masquerade[disable IPv4 masquerade for a zone]' \ '--query-masquerade[return whether IPv4 masquerading has been enabled for a zone]' \ '(-q --quiet)--list-rich-rules[list rich language rules added for a zone]' \ '*--add-rich-rule=[add rich language rule for a zone]:rule' \ '*--remove-rich-rule=[remove specified rich language rule from a zone]:rule' \ '*--query-rich-rule=[return whether specified rich language rule has been added for a zone]:rule' \ '(-q --quiet)--list-interfaces[list interfaces that are bound to a zone]' \ '*--add-interface=[bind the specified interface to a zone]:interface:_net_interfaces' \ '*--change-interface=[change zone the specified interface is bound to]:interface:_net_interfaces' \ '*--query-interface=[query whether specified interface is bound to a zone]:interface:_net_interfaces' \ '*--remove-interface=[remove binding of specified interface from a zone]:interface:_net_interfaces' \ '(-q --quiet)--list-sources[list sources that are bound to a zone]' \ '*--add-source=[bind source to a zone]: :->sources' \ '*--change-source=[change zone a source is bound to]: :->sources' \ '*--query-source=[query whether source is bound to a zone]: :->sources' \ '*--remove-source=[remove binding of a source from a zone]: :->sources' \ '--new-helper=[add a new helper]:helper:->helpers' \ '--new-helper-from-file=[add a new helper from file with optional name]:file:_files' \ '--delete-helper=[delete an existing helper]:helper:->helpers' \ '--load-helper-defaults=[load helper default settings]:helper:->helpers' \ '(--zone -q --quiet)--info-helper=[print information about an helper]:helper:->helpers' \ '--path-helper=[print file path of an helper]:helper:->helpers' \ '--get-policies[print predefined policies]' \ '--get-active-policies[print currently active policies]' \ '--list-all-policies[list everything added for or enabled in all policies]' \ '--new-policy=[add a new empty policy]:policy:->policies' \ '--new-policy-from-file=[add a new policy from file with optional name override]:file:_files' \ '--delete-policy=[delete an existing policy]:policy:->policies' \ '--load-policy-defaults=[load policy default settings]:policy:->policies' \ '--policy=[use this policy to set or query options]:policy:->policies' \ '--info-policy=[print information about a policy]:policy:->policies' \ '--path-policy=[print file path of a policy]:policy:->policies' \ '(--zone -q --quiet)--get-helpers[print predefined helpers]' \ '--set-module=[set module to helper]:module' \ '--get-module[get module from helper]' \ '--set-family=[set family for helper]:family' \ '--get-family[get family from helper]' \ '(aux --permanent --zone)--lockdown-on[enable lockdown]' \ '(aux --permanent --zone)--lockdown-off[disable lockdown]' \ '(aux --permanent --zone)--query-lockdown[query whether lockdown is enabled]' \ '(-q --quiet)--list-lockdown-whitelist-commands[list all command lines that are on the whitelist]' \ '*--add-lockdown-whitelist-command=[add a command to the whitelist]:command:_cmdstring' \ '*--remove-lockdown-whitelist-command=[remove the command from the whitelist]:command' \ '*--query-lockdown-whitelist-command=[query whether a command is on the whitelist]:command' \ '(-q --quiet)--list-lockdown-whitelist-contexts[list all contexts that are on the whitelist]' \ '*--add-lockdown-whitelist-context=[add the specified context to the whitelist]:context' \ '*--remove-lockdown-whitelist-context=[remove a context from the whitelist]:context' \ '*--query-lockdown-whitelist-context=[query whether a context is on the whitelist]:context' \ '(-q --quiet)--list-lockdown-whitelist-uids[list all user ids that are on the whitelist]' \ '*--add-lockdown-whitelist-uid=[add the specified user id to the whitelist]:uid' \ '*--remove-lockdown-whitelist-uid=[remove the specified user id from the whitelist]:uid' \ '*--query-lockdown-whitelist-uid=[query whether a user id is on the whitelist]:uid' \ '(-q --quiet)--list-lockdown-whitelist-users[list all user names that are on the whitelist]' \ '*--add-lockdown-whitelist-user=[add the specified user to the whitelist]:user:_users' \ '*--remove-lockdown-whitelist-user=[remove the specified user from the whitelist]:user:_users' \ '*--query-lockdown-whitelist-user=[query whether the specified user is on the whitelist]:user:_users' \ '--direct[first option for all direct options]' # add sub option for policy. if [[ ${words[@]/'--policy'/} != ${words[@]} ]] then _arguments \ '--get-priority[get the priority]' \ '--set-priority=[set the priority]' \ '--list-ingress-zones[list ingress zones that are bound to a policy]' \ '--add-ingress-zone=[add the ingress zone to a policy]:zone:->zones' \ '--remove-ingress-zone=[remove the ingress zone from a policy]:zone:->zones' \ '--query-ingress-zone=[wuery whether the ingress zone has been adedd to a policy]:zone:->zones' \ '--list-egress-zones[list egress zones that are bound to a policy]' \ '--add-egress-zone=[add the egress zone to a policy]:zone:->zones' \ '--remove-egress-zone=[remove the egress zone from a policy]:zone:->zones' \ '--query-egress-zone=[query whether the egress zone has been adedd to a policy]:zone:->zones' fi [[ $state = sources ]] && compset -P 'ipset:' && state=ipsets case $state in sources) _message -e sources "source[/mask]|MAC|ipset:ipset" ;; chains) _description chains expl 'chain' compadd "$expl[@]" - ${${(f)"$(_call_program chains $words[1] ${(k)opt_args[--permanent]} --direct --get-all-chains)"}##* } ;; destinations) if compset -P 1 '*:'; then if compset -P 1 '*/'; then _message -e masks "mask" else _message -e addresses "address" fi else compset -S ':*' || suf=( -qS : ) _description ipvs expl 'ipv' compadd "$expl[@]" $suf - ipv4 ipv6 fi ;; helpers) _description helpers expl 'helper' compadd "$expl[@]" - $(_call_program helpers $words[1] ${(k)opt_args[--permanent]} --get-helpers) ;; icmp-types) _description icmp-types expl 'icmp type' compadd "$expl[@]" - $(_call_program icmp-types $words[1] --get-icmptypes) ;; ipsets) _description ipsets expl 'ipset' compadd "$expl[@]" - $(_call_program ipsets $words[1] ${(k)opt_args[--permanent]} --get-ipsets) ;; ipset-types) _description ipset-types expl 'ipset type' compadd "$expl[@]" - $(_call_program ipset-types $words[1] --get-ipset-types) ;; ports) if compset -P 1 '*/'; then _description protocols expl 'protocol' compadd "$expl[@]" - tcp udp sctp dccp else _message -e ports 'port number' fi ;; port-forwards) _values -S = -s : 'port forward' \ 'port[specify port]:port range:_sequence -n 2 -s - _ports' \ 'proto[specify protocol]:protocol:(tcp udp sctp dccp)' \ 'toport[specify port]:port range:_sequence -n 2 -s - _ports' \ 'toaddr[specify destination address]:address[/mask]' ;; services) _description services expl 'service' compadd "$expl[@]" - $(_call_program services $words[1] --get-services) ;; tables) _description services expl 'service' compadd "$expl[@]" - security raw mangle nat filter ;; zones) _description zones expl 'zone' compadd "$expl[@]" - $(_call_program zones $words[1] --get-zones) ;; policies) _description policies expl 'policies' compadd "$expl[@]" - $(_call_program policies $words[1] --get-policies) ;; esac # return whether matches were added [[ nm -ne compstate[nmatches] ]] && return 0 return 1 firewalld-1.1.1/shell-completion/Makefile.am0000644000000000000000000000030114217342322020765 0ustar00rootroot00000000000000bashcompletiondir=@BASHCOMPLETIONDIR@ dist_bashcompletion_DATA = \ bash/firewall-cmd zshcompletiondir=@ZSHCOMPLETIONDIR@ dist_zshcompletion_DATA = \ zsh/_firewalld CLEANFILES = *~ *\# .\#* firewalld-1.1.1/shell-completion/Makefile.in0000644000000000000000000004053214217352322021011 0ustar00rootroot00000000000000# Makefile.in generated by automake 1.16.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2018 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : subdir = shell-completion ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/intltool.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(dist_bashcompletion_DATA) \ $(dist_zshcompletion_DATA) $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(bashcompletiondir)" \ "$(DESTDIR)$(zshcompletiondir)" DATA = $(dist_bashcompletion_DATA) $(dist_zshcompletion_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALL_LINGUAS = @ALL_LINGUAS@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BASHCOMPLETIONDIR = @BASHCOMPLETIONDIR@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ EBTABLES = @EBTABLES@ EBTABLES_RESTORE = @EBTABLES_RESTORE@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ GLIB_COMPILE_SCHEMAS = @GLIB_COMPILE_SCHEMAS@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ GSETTINGS_DISABLE_SCHEMAS_COMPILE = @GSETTINGS_DISABLE_SCHEMAS_COMPILE@ IFCFGDIR = @IFCFGDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_RPMMACROS = @INSTALL_RPMMACROS@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INSTALL_SYSCONFIG = @INSTALL_SYSCONFIG@ INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ INTLTOOL_MERGE = @INTLTOOL_MERGE@ INTLTOOL_PERL = @INTLTOOL_PERL@ INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ IP6TABLES = @IP6TABLES@ IP6TABLES_RESTORE = @IP6TABLES_RESTORE@ IPSET = @IPSET@ IPTABLES = @IPTABLES@ IPTABLES_RESTORE = @IPTABLES_RESTORE@ KILL = @KILL@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MODPROBE = @MODPROBE@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_RELEASE = @PACKAGE_RELEASE@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TAG = @PACKAGE_TAG@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PODMAN = @PODMAN@ PYTHON = @PYTHON@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ RMMOD = @RMMOD@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCTL = @SYSCTL@ SYSTEMD_UNITDIR = @SYSTEMD_UNITDIR@ USE_NLS = @USE_NLS@ USE_SYSTEMD = @USE_SYSTEMD@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ XMLCATALOG = @XMLCATALOG@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ ZSHCOMPLETIONDIR = @ZSHCOMPLETIONDIR@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ am__leading_dot = @am__leading_dot@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build_alias = @build_alias@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gsettingsschemadir = @gsettingsschemadir@ host_alias = @host_alias@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ intltool__v_merge_options_ = @intltool__v_merge_options_@ intltool__v_merge_options_0 = @intltool__v_merge_options_0@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ pkgpyexecdir = @pkgpyexecdir@ pkgpythondir = @pkgpythondir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ bashcompletiondir = @BASHCOMPLETIONDIR@ dist_bashcompletion_DATA = \ bash/firewall-cmd zshcompletiondir = @ZSHCOMPLETIONDIR@ dist_zshcompletion_DATA = \ zsh/_firewalld CLEANFILES = *~ *\# .\#* all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign shell-completion/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign shell-completion/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-dist_bashcompletionDATA: $(dist_bashcompletion_DATA) @$(NORMAL_INSTALL) @list='$(dist_bashcompletion_DATA)'; test -n "$(bashcompletiondir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(bashcompletiondir)'"; \ $(MKDIR_P) "$(DESTDIR)$(bashcompletiondir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(bashcompletiondir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(bashcompletiondir)" || exit $$?; \ done uninstall-dist_bashcompletionDATA: @$(NORMAL_UNINSTALL) @list='$(dist_bashcompletion_DATA)'; test -n "$(bashcompletiondir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(bashcompletiondir)'; $(am__uninstall_files_from_dir) install-dist_zshcompletionDATA: $(dist_zshcompletion_DATA) @$(NORMAL_INSTALL) @list='$(dist_zshcompletion_DATA)'; test -n "$(zshcompletiondir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(zshcompletiondir)'"; \ $(MKDIR_P) "$(DESTDIR)$(zshcompletiondir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(zshcompletiondir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(zshcompletiondir)" || exit $$?; \ done uninstall-dist_zshcompletionDATA: @$(NORMAL_UNINSTALL) @list='$(dist_zshcompletion_DATA)'; test -n "$(zshcompletiondir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(zshcompletiondir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(DATA) installdirs: for dir in "$(DESTDIR)$(bashcompletiondir)" "$(DESTDIR)$(zshcompletiondir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dist_bashcompletionDATA \ install-dist_zshcompletionDATA install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-dist_bashcompletionDATA \ uninstall-dist_zshcompletionDATA .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic cscopelist-am \ ctags-am distclean distclean-generic distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dist_bashcompletionDATA \ install-dist_zshcompletionDATA install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags-am uninstall uninstall-am \ uninstall-dist_bashcompletionDATA \ uninstall-dist_zshcompletionDATA .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: